News
Data breach incident management and recovery
-
January 27, 2023
27
Jan'23
Hive ransomware gang taken down after FBI hacks back
The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation
-
January 26, 2023
26
Jan'23
Royal Mail resumes some international parcel services from UK
Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack
-
January 26, 2023
26
Jan'23
Zero-trust implementations remain work in progress
Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds
-
January 25, 2023
25
Jan'23
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK
Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC
-
January 25, 2023
25
Jan'23
Arnold Clark cyber attack claimed by Play ransomware gang
A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel
-
January 25, 2023
25
Jan'23
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk
-
January 24, 2023
24
Jan'23
UK insurers need to up their game on cyber gaps, says PRA
Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority
-
January 24, 2023
24
Jan'23
SSRF attacks hit 100,000 businesses globally since November
There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers
-
January 23, 2023
23
Jan'23
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC
-
January 22, 2023
22
Jan'23
Royal Mail making limited progress on ransomware recovery
Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common
-
January 20, 2023
20
Jan'23
Veeam survey finds ransomware blocks digital transformation
Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered
-
January 20, 2023
20
Jan'23
WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising
The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising
-
January 19, 2023
19
Jan'23
International post resumes thanks to Royal Mail ‘workarounds’
Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack
-
January 19, 2023
19
Jan'23
KFC, Pizza Hut parent shuts UK restaurants after cyber attack
A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group
-
January 19, 2023
19
Jan'23
Mailchimp suffers third breach in 12 months
Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack
-
January 18, 2023
18
Jan'23
Ukraine CERT leaders touch down in London for talks
The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience
-
January 18, 2023
18
Jan'23
Ukraine cyber teams responded to more than 2,000 attacks in 2022
The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day
-
January 17, 2023
17
Jan'23
Crest throws support behind CyberUp CMA reform campaign
Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990
-
January 17, 2023
17
Jan'23
Royal Mail promises ‘workarounds’ to restore services after ransomware attack
Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future
-
January 13, 2023
13
Jan'23
LockBit cartel suspected of Royal Mail cyber attack
The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation
-
January 12, 2023
12
Jan'23
Companies warned to step up cyber security to become ‘insurable’
Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks
-
January 12, 2023
12
Jan'23
Guardian confirms Christmas 2022 cyber attack was ransomware
Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack
-
January 11, 2023
11
Jan'23
Royal Mail services hit by major cyber attack
UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack
-
January 11, 2023
11
Jan'23
Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations
Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming
-
January 10, 2023
10
Jan'23
New APT group targets ASEAN governments and militaries
The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB
-
January 10, 2023
10
Jan'23
Insurer Beazley introduces catastrophe bond to ease cyber risk
Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover
-
January 06, 2023
06
Jan'23
Proposed digital fraud refund rules risk excluding many victims
Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned
-
January 06, 2023
06
Jan'23
Russia’s Turla falls back on old malware C2 domains to avoid detection
Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals
-
January 06, 2023
06
Jan'23
Vice Society cyber gang targeted multiple UK schools
The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK
-
January 05, 2023
05
Jan'23
Warning over ransomware attacks spreading via Fortinet kit
Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web
-
January 05, 2023
05
Jan'23
Fallout from Guardian cyber attack to last at least a month
The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time
-
January 02, 2023
02
Jan'23
China and India governments among top targets for cyber attackers
Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures
-
December 22, 2022
22
Dec'22
Top 10 cyber security stories of 2022
The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
-
December 22, 2022
22
Dec'22
Top 10 cyber crime stories of 2022
Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents
-
December 21, 2022
21
Dec'22
Top 10 ANZ IT stories of 2022
We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year
-
December 16, 2022
16
Dec'22
Shiseido data breach victims plan legal action over fake companies
Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names
-
December 15, 2022
15
Dec'22
Lego fixes dangerous API vulnerability in BrickLink service
The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas
-
December 14, 2022
14
Dec'22
Advanced Azov data wiper likely to become active threat
Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily
-
December 13, 2022
13
Dec'22
EU issues draft data adequacy decision in favour of US
The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision
-
December 13, 2022
13
Dec'22
Finnish government launches information security voucher scheme
Finland’s government is offering businesses financial support to help them improve their cyber security
-
December 13, 2022
13
Dec'22
More Uber data exposed in possible supply chain attack
A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
-
December 13, 2022
13
Dec'22
Customer frustrations mount as Rackspace investigation proceeds
Rackspace says it is making progress on restoring services following a ransomware attack on its Hosted Exchange business, but customers are becoming frustrated with a lack of communication
-
December 11, 2022
11
Dec'22
How Zscaler is cracking APAC’s cloud security market
Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
-
December 09, 2022
09
Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism
A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
-
December 08, 2022
08
Dec'22
Australia to develop new cyber security strategy
New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
-
December 07, 2022
07
Dec'22
Rackspace email outage confirmed as ransomware attack
An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
-
December 06, 2022
06
Dec'22
Don’t become an unwitting tool in Russia’s cyber war
Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
-
December 05, 2022
05
Dec'22
Cohesity doubles down on cyber-defence failings via backup
Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact
-
December 05, 2022
05
Dec'22
French cyber consultancy Hackuity sets up UK operation
Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
-
December 02, 2022
02
Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers