Data breach incident management and recovery
-
News
30 Apr 2025
Co-op shuts off IT systems to contain cyber attack
A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack Continue Reading
-
News
29 Apr 2025
Scattered Spider on the hook for M&S cyber attack
The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on Marks and Spencer that has crippled systems at the retailer and left its ecommerce operation in disarray. Continue Reading
-
News
12 Aug 2022
Cyber criminal forum targets only Russia
The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind Continue Reading
-
News
12 Aug 2022
How critical infrastructure operators can secure OT data
Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats Continue Reading
-
Definition
12 Aug 2022
segregation of duties (SoD)
Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. Continue Reading
-
News
11 Aug 2022
Researcher finds 10 vulnerabilities in Cisco firewalls
At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches Continue Reading
-
News
11 Aug 2022
Cisco averts cyber disaster after successful phishing attack
A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage Continue Reading
-
News
11 Aug 2022
NHS may take a month to recover from supply chain attack
Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations Continue Reading
-
News
10 Aug 2022
‘Coopetition’ a growing trend among ransomware gangs
Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Continue Reading
-
News
09 Aug 2022
Cyber insurance getting harder to obtain
Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading
-
News
08 Aug 2022
NHS recovering key services after attack on supplier
Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service Continue Reading
-
News
05 Aug 2022
Reliance on PSN may have exacerbated cyber attack impact
As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks Continue Reading
-
Opinion
05 Aug 2022
The dangers of the UK’s illogical war on encryption
The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading
-
News
04 Aug 2022
UK has biggest card fraud problem in Europe
Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading
-
News
04 Aug 2022
SBRC to administer NCSC training across Scotland
The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading
-
News
04 Aug 2022
Financial services regulator opens digital delivery centre in Leeds
The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds Continue Reading
-
News
29 Jul 2022
Austrian data firm accused of selling malware, conducting cyber attacks
Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks Continue Reading
-
News
28 Jul 2022
Ex-youth footballers kick-start cyber careers
New programme aims to find fresh careers for former youth footballers in cyber security Continue Reading
-
News
28 Jul 2022
H0lyGh0st ransomware gang faces challenges, but still a threat
Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat Continue Reading
-
News
28 Jul 2022
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading
-
News
27 Jul 2022
Consumers left out of pocket as security costs soar
As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading
-
Definition
27 Jul 2022
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
-
News
27 Jul 2022
US doubles bounty on Lazarus cyber crime group to $10m
US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group Continue Reading
-
News
27 Jul 2022
Retail software firm PrestaShop warns users about SQL injection attacks
Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise Continue Reading
-
News
27 Jul 2022
Cyber security training ‘boring’ and largely ignored
Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading
-
Opinion
27 Jul 2022
Security Think Tank: Don’t rely on insurance alone
Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
-
News
26 Jul 2022
No More Ransom initiative helps 1.5 million people in six years
One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project Continue Reading
-
News
26 Jul 2022
Visibility and proactive stance needed to secure OT systems
Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says Continue Reading
-
News
26 Jul 2022
Ducktail infostealer targets Facebook Business users
Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading
-
News
25 Jul 2022
NCSC seeks community input for Cyber Advisor service
The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading
-
News
25 Jul 2022
Latest Atlassian Confluence vulnerability raises concerns
CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months Continue Reading
-
News
25 Jul 2022
TMT firms among top targets for cyber attacks in Singapore
Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society Continue Reading
-
Definition
22 Jul 2022
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
-
News
22 Jul 2022
LinkedIn most impersonated brand in phishing attacks
Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks Continue Reading
-
News
21 Jul 2022
Buy ‘plug-n-play’ malware for the price of a pint of beer
Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading
-
News
21 Jul 2022
Russia-linked APTs targeted fleeing Ukrainian civilians
Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment Continue Reading
-
News
20 Jul 2022
(ISC)² expands entry-level cyber programme after UK success
Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading
-
News
20 Jul 2022
Cato aims to bust cyber myths as it extends network protections
Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading
-
News
20 Jul 2022
Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims
Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection Continue Reading
-
E-Zine
19 Jul 2022
Tracking the rise of homeworking across the UK
In this week’s Computer Weekly, new figures show that homeworking has more than doubled in the UK due to the pandemic – we look at the regional differences. The pressure is growing on cyber security teams – we analyse the expert advice on how to avoid staff burnout and lost talent. And we examine the important role that tech startups play in the rapid growth of Amazon Web Services. Read the issue now. Continue Reading
-
News
18 Jul 2022
US cyber agency CISA to open London office
The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America Continue Reading
-
News
15 Jul 2022
Log4Shell on its way to becoming ‘endemic’
US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading
-
E-Zine
14 Jul 2022
CW APAC: Buyer’s guide to backup and recovery software
The cyber threat landscape leaves firms with little room for error. In this handbook, focused on backup and recovery software in the Asia-Pacific region, Computer Weekly looks at data protection capabilities, how Veeam aims to achieve a market-leading position, Rubrik’s focus on recovery and Kubernetes’s mission to meet the challenges of containerised application environments. Continue Reading
-
News
14 Jul 2022
Videogame maker Bandai Namco confirms cyber attack
Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack Continue Reading
-
News
14 Jul 2022
How hostile government APTs target journalists for cyber intrusions
Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey Continue Reading
-
News
14 Jul 2022
ICO wants to ‘empower people through information’
Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society Continue Reading
-
News
13 Jul 2022
Slippery phish wriggles around MFA protections, says Microsoft
Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence Continue Reading
-
News
13 Jul 2022
Digital break-up kit to help women get out of bad relationships safely
Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally Continue Reading
-
News
13 Jul 2022
ICO calls for review into government use of private email and WhatsApp messages
Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps Continue Reading
-
Feature
12 Jul 2022
Ransomware and backup: Overcoming the challenges
Ransomware attacks that exfiltrate data don’t nullify the value of backups to restore from, but the challenges – such as not restoring corrupted data – require careful planning Continue Reading
-
News
12 Jul 2022
Singapore doubles down on OT security
The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state Continue Reading
-
Opinion
11 Jul 2022
Cyber insurance: An effective use of your scant security budget?
The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading
-
News
08 Jul 2022
Stop telling clients to pay ransomware gangs, solicitors told
The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims Continue Reading
-
News
08 Jul 2022
Microsoft appears to reverse VBA macro-blocking
Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled Continue Reading
-
Opinion
08 Jul 2022
Lots to consider when buying cyber insurance, so do your homework
When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading
-
News
07 Jul 2022
MI5, FBI chiefs warn of Chinese cyber espionage threat
In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests Continue Reading
-
News
07 Jul 2022
Amid NSO lawsuit, Apple expands spyware protections
Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’ Continue Reading
-
Opinion
07 Jul 2022
Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it
In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading
-
News
07 Jul 2022
Latest Marriott data breach not as serious as others
Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately Continue Reading
-
E-Zine
07 Jul 2022
CW Middle East: UAE citizens embrace new digital technologies
A survey shows that people in the United Arab Emirates believe next-generation technologies such as 3D printing and artificial intelligence will become widespread in the country. Also read how the UAE has improved its security posture amid mounting cyber threats. Continue Reading
-
News
06 Jul 2022
Plexal seeks new scaleups for next phase of Cyber Runway
Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme Continue Reading
-
News
06 Jul 2022
ESET: Lazarus APT hit aero, defence sector with fake job ads
ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate Continue Reading
-
News
05 Jul 2022
Prepare for long-term cyber threat from Ukraine war, says NCSC
The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams Continue Reading
-
News
05 Jul 2022
LogRhythm bullish on growth in APAC
LogRhythm expects its business in the region to grow by over 20% this year thanks to demand from emerging economies where cyber security investments have not kept pace with cyber threats Continue Reading
-
News
05 Jul 2022
NCSC CEO: Why we should run towards crises to elevate cyber security
National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country Continue Reading
-
E-Zine
05 Jul 2022
How to get the right level of cyber insurance
In this week’s Computer Weekly, we look at how the market for cyber insurance is evolving and how to avoid buying the wrong level of cover. We find out what role hydrogen technologies could play in reducing datacentre carbon emissions. And we hear how a 125-year-old bicycle maker is embracing digital innovation. Read the issue now. Continue Reading
-
News
30 Jun 2022
ICO to cut back on fines for public sector data breaches
Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over Continue Reading
-
News
29 Jun 2022
New cyber extortion op appears to have hit AMD
Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data Continue Reading
-
News
28 Jun 2022
Russia-aligned hacktivists behind Lithuania DDoS attack
Killnet hacktivist collective targeted Lithuania with distributed denial of service attacks after its government angered the Kremlin Continue Reading
-
E-Zine
28 Jun 2022
Collaboration key to IT sector sustainability
In this week’s Computer Weekly, as sustainability rises up the corporate agenda, IT leaders say more collaboration is needed to meet climate goals. Microsoft faces further calls for greater transparency over software tools used to monitor employees. And the cyber security industry warns over an increasing loss of talent. Read the issue now. Continue Reading
-
News
27 Jun 2022
Commercial cyber products must be used responsibly, says NCSC CEO
NCSC’s Lindy Cameron is to speak out on responsible regulation of cyber capabilities at an event in Tel Aviv, Israel Continue Reading
-
News
27 Jun 2022
LockBit ransomware gang launches bug bounty programme
A bug bounty programme is among a number of features LockBit’s developers have added to ‘version 3.0’ of the ransomware Continue Reading
-
Feature
27 Jun 2022
The cyber security impact of Operation Russia by Anonymous
The campaign against the Russian government by Anonymous surprised many with the depth and scale of the cyber attacks. What can we learn from this online war? Continue Reading
-
News
24 Jun 2022
Black Basta ransomware crew aiming for ‘big leagues’
Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason Continue Reading
-
News
24 Jun 2022
US cyber agency in fresh warning over Log4Shell risk to VMware
Many VMware Horizon and UAG servers remain defenceless against Log4Shell, and organisations continue to fall victim to the vulnerability Continue Reading
-
Opinion
24 Jun 2022
Assessment and knowledge: Your key tools to secure suppliers
There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal Continue Reading
-
Feature
