Identity and access management products

How datacentre operators can fend off cyber attacks

Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats Continue Reading

Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster Continue Reading

Security Think Tank: Thinking beyond IAM in the cloud

Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control Continue Reading

Google debuts passwordless login options for users

Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading

Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading

Google Cloud seals bug that could have led to data breaches

The Asset Key Thief vulnerability gave rise to multiple potential attack scenarios that could have impacted thousands of Google Cloud users, but has now been safely fixed Continue Reading

Security Think Tank: Going beyond IAM for cloud security

Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading

Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading

How organisations can succeed with zero trust

By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading

Cloud identity: Are you who you say you are?

As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM Continue Reading

Focus on these three risky behaviours to boost cloud security

Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading

Why IAM systems are crucial for securing multicloud architecture

As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading

Securing your software supply chain

Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading

Three charged over banking fraud for hire website

UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters Continue Reading

UK police double down on ‘improved’ facial recognition

The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used in a discriminatory fashion Continue Reading

Okta integrates with Singapore’s national digital ID system

The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading

Security Think Tank: Adopt a coherent framework for ID first security

With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading

Prioritise automated hardening over traditional cyber controls, says report

A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading

Scottish police tech piloted despite major data protection issues

Scottish policing bodies are pressing ahead with a data sharing pilot despite data protection issues around the use of US cloud providers, placing sensitive personal data of tens of thousands of people at risk Continue Reading

Revitalising UK digital government

In this week’s Computer Weekly, as the UK plummets down the international rankings for digital government, can its £400m identity system revitalise the UK’s digital strategy? We examine the container management platforms from the big six storage suppliers. And we look at the challenges of achieving IT sustainability while continuing to drive digital innovation. Read the issue now. Continue Reading

Reactive approach to cyber procurement risks damaging businesses

Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes Continue Reading

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

GDS signs £24m worth of contracts for One Login

As the Government Digital Service (GDS) prepares for the official end of Gov.uk Verify, it signs three new contracts for its successor programme, One Login Continue Reading

NCSC launches cyber check-up tools for SMEs

The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading

NatWest announces ID service for its customers

The identities of NatWest customers engaging with businesses online can be confirmed by the bank's ID service in seconds Continue Reading

UK government introduces revised data reform bill to Parliament

Designed in close collaboration with technology businesses, the UK government is re-introducing an updated version of its Data Protection and Digital Information Bill to Parliament, which civil society groups say upends key safeguards Continue Reading

How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading

Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading

Dutch hospitals underestimate impact of cyber attack

IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading

Uber introduces dynamic pricing algorithm in London

The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods Continue Reading

WH Smith staff data accessed in cyber attack

The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading

Salt Labs identifies OAuth security flaw within Booking.com

Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild Continue Reading

LastPass attack saw employee’s home computer hacked

The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package Continue Reading

UK police have ‘culture of retention’ around biometric data

A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading

Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading

Police tech needs clear legal rules, says biometrics regulator

Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust Continue Reading

Whistleblower in limbo as sensitive NatWest customer files remain under her bed

Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data Continue Reading

Social media platform Reddit breached in phishing attack

An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack Continue Reading

Banking regulatory body wants a ‘tripwire’ to flag APP fraud

Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money Continue Reading

APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest Continue Reading

APAC buyer’s guide to SASE

In this buyer’s guide on secure access service edge services, we look at the benefits of the technology, key considerations and the market landscape Continue Reading

NCSC for Startups inducts four companies into programme

Four more startups are set to join the NCSC accelerator, which helps the UK government develop technology and approaches to pressing cyber security challenges Continue Reading

Innovative Technology deploys age estimation tech in shops and pubs

A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages Continue Reading

Malware variant can block contactless payments

Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money Continue Reading

GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading

The Security Interviews: Protecting your digital self

Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading

Cabinet Office looks to expand public data sharing for digital ID

Cabinet Office seeks feedback on proposed legislation to enhance data sharing across the public sector, in support of the UK government’s ambition to have a single sign-on identity-check system for all public services Continue Reading

UK government completes trials of age estimation technology

Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to adopt the tools for alcohol sales Continue Reading

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading

Test of digital ID tech at Surrey nightclub proclaimed success

The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID Continue Reading

China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Top 10 technology and ethics stories of 2022

Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading

Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading

Online Safety Bill returns to Parliament

MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July Continue Reading

Too many secrets: What can today’s cyber teams learn from a 30-year-old film?

Despite being 30 years old, Sneakers remains a classic hacker film. The technology may have dated, but the underlying themes remain relevant and remind us about the threats lurking online Continue Reading

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading

Security Think Tank: The more you buy, the less you protect

The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman Continue Reading

LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba Continue Reading

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading

‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm Continue Reading

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading

Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure Continue Reading

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading

Scottish government to pilot digital identity platform in early 2023

Pilot of Scotland’s digital identity platform will be run in partnership with Disclosure Scotland, using secure sign-on and identity verification Continue Reading

HMRC will begin migration from Government Gateway to One Login in summer 2023

One Login for Government programme has the objective of simplifying access to central government, says HMRC chief technology and design officer Continue Reading

APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading

Security Think Tank: Anti-ransomware strategies should be as easy as ABC

When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading

Keeping personally identifiable data personal

As it celebrates its 100th birthday, the BBC has begun a pilot looking into its role in enabling the general public to store their personal data Continue Reading

Elon Musk begins mass Twitter layoffs via email

New Twitter owner Elon Musk has begun the process of cutting the company’s workforce in half, but is already facing a legal backlash for allegedly violating US labour laws Continue Reading

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading

Automated threats biggest source of cyber risk for retailers

Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report Continue Reading

Dropbox code compromised in phishing attack

Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure Continue Reading

Digital identity and opening up the smartwallet

When an 80 year-old relative asks you how she can use her phone to both pay for shopping and get her supermarket loyalty points, like her friends do, you know that digital wallets are a success. ... Continue Reading

How has container security changed since 2020, and have we taken it too far?

While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading

LinkedIn adds new features to safeguard user privacy, security

Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity Continue Reading

Santander calls for cooperation to tackle APP fraud

New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading

ICO warns against using biometrics for ‘emotional analysis’

ICO warning highlights risk of ‘systemic bias’ and discrimination associated with organisations using biometric data and technologies for emotion analysis Continue Reading

Global digital trust market to double by 2027

The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading

Digital-first businesses more willing to accept some fraud

Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading

The Security Interviews: Why now for ZTNA 2.0?

With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network access Continue Reading

Singapore extends cyber security labelling scheme to medical devices

The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading

Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency Continue Reading

Gartner: Remote work, zero trust, cloud still driving cyber spend

Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud Continue Reading

How Cloudflare is staying ahead of the curve

Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Digital right to work checks officially go live

Under the new government guidance, employers can choose between 16 certified identity service providers to digitally check their employees legal right to work in the UK Continue Reading

Security regulation cuts online payment fraud at 73% of retailers

New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers Continue Reading