Network security management
-
Opinion
19 Dec 2024
Innovation, insight and influence: the CISO playbook for 2025 and beyond
From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading
-
News
18 Dec 2024
The Security Interviews: Martin Lee, Cisco Talos
Threat intel expert and author Martin Lee, EMEA technical lead for security research at Cisco Talos, joins Computer Weekly to mark the 35th anniversary of the first ever ransomware attack Continue Reading
-
News
29 Mar 2022
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading
-
News
29 Mar 2022
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
25 Mar 2022
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading
-
News
24 Mar 2022
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading
-
News
22 Mar 2022
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading
-
Opinion
22 Mar 2022
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
Opinion
21 Mar 2022
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading
-
News
18 Mar 2022
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks Continue Reading
-
Opinion
18 Mar 2022
National Cyber Strategy will enhance UK’s cyber power status
The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading
-
News
17 Mar 2022
Alarm raised over ‘trickster’ LokiLocker ransomware
The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading
-
News
17 Mar 2022
Windstream claims North America’s ‘first and only comprehensive’ managed SASE
Managed communications service provider sees new bundle enabling convergence of networking and security as addressing modern-day challenges of digital business transformation, cyber security and workforce mobility Continue Reading
-
News
16 Mar 2022
SentinelOne adds Attivo Networks to identity portfolio
SentinelOne adds identity threat detection and response technology to its cyber portfolio, saying it will benefit zero-trust adoption among its customers Continue Reading
-
News
16 Mar 2022
CaddyWiper is fourth new malware linked to Ukraine war
ESET’s cyber security analysts have identified yet another destructive wiper malware being used against targets in Ukraine Continue Reading
-
Opinion
15 Mar 2022
How cyber security teams can conquer the four-day working week
The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading
-
Definition
11 Mar 2022
screened subnet
A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces. Continue Reading
-
News
09 Mar 2022
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading
-
News
08 Mar 2022
Google buys Mandiant for £4bn
Acquisition will see cyber defence and threat intelligence specialist folded into Google Cloud’s security suite Continue Reading
-
Feature
08 Mar 2022
How APAC organisations can mitigate edge security threats
The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks Continue Reading
-
Opinion
07 Mar 2022
When more is too much in security
The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity Continue Reading
-
News
07 Mar 2022
Ukraine joins Nato cyber knowledge hub
Ukraine is to become a contributing participant in Nato’s Cooperative Cyber Defence Centre of Excellence Continue Reading
-
News
04 Mar 2022
Microsoft stops sales of products and services to Russia
Citing sanctions and cyber security concerns, Microsoft has become the latest company to withdraw from the Russian market Continue Reading
-
News
03 Mar 2022
Nato Cyber Security unit tests post-quantum VPN
Nato’s Cyber Security Centre has successfully tested secure communication flows in a post-quantum world using a UK-designed VPN Continue Reading
-
News
03 Mar 2022
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading
-
News
02 Mar 2022
Cyber companies step up support for Ukraine
Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine Continue Reading
-
News
01 Mar 2022
BBC blasted with millions of malicious emails
Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day Continue Reading
-
News
01 Mar 2022
DCMS opens consultation on telecoms cyber standards
Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading
-
News
01 Mar 2022
ESET details new IsaacWiper malware used on Ukraine
Having been among the first to report on the HermeticWiper malware used against Ukraine last week, ESET has now identified another destructive malware called IsaacWiper Continue Reading
-
News
28 Feb 2022
Ukraine cyber attacks seen spiking, but no destructive cyber war yet
While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region Continue Reading
-
News
28 Feb 2022
Cloudflare: Our network is our product
Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats Continue Reading
-
News
25 Feb 2022
Mass phishing attacks against Ukrainian citizens reported
The Ukrainian cyber authorities are alerting people located in the country to be alert to phishing attacks Continue Reading
-
Opinion
24 Feb 2022
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
News
24 Feb 2022
Researchers link Dridex botnet to emergent Entropy ransomware
A little-known new ransomware called Entropy contains significant code similarities to the general purpose Dridex botnet, suggesting some kind of link between the two Continue Reading
-
News
24 Feb 2022
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021 Continue Reading
-
News
24 Feb 2022
New wave of cyber attacks on Ukraine preceded Russian invasion
A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion Continue Reading
-
News
24 Feb 2022
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building Continue Reading
-
News
24 Feb 2022
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk Continue Reading
-
News
23 Feb 2022
Microsoft extends Defender umbrella to Google Cloud Platform
Redmond says extending Defender for Cloud native capabilities to the Google Cloud Platform will help simplify security for organisations pursuing multicloud strategies by eliminating the gaps where the bad guys can get in Continue Reading
-
News
23 Feb 2022
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region Continue Reading
-
News
21 Feb 2022
Zoom gains NCSC Cyber Essentials Plus and NHS security badges
Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats Continue Reading
-
News
21 Feb 2022
UK joins US in pinning Ukraine DDoS attacks on Russia
A series of DDoS attacks on Ukrainian defence and banking organisations last week is now being firmly attributed to Russian action Continue Reading
-
News
16 Feb 2022
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading
-
News
15 Feb 2022
Botched third-party configuration exposes Internet Society data to web
Personal data on members of The Internet Society was exposed after a supplier failed to secure its Azure storage Continue Reading
-
News
11 Feb 2022
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading
-
News
11 Feb 2022
Why security professionals should pay attention to what Russia is doing
Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to Continue Reading
-
E-Zine
10 Feb 2022
CW Benelux: Unesco members adopt AI ethics recommendation
Unesco member state have adopted an AI ethics recommendation that seeks to define a common set of values and principles to guide the development of ethical AI globally. Also read about a large-scale national cyber exercise in the Netherlands, and the Estonian government’s Siri-like digital assistant. Continue Reading
-
News
09 Feb 2022
Linux-based clouds an open door for attackers, says VMware
Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware Continue Reading
-
News
09 Feb 2022
Ransomware ever more sophisticated and impactful, warns NCSC
UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs Continue Reading
-
Podcast
09 Feb 2022
Log4Shell, Ukraine and umbrella firm cyber attacks – Computer Weekly Downtime Upload podcast
Alex Scroxton joins the team to discuss the Log4j vulnerability and Russian pressure on Ukraine. Also discussed are cyber attacks on umbrella companies, neuro-diversity and junk in space Continue Reading
-
News
08 Feb 2022
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading
-
News
04 Feb 2022
Cyber attacks on European oil facilities spreading
Following a cyber attack on distribution facilities in Germany, more incidents have been reported in Belgium and the Netherlands, but it is too early to necessarily draw a link between them Continue Reading
-
News
04 Feb 2022
Check Point looks to plug ASEAN’s cyber security gap
Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading
-
News
03 Feb 2022
BlackCat crew supposedly behind OilTanking ransomware heist
Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group Continue Reading
-
News
03 Feb 2022
Crisp supply shortage looms after KP Snacks hit by ransomware
Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks Continue Reading
-
News
03 Feb 2022
French Supreme Court raises constitutional questions over EncroChat hacking secrecy
Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution Continue Reading
-
News
02 Feb 2022
Zero-trust to soar in 2022, but dogged by implementation challenges
IT leaders are keen to invest in zero-trust, but face issues around a lack of expertise, and selling the concept into the C-suite Continue Reading
-
Feature
02 Feb 2022
What neurodivergent people really think of working in cyber security
Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading
-
News
01 Feb 2022
German fuel supplier taken offline in cyber attack
Cyber attack against Germany’s Oiltanking, a major fuel logistics company, affects 13 distribution terminals across Germany, in an incident with echoes of last year’s hit on Colonial Pipeline Continue Reading
-
News
01 Feb 2022
Over one-fifth of ransomware attacks target financial sector
Newly published data reveals a significant uptick in cyber attacks against the financial services sector during the third quarter of 2021 Continue Reading
-
News
31 Jan 2022
Data on children of armed forces personnel exposed in breach
Data on 4,142 children of serving armed forces personnel was exposed in a data breach at the Ministry of Defence Continue Reading
-
News
27 Jan 2022
CISOs must get out in front of Ukraine cyber crisis, says NCSC
The National Cyber Security Centre is urging UK organisations to take steps to bolster their cyber security resilience in response to the ongoing Ukraine crisis Continue Reading
-
News
27 Jan 2022
DCMS taps Arqit for 5G project to provide Open RAN security by default
Quantum platform-as-a-service provider joins government’s programme to drive diversity in comms technology supply with the aim of integrating a novel quantum encryption service to enable security by default Continue Reading
-
Definition
27 Jan 2022
one-time pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
News
26 Jan 2022
More intel emerges on WhisperGate malware that hit Ukraine
Security experts have been poring over the WhisperGate malware with which alleged Russia-backed entities targeted Ukrainian government websites Continue Reading
-
News
26 Jan 2022
MPs to debate landmark IoT security law
Proposed bill mandates tighter protections for connected products, and adds new rules for broadband roll-out into the bargain Continue Reading
-
News
25 Jan 2022
Prepare, but don’t panic, over supposed Russian cyber threat
A fresh alert from the US Department of Homeland Security may have IT security teams jumpy over the possibility that their organisations could be targeted by Russian state actors Continue Reading
-
News
25 Jan 2022
Cyber Essentials programme gets biggest update since launch
NCSC implements a thorough revision of its Cyber Essentials scheme to reflect the changing security landscape Continue Reading
-
News
21 Jan 2022
Cyber pros: Don’t revel in REvil’s downfall just yet
The arrests of REvil’s alleged kingpins is a welcome step, but as with any disruption to cyber criminal activity, it is never wise to assume law enforcement action means the threat has passed entirely Continue Reading
-
News
21 Jan 2022
New normal sees SASE, SD-WAN surge as MPLS is phased out
Research confirms that MPLS is ‘out’ and SD-WAN and SASE systems are the clear winners in enterprise networking as more and more European organisations are eliminating all on-prem datacentres, with cloud adoption steaming ahead Continue Reading
-
News
20 Jan 2022
Ransomware attacks dropped 37% in December, claims NCC
Latest monthly data reveals a significant decline in ransomware attacks at the end of 2021, but a new, emergent gang is making waves Continue Reading
-
News
20 Jan 2022
Updated cyber security regulations proposed for managed services sector
The Network and Information Systems regulations are to be updated to include MSPs and outsourcers, following a spate of supply chain attacks Continue Reading
-
News
20 Jan 2022
Data of 515,000 vulnerable people stolen in Red Cross attack
The International Committee of the Red Cross is probing a cyber attack that has already seen the personal data of hundreds of thousands of the world’s most vulnerable people compromised Continue Reading
-
News
19 Jan 2022
Chasm exists between ‘true’ and portfolio SASE approaches
Survey of enterprise IT leaders finds little difference between respondents without SASE and those who adopted SASE product portfolios regarding issues such as trade-offs between performance and security Continue Reading
-
News
19 Jan 2022
Trellix looks to democratise access to XDR in APAC
The company formed from the merger of FireEye Enterprise and McAfee will team up with managed service providers, among other efforts, to democratise access to extended detection and response capabilities in the region Continue Reading
-
News
19 Jan 2022
Trellix XDR platform forged out of McAfee, FireEye union
The private equity owners of McAfee Enterprise and FireEye are merging the companies into a new entity to ‘define the future’ of cyber security through XDR technology Continue Reading
-
News
18 Jan 2022
Exium, Teneo team to deliver digital experience, 5G-capable SASE platform
Work-from-anywhere IT services company and cyber security provider enter into partnership to assist lean enterprise IT teams in their transition to a secure access service edge Continue Reading
-
News
18 Jan 2022
Cobalt Strike still C2 infrastructure of choice
Its utility and ease of use, coupled with explosive growth in ransomware actions, makes Cobalt Strike Team Servers the C2 infrastructure of choice for malicious actors Continue Reading
-
News
13 Jan 2022
Nordic companies targeted in wave of cyber attacks
After a slew of cyber attacks hit major companies in the Nordics at the end of last year, we look at how they were affected and how they have recovered Continue Reading
-
News
12 Jan 2022
UK government bodies challenged on secure identity
Public sector bodies in the UK recognise secure identity and access management as critical to the roll-out of digital services, but face challenges in addressing this Continue Reading
-
News
12 Jan 2022
Macquarie joins NSW government’s cloud supplier panel
New South Wales state agencies will be able to access Macquarie’s sovereign cyber expertise and secure cloud, network and datacentre services Continue Reading
-
Definition
10 Jan 2022
honeynet
A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers. Continue Reading
-
News
05 Jan 2022
Google buys Siemplify in first phase of cyber investment
Once integrated into Google Cloud, Siemplify’s platform will serve as the basis for deeper security development at Google Continue Reading
-
Definition
04 Jan 2022
access log
An access log is a list of all requests for individual files -- such as Hypertext Markup Language files, their embedded graphic images and other associated files that get transmitted -- that people or bots have made from a website. Continue Reading
-
News
04 Jan 2022
Admins warned that Exchange date fix will take time to roll out
At the start of the New Year, Exchange 2016 and 2019 email servers started queuing email messages due to a date bug Continue Reading
-
News
03 Jan 2022
How APAC firms can stay ahead of cyber threats
Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks Continue Reading
-
News
23 Dec 2021
Top 10 cyber security stories of 2021
Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do? Continue Reading
-
Feature
22 Dec 2021
Is the IT sector beset by fear-mongering?
The arms race between hackers and security teams has led to a plethora of new technologies, but it can be hard to differentiate between sensible cyber purchases and those that are promoted by exaggerating risk Continue Reading
-
E-Zine
21 Dec 2021
What is Log4Shell - and why the panic?
In this week’s Computer Weekly, we assess the risks from Log4Shell, a new web software vulnerability described as “catastrophic”. We look at SASE – secure access service edge – which is set to be one of the networking priorities for 2022. And some victims of the Post Office IT scandal are still waiting for proper compensation. Read the issue now. Continue Reading
-
Opinion
16 Dec 2021
Enabling secure remote working is once again a top priority
The pandemic has bought many new security risks, particularly around remote working. As the UK government once again urges people to work from home under its Plan B restrictions, these risks must be tackled as a priority Continue Reading
-
News
15 Dec 2021
After Log4j, December Patch Tuesday piles on the pressure
December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue Continue Reading
-
News
15 Dec 2021
UK government to take ‘whole-of-society’ approach to cyber
Second iteration of the UK’s National Cyber Strategy broadens its focus to build a ‘whole-of-society’ security posture Continue Reading
-
Definition
13 Dec 2021
password salting
Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Continue Reading
-
News
13 Dec 2021
What is Log4Shell, and why are we panicking about it?
It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it Continue Reading
-
Opinion
13 Dec 2021
Security Think Tank: There’s much more to do to secure hybrid workers
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
Definition
09 Dec 2021
OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is one of two common schemes used to maintain the security of a server and other network resources. Continue Reading
-
News
09 Dec 2021
UK and US to collaborate on privacy innovation contest
Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC Continue Reading
-
News
09 Dec 2021
Aryaka announces ‘all-in-one’ SD-WAN, SASE offerings for hybrid workplace
Cloud-first software-defined wide area network firm claims hybrid network innovation breakthrough, enabling businesses of all sizes to navigate change while focusing on growth and digital transformation Continue Reading
-
News
08 Dec 2021
Number of .uk domain suspensions at record low
Statistics from Nominet show how effective law enforcement action against cyber crime in the UK is paying off Continue Reading
-
News
07 Dec 2021
Investigation mounted into Spar supermarket cyber attack
Possible supply chain cyber attack left more than 300 Spar supermarkets unable to process credit card payments Continue Reading