IT for media and entertainment industry

Overcoming the cyber paradox: Shrinking budgets – growing threats

The challenging macro environment has left security budgets stretched thin even while new tech like AI presents a threat multiplier. In the face of these challenges, it becomes vital for security leads to do more to maintain funding Continue Reading

By

• Richard Watson, EY

AWS widening scope of MFA programme after early success

AWS reports strong take-up of multi-factor authentication among customers since making it compulsory for root users earlier this year, and plans to expand the scope of its IAM programme in spring 2025 Continue Reading

By

• Alex Scroxton, Security Editor

UK consumers losing more than ever to holiday scams

Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update Continue Reading

By

• Alex Scroxton, Security Editor

Zero-day exploits increasingly sought out by attackers

Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023 Continue Reading

By

• Alex Scroxton, Security Editor

Strengthening cyber: Best IAM practices to combat threats

The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading

By

• Andrew Peel, Scott Swalling, PA Consulting

Beyond VPNs: The future of secure remote connectivity

As more companies adopt cloud services and remote work, the limitations of VPNs are becoming obvious. We explore what’s next for secure remote connectivity Continue Reading

By

• Isla Sibanda

What are the security risks of bring your own AI?

The rise of generative AI has led to a plethora of publicly accessible artificial intelligence tools, but what are the risks when external AI tools are used with corporate data? Continue Reading

By

• Peter Ray Allison

Google Cloud MFA enforcement meets with approval

Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals Continue Reading

By

• Alex Scroxton, Security Editor

AI a force multiplier for the bad guys, say cyber pros

CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders Continue Reading

By

• Alex Scroxton, Security Editor

User-centric security should be core to cloud IAM practice

The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading

By

• Mike Gillespie

CISA looks to global collaboration as fraught US election begins

The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats Continue Reading

By

• Alex Scroxton, Security Editor

IAM best practices for cloud environments to combat cyber attacks

The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading

By

• Varun Prasad, ISACA

EMEA businesses siphoning budgets to hit NIS2 goals

With NIS2 now in effect, European business leaders are having to divert budget from elsewhere to achieve compliance Continue Reading

By

• Alex Scroxton, Security Editor

Danish government reboots cyber security council amid AI expansion

Denmark’s government relaunches digital security initiative to protect business sectors and society at large Continue Reading

By

• Gerard O'Dwyer

Delivering Olympic IT

In this week’s Computer Weekly, we speak to a former Olympian and CIO of the Paris 2024 Olympic and Paralympic Games about continuous improvement. We also look at new enterprise AI services from major IT providers and assess the unified communications as a service market. Read the issue now. Continue Reading

Robust cloud IAM should align to zero-trust principles

The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware. Continue Reading

By

• Ricky Simpson, Quorum Cyber

How Recorded Future finds ransomware victims before they get hit

Threat intel specialists at Recorded Future have shared details of newly developed techniques they are using to disrupt Rhysida ransomware attacks before the gang even has a chance to execute them Continue Reading

By

• Alex Scroxton, Security Editor

Interview: Bruno Marie-Rose, CIO, Paris 2024 Olympic and Paralympic Games

The technology chief reflects on a successful Olympic and Paralympic Games – and how what he learned as a former Olympic medallist helped him be a better IT leader Continue Reading

By

• Mark Samuels

Five zero-days to be fixed on October Patch Tuesday

Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform Continue Reading

By

• Alex Scroxton, Security Editor

Secureworks: Ransomware takedowns didn’t put off cyber criminals

The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks Continue Reading

By

• Alex Scroxton, Security Editor

NCSC celebrates eight years as Horne blows in

Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne Continue Reading

By

• Alex Scroxton, Security Editor

Cups Linux printing bugs open door to DDoS attacks, says Akamai

The Cups Linux printing vulnerabilities disclosed at the end of September would seem to have a nasty sting in their tail, according to researchers at Akamai Continue Reading

By

• Alex Scroxton, Security Editor

SOC teams falling out of love with threat detection tools

Security operations centre practitioners are fed up of being flooded with pointless alerts and many no longer have much confidence in their threat detection tools, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Rise of the cyber clones: When seeing isn’t believing

It is frighteningly easy to clone someone else's identity using readily-available artificial intelligence tools Continue Reading

By

• Jake Moore, ESET

Cyber teams say they can’t keep up with attack volumes

Over 60% of European security pros say their teams are understaffed, and over 50% don’t have enough budget, according to data from ISACA Continue Reading

By

• Alex Scroxton, Security Editor

The cyber industry needs to accept it can't eliminate risk

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Paul Lewis, Nominet

Defaulting to open: Decoding the (very public) CrowdStrike event

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Elliott Wilkes, ACDS

Cyber companies need a best practice approach to major incidents.

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Andy Bridden and Ashley Barker, PA Consulting

Unique malware sample volumes seen surging

BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks Continue Reading

By

• Alex Scroxton, Security Editor

How to respond when your cyber company becomes the story

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Stephen McDermid

Security Think Tank: Win back lost trust by working smarter

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Vladimir Jirasek, Foresight Cyber

Gartner: Mitigating security threats in AI agents

Agents represent a step-change in the use of artificial intelligence in the enterprise - as attendees at Salesforce's annual conference saw first hand this month - but do not come without their risks Continue Reading

By

• Avivah Litan, Gartner

CrowdStrike incident shows we need to rethink cyber

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading

By

• Mike Gillespie

Dreamforce 24: Salesforce taps Nvidia to power Agentforce

At Dreamforce in San Francisco, Salesforce and Nvidia detail some of the tech that will power the software giant's newly launched Agentforce service Continue Reading

By

• Alex Scroxton, Security Editor

Dreamforce 2024: Salesforce calls on customers to flesh out AI vision

A stream of customers helped Salesforce make the case for its Agentforce artificial intelligence offering on the opening day of the annual Dreamforce conference in San Francisco Continue Reading

By

• Alex Scroxton, Security Editor

Misinformation runs deeper than social media

While social media may contribute to the increasing rapid spread and reach of misinformation, the root causes of the problem go much deeper than the role of a particular company or way of using technology to communicate Continue Reading

By

• Andrew Kersley

Mphasis expands UK roots with leap into quantum computing

Indian heritage software development services supplier opens London hub to help customers integrate the latest technologies into their business plans Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

UK and Ukraine digital trade deal comes into force

The UK eases access to the deep tech startup community in Ukraine through digital-only agreement Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Iranian APT caught acting as access broker for ransomware crews

Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits Continue Reading

By

• Alex Scroxton, Security Editor

Cyber law reform should be top of Labour's policy list

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Craig Watt

A coherent Labour cyber strategy depends on consistency

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Aled Lloyd Owen

Global cyber spend to rise 15% in 2025, pushed along by AI

Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading

By

• Alex Scroxton, Security Editor

Extending zero-trust principles to endpoints

By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading

By

• Nikul Patel

The US courts may have thrown a wrench into cyber regulation

A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading

By

• Brian Arnold

Public education on security must be a top priority for Labour

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Petra Wenham

New Qilin tactics a ‘bonus multiplier’ for ransomware chaos

Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line. Continue Reading

By

• Alex Scroxton, Security Editor

Phishing links becoming bigger threat than email attachments

Phishing techniques are evolving away from malicious email attachments, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

How might the UK's cyber landscape change under Labour?

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Dhairya Mehta and Cate Pye

Google's cookie conundrum: What comes next?

Google's revised approach to third-party cookies shouldn't come as a surprise, and may also be welcome Continue Reading

By

• Christian Ward

With the right tools and strategy, public cloud should be safe to use

Despite the complexity and evolving nature of threats, with the right strategy, tools, and constant vigilance, businesses can safely and securely leverage public cloud services Continue Reading

By

• Jason Lau

August Patch Tuesday proves busy with six zero-days to fix

Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update Continue Reading

By

• Alex Scroxton, Security Editor

NIST debuts three quantum-safe encryption algorithms

NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can Continue Reading

By

• Alex Scroxton, Security Editor

Deep dive into quantum-resistant cryptography for email security

Quantum computers have the potential to crack many of the encryption methods we currently rely on to keep our digital communications safe. Quantum-resistant cryptography may be the answer Continue Reading

By

• Isla Sibanda

How UK firms can get ready for the implementation of NIS2

Many British companies will need to adhere to NIS2’s cyber security risk management and reporting requirements if they want to continue operating in the EU market and avoid huge fines Continue Reading

By

• Nicholas Fearn

Royal ransomware crew puts on a BlackSuit in rebrand

The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA Continue Reading

By

• Alex Scroxton, Security Editor

2024 seeing more CVEs than ever before, but few are weaponised

The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies Continue Reading

By

• Alex Scroxton, Security Editor

Chinese cyber attack sparks alert over six-year-old MS vuln

After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824 Continue Reading

By

• Alex Scroxton, Security Editor

World’s largest companies at near-universal risk of supply chain breach

Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats Continue Reading

By

• Alex Scroxton, Security Editor

Cyber lessons, and priorities for the UK's new government

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Ameet Jugnauth and Mark Pearce

Is it time to refresh the UK's cyber strategy?

With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading

By

• Jon Carpenter

Banks, telcos call for more data sharing to fight fraud

A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud Continue Reading

By

• Alex Scroxton, Security Editor

When critical cyber response becomes second nature

When alerts and headlines blare out warnings of critical vulnerabilities in widely-used software, the cyber security community needs to adopt a more decisive and clear-cut approach, says Huntress' Chris Henderson Continue Reading

By

• Chris Henderson, Huntress

CISO mentoring – who to turn to when the worst happens

Those who get the role of a CISO may have overcome some professional hurdles, but are they ready to face what comes as part of the job? And who do they ask for advice? We look at the mentoring dilemma Continue Reading

By

• Dan Raywood

CrowdStrike update chaos explained: What you need to know

A botched software update at cyber security firm CrowdStrike has caused IT chaos around the world. Learn more about the global CrowdStrike update outage as it develops Continue Reading

By

• Alex Scroxton, Security Editor

Scam CrowdStrike domains growing in volume

Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out Continue Reading

By

• Alex Scroxton, Security Editor

CrowdStrike says most Falcon sensors now up and running

The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week Continue Reading

By

• Alex Scroxton, Security Editor

Mastering data privacy in the age of AI

AI continues to revolutionise how organisations operate, using vast amounts of personal data to make smart, informed decisions. However, this incredible potential comes with concerns about data privacy. DQM GRC's Mark James explores the issues. Continue Reading

By

• Mark James

Cyber crisis? How good PR can save your brand

Cyber attacks and data breaches can happen to anybody and often bring reputational damage and a loss of customer trust. How organisations publicly respond to such incidents can make or break them, and the importance of a good PR strategy cannot be underestimated Continue Reading

By

• Ed Coram-James

Cloud security challenges not just technological

The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Temi Akinlade

CrowdStrike blames outage on content configuration update

CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world Continue Reading

By

• Alex Scroxton, Security Editor

Mimecast to buy insider threat specialist Code42

Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms Continue Reading

By

• Alex Scroxton, Security Editor

Chrome cookies reprieved amid Google Privacy Sandbox changes

Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users Continue Reading

By

• Alex Scroxton, Security Editor

NCSC: Beware of criminal CrowdStrike opportunists

Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow Continue Reading

By

• Alex Scroxton, Security Editor

CrowdStrike chaos shows risks of concentrated ‘big IT’

