Data breach incident management and recovery

LinkedIn denies exposure of 700 million user records is a data breach

Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach Continue Reading

Cops seize criminal VPN used by ransomware gangs

A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity Continue Reading

Ethical hacking: What, why, and overcoming concerns

We find out why and how hitting your own business with a cyber attack can help improve security Continue Reading

New Nobelium attacks a reminder to attend to cyber basics

A new campaign from the same threat group that broke into SolarWinds serves as a reminder that cyber crime gangs will try to exploit any avenue they can, even if technically unsophisticated Continue Reading

UK Cyber Security Council launches inaugural initiatives

Security association seeks to determine terms of reference for committees to oversee standards and ethics, and qualifications and careers in the cyber sector Continue Reading

EU recognises UK data protection adequacy but warns against divergence

The European Commission has granted the UK data adequacy, allowing data sharing between the EU and the UK, but warns it may yet be revoked Continue Reading

Banking tech fraud: How to trace and recover your money

Even when stolen assets are sent offshore, the special powers of the English civil court system mean all may not be lost Continue Reading

Video game industry under relentless cyber attacks

Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns Continue Reading

Insurers unprepared for challenges of underwriting ransomware

RUSI think tank calls for an industry-wide reset amid intense challenges for providers of cyber security insurance Continue Reading

How CIOs can help their organisations accelerate digital transformation

Companies need to win the trust of their customers to gather the data they need to transform their businesses Continue Reading

Lazada rolls out public bug bounty programme

Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty Continue Reading

NCSC CEO: UK-Ireland collaboration crucial to stop cyber threats

Speaking at a conference in Dublin, NCSC Lindy Cameron is highlighting the importance of continued collaboration between the UK and Ireland to protect shared interests and counter security threats Continue Reading

Anglesey schools offline after cyber attack

Isle of Anglesey County Council is investigating a cyber attack that has forced it to shut down systems at all five secondary schools on the island Continue Reading

Revealed: Crypto platform’s role in Cl0p ransomware raid

Crypto infrastructure provider Binance provided assistance to law enforcement after finding its exchange was being used by cyber criminals to launder their ransomware profits Continue Reading

Make ransomware payments illegal, say 79% of cyber pros

Report produced for MSSP Talion claims overwhelming support for the criminalisation of ransomware payments Continue Reading

City of York picks Barracuda Networks for data protection

York Council needed to refresh its backup service to bring new security protections after it went ‘all-in’ on Microsoft Office 365 Continue Reading

European Union to set up new cyber response unit

Proposed Joint Cyber Unit will tackle a rising number of serious incidents impacting public services, businesses and citizens of the EU Continue Reading

Time to patch increases significantly during pandemic

New data from US-based endpoint management specialist Automox reveals some of the challenges security teams face in keeping up with endpoint security Continue Reading

UK councils reported over 700 data breaches to ICO in 2020

Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year Continue Reading

Openness can protect Dutch companies against ransomware

Dutch businesses that suffer ransomware attacks need to be more open about it, if this growing problem is to be brought under control Continue Reading

SonicWall sees 226.3 million ransomware attack attempts this year

SonicWall detected 226.3 million attempted ransomware attacks between January and May 2021, more than double the number seen in the same period last year Continue Reading

NSPCC, IWF help under-18s scrub their nude photos from the web

Report Remove tool is designed to be used by under-18s to report nude images or videos of themselves that have appeared online Continue Reading

UK SMEs lack capacity to fend off cyber attacks

Three-quarters of UK SME leaders would not have sufficient capacity or expertise to deal with a cyber attack, according to a report Continue Reading

Parliamentary devices left in taxis, buses, trains and pubs

Nearly 100 devices belonging to parliamentary staffers, including MPs and peers, were lost or stolen over the course of 2019 and 2020 Continue Reading

Lorca Ignite programme targets breakout cyber talent

Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme Continue Reading

Carnival Cruises hit by fourth cyber incident in a year

Latest data breach at Covid-hit cruise line comes hot on the heels of two recent ransomware attacks and a spring 2020 breach Continue Reading

UnitingCare Queensland restores IT systems after cyber attack

Australian healthcare service provider has restored key corporate systems and integrations between applications following a cyber attack earlier this year Continue Reading

Biden tackles Putin on ransomware at Geneva summit

Discussions between Joe Biden and Vladimir Putin on cyber crime appear to have been somewhat positive, but the path ahead remains unclear Continue Reading

Organisations cannot rely on cyber insurance to cover losses

Ransomware attacks have become a big driver of cyber insurance claims, but insurance must not be relied upon as a failsafe, says a report Continue Reading

NHS Test and Trace picks Risk Ledger to secure supply chain

Risk Ledger’s technology promises ‘unparalleled’ visibility into NHS Test and Trace’s supply chain Continue Reading

Privacy pro salaries rise throughout pandemic, but at a cost

Data from the IAPP’s latest salary survey reveals some insight into how the pandemic impacted the privacy profession Continue Reading

Ransomware most insidious cyber threat facing UK

NCSC CEO urges organisations to do more to prepare for ransomware attacks Continue Reading

The Security Interviews: How to build a government model to ‘hack for good’

Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’ Continue Reading

G7 commits to action on ransomware, digital privacy

The G7 urges Russia to do more to hold criminal ransomware gangs operating from within its borders to account as it commits to more action on the issue Continue Reading

Unit 42 warns of emergent Prometheus ransomware

Palo Alto’s Unit 42 shares intel on the emergent Prometheus ransomware gang, with apparent links to the Thanos crew Continue Reading

RSA spins out fraud and risk unit as Outseer

RSA Security is transitioning its fraud and risk intelligence work into a new business to be called Outseer Continue Reading

Colonial Pipeline ransom seizure is a win, but don’t relax yet

The security community is enthusiastic about the US authorities’ recovery of a significant part of the Colonial Pipeline ransomware payment, but this positivity should perhaps be somewhat tempered Continue Reading

The rise and rise of supply chain attacks

Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading

NCSC updates schools ransomware guidance amid surge

The National Cyber Security Centre says it is dealing with a renewed surge of ransomware attacks targeting schools, colleges and universities Continue Reading

DNS attacks on the rise in APAC

Attacks on the domain name system in Asia-Pacific grew by 15% last year, with Malaysian organisations seeing the sharpest rise in damages among countries in the region Continue Reading

HSBC offers all businesses scam awareness app

HSBC is sharing information on the latest scams and how to defend against them thorough its latest app, available to all businesses Continue Reading

Government action on ransomware epidemic gathers pace

The US government steps up action against ransomware operators, while the UK’s NCSC publishes guidance on preparing to deal with a ransomware attack Continue Reading

Norway’s auditor general lifts lid on energy industry’s cyber security risks

Auditor General’s Office questions the security posture of Norway’s energy industry Continue Reading

Tories fined over email data protection breaches

The Conservative Party broke the law by failing to properly keep records of who had unsubscribed from its mailing list Continue Reading

Pandemic a ‘once-in-a-lifetime’ chance to reshape security

The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up Continue Reading

Scottish businesses missing out on Cyber Essentials benefits

More than a third of Scottish businesses do not believe they are adequately prepared to deal with a cyber security incident Continue Reading

Long-term thinking is vital to secure UK’s critical infrastructure

To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie Continue Reading

Exagrid pays $2.6m to Conti ransomware attackers

Backup appliance specialist hit by Conti ransomware in May with cyber criminals downloading employee and customer data, confidential contracts and source code Continue Reading

Microsoft brings APAC policymakers together in security council

Microsoft’s APAC public sector security council will meet once a quarter to share threat intelligence and best practices for combating cyber threats Continue Reading

Essential Guide: How APAC firms can ride out the pandemic

In this Essential Guide, we examine the impact of Covid-19 on Asia-Pacific businesses, how they have responded and important lessons that can be learned as they ready themselves for the post-pandemic world. Continue Reading

Security ops teams struggle to switch off at home

Spiralling stress levels among SOC and IT security teams can be attributed mainly to alert overload, says Trend Micro Continue Reading

More data stolen in January 2021 than in all of 2017, says report

The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva Continue Reading

Millions of pounds lost to crypto fraud on social media

More than £63m has been lost nationally by victims of investment fraud via a social media platform, says Action Fraud Continue Reading

Threat of group GDPR legal action haunts CISOs

The vast majority of security leaders questioned for a new report say they are concerned about the possibility of group legal settlements against them following a serious data breach Continue Reading

Industry reflects on three years of GDPR

Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection Continue Reading

Legacy vulnerabilities may be biggest enterprise cyber risk

While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats Continue Reading

Air India is latest victim of Sita hack

Data on millions of people who flew with Air India between 2011 and 2021 appears to have been compromised in the recent Sita supply chain attack Continue Reading

Dutch researchers build security software to mimic human immune system

Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading

Why the security stack needs to move to the edge

Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge Continue Reading

CyberUK, bees and datacentres, Red Cross digital mapping – Computer Weekly Downtime Upload podcast

In this episode of the Computer Weekly Downtime Upload podcast, Caroline Donnelly and Brian McKenna are joined by Alex Scroxton, security editor, to discuss CyberUK, bees and datacentres, and the British Red Cross’ use of digital mapping to combat Covid-19 Continue Reading

Lack of developer attention to cloud security prompts alerts

The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations Continue Reading

Malicious scans for at-risk systems start minutes after disclosure

Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes Continue Reading

Throwback Thursday: Even data fragmentation has gone virtual

If there’s one thing that our report Storage Anywhere and Everywhere from eight years ago reminds us, it’s that the risks of uncontrolled data growth are nothing new. As our contribution to the bit ... Continue Reading

HP taps micro virtual machines in endpoint security

HP’s Wolf Security technology stack uses an endpoint security controller to run computing tasks in micro virtual machines so that any potential malware can be isolated and contained Continue Reading

Reports of stolen Irish health service data being leaked online

Leaking of deeply confidential and personal information on patient healthcare marks a new low for the criminal Conti gang Continue Reading

Australian budget lends support to digital economy

Australia’s A$1.2bn Digital Economy Strategy ticks most of the right boxes, but some industry experts say areas such as broadband infrastructure and artificial intelligence are still underfunded Continue Reading

The real-life consequences of ransomware attacks

In this week’s Computer Weekly, after a ransomware attack shut a major US oil pipeline, we examine the real-life consequences for organisations facing similar threats. We ask the experts for their top tips in reducing datacentre running costs. And we hear how data science skills are helping government make better decisions. Read the issue now. Continue Reading

Conti ransomware syndicate behind attack on Irish health service

More details continue to emerge of the significant ransomware attack on Ireland’s HSE Continue Reading

Government seeks input on supply chain security

Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security Continue Reading

Colonial Pipeline paid $5m ransom, reports say

Colonial Pipeline may have paid a significant ransom within hours of being attacked, it has emerged, but it’s unlikely the story ends here Continue Reading

Irish health service hit by major ransomware attack

IT systems in hospitals across Ireland have been switched off following a significant ransomware attack Continue Reading

Publishing exploit code does more harm than good, says report

Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading

Biden beefs up public-private security cooperation

Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing Continue Reading

Verizon DBIR underscores year of unprecedented cyber challenge

Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt Continue Reading

Inside DarkSide: Researchers share intel on break-out cyber gang

Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means Continue Reading

UK to fund national cyber teams in Global South

Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity Continue Reading

UK Plc invited to sign up for Early Warning of cyber incidents

The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages Continue Reading

Collaboration key to success of UK’s Cyber Security Council

The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading

NCSC cyber guidance targets cloud and home working

The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware Continue Reading

SolarWinds CEO calls for collective action against state attacks

SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states Continue Reading

Colonial Pipeline ransomware attack has grave consequences

The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide Continue Reading

NCSC Active Cyber Defence blocks surge of pandemic scams

The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic Continue Reading

NCSC, CISA publish new information on Russia’s Cozy Bear

New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics Continue Reading

NCSC publishes smart city security guidelines

Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects Continue Reading

Cyber accreditation to improve legal standing of security pros

Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve Continue Reading

Reddit enlists HackerOne to run public bug bounty programme

Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading

Ransomware, supply chain attacks show no sign of abating

Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors Continue Reading

Scammers accidentally reveal fake Amazon review data

More than 13 million records relating to an organised fake review scam have been found on an unsecured ElasticSearch database, implicating hundreds of thousands of people in unethical behaviour Continue Reading

HSBC blocks £249m in UK fraud with voice biometrics

HSBC voice recognition technology has reduced telephone banking fraud as demand for the channel increases Continue Reading

Sophos: How timely intervention stopped a ProxyLogon attack

A recent incident at an undisclosed customer sheds new light on how malicious actors exploit unpatched Microsoft Exchange servers Continue Reading

Half of organisations breached via a third party in 12 months

New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security Continue Reading

Northern Ireland pilots security training plan for 16-25s

Pilot scheme in Northern Ireland aims to widen access to cyber security careers Continue Reading

Covid-19 security challenges leave bank customers at risk

Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud Continue Reading

Recruiters can’t afford to hold out for cyber ‘unicorns’

The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading

Office 365 compromise likely led to Merseyrail ransomware attack

Compromise of Merseyrail employee data seems to have begun after a key email account was hacked Continue Reading

Total cost of ransomware attack heading towards $2m

Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances Continue Reading

Leaky Azure storage account puts software developer IP at risk

Source code for multiple products was left exposed in an unsecured Microsoft Azure cloud storage account, say researchers, but attributing responsibility for the error has proved difficult Continue Reading

Researchers shed more light on APT29 activity during SolarWinds attack

RiskIQ’s Atlas threat intel team uncovers new patterns and threat infrastructure used in the SolarWind’s attacks Continue Reading

ToxicEye malware exploits Telegram messaging service

The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye Continue Reading

NCSC offers teachers free cyber security training

The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack Continue Reading