Data breach incident management and recovery

Finnish government strengthens country’s IT network security

Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading

Biden sanctions Russia over SolarWinds cyber attacks

US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies Continue Reading

University of Hertfordshire is latest academic cyber attack victim

Multiple systems are offline at the University of Hertfordshire following a cyber attack Continue Reading

Microsoft is most impersonated brand in phishing attempts

Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts Continue Reading

Ireland’s DPC launches probe into Facebook leak

The Irish Data Protection Commission has launched an ‘own volition’ inquiry into the leak of data from 500 million Facebook profiles Continue Reading

Security Think Tank: Vaccine passports cannot be taken lightly

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

MP told to ditch official email over hacking fears

MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked Continue Reading

What has a year of home working meant for the DPO?

Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months Continue Reading

Egypt, Italy and US most affected in Facebook leak

Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading

NCSC: Using your pet’s name as a password is very stupid

If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading

Cring ransomware hits ICS through two-year-old bug

A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware Continue Reading

Nation-state cyber attacks double in three years

Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project Continue Reading

Facebook ducks calls to apologise over huge data leak

Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading

Facebook data leak could be outside scope of GDPR

Regulators may be unable to do much about leaked data on 533 million Facebook users, as it seems to have been stolen before GDPR came into force Continue Reading

Ultimate guide to cybersecurity incident response

Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively. Continue Reading

NHS is apparently closing security skills gap

By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before Continue Reading

Security Think Tank: Evolving threats, tech, leaves CNI exposed

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Create an incident response plan with this free template

Want to boost your organization's ability to fight cybersecurity threats? Uncover the essentials to creating an incident response plan and download our free, editable template. Continue Reading

Ransomware attack on London schools highlights warnings

Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector Continue Reading

The Security Interviews: How to secure an F1 team in a pandemic

A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data Continue Reading

UK courts face evidence ‘black hole’ over police EncroChat mass hacking

French investigators have refused to disclose how they downloaded millions of messages from a supposedly secure cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence Continue Reading

Cyber attack takes Channel Nine off-air

The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio Continue Reading

Retailer FatFace pays $2m ransom to Conti cyber criminals

Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate Continue Reading

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber Continue Reading

Four in five UK businesses seek new security suppliers

Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves Continue Reading

More than £34.5m stolen in pandemic scams over past year

City of London Police and National Cyber Security Centre report large uptick in threats and crime related to Covid-19 over the past year, in some cases directed specifically at health organisations Continue Reading

Oil giant Shell hit through Accellion FTA breach

Energy firm discloses cyber attack through Accellion File Transfer Appliance Continue Reading

Apparent drop in cyber incidents highlights underlying problems

UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report Continue Reading

How to choose the right email security service for your organisation

With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider Continue Reading

NCSC beefs up support for education sector after spate of attacks

Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks Continue Reading

Security Think Tank: Attacks on CNI – an evolving frontier in warfare

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

$50m ransomware demand on Acer is highest ever

Record-breaking double-extortion cyber attack saw REvil gang exfiltrate financial data from Taiwan-based PC manufacturer Continue Reading

Security Think Tank: Back to square one – ground-up CNI protection

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Security Think Tank: Properly protecting CNI demands specificity

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Eastern Health reports ‘cyber incident’, takes systems offline

Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident Continue Reading

Security Think Tank: Take a realistic perspective on CNI cyber attacks

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Average ransomware cost triples, says report

The average amount paid out by ransomware victims has grown almost threefold to more than $300,000 per incident, according to a report Continue Reading

Top incident response tools to boost network protection

Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading

Security Think Tank: CNI operators must focus on core issues

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber sector welcomes PM’s defence review

Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet Continue Reading

How attackers counter incident response after a data breach

It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed. Continue Reading

MoD partners playing fast and loose with confidential data

Clear spike in data breach incidents at defence partners may reflect better reporting standards, claims MoD Continue Reading

Unusual DearCry ransomware uses ‘rare’ approach to encryption

Hybrid approach to encryption used by DearCry bears similarities to WannaCry Continue Reading

Microsoft releases one-click ProxyLogon mitigation tool

Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers Continue Reading

UK plans ‘full spectrum’ approach to national cyber security

PM Boris Johnson expands on proposed National Cyber Force and plans to set up a north of England Cyber Corridor Continue Reading

Microsoft Exchange ProxyLogon attacks spike 10 times in four days

Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days Continue Reading

Judges refuse EncroChat defendants’ appeal to Supreme Court

Experts suggest Parliament and Investigatory Powers Tribunal need to consider the implications of a court decision on police use of data from the EncroChat phone network Continue Reading

EncroChat ruling has ‘far-reaching effects’ for legal role of interception in UK investigations

The computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence   Continue Reading

Security Think Tank: CNI operators are in an unenviable position

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

NCSC issues emergency alert on Microsoft Exchange patch

UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately Continue Reading

DearCry ransomware targets vulnerable Exchange servers

As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority Continue Reading

Brewer Molson Coors targeted in cyber attack

Cyber criminals have disrupted beer production at Molson Coors, one of the world’s largest brewers Continue Reading

Why the London Data Charter could be a foundation stone in the city’s recovery

London First’s director of connectivity and competitiveness, David Lutton, explains why data is at the core of the capital’s recovery plan Continue Reading

Attack on surveillance cameras a warning over security, ethics

The attack on a video surveillance startup by a hacktivist group raises questions not just over cyber security, but the use and extent of surveillance technology Continue Reading

Norwegian government falls victim to Microsoft attacks

Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers Continue Reading

Patch Tuesday overshadowed by Microsoft Exchange attacks

Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks Continue Reading

Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network

More than 1,600 police and law enforcement officials conduct drug raids after the compromise of an encrypted mobile phone network that has parallels with EncroChat Continue Reading

Why your business needs SOC as a service

Security in the digital era demands that businesses monitor their entire IT estate and resolve all alerts, but for many organisations the most effective way of doing that is SOCaaS Continue Reading

EBA restores services after Microsoft Exchange attack

European Banking Authority was breached through vulnerabilities in Microsoft Exchange Server, but is now back online Continue Reading

Are you ready to return to the office?

