News

Data breach incident management and recovery

October 27, 2022 27 Oct'22
Medibank breach casts spotlight on data security

Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia
October 26, 2022 26 Oct'22
Australia budget closes in on digital divide, cyber resilience

Australia’s latest budget is geared towards providing better broadband connectivity in regional and rural areas, shoring up the cyber security posture of its businesses and plugging tech talent shortages, among other areas
October 25, 2022 25 Oct'22
Global digital trust market to double by 2027

The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow
October 24, 2022 24 Oct'22
Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack

October 24, 2022 24 Oct'22
Half of staff might quit after a cyber attack, report says

Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention
October 21, 2022 21 Oct'22
Microsoft slams external researchers over its own data leak

Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue
October 20, 2022 20 Oct'22
Cyber professional shortfall hits 3.4 million

Shortage of cyber security professionals continues to grow and shows no signs of abating, says report
October 20, 2022 20 Oct'22
NatWest data breach whistleblower demands bank pay data controller fee to ICO

Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed
October 19, 2022 19 Oct'22
Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead
October 19, 2022 19 Oct'22
Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community

October 14, 2022 14 Oct'22
Annual costs of Hackney ransomware attack exceed £12m

Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago
October 14, 2022 14 Oct'22
Advanced: Healthcare data was stolen in LockBit 3.0 attack

Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack
October 14, 2022 14 Oct'22
Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency
October 12, 2022 12 Oct'22
NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers
October 11, 2022 11 Oct'22
Contractor left Toyota source code exposed for five years

Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor
October 07, 2022 07 Oct'22
Australia to amend telecoms regulations following Optus breach

Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions
October 05, 2022 05 Oct'22
Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure
October 04, 2022 04 Oct'22
Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation
September 29, 2022 29 Sep'22
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts
September 29, 2022 29 Sep'22
Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia
September 28, 2022 28 Sep'22
UK suffers third highest number of ransomware attacks globally

Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs
September 28, 2022 28 Sep'22
Data protection in Finland, four years after GDPR came into force

Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on
September 28, 2022 28 Sep'22
Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access
September 26, 2022 26 Sep'22
Bank warns of spike in online cost-of-living scams

Fraudsters are exploiting the cost-of-living crisis by tricking people into sending money to help friends and relatives pay bills, TSB has warned
September 26, 2022 26 Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials
September 23, 2022 23 Sep'22
Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns
September 22, 2022 22 Sep'22
Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets
September 22, 2022 22 Sep'22
ALPHV/BlackCat ransomware family becoming more dangerous

Researchers from Symantec share fresh insight into the ongoing development of the ransomware-as-a-service family known variously as ALPHV, BlackCat and Noberus
September 21, 2022 21 Sep'22
NCSC publishes cyber guidance for retailers

The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime
September 20, 2022 20 Sep'22
Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack
September 20, 2022 20 Sep'22
IHG attackers phished employee to deploy destructive wiper

A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation
September 20, 2022 20 Sep'22
Reports Uber and Rockstar incidents work of same attacker

Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber
September 16, 2022 16 Sep'22
Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist
September 15, 2022 15 Sep'22
Nominations closing soon for annual cyber awards

Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September
September 15, 2022 15 Sep'22
New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance
September 15, 2022 15 Sep'22
US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran
September 14, 2022 14 Sep'22
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs
September 14, 2022 14 Sep'22
DDoS attacks on UK financial sector surged during Ukraine war

A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine
September 13, 2022 13 Sep'22
Cisco confirms leaked data was stolen in Yanluowang ransomware hit

Cisco has confirmed that data leaked last week by the Yanluowang ransomware gang was that stolen during a May 2022 cyber attack
September 13, 2022 13 Sep'22
Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
September 12, 2022 12 Sep'22
Mandiant floats off into Google Cloud

As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business
September 12, 2022 12 Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
September 08, 2022 08 Sep'22
Chinese APT using PlugX malware on espionage targets

China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit
September 08, 2022 08 Sep'22
Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into
September 07, 2022 07 Sep'22
Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
September 07, 2022 07 Sep'22
August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
September 07, 2022 07 Sep'22
Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
September 07, 2022 07 Sep'22
Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor
September 07, 2022 07 Sep'22
Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals
September 06, 2022 06 Sep'22
Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services