News

Data breach incident management and recovery

April 20, 2023 20 Apr'23
3CX incident may be world’s first double supply chain attack

It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise
April 20, 2023 20 Apr'23
Capita customer data was stolen in March ransomware attack

Capita says it has uncovered evidence of data exfiltration from a small proportion of its server estate following a cyber attack at the end of March
April 19, 2023 19 Apr'23
CyberUK 23: Ukraine offers masterclass in withstanding cyber war

Russian cyber activity has seen an unprecedented evolution in scale and pace over the past year, but Ukraine’s resilience has enabled it to mount a masterful response, says the NCSC
April 19, 2023 19 Apr'23
CyberUK 23: Irresponsible use of commercial hacking tools a rising threat

Commercial cyber tools and hackers-for-hire pose a growing threat to organisations and individuals worldwide, according to an NCSC report

April 19, 2023 19 Apr'23
UK plc sees fewer cyber breaches and attacks, but lacks resilience

Latest government figures reveal UK businesses and charities reported lower volumes of cyber breaches and attacks over the past 12 months, but the statistics mask widespread underreporting and the true state of cyber readiness and resilience appears...
April 19, 2023 19 Apr'23
CyberUK 23: NCSC launches Cyber Advisor service for SMEs

The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out
April 19, 2023 19 Apr'23
CyberUK 23: NCSC CEO calls for collaboration and warns against complacency

NCSC boss Lindy Cameron kicked off the annual CyberUK conference in Belfast with a plea for collaboration and a warning against complacency
April 19, 2023 19 Apr'23
Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure
April 19, 2023 19 Apr'23
CyberUK 23: Alert over mercenary Russian threat to CNI

Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned
April 18, 2023 18 Apr'23
CyberUK 23: NCSC conference centres cyber collaboration

The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda

April 18, 2023 18 Apr'23
UK presses on with post-Brexit data protection reform

The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's ...
April 17, 2023 17 Apr'23
Restaurants hit by IT problems after BlackCat attack on supplier NCR

Ransomware attack on systems of payments giant causing service outages for restaurants around the world
April 17, 2023 17 Apr'23
Charity data stolen in ransomware attack on supplier

A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier
April 11, 2023 11 Apr'23
Anne Keast-Butler named as new director of GCHQ

The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ
April 11, 2023 11 Apr'23
KFC, Pizza Hut data stolen in January ransomware attack

Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack
April 06, 2023 06 Apr'23
Clop ransomware booms in March as Fortra zero-day pays off for gang

Backed by the threat actor tracked variously as Gold Tahoe and TA505, the Clop ransomware operation hit new ‘heights’ of activity last month, according to researchers
April 05, 2023 05 Apr'23
Cops bust Genesis cyber crime marketplace

Multinational Operation Cookie Monster takes down Genesis Market, a crucial source of compromised data used by criminals for fraud and other cyber attacks
April 05, 2023 05 Apr'23
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?

Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms?
April 04, 2023 04 Apr'23
TikTok fined in UK over unlawful use of children’s data

The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13
April 04, 2023 04 Apr'23
Threat researchers dissect anatomy of a Royal ransomware attack

Trellix researchers share the inside track on a Royal ransomware attack that hit one of its customers in late 2022
April 04, 2023 04 Apr'23
Over 90% of organisations find threat hunting a challenge

Understaffed security teams and high levels of background noise are making basic security operations tasks a chore for defenders, according to a report
April 03, 2023 03 Apr'23
Australia’s media and telecoms sector saw most data breaches in 2022

The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture
April 03, 2023 03 Apr'23
Three-day Capita outage was result of cyber attack

Public sector outsourcer Capita has confirmed a major outage which began on 31 March was the result of a cyber attack affecting its Office 365 apps
March 30, 2023 30 Mar'23
NHS Highland rapped over data breach affecting HIV patients

NHS Highland inadvertently exposed the personal data of individuals likely to be accessing HIV services in a lapse of email hygiene
March 30, 2023 30 Mar'23
Reactive approach to cyber procurement risks damaging businesses

Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes
March 30, 2023 30 Mar'23
3CX unified comms users hit by supply chain attacks

Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors
March 29, 2023 29 Mar'23
New North Korean APT launders crypto to fund spying programmes

Mandiant has attributed an ongoing campaign of malicious activity to a newly designated APT that is engaged in the acquisition and laundering of cryptocurrency to fund the regime’s espionage activities
March 29, 2023 29 Mar'23
How organisations can weaponise data privacy

Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner
March 28, 2023 28 Mar'23
Microsoft expands AI Copilot project into security realm

New Microsoft service, Security Copilot, will supposedly expand the reach, speed and effectiveness of cyber teams
March 28, 2023 28 Mar'23
Inside Group-IB’s cyber security playbook

A focus on threat intelligence, fraud protection and its work with Interpol has enabled Group-IB to compete against bigger rivals in the market
March 28, 2023 28 Mar'23
Ransomware attacks up 45% in February, LockBit responsible

NCC Group says it observed a surge in ransomware attacks in February, with LockBit, BlackCat and BianLian all highly active
March 22, 2023 22 Mar'23
Why Veeam thinks ransomware warranty payouts are unlikely

Veeam Data Platform v12 offers a financial guarantee to customers that can’t restore after ransomware attacks, but the backup supplier is convinced it won’t be making many payouts
March 22, 2023 22 Mar'23
Government launches seven-year NHS cyber strategy

The new Cyber Security Strategy for Health and Adult Social Care lays out a plan for promoting cyber resilience in the sector by 2030 to protect services and patients alike
March 21, 2023 21 Mar'23
Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat
March 21, 2023 21 Mar'23
Hitachi Energy emerges as victim of Clop gang’s Fortra attack

The power and energy division of Japanese conglomerate Hitachi has disclosed that it has fallen victim to a Clop cyber attack, but insists customer data is safe
March 21, 2023 21 Mar'23
Ferrari rejects ransom demand after cyber attack

Italian carmaker Ferrari says it will refuse to pay a ransom after an unspecified threat actor broke into its IT systems and stole customer data
March 21, 2023 21 Mar'23
Ransomware gangs harass victims to ‘bypass’ backups

Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order
March 20, 2023 20 Mar'23
NCSC launches cyber check-up tools for SMEs

The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack
March 16, 2023 16 Mar'23
BEC attacks doubled in 2022, outstripping ransomware

Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks
March 16, 2023 16 Mar'23
Rubrik customer, partner data exposed in possible Clop attack

Rubrik was supposedly compromised by the Clop ransomware gang via a zero-day vulnerability in a managed file transfer software package it uses
March 15, 2023 15 Mar'23
Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update
March 08, 2023 08 Mar'23
How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy
March 07, 2023 07 Mar'23
APAC IT leaders bullish on tech spending

Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas
March 01, 2023 01 Mar'23
Data breaches in Australia on the rise, says OAIC

Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner
February 28, 2023 28 Feb'23
LastPass attack saw employee’s home computer hacked

The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package
February 24, 2023 24 Feb'23
Royal Mail stands firm as LockBit leaks data and renews ransom demand

The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail’s systems, but the postal service is not entertaining the possibility of giving in
February 23, 2023 23 Feb'23
WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening
February 22, 2023 22 Feb'23
UK forces lead live-fire cyber war exercise

The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces
February 22, 2023 22 Feb'23
Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix
February 21, 2023 21 Feb'23
Royal Mail resumes full export service after cyber attack

Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business