The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous Continue Reading

By

• Alex Scroxton, Security Editor

Growth in nude image sharing heightens cyber abuse risk

The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky Continue Reading

By

• Alex Scroxton, Security Editor

UK Cyber Bill teases mandatory ransomware reporting

In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading

By

• Alex Scroxton, Security Editor

Public awareness of ID security grows, but big obstacles remain

Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report Continue Reading

By

• Alex Scroxton, Security Editor

Dutch research firm TNO pictures the SOC of the future

In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading

By

• Kim Loohius

Hyper-V zero-day stands out on a busy Patch Tuesday

Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention Continue Reading

By

• Alex Scroxton, Security Editor

Chinese spies target vulnerable home office kit to run cyber attacks

China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading

By

• Alex Scroxton, Security Editor

Room to grow in UK for Tata Consultancy Services after half a century

Indian-headquartered IT giant has built a large UK footprint as part of its global network, a commitment which is helping it increase its business in the UK’s public sector Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

NCA’s Operation Morpheus targets illicit Cobalt Strike use

International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Securing today's ubiquitous cloud environment

The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading

By

• Kashil JagmohanSingh

UKtech50 2024: The most influential people in UK technology

Computer Weekly has announced the 14th annual UKtech50 – our definitive list of the movers and shakers in the UK tech sector Continue Reading

By

• Lis Evenstad

AI and outsourcing: What’s the future for relationships and contracts? (Part two)

In the second part of this two-part series, two technology lawyers offer guidance on what the integration of artificial intelligence in IT outsourcing and business process outsourcing will mean for customers and providers in outsourcing relationships and contracts Continue Reading

By

• Marl Lewis and Simon Bollans

Cloud security: Finding the right provider to protect your data

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Stephen McDermid

Black Basta ransomware crew may be exploiting Microsoft zero-day

A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn Continue Reading

By

• Alex Scroxton, Security Editor

Data leakage in the cloud – can data truly be safe in the cloud?

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Scott Swalling

Q&A: Adalbjorn Thorolfsson on IT project management in Iceland

With a small, but very sophisticated population, Iceland has unique ways of keeping up with the rest of the world in the IT sector. Adalbjorn Thorolfsson, president of the Icelandic Project Management Association, describes some lessons for the rest of the world Continue Reading

By

• Pat Brans, Pat Brans Associates/Grenoble Ecole de Management

Nordic innovators look to revive the zombie subscriber population

Zombie subscriptions where customers buy a service and forget about it are harming the subscription economy, but software is being developed to support the subscription economy Continue Reading

By

• Matthew Staff

How to ensure public cloud services are used safely and securely

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Beji Jacob

True cloud security requires in-depth understanding

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Elliott Wilkes

Pure Storage hit by Snowflake credential hackers

Pure Storage emerges as the latest victim of a fast-spreading breach of Snowflake customers targeting users with lax credential security measures in place Continue Reading

By

• Alex Scroxton, Security Editor

More than 160 Snowflake customers hit in targeted data theft spree

Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: The cloud just got more complicated

This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading

By

• Rob Dartnall, SecAlliance

Mad Max production company gets Dell PowerScale to leverage generative AI

One supplier enters, one supplier leaves: Australian film production company replaces HPE with Dell storage and compute as it leverages GenAI Continue Reading

By

• Yann Serra, LeMagIT
• Antony Adshead, Storage Editor

Russia used fake AI Tom Cruise in Olympic disinformation campaign

Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda Continue Reading

By

• Alex Scroxton, Security Editor

97 FTSE 100 firms exposed to supply chain breaches

Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading

By

• Alex Scroxton, Security Editor

Major breaches allegedly caused by unsecured Snowflake accounts

Significant data breaches at Ticketmaster and Santander appear to have been orchestrated through careful targeting of the victims’ Snowflake cloud data management accounts Continue Reading

By

• Alex Scroxton, Security Editor