23 Jun 2022
What the world can learn from Saudi Arabia’s fight against industrial control system attacks
Iran learned from attacks on its infrastructure and unleashed similar malware on Saudi Arabia. The world has now gained valuable lessons from the Saudi response Continue Reading
-
Opinion
23 Jun 2022
Security Think Tank: Supply chain security demands systematic approach
Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business Continue Reading
-
News
22 Jun 2022
NatWest files under whistleblower’s bed contain live customer data
Former Royal Bank of Scotland worker wants bank to take back customer files and provide an ‘adequate receipt’ Continue Reading
-
Opinion
22 Jun 2022
Security Think Tank: Balanced approach can detangle supply chain complexity
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices Continue Reading
-
News
21 Jun 2022
CNI leaders’ attitude to ransomware lackadaisical at best
A survey of security decision-makers in sectors regarded as critical national infrastructure reveals a disappointing attitude to ransomware threats Continue Reading
-
Opinion
21 Jun 2022
Supply chain security goes deep – forget this at your peril
It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology Continue Reading
-
E-Zine
21 Jun 2022
Dreams come true – how data and communication saved a failing company
In this week’s Computer Weekly, the former CEO of bed retailer Dreams explains how digital, data and communication helped turn round a failing company. The UK government has a new digital strategy – but it all seems rather familiar. And we talk to the tech firms trialling a four-day working week. Read the issue now. Continue Reading
-
News
20 Jun 2022
Lords move to protect cyber researchers from prosecution
A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their work Continue Reading
-
News
20 Jun 2022
Complex Russian cyber threat requires we go back to basics
The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains Continue Reading
-
News
17 Jun 2022
Government responds to Data Reform Bill consultation
Westminster claims its new data laws will boost British benefits, protect consumers, and seize the ‘benefits’ of Brexit Continue Reading
-
Opinion
17 Jun 2022
Consider governance, coordination and risk to secure supply chain
A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on Continue Reading
-
News
16 Jun 2022
TalkTalk hacker Daniel Kelley gives up his black hat for good
After serving a four-year prison sentence for his role in the 2015 TalkTalk hack and other cyber offences, Daniel Kelley now wants to pursue a legitimate cyber security career Continue Reading
-
News
16 Jun 2022
Dundee security research centre opens with support from SBRC
An £18m hub at Abertay University in Dundee forms the centrepiece of Scotland’s first security research cluster Continue Reading
-
News
16 Jun 2022
Office 365 loophole may give ransomware an easy shot at your files
Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive Continue Reading
-
Opinion
16 Jun 2022
Security Think Tank: Best practices for boosting supply chain security
In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk Continue Reading
-
News
15 Jun 2022
$2k to access your organisation on the dark web
Dark web brokers will sell access to company networks and systems for an average of $2,000 to $4,000 Continue Reading
-
News
15 Jun 2022
Patch Tuesday dogged by concerns over Microsoft vulnerability response
The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading
-
Opinion
15 Jun 2022
Security Think Tank: Basic steps to secure your supply chain
When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading
-
News
14 Jun 2022
MS Azure Synapse vulnerability fixed after six-month slog
Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading
-
News
13 Jun 2022
New warning over tech suppliers in thrall to hostile governments
Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer Continue Reading
-
News
13 Jun 2022
Qatar bolsters cyber security in preparation for World Cup
With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness Continue Reading
-
News
10 Jun 2022
Snake Keylogger climbing malware charts, says Check Point
Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers Continue Reading
-
News
10 Jun 2022
Researchers find eight CVEs in single building access system
A series of eight vulnerabilities in Carrier LenelS2 building access panels could enable malicious actors to obtain physical access to their targets Continue Reading
-
News
09 Jun 2022
SolarWinds CEO offers to commit staffers to government cyber agencies
A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response Continue Reading
-
News
09 Jun 2022
Cyber researchers step in to fill Patch Tuesday’s shoes
Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss Continue Reading
-
News
08 Jun 2022
China using top consumer routers to hack Western comms networks
An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading