News

Data breach incident management and recovery

• June 16, 2022 16 Jun'22

  Office 365 loophole may give ransomware an easy shot at your files

  Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive

• June 15, 2022 15 Jun'22

  $2k to access your organisation on the dark web

  Dark web brokers will sell access to company networks and systems for an average of $2,000 to $4,000

• June 15, 2022 15 Jun'22

  Patch Tuesday dogged by concerns over Microsoft vulnerability response

  The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure

• June 14, 2022 14 Jun'22

  MS Azure Synapse vulnerability fixed after six-month slog

  Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga

• June 13, 2022 13 Jun'22

  New warning over tech suppliers in thrall to hostile governments

  Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer

• June 13, 2022 13 Jun'22

  Qatar bolsters cyber security in preparation for World Cup

  With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness

• June 10, 2022 10 Jun'22

  Snake Keylogger climbing malware charts, says Check Point

  Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers

• June 10, 2022 10 Jun'22

  Researchers find eight CVEs in single building access system

  A series of eight vulnerabilities in Carrier LenelS2 building access panels could enable malicious actors to obtain physical access to their targets

• June 09, 2022 09 Jun'22

  SolarWinds CEO offers to commit staffers to government cyber agencies

  A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response

• June 09, 2022 09 Jun'22

  Cyber researchers step in to fill Patch Tuesday’s shoes

  Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss

• June 08, 2022 08 Jun'22

  China using top consumer routers to hack Western comms networks

  An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks

• June 08, 2022 08 Jun'22

  ProxyLogon, ProxyShell may have driven increase in dwell times

  The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data

• June 07, 2022 07 Jun'22

  Weak IT and SecOps collaboration in ANZ opens doors to cyber attacks

  The weak collaboration between IT and security teams in Australia and New Zealand is exposing their organisations to data loss, business disruption and other potential consequences of cyber attacks

• May 31, 2022 31 May'22

  Industrial systems not safe for the future, say Dutch ethical hackers

  Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations

• May 26, 2022 26 May'22

  Two-thirds of UK organisations defrauded since start of pandemic

  Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report

• May 26, 2022 26 May'22

  Most CFOs being left out of ransomware conversations

  Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report

• May 25, 2022 25 May'22

  Rubrik charts data security path

  Backup and recovery software provider Rubrik now sees itself as a cyber security company that helps organisations recover from ransomware and other data security threats

• May 24, 2022 24 May'22

  Ransomware volumes grew faster than ever in 2021

  Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody

• May 23, 2022 23 May'22

  Did the Conti ransomware crew orchestrate its own demise?

  Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise

• May 20, 2022 20 May'22

  Applying international law to cyber will be a tall order

  Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations

• May 20, 2022 20 May'22

  Microsoft drops emergency patch after Patch Tuesday screw up

  Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates

• May 20, 2022 20 May'22

  Chinese cyber spooks exploit western sanctions on Russia

  The actor behind an ongoing Chinese espionage campaign targeting Russian defence research bodies is taking advantage of the Ukraine war in their phishing lures

• May 19, 2022 19 May'22

  Nature of cyber war evolving in real time, says Microsoft president

  The past three months have seen the rapid evolution of the very nature warfare to incorporate cyber attacks, Microsoft’s Brad Smith tells the audience at its Envision conference in London

• May 19, 2022 19 May'22

  Red teaming will be standard in Dutch governmental organisations by 2025

  The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest

• May 17, 2022 17 May'22

  Veeam outlines data protection vision

  Veeam is looking to achieve an “outsized market leading position” by tapping its strengths in data protection and doubling down on innovation to help enterprises secure emerging workloads

• May 17, 2022 17 May'22

  Australian CISOs least prepared for cyber attacks

  Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds

• May 16, 2022 16 May'22

  Keeping Singapore’s critical systems secure

  Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore

• May 11, 2022 11 May'22

  Nerbian RAT enjoys using Covid-19 phishing lures

  The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered

• May 11, 2022 11 May'22

  CyberUK 22: Five Eyes focuses on MSP security

  The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves

• May 11, 2022 11 May'22

  Analysts confirm return of REvil ransomware gang

  Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks

• May 11, 2022 11 May'22

  Cyber accreditation body Crest forges new training partnerships

  Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills

• May 10, 2022 10 May'22

  CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy

  On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy

• May 10, 2022 10 May'22

  NCSC pins Viasat cyber attack on Russia

  UK authorities have attributed the 24 February cyber attack on the network of satellite comms company Viasat to Russia

• May 10, 2022 10 May'22

  CyberUK 22: NCSC refreshes cloud security guidance

  The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise

• May 09, 2022 09 May'22

  CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams

  On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage

• May 04, 2022 04 May'22

  Intellectual property theft operation attributed to Winnti group

  Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property

• April 29, 2022 29 Apr'22

  Attackers enlist cloud providers in large HTTPS DDoS hit

  A recent large-scale DDoS incident shows how cyber criminals are switching up their tactics to conduct more sophisticated attacks

• April 28, 2022 28 Apr'22

  Ransomware recovery costs dwarf actual ransoms

  The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 28, 2022 28 Apr'22

  Russia plumbs new depths in cyber war on Ukraine

  Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 27, 2022 27 Apr'22

  Russia-supporting cyber crime gang claims Coca-Cola as victim

  Stormous cyber crime collective claims to have stolen 161GB of data from Coca-Cola, and says it plans to sell it off

• April 27, 2022 27 Apr'22

  Leeds Beckett’s ethical hacking platform wins Innovate UK backing

  An ethical hacking and cyber education platform developed at Leeds Beckett University has received a major funding boost to help it launch commercially

• April 27, 2022 27 Apr'22

  Ransomware victims paying out when they don’t need to

  Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to

• April 26, 2022 26 Apr'22

  Coralogix makes foray into cyber security with Snowbit

  Observability platform supplier Coralogix has set up a cyber security venture and a global security resource centre in India to tap the growth opportunities in the subcontinent

• April 25, 2022 25 Apr'22

  US mobile network emerges as latest Lapsus$ victim

  Lapsus$ extortion gang hit T-Mobile and attempted to perform SIM-swapping attacks and code theft

• April 25, 2022 25 Apr'22

  Sophos soaks up SOC.OS

  Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services

• April 22, 2022 22 Apr'22

  What’s up with Conti and REvil, and should we be worrying?

  New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 21, 2022 21 Apr'22

  Five Eyes in new Russia cyber warning

  Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure