News
Data breach incident management and recovery
-
December 09, 2022
09
Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism
A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
-
December 08, 2022
08
Dec'22
Australia to develop new cyber security strategy
New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
-
December 07, 2022
07
Dec'22
Rackspace email outage confirmed as ransomware attack
An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
-
December 06, 2022
06
Dec'22
Don’t become an unwitting tool in Russia’s cyber war
Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
-
December 05, 2022
05
Dec'22
Cohesity doubles down on cyber-defence failings via backup
Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact
-
December 05, 2022
05
Dec'22
French cyber consultancy Hackuity sets up UK operation
Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
-
December 02, 2022
02
Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
-
December 01, 2022
01
Dec'22
LastPass probes new cyber incident related to August attack
The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba
-
November 30, 2022
30
Nov'22
South Staffs Water customer data leaked after ransomware attack
Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack
-
November 30, 2022
30
Nov'22
Latest LockBit ransomware versions have wormable capabilities
Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter
-
November 30, 2022
30
Nov'22
NIS regulations to be extended to cover MSPs
The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope
-
November 29, 2022
29
Nov'22
Cyber criminals exploiting naked TikTok ‘challenge’
Malware operators lured targets by promising them they would be able to view nude videos of TikTok users
-
November 25, 2022
25
Nov'22
Data management, backup becoming the CISO's responsibility
More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year
-
November 24, 2022
24
Nov'22
Not-for-profit aims to encourage 1,300 girls into cyber careers
CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber
-
November 23, 2022
23
Nov'22
Red team tool developer slams ‘irresponsible’ disclosure
UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors
-
November 23, 2022
23
Nov'22
Dutch national cyber security strategy aims to protect digital society
Cabinet sets up national cyber security strategy to make the Netherlands digitally secure
-
November 22, 2022
22
Nov'22
Ducktail spins new tales to hijack Facebook Business accounts
The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts
-
November 21, 2022
21
Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts
Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
-
November 18, 2022
18
Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?
With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
-
November 18, 2022
18
Nov'22
New gold standard to protect good faith hackers
HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking
-
November 18, 2022
18
Nov'22
CyberPeace Institute helps NGOs improve their security resilience
Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people
-
November 17, 2022
17
Nov'22
Another Log4Shell warning after Iranian attack on US government
The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching
-
November 16, 2022
16
Nov'22
Global network fragmentation a source of increasing risk
Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures
-
November 15, 2022
15
Nov'22
APP fraud volumes expected to double by 2026, says report
Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue
-
November 14, 2022
14
Nov'22
How Google and Mandiant are forging synergies in cyber security
Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security
-
November 13, 2022
13
Nov'22
Online scam victims lose an average of £1,000 each
New data from the National Fraud Intelligence Bureau shows victims of online fraud lose an average of £1,000 per person
-
November 11, 2022
11
Nov'22
Volume of self-reported breaches to ICO jumps 30%
The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022
-
November 10, 2022
10
Nov'22
Cyber criminals have World Cup Qatar 2022 in their sights
Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so
-
November 09, 2022
09
Nov'22
Optus earmarks A$140m to cover cost of data breach
Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers
-
November 09, 2022
09
Nov'22
UK’s National Cyber Advisory Board convenes for first time
Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online
-
November 09, 2022
09
Nov'22
Why Sophos is bullish on managed security services
Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape
-
November 08, 2022
08
Nov'22
NortonLifeLock, Avast debut new ‘Gen’ identity
The combined NortonLifeLock and Avast consumer cyber business, Gen, says it will serve over 500 million customers worldwide
-
November 07, 2022
07
Nov'22
Department for Education escapes £10m fine over data misuse
Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules
-
November 04, 2022
04
Nov'22
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022
The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare
-
November 03, 2022
03
Nov'22
Microsoft pledges $100m in new IT support for Ukraine
Microsoft will continue to offer free-of-charge technology support to Ukraine for the foreseeable future
-
November 03, 2022
03
Nov'22
Automated threats biggest source of cyber risk for retailers
Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report
-
November 03, 2022
03
Nov'22
Global coalition reaffirms commitment to fight ransomware
Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC
-
November 02, 2022
02
Nov'22
Dropbox code compromised in phishing attack
Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure
-
November 02, 2022
02
Nov'22
UK spent £6.4m on secret cyber package for Ukraine
Westminster has revealed for the first time the existence of a previously top-secret security programme that has been helping Ukraine fend off Russian cyber attacks
-
November 01, 2022
01
Nov'22
A third of UK cyber leaders want to quit, report says
Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload
-
November 01, 2022
01
Nov'22
NCSC looks back on year of ‘profound change’ for cyber
The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful
-
October 31, 2022
31
Oct'22
Prepare today for potentially high-impact OpenSSL bug
OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed
-
October 27, 2022
27
Oct'22
NCSC’s Levy steps down after 20-year intelligence career
NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’
-
October 27, 2022
27
Oct'22
NHS to get new national CISO
The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS
-
October 27, 2022
27
Oct'22
Medibank breach casts spotlight on data security
Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia
-
October 26, 2022
26
Oct'22
Australia budget closes in on digital divide, cyber resilience
Australia’s latest budget is geared towards providing better broadband connectivity in regional and rural areas, shoring up the cyber security posture of its businesses and plugging tech talent shortages, among other areas
-
October 25, 2022
25
Oct'22
Global digital trust market to double by 2027
The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow
-
October 24, 2022
24
Oct'22
Complacency biggest cyber risk to UK plc, says ICO
Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack
-
October 24, 2022
24
Oct'22
Half of staff might quit after a cyber attack, report says
Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention
-
October 21, 2022
21
Oct'22
Microsoft slams external researchers over its own data leak
Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue