News
Data breach incident management and recovery
-
March 31, 2022
31
Mar'22
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos
-
March 31, 2022
31
Mar'22
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?
-
March 30, 2022
30
Mar'22
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 29, 2022
29
Mar'22
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware
-
March 29, 2022
29
Mar'22
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices
-
March 25, 2022
25
Mar'22
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering
-
March 24, 2022
24
Mar'22
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
-
March 24, 2022
24
Mar'22
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks
-
March 22, 2022
22
Mar'22
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise
-
March 18, 2022
18
Mar'22
Dark web littered with Ukraine crypto scammers
Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine
-
March 18, 2022
18
Mar'22
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks
-
March 17, 2022
17
Mar'22
Alarm raised over ‘trickster’ LokiLocker ransomware
The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers
-
March 17, 2022
17
Mar'22
FCSA takes steps to help umbrella company members protect themselves better from cyber attacks
After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better
-
March 16, 2022
16
Mar'22
Biden signs ransomware reporting mandate into law
CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours
-
March 16, 2022
16
Mar'22
SentinelOne adds Attivo Networks to identity portfolio
SentinelOne adds identity threat detection and response technology to its cyber portfolio, saying it will benefit zero-trust adoption among its customers
-
March 16, 2022
16
Mar'22
CaddyWiper is fourth new malware linked to Ukraine war
ESET’s cyber security analysts have identified yet another destructive wiper malware being used against targets in Ukraine
-
March 11, 2022
11
Mar'22
Kaspersky forced to deny source code leak
Kaspersky says an alleged leak of its source code was in fact material anyone could have gleaned from its public servers
-
March 10, 2022
10
Mar'22
Government to force tech firms to stop fraudsters using their platforms for scams
Changes to legislation will make social media and search engine firms responsible for preventing fraudsters using their platforms to commit crimes
-
March 09, 2022
09
Mar'22
China’s APT41 exploited Log4j within hours
APT41 compromised multiple government organisations via the Log4Shell exploit within hours of its initial disclosure, Mandiant claims
-
March 08, 2022
08
Mar'22
Google buys Mandiant for £4bn
Acquisition will see cyber defence and threat intelligence specialist folded into Google Cloud’s security suite
-
March 03, 2022
03
Mar'22
Boardroom does not see ransomware as a priority
Less than a quarter of company directors think ransomware is a top priority for their security teams, according to Egress
-
March 03, 2022
03
Mar'22
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea
-
March 01, 2022
01
Mar'22
Toyota production to resume after supply chain attack
Toyota production has been set back by over 10,000 vehicles following a cyber attack on a critical components supplier in Japan
-
March 01, 2022
01
Mar'22
BBC blasted with millions of malicious emails
Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day
-
March 01, 2022
01
Mar'22
ESET details new IsaacWiper malware used on Ukraine
Having been among the first to report on the HermeticWiper malware used against Ukraine last week, ESET has now identified another destructive malware called IsaacWiper
-
February 28, 2022
28
Feb'22
Ukraine cyber attacks seen spiking, but no destructive cyber war yet
While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region
-
February 28, 2022
28
Feb'22
Cloudflare: Our network is our product
Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats
-
February 25, 2022
25
Feb'22
Mass phishing attacks against Ukrainian citizens reported
The Ukrainian cyber authorities are alerting people located in the country to be alert to phishing attacks
-
February 24, 2022
24
Feb'22
Researchers link Dridex botnet to emergent Entropy ransomware
A little-known new ransomware called Entropy contains significant code similarities to the general purpose Dridex botnet, suggesting some kind of link between the two
-
February 24, 2022
24
Feb'22
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021
-
February 24, 2022
24
Feb'22
New wave of cyber attacks on Ukraine preceded Russian invasion
A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion
-
February 24, 2022
24
Feb'22
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building
-
February 24, 2022
24
Feb'22
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk
-
February 23, 2022
23
Feb'22
DCMS launches free cyber skills platform for kids
Government introduces free online cyber skills training for schoolchildren to encourage them into cyber security roles in the future and help address the skills gap
-
February 23, 2022
23
Feb'22
Backups ‘no longer effective’ for stopping ransomware attacks
Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques
-
February 23, 2022
23
Feb'22
No imminent cyber threat to UK from Russia
Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain
-
February 23, 2022
23
Feb'22
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region
-
February 22, 2022
22
Feb'22
UK organisations swift to chide phishing victims
While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated
-
February 21, 2022
21
Feb'22
Zoom gains NCSC Cyber Essentials Plus and NHS security badges
Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats
-
February 21, 2022
21
Feb'22
UK joins US in pinning Ukraine DDoS attacks on Russia
A series of DDoS attacks on Ukrainian defence and banking organisations last week is now being firmly attributed to Russian action
-
February 18, 2022
18
Feb'22
UK organisations untroubled by Trickbot surge
A surge in Trickbot infections is targeting some of the world’s most prominent brands, but UK organisations seem thankfully unaffected
-
February 17, 2022
17
Feb'22
Red Cross cyber attack the work of nation-state actors
The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state
-
February 16, 2022
16
Feb'22
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment
-
February 16, 2022
16
Feb'22
DDoS attacks hit Ukrainian defence ministry and banks
A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region
-
February 16, 2022
16
Feb'22
BlackCat ransomware gang claims responsibility for Swissport attack
Ransomware gang is trying to offload 1.6TB of data stolen from aviation services firm
-
February 16, 2022
16
Feb'22
Retrospect Backup refines anomaly detection in ransomware battle
StorCentric backup software brand allows customer fine-tuning of anomaly detection in struggle against ransomware, and adds immutable copies via object locking in Azure
-
February 15, 2022
15
Feb'22
Botched third-party configuration exposes Internet Society data to web
Personal data on members of The Internet Society was exposed after a supplier failed to secure its Azure storage
-
February 15, 2022
15
Feb'22
Parasol data breach: Frustrated IT contractors dig into the dark web in search of their data
The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for ...