Identity and access management products

Okta customers targeted in new wave of social engineering attacks

Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users Continue Reading

By

• Alex Scroxton, Security Editor

Researchers find flaw in Mend.io security platform

WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading

By

• Alex Scroxton, Security Editor

Home Office and MoD seeking new facial-recognition tech

The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Post Office to provide in-person identity checks for One Login

Partnership between the Government Digital Service and the Post Office will see postmasters and staff provide face-to-face identity checks for those unable to use the One Login app or website Continue Reading

By

• Lis Evenstad

biometric authentication

Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are. Continue Reading

By

• Cameron Hashemi-Pour, Site Editor

How do digital signatures work?

Digital signatures add a level of security to online agreements, which can prevent bad actors from impersonating other individuals or tampering with sensitive contracts. Continue Reading

By

• David Weldon

Google bets on AI-backed cyber controls for Workspace users

Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users Continue Reading

By

• Alex Scroxton, Security Editor

BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading

By

• Robert Sheldon
• Sharon Shea, Executive Editor

NatWest customer calls bank’s handling of breach of his data ‘disgusting’

A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

By

• Aaron Tan, TechTarget

Unconventional career: A Computer Weekly Downtime Upload podcast

Cyber security expert Junade Ali, talks about his non-academic route to a PhD. He was recently elected as a fellow of the IET Continue Reading

By

• Cliff Saran, Managing Editor

NatWest offers compensation to customer affected by data breach exposed by whistleblower

NatWest bank has offered compensation to a former customer affected by a data breach alongside around 1,600 other former and current customers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Directory Services Restore Mode (DSRM)

Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers. Continue Reading

By

• Rahul Awati

MPs warn about growing prevalence of tech-enabled domestic abuse

The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Workplace monitoring needs worker consent, says select committee

Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign

Microsoft shares intelligence on a newly observed Cozy Bear campaign that saw the APT take over genuine Microsoft 365 tenants and subvert them to try to phish its victims Continue Reading

By

• Alex Scroxton, Security Editor

Common Access Card (CAC)

A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities. Continue Reading

By

• Rahul Awati

national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading

By

• Katie Terrell Hanna

How Indian organisations are keeping pace with cyber security

Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading

By

• Pratima Harigunani

AI-enhanced cyber has potential, but watch out for marketing hype

As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove transformative. Continue Reading

By

• Shailendra Parihar, Turnkey Consulting

CIO interview: Sean Green, University of East Anglia

In his role as director of digital and data at the University of East Anglia, Sean Green provides high-performance computing to researchers and manages the diverse needs of a campus with the characteristics of a small town, all while finding the time to study one of his passions Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Handbook helps Dutch organisations migrate to quantum-safe communication

Organisations must start implementing new cryptography standards – as migration is a lengthy process Continue Reading

By

• Kim Loohuis

Online Safety Bill screening measures amount to ‘prior restraint’

The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Police Scotland use cloud for biometric data despite clear risks

Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Civil society groups call on EU to put human rights at centre of AI Act

Dozens of civil society groups are calling on EU institutions to prioritise people and human rights in AI legislation as secretive negotiations begin Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Whistleblower contacts NatWest customers affected by a decade-old data breach

Former worker says contacting the people affected by the data breach is her last resort after the bank and regulators appear satisfied that the sensitive data file is safe stored under her bed Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading

By

• Pat Brans, Pat Brans Associates/Grenoble Ecole de Management

Suspicious email reported every five seconds in UK

National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Biometrics watchdog calls for public space surveillance review

The biometrics and surveillance camera commissioner is calling for a review of public space surveillance to gain a clearer picture about the proliferation of Chinese surveillance technology across the public sector, but warns against applying double standards on companies just because they are from China Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

AI can never be given control over combat decisions, Lords told

Artificial intelligence is technically incapable of distinguishing between the complex contextual factors of combat situations, and will likely never be able to, according to legal and software experts Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

security token

A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process. Continue Reading

By

• Paul Kirvan

One Login’s Gov.uk ID check apps downloaded over two million times

The One Login digital identity system is being used by eight government services, and GDS has issued more than 1.5 million verified identities since summer 2022, while its ID check apps are proving popular Continue Reading

By

• Lis Evenstad

ICO under fire for taking limited action over serious data breaches

The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

By

• Aaron Tan, TechTarget

Nearly quarter of a million malicious websites reported and removed through NCSC service

A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Regulatory ‘lacuna’ around facial recognition threatens rights

The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading

By

• Kingsley Hayes, Keller Postman UK

Podcast: Storage, backup, AI and data classification at RSA 2023

Much discussion at RSA 2023 about artificial intelligence, the risks to data protection, storage and compliance, plus risk and data classification, especially its impacts on access and data management Continue Reading

By

• Antony Adshead, Storage Editor

UKtech50 2023 winner: Michelle Donelan/Chloe Smith, secretary of state, DSIT

Computer Weekly looks at the achievements and successes of the Department for Science, Innovation and Technology, as its secretary of state is recognised as the most influential person in UK technology for 2023 Continue Reading

By

• Lis Evenstad

Payments regulator makes APP fraud reimbursement mandatory

UK payments regulator confirms changes to rules around repaying customers who lose money to authorised push payment fraudsters Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Met Police director of intelligence defends facial recognition

The Met Police’s director of intelligence has appeared before MPs to make the case for its continuing use of facial-recognition technology, following announcements from the force and the Home Office that they intend to press on with its adoption Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Lloyds Bank calls on tech companies to control social media ‘wild west’

Lloyds Banking Group is calling on tech giants to step forward in the fight against online fraud, which emanates in the social media ‘wild west’ Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading

By

• Lis Evenstad

Kuwait bank introduces biometric payments card

Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Two-thirds of all 2022 breaches resulted from spear phishing

Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

How to secure your software supply chain

In this week’s Computer Weekly, our latest buyer’s guide looks at secure coding, and kicks off by examining the challenges of securing your software supply chain. Cyber law enforcement leaders are calling on firms to end the secrecy around ransomware attacks. And we find out how facial recognition technology is being adopted by retailers. Read the issue now. Continue Reading

CW APAC: Expert advice on security and threat intelligence

Organisations are all too aware of the importance of cyber defence. In this handbook, focused on security and threat intelligence in the Asia-Pacific region, Computer Weekly looks at the software supply chain, Mimecast’s email security, Australian data breaches and Singapore’s threat intelligence. Continue Reading

Home Office pushes for more police facial-recognition deployments

An independent report commissioned by the biometrics commissioner of England and Wales reveals that the UK policing minister is pushing for wider adoption of facial-recognition technology by police, and further criticises the government’s proposed changes to surveillance oversight Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Pentera ups ante in penetration testing

The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform Continue Reading

By

• Aaron Tan, TechTarget

MS macro-blocking has forced cyber criminals to innovate

One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate Continue Reading

By

• Alex Scroxton, Security Editor

CW EMEA: The future of work

In this month’s CW EMEA, we look at the future of work in Europe after the pandemic forced a change in entrenched human behaviour. For years, people talked about flexible working being the way forward, but scepticism within the management of large companies held it back. This all changed when Covid-19 began to spread out of control and governments and businesses quickly told people to work from home where possible. We also look at the increasing problem of IT failures in Dutch hospitals and how they are affecting patient care, highlighting the need to improve IT security in hospitals. Read the issue now. Continue Reading

Fujitsu staff had ‘unrestricted and unauditable’ remote access to Post Office branch systems

Fujitsu engineers could make changes to Post Office branch accounts without anyone knowing Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

How datacentre operators can fend off cyber attacks

Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats Continue Reading

By

• Aaron Tan, TechTarget

Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Thinking beyond IAM in the cloud

Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control Continue Reading

By

• Petra Wenham

Google debuts passwordless login options for users

Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading

By

• Alex Scroxton, Security Editor

Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading

By

• Alex Scroxton, Security Editor

Google Cloud seals bug that could have led to data breaches

The Asset Key Thief vulnerability gave rise to multiple potential attack scenarios that could have impacted thousands of Google Cloud users, but has now been safely fixed Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Going beyond IAM for cloud security

Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading

By

• Becky Gelder, Turnkey Consulting

Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

How organisations can succeed with zero trust

By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading

By

• Aaron Tan, TechTarget

Cloud identity: Are you who you say you are?

As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM Continue Reading

By

• Ser Yoong Goh

Focus on these three risky behaviours to boost cloud security

Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Why IAM systems are crucial for securing multicloud architecture

As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading

By

• Peter Ray Allison

Microsoft Azure Key Vault

Microsoft Azure Key Vault is a cloud-based security service offered by Microsoft as part of its Azure platform. Continue Reading

By

• Katie Terrell Hanna
• Tayla Holman, Site Editor

Securing your software supply chain

Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading

By

• Aaron Tan, TechTarget

Three charged over banking fraud for hire website

UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters Continue Reading

By

• Alex Scroxton, Security Editor

UK police double down on ‘improved’ facial recognition

The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Okta integrates with Singapore’s national digital ID system

The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading

By

• Aaron Tan, TechTarget

Security Think Tank: Adopt a coherent framework for ID first security

With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading

By

• Andrew Peel

Prioritise automated hardening over traditional cyber controls, says report

A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading

By

• Alex Scroxton, Security Editor

Scottish police tech piloted despite major data protection issues

Scottish policing bodies are pressing ahead with a data sharing pilot despite data protection issues around the use of US cloud providers, placing sensitive personal data of tens of thousands of people at risk Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Revitalising UK digital government

In this week’s Computer Weekly, as the UK plummets down the international rankings for digital government, can its £400m identity system revitalise the UK’s digital strategy? We examine the container management platforms from the big six storage suppliers. And we look at the challenges of achieving IT sustainability while continuing to drive digital innovation. Read the issue now. Continue Reading

Reactive approach to cyber procurement risks damaging businesses

Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes Continue Reading

By

• Alex Scroxton, Security Editor

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

By

• Gerard O'Dwyer

GDS signs £24m worth of contracts for One Login

As the Government Digital Service (GDS) prepares for the official end of Gov.uk Verify, it signs three new contracts for its successor programme, One Login Continue Reading

By

• Lis Evenstad

NCSC launches cyber check-up tools for SMEs

The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading

By

• Alex Scroxton, Security Editor

NatWest announces ID service for its customers

The identities of NatWest customers engaging with businesses online can be confirmed by the bank's ID service in seconds Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

UK government introduces revised data reform bill to Parliament

Designed in close collaboration with technology businesses, the UK government is re-introducing an updated version of its Data Protection and Digital Information Bill to Parliament, which civil society groups say upends key safeguards Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading

By

• Aaron Tan, TechTarget

Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Dutch hospitals underestimate impact of cyber attack

IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading

By

• Kim Loohuis

Uber introduces dynamic pricing algorithm in London

The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

WH Smith staff data accessed in cyber attack

The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Salt Labs identifies OAuth security flaw within Booking.com

Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

LastPass attack saw employee’s home computer hacked

The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package Continue Reading

By

• Alex Scroxton, Security Editor

UK police have ‘culture of retention’ around biometric data

A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading

By

• Kim Loohuis

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

By

• John Tolbert, KuppingerCole

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading

By

• Aaron Tan, TechTarget

passwordless authentication

Passwordless authentication is signing into a service without using a password. Continue Reading

By

• Gavin Wright
• Alexander S. Gillis, Technical Writer and Editor

Police tech needs clear legal rules, says biometrics regulator

Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Whistleblower in limbo as sensitive NatWest customer files remain under her bed

Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Social media platform Reddit breached in phishing attack

An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack Continue Reading

By

• Alex Scroxton, Security Editor

Banking regulatory body wants a ‘tripwire’ to flag APP fraud

Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

APAC buyer’s guide to SASE

In this buyer’s guide on secure access service edge services, we look at the benefits of the technology, key considerations and the market landscape Continue Reading

By

• Aaron Tan, TechTarget

NCSC for Startups inducts four companies into programme

Four more startups are set to join the NCSC accelerator, which helps the UK government develop technology and approaches to pressing cyber security challenges Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor