Privacy and data protection

A tenth of kids claim they could hack you

More and more young people are at risk of being drawn into cyber criminality, and parents must shoulder some of the blame, according to a report Continue Reading

Could social media revolutionise war crimes trials?

Computer Weekly speaks with open source investigators about how they use social media to gather evidence of war crimes, and the trouble with using such evidence in legal proceedings Continue Reading

AI cyber monitoring: A Computer Weekly Downtime Upload podcast

In this podcast, Darktrace’s Max Heinemeyer discusses the good – and the bad – to come out of artificial intelligence in IT security Continue Reading

ChatGPT’s phishing ‘problem’ may not be overstated

Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress Continue Reading

ICO under fire for taking limited action over serious data breaches

The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading

Generative AI: Data privacy, backup and compliance

We look at generative AI and the risks it poses to data privacy for the enterprise, implications for backup, and potentially dangerous impacts on compliance Continue Reading

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

Manchester University students threatened by ransomware gang

Students and staff members at the University of Manchester are being pressurised by an unnamed ransomware gang Continue Reading

Podcast: Cloud security, compliance and data classification

The rise of cloud has led to a proliferation of enterprise data and a rise in risk. We talk to Vigitrust CEO Mathieu Gorge about how to ensure compliance in a multicloud world Continue Reading

ChatGPT is creating a legal and compliance headache for business

ChatGPT’s increased use in the workplace has led many to question its legal and compliance implications for businesses. Experts warn that the software poses major security and copyright risks Continue Reading

Nakivo adds ransomware scanning and new restore options

Backup maker adds malware scanning with big names in security to immutable backup copy functionality. “Tape’s not dead” either, with restore from the venerable medium now possible Continue Reading

Clop begins naming alleged MOVEit victims

Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack Continue Reading

Ransomware-stricken Capita to run Action Fraud successor

A £50m deal to replace the Action Fraud service has been handed to PwC and Capita, which is facing investigations over its handling of customer data in a ransomware incident Continue Reading

Podcast: Containers, Kubernetes, data protection and compliance

Containers offer benefits to application deployment, but they proliferate, so tracking them for compliance purposes can be a challenge. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

Clop’s MOVEit ransom deadline expires

A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today Continue Reading

Cyber attacks against APAC commerce sector surpass 1.1 billion

Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings Continue Reading

Arnold Clark data leak victims prepare legal action

More than 10,000 people who had their data stolen and leaked in a ransomware attack on the Arnold Clark car dealer network have signed up to a group legal action after facing elevated amounts of fraud Continue Reading

Progress Software releases patch for second MOVEit Transfer vulnerability

Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning Continue Reading

Extreme Networks emerges as victim of Clop MOVEit attack

Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack Continue Reading

Barracuda ESG users told to throw away their hardware

Owners of Barracuda Email Security Gateway appliances are being told that they will need to throw out and replace their kit after it emerged that a patch for a recently disclosed vulnerability had not done the job Continue Reading

UK and US move closer to transatlantic data bridge deal

The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic Continue Reading

University of Manchester hit by cyber attack

The University of Manchester has been hit by a cyber attack of an undisclosed nature Continue Reading

CDEI publishes portfolio of AI assurance techniques

The UK’s Centre for Data Ethics and Innovation has published a variety of case studies to show how different assurance techniques can build and maintain trust in artificial intelligence systems Continue Reading

UK gets new rules to regulate crypto sector

The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions Continue Reading

Clop may have been sitting on MOVEit vulnerability for two years

The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years Continue Reading

Regulatory ‘lacuna’ around facial recognition threatens rights

The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading

Podcast: Storage, backup, AI and data classification at RSA 2023

Much discussion at RSA 2023 about artificial intelligence, the risks to data protection, storage and compliance, plus risk and data classification, especially its impacts on access and data management Continue Reading

UKtech50 2023 winner: Michelle Donelan/Chloe Smith, secretary of state, DSIT

Computer Weekly looks at the achievements and successes of the Department for Science, Innovation and Technology, as its secretary of state is recognised as the most influential person in UK technology for 2023 Continue Reading

Clop cyber gang claims MOVEit attack and starts harassing victims

The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked Continue Reading

Google launches hacker-backed SME security training scheme

Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles Continue Reading

Victims of MOVEit SQL injection zero-day mount up

The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast Continue Reading

Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers Continue Reading

Met Police director of intelligence defends facial recognition

The Met Police’s director of intelligence has appeared before MPs to make the case for its continuing use of facial-recognition technology, following announcements from the force and the Home Office that they intend to press on with its adoption Continue Reading

Generative AI – the next biggest cyber security threat?

Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in favour of opportunity or risk? Continue Reading

Why we need advanced malware detection with AI-powered tools

AI-powered cyber security tools have now developed to a point where they are becoming an effective approach to protecting the organisation. Learn how you can benefit from adopting them Continue Reading

Cisco joins growing Manchester cyber security hub

Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills Continue Reading

Five key steps where there is a risk of fraud investigation

When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected. Continue Reading

Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading

Almost all ransomware attacks target backups, says Veeam

Some 93% of ransomware attacks go for backups and most succeed, with 60% of those attacked paying the ransom, according to a Veeam survey Continue Reading

Kuwait bank introduces biometric payments card

Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading

Two-thirds of all 2022 breaches resulted from spear phishing

Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences Continue Reading

Cohesity Turing aims AI tools at backup and ransomware

Backup supplier continues to enrich its ecosystem with more artificial intelligence for backup and ransomware, with chat-like reporting functions and new security partners in its alliance Continue Reading

Facebook owner Meta fined record €1.2 billion over EU-US data transfers

Decision could have implications for other companies using Standard Contractual Clauses to share data between Europe and the US Continue Reading

Spanish lawyers claim police hacking of EncroChat cryptophones breaches human rights law

Lawyers speaking at the Madrid Bar Association question the legality of a cryptophone hacking which has led to arrests of organised criminals in multiple countries Continue Reading

Navigating artificial intelligence: Red flags to watch out for

Lou Steinberg, founder of cyber security research lab CTM Insights, flags up the risks of the growing use of AI, and what organisations can do to tame the technology for good Continue Reading

CW APAC: Expert advice on security and threat intelligence

Organisations are all too aware of the importance of cyber defence. In this handbook, focused on security and threat intelligence in the Asia-Pacific region, Computer Weekly looks at the software supply chain, Mimecast’s email security, Australian data breaches and Singapore’s threat intelligence. Continue Reading

Pentera ups ante in penetration testing

The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform Continue Reading

NetApp to promise ransomware warranty payout

NetApp will recover data hit by ransomware or pay a warranty, and has added entry-level SAN arrays and full access to all NetApp software across its hardware families Continue Reading

Why we need a secure side door for encrypted apps, not a back door  

Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages Continue Reading

How AI ethics is coming to the fore with generative AI

The hype around ChatGPT and other large language models is driving more interest in AI and putting ethical considerations surrounding their use to the fore Continue Reading

Investigatory Powers Tribunal finds NCA EncroChat hacking warrants were lawful

Investigatory Powers Tribunal refers questions over whether messages obtained from the EncroChat encrypted phone network are legally admissible back to the criminal court Continue Reading

Australia to shore up cyber and digital capabilities in Budget 2023

Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget Continue Reading

Journalists’ confidential communications subject to unlawful spying, court hears

Campaign group Liberty and the National Union of Journalists tell Court of Appeal the government has not gone far enough to protect confidential journalist information and sources from surveillance Continue Reading

Black Basta ransomware attack to cost Capita over £15m

Exceptional costs arising from the March 2023 Black Basta ransomware attack on the systems of outsourcer Capita will be somewhere between £15m and £20m, the organisation says Continue Reading

Nebulon aims Tripline at ransomware detection in storage

Tripline claims ransomware detection from samples every 30 seconds and works in conjunction with snapshots to deliver recovery from an attack in four minutes Continue Reading

Chat control: EU lawyers warn plans to scan encrypted messages for child abuse may be unlawful

Leaked legal advice warns that European ‘chat control’ proposals to require tech companies to scan private and encrypted messages for child abuse are likely to breach EU law Continue Reading

Capita pension clients told data may have leaked

Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation Continue Reading

Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster Continue Reading

Google debuts passwordless login options for users

Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading

Inside BlackBerry’s cyber security playbook

BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises Continue Reading

Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading

TikTok fixes vulnerability that could have exposed user activity data

A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed Continue Reading

Government anti-fraud strategy targets the tech behind the scams

The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology Continue Reading

Data classification tools: What they do and who makes them

Data classification is necessary for all organisations for reasons that range from simply putting data on the most cost-efficient media to ensuring legal and regulatory compliance Continue Reading

US competition watchdog issues generative AI warning

Generative AI can be used to manipulate people into making harmful decisions, says US Federal Trade Commission in warning to firms building and using AI-powered tools Continue Reading

Want to get cloud IAM right? Master the fundamentals

By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top Continue Reading

Researchers see surge in scam websites linked to coronation

Scammers and fraudsters continue to take advantage of large public events, with the coronation of King Charles III no exception Continue Reading

Government is playing ‘psychic war’ in battle over end-to-end encryption

Peers hear that the UK government is being deliberately ambiguous about its plans to require technology companies to scan the content of encrypted messages Continue Reading

Tenable opens playground for generative AI cyber tools

A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with Continue Reading

Google Cloud seals bug that could have led to data breaches

The Asset Key Thief vulnerability gave rise to multiple potential attack scenarios that could have impacted thousands of Google Cloud users, but has now been safely fixed Continue Reading

Police Scotland receive formal notice about cloud system

Scotland’s biometrics watchdog has issued Police Scotland with an information notice over its deployment of a cloud-based digital evidence system, following disclosure of major data protection concerns by Computer Weekly Continue Reading

Podcast: Ransomware, data protection and compliance

Ransomware is a huge and ever-present threat, but there are ways to avoid it and to mitigate its effects. We get key practical steps from Mathieu Gorge, CEO of Vigitrust Continue Reading

How non-fungible tokens can be used to manage health data

Non-fungible tokens will give patients more ownership and control over their health data and improve its transparency in healthcare research, according to SingHealth clinicians Continue Reading

Most IT staff uncomfortable deploying surveillance tech at work

The IT teams responsible for deploying and running digital surveillance in workplaces say they are uncomfortable with “extremely common” practice of spying on colleagues, research finds Continue Reading

Could your employees’ use of ChatGPT put you in breach of GDPR?

Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely Continue Reading

UK biometrics watchdog questions police cloud deployments

The UK biometrics commissioner has warned that policing and justice bodies must be able to demonstrate ‘immediately and unequivocally’ that their cloud deployments are lawful Continue Reading

CyberUK 23: New advice on smart city security issued

The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities Continue Reading

Prototype cyber tech has revolutionary potential

The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies Continue Reading

Online Safety Bill could pose risk to encryption technology used by Ukraine

CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine Continue Reading

UK Emergency Alert Test sparks cyber fraud warning

Fraudsters and scammers are likely to use the upcoming test of the UK's new mobile Emergency Alert system as bait in their attacks, while misinformation and conspiracy theories spread Continue Reading

Capita customer data was stolen in March ransomware attack

Capita says it has uncovered evidence of data exfiltration from a small proportion of its server estate following a cyber attack at the end of March Continue Reading

Are tech vendors pulling their weight on fixing fragmented IT?

Many organisations have silo’d data and fragmented IT systems, but how much of this is due to the actions of IT vendors? Do vendors too often chase a quick buck, selling point solutions that don’t ... Continue Reading

CyberUK 23: Ukraine offers masterclass in withstanding cyber war

Russian cyber activity has seen an unprecedented evolution in scale and pace over the past year, but Ukraine’s resilience has enabled it to mount a masterful response, says the NCSC Continue Reading

Surrey and Sussex police spared fines after recording 200,000 phone calls without people’s knowledge

Police forces escape potential £1m fines following change of policy by ICO to protect the finances of public sector bodies Continue Reading

CyberUK 23: NCSC launches Cyber Advisor service for SMEs

The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out Continue Reading

CyberUK 23: NCSC CEO calls for collaboration and warns against complacency

NCSC boss Lindy Cameron kicked off the annual CyberUK conference in Belfast with a plea for collaboration and a warning against complacency Continue Reading

Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading

IT Priorities 2023: Cloud and disaster recovery top storage and backup plans

Cloud storage still the biggest project planned in data storage in 2023, with disaster recovery the most important area in data protection cited by TechTarget/Computer Weekly survey respondents Continue Reading

CyberUK 23: NCSC conference centres cyber collaboration

The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading

Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms

The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens Continue Reading

UK presses on with post-Brexit data protection reform

The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading

Restaurants hit by IT problems after BlackCat attack on supplier NCR

Ransomware attack on systems of payments giant causing service outages for restaurants around the world Continue Reading

UK joins key allies to launch secure-by-design guidelines

The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading

Three charged over banking fraud for hire website

UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters Continue Reading

Italy to lift ChatGPT ban subject to new data protection controls

Italian regulator will lift its ban on OpenAI’s ChatGPT subject to a strict new data protection regime Continue Reading

With cyber attacks on the rise, businesses should prepare for quantum hacks now

Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading

UK police double down on ‘improved’ facial recognition

The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading

Okta integrates with Singapore’s national digital ID system

The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading

Anne Keast-Butler named as new director of GCHQ

The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading

KFC, Pizza Hut data stolen in January ransomware attack

Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack Continue Reading