In this week’s Computer Weekly, a year after lockdown began, we look at employers’ changing attitudes to returning to the workplace. We find out how the software developer community has coped during the Covid-19 pandemic. And we examine the cyber security concerns prompted by latest social media craze, Clubhouse. Read the issue now. Continue Reading

US teases retaliation over state-backed cyber attacks

Consequences for alleged perpetrators of the SolarWinds attack are expected within the next few weeks Continue Reading

Williams F1 car launch disrupted by data leak

Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack Continue Reading

Mandiant: MS Exchange bugs first exploited in January

Analysis from technical teams at FireEye’s Mandiant tracked activity exploiting newly disclosed vulnerabilities in Microsoft Exchange Server more than a month ago Continue Reading

Singapore Airlines the latest victim of supply chain attack

A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system Continue Reading

Microsoft Exchange CVEs more widely exploited than thought

US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer Continue Reading

Qualys caught up in Accellion FTA breach

Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product Continue Reading

Emergency patch addresses MS Exchange Server zero-days

Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server Continue Reading

Essential guide to operation-centric security

To stay ahead of cyber attackers, IT security teams need to take an operation-centric approach, to offer a real-time picture of activity across their estate. Continue Reading

Npower shuts off app after credential stuffing attack

Npower customers will have to log in to their accounts on its website after its app was withdrawn following a security breach Continue Reading

MHRA and other agencies to offer new resources for scam victims

New landing page resources will replace .uk domains suspended for criminal activity to help members of the public access appropriate guidance Continue Reading

Transport for NSW hit by Accellion breach

Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system Continue Reading

Vaccine passports prove an ethical minefield

Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading

Babuk ransomware unsophisticated, but highly dangerous

Intelligence gathered through McAfee’s Mvision service reveals more insight into the emerging Babuk ransomware Continue Reading

Bombardier is latest victim of Accellion supply chain attack

Canadian aviation company joins the growing list of Accellion breach victims Continue Reading

Warning on security risk from virtual events platforms

Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack Continue Reading

How to achieve security observability in complex environments

Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading

XDR makes cyber a Stroll in the park for Aston Martin F1

Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet Continue Reading

Microphones, smartphones, laptops among items stolen from BBC

A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers Continue Reading

Pandemic has exposed fractures in cyber fraud strategy

RUSI report urges a bolder and more coordinated response to cyber-enabled fraud as the pandemic lays bear the scale of the problem Continue Reading

NCSC cyber defence scheme blocked thousands of scams in 2019

The NCSC has reported another productive year for its Active Cyber Defence programme Continue Reading

Biden will act on cyber security to fix SolarWinds mess

US will take action to modernise its defences in the wake of the SolarWinds attack, says US government cyber lead Anne Neuberger Continue Reading

City of Helsinki adopts MyData principles to improve digital services

Principles on the use of personal data for the benefit of society will guide Finnish capital’s ambitious digital plans Continue Reading

2020 a record year for cyber, thanks to Covid

The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy Continue Reading

North Korean Lazarus Group hackers indicted in US

Charges filed relate to Lazarus Group’s long-running cyber crime spree, including financial theft and extortion, WannaCry malware and the cyber attack on Sony Pictures Continue Reading

Security pros agree: We need to take a break

As many as 85% of security staff engage in leisure activities during working hours, but they have excellent reasons for doing so Continue Reading

Egregor ransomware arrests confirmed

Authorities confirm that they have arrested an undisclosed number of cyber criminals associated with the Egregor ransomware Continue Reading

Law firm and cyber criminals clash over source of stolen data

Cyber attack victim Jones Day says its data was stolen in a supply chain attack, but the gang holding it to ransom disagrees Continue Reading

North Korea accused of Pfizer Covid vaccine cyber attack

South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour Continue Reading

RDP, SSH exposures off the charts thanks to remote working

The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report Continue Reading

Security Think Tank: Biden must address insider security threat first

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Hacked Finnish therapy business collapses

Vastaamo, the Finnish psychotherapy centre whose patients were blackmailed by a cyber criminal gang, has filed for bankruptcy Continue Reading

Low-complexity CVEs a growing concern

Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments Continue Reading

Is it time to ban ransomware insurance payments?

The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track? Continue Reading

Singtel falls prey to supply chain attack

The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack Continue Reading

HelloKitty almost certainly behind CD Projekt ransomware attack

Theories that the cyber attack on a high-profile gaming studio was orchestrated by players who are disappointed in a videogame are likely wide of the mark, according to analysis Continue Reading

Sim-swapping crooks targeted celebrities, influencers

Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims Continue Reading

Data breaches are a ticking timebomb for consumers

Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure Continue Reading

Cyberpunk 2077 developer refuses to pay up after ransomware attack

Polish video game developer CD Projekt has released details of a ransomware attack on its systems Continue Reading

‘Batman Begins’ cyber attack is a warning to CNI providers

A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services Continue Reading