Data breach incident management and recovery

Protecting Data or “Saving Lives; Saving Livelihoods”: Which comes first in a post Covid World?

Almost every nation except for those which already had them as a legacy of SARS (e.g. Singapore, South Korea and Taiwan) has had to move fast to produce computer systems that will help support a ... Continue Reading

Questions raised after UK’s electrical grid shrugs off cyber attack

Attack on Elexon was resolved within hours with no impact on the national electricity supply, but it could have been much worse Continue Reading

Law firm hackers threaten to release dirt on Trump

A new ransom demand of $42m has been made against New York law firm Grubman, Shire, Meiselas and Sacks, and it may be the largest ever, say security experts Continue Reading

China targeting Covid-19 researchers through IT suppliers, claims US

The US CISA says it is seeing targeting and attempted network compromise of Covid-19 research centres by China Continue Reading

Report reveals inadequate cyber security at Schiphol Airport

A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport Continue Reading

Podcast: UK SME planning and compliance for ‘the new normal’

We look at how UK SMEs face a “new normal” following the coronavirus lockdowns and how they can plan for compliance with more remote working and a new data landscape Continue Reading

Security Think Tank: Burnt out CISOs are a huge cyber risk

Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout? Continue Reading

Nation state APT groups prefer old, unpatched vulnerabilities

The Cybersecurity and Infrastructure Security Agency and the FBI have published details of the most commonly exploited vulnerabilities of recent years, and there are some “classics” on the list Continue Reading

Can Lady Gaga and Madonna get people to take security seriously?

What does it take to get people to pay attention to cyber security? A celebrity law firm hack may hold some answers Continue Reading

Draft Covid-19 contact tracing legislation proposes formal oversight

Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app Continue Reading

Pay the ransom and double your recovery costs, report warns

Paying cyber criminals a ransom to recover your data adds over half a million dollars to the cost of organisational recovery, says Sophos Continue Reading

Security Think Tank: Create healthy habits to avoid burnout

Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout? Continue Reading

APAC firms still coming to grips with data protection

More governments in Asia are implementing data protection regimes, but challenges such as checkbox compliance and the lack of effective staff training remain Continue Reading

Maze ransomware attack will cost Cognizant at least $50m to $70m

Cognizant’s clients cut off the IT supplier’s access to their networks to contain a Maze ransomware attack – effectively putting projects on hold Continue Reading

How Australian firms can plug data protection gaps

Australian organisations can address data protection challenges by creating roles such as a data governance lead, classifying data and improving employee awareness of cyber hygiene Continue Reading

Pitney Bowes hit by Maze in second ransomware attack in a year

Shipping services firm falls victim to Maze ransomware just seven months after a previous major attack Continue Reading

SilverTerrier cyber crime group targets Covid-19 key workers

Organisations on the front line in the fight against coronavirus are under attack from Nigeria’s SilverTerrier criminal gang Continue Reading

Criminal justice system is failing cyber crime victims

Victims of cyber crime face barriers to reporting, receiving support and achieving justice, says a Home Office-backed study Continue Reading

Contact tracing: The privacy vs protection debate

The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far? Continue Reading

Coronavirus: NCSC issues urgent alert for healthcare sector

UK National Cyber Security Centre and US Cybersecurity and Infrastructure Security Agency say they are seeing large-scale campaigns targeting healthcare bodies and medical research organisations Continue Reading

GoDaddy owns up to October 2019 data breach

Web hosting services provider has suffered yet another security incident, confirming that an unauthorised individual accessed hosting accounts Continue Reading

Building security and privacy into contact-tracing apps

Governance and data decentralisation are among measures that organisations can take to allay security and privacy concerns over contact-tracing apps, according to RSA Continue Reading

Xen Orchestra latest victim of Salt cryptojackers

More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward Continue Reading

NHSX contact-tracing app needs legislative oversight

Legal experts have told Parliament’s Human Rights Committee that legislation is desirable to ensure public trust in the data security of the Covid-19 coronavirus contact-tracing app Continue Reading

Blogging platform Ghost hacked through Salt vulnerability

Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability Continue Reading

IT Priorities 2020: Compliance and risk are top security concerns

When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study Continue Reading

Research institutes warn of necessity for UK contact-tracing app to link to testing

BCS and Cass Business School call for proposed UK contact-tracing app not to be launched without alignment to testing and warns that without this link, NHS will not be able to “big data” its way out of “no data” situation Continue Reading

Why you should think before you Zoom

Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential Continue Reading

Cyber security skills courses go online during pandemic

The government is turning to online learning to find the next generation of cyber security talent Continue Reading

Critical SaltStack vulnerability affects thousands of datacentres

Critical vulnerabilities in the Salt remote task and configuration framework enable hackers to take control of cloud servers and must be patched right away Continue Reading

Coronavirus: GCHQ gets access to NHS data to beef up security

Health secretary gave GCHQ emergency powers to obtain information relating to the security of its networks and IT systems at the beginning of April, it has emerged Continue Reading

The Security Interviews: Can AV go from dodgy scareware to cyber hero?

Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing Continue Reading

Ransomware-stricken Travelex up for sale

Travelex’s parent Finablr is washing its hands of the ransomware-stricken forex provider as it struggles with the twin shocks of the Covid-19 pandemic and a developing fraud scandal Continue Reading

NCSC overwhelmed by response to coronavirus campaign

The UK’s NCSC has taken down more than 80 malicious web campaigns and received 5,000 reports of suspicious emails within 24 hours of launching reporting service Continue Reading

When data protection is not enough

Organisations should take a holistic approach to data protection and cyber security in what the CEO of Acronis deems a “cyber protection” strategy Continue Reading

IT services company Cognizant warns customers after ‘Maze’ ransomware attack

US IT services company Cognizant alerts customers after the Maze ransomware group launches a cyber attack Continue Reading

Dutch organisations address business email compromise fraud

Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks Continue Reading

Check Point sounds alarm over double extortion ransomware threat

Researchers say double extortion ransomware attacks are likely to increase in frequency, and warn organisations to be on guard Continue Reading

NHS Wales to get free security services during coronavirus pandemic

NHS Wales Informatics Services enlists Thales to help it face down security threats and let its teams focus on the Covid-19 coronavirus crisis Continue Reading

Coronavirus: ICO temporarily relaxes regulatory approach

The Information Commissioner’s Office sets out a revised approach to its regulatory duties during the Covid-19 coronavirus pandemic Continue Reading

A legal perspective on data breaches and home working

Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification Continue Reading

Coronavirus: Warning over surge in Zoom security incidents

Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target popular remote working and collaboration tools Continue Reading

Coronavirus threats ramp up as more hospitals come under attack

The Covid-19 Cyber Threat Coalition finds the majority of security pros have been targeted by cyber criminals exploiting the coronavirus pandemic, and adds to warnings of increased activity targeting the health sector Continue Reading

BA and Marriott get GDPR fine reprieve

Both British Airways and Marriott International have had their General Data Protection Regulation fines deferred until later in 2020 Continue Reading

Zero-day exploits increasingly commodified, say researchers

The exploitation of zero-day vulnerabilities increasingly demonstrates access to cash, rather than skills Continue Reading

Interpol warns of more ransomware attacks against healthcare sector

Purple notice issued to alert police forces around the world of ransomware attacks against hospitals and other healthcare institutions Continue Reading

Google data shows high interest in security and remote working

An analysis of the most Googled technology terms during the Covid-19 coronavirus pandemic has highlighted the scale of the cyber security challenge presented by the crisis Continue Reading

JavaScript skimmers: An evolving and dangerous threat

Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving Continue Reading

Coronavirus: Magecart attacks on online retailers jump 20%

RiskIQ researchers have observed a sharp uptick in Magecart credit card attacks, driven by increased traffic to online retailers during the coronavirus pandemic Continue Reading

Morrisons appeal success is cold comfort for enterprises

The success of Morrisons’ appeal against judgments that it should be held vicariously liable for an insider data breach will be welcomed by businesses, but may be of limited comfort to them Continue Reading

What we can learn from Marriott’s new data breach embarrassment

Marriott International has egg on its face once again following a second data breach in as many years, but there are encouraging signs in its response that suggest it is at least trying to learn from its experiences Continue Reading

Morrisons not liable for 2014 data breach, says Supreme Court

Court allows supermarket chain’s appeal against judgments holding it liable for a 2014 insider data breach, saying previous rulings misunderstood the concept of vicarious liability Continue Reading

Nigerian email attacks evolving into credible, dangerous threat

Palo Alto’s Unit 42 reports on Nigeria’s SilverTerrier cyber crime group, which is becoming a highly dangerous threat to businesses worldwide Continue Reading

Marriott International hotel chain in second data breach

Marriott International notifies customers of a major data breach that unfolded earlier in 2020 – the second it has experienced in the past two years Continue Reading

Too late to protect online privacy, say Brits

Most UK consumers are concerned about data privacy, but think it’s too late to do much about it, according to a report Continue Reading

Houseparty denies hack as credential stuffing attacks spread

Social media service denies its service has been hacked, and is offering a million-dollar bounty to anybody who can prove otherwise Continue Reading

Why security validation matters

FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape Continue Reading

Insurance firm Chubb may be latest Maze ransomware victim

Maze ransomware group claims to have stolen personal data from the systems of cyber security insurance firm Chubb Continue Reading

Lorca calls on security scaleups to tackle coronavirus challenge

Lorca innovation programme has launched an open call for its next cohort of cyber security scaleups, with a timely focus on coronavirus challenges Continue Reading

Tupperware fixes hacked site, but questions remain over response

Kitchenware brand removes active digital credit card skimmer from its website and insists it takes security seriously despite ignoring repeated attempts to contact it Continue Reading

Kitchenware brand Tupperware is ignoring hacked website

Website has been hacked in a targeted cyber attack, and the dangerous vulnerability has not been addressed Continue Reading

Almost half of UK businesses suffered a cyber attack in past year

Latest government statistics reveal the scale of the cyber security challenge facing UK plc, but reveals some cause for optimism Continue Reading

Interview: Jamil Farshchi, CISO, Equifax

Equifax CISO Jamil Farshchi discusses public cloud and why it’s not something IT security professionals should be afraid of Continue Reading

Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack

The Maze ransomware group has published personal and medical details of thousands of former patients of a London-based medical research company after a failed attempt to disable the firm's computer systems Continue Reading

IT Priorities 2020: ANZ firms to spend more on cyber security

Over half of respondents in Australia and New Zealand plan to invest more in cyber security, especially in key areas such as data loss prevention Continue Reading

Volume of computer misuse incidents falling, says ONS

Downward trend comes despite an overall increase in fraud, according to new statistics Continue Reading

Prudential turns to AI to secure computer networks against cyber attacks

Prudential, the UK’s largest listed insurer, is turning to artificial intelligence to protect its computer networks in the US, Asia and Africa from malware hackers and internal threats Continue Reading

Travelex under threat as insolvency risk, hacking costs and coronavirus take their toll

Foreign exchange group’s future remains uncertain as its parent company, Finablr, prepares for potential insolvency Continue Reading

UK makes its case for post-Brexit data adequacy decision

Government sets out an explanatory framework as it seeks adequacy decisions from the European Commission to maintain the free flow of personal data between the European Union, the UK and Gibraltar Continue Reading

NCSC issues coronavirus cyber security alert

The UK’s National Cyber Security Centre has issued a public alert and fresh guidance as more cyber criminals get wise to the lucrative potential of Covid-19 Continue Reading

Coronavirus-linked hacks likely as Czech hospital comes under attack

The world of cyber security is on high alert to heightened vulnerabilities as the spread of the Covid-19 coronavirus changes daily life across Europe Continue Reading

UK’s security sector failing on most diversity measures

A DCMS report on the state of the UK’s cyber security workforce highlights a huge lack of diversity and a substantial skills gap Continue Reading

Turla’s use of Iranian infrastructure probably opportunistic

Turla, the Kremlin-linked APT group that last year hijacked an Iranian group’s infrastructure, was likely to have been operating opportunistically, according to researchers Continue Reading

Security pros just want to be loved, report finds

Being valued by the business for their role in keeping the organisation safe and upholding ethical standards is a primary motivator for CISOs and other security professionals Continue Reading

Schoolgirl security experts prepare to do battle

The finals of the CyberFirst Girls contest will take place on 16 March as the culmination of the NCSC’s annual competition to unearth future security talent Continue Reading

VAT software supplier exposed data of millions

Eight million sales records belonging to UK and EU consumers left exposed due to misconfigured server Continue Reading

Inside Oracle’s cloud strategy

Oracle may be late to the cloud infrastructure and platform game, but it believes it has what it takes to carve out a bigger slice of the Asia-Pacific’s cloud market Continue Reading

Virgin Media confirms 'misconfigured database' left personal data of 900,000 people exposed

Telco provider Virgin Media confirms 'data incident' that left personal details of 900,000 people exposed, but denies its systems were hacked or that it suffered a data breach Continue Reading

Boots and Tesco loyalty card schemes plagued by security issues

High-street retailers deal with fraudulent attempts to access the accounts of thousands of customers Continue Reading

Cathay Pacific hit with £500,000 data protection fine from ICO over 2018 breach

Airline receives maximum financial penalty under Data Protection Act for data breach that led to nine million customers having their personal data accessed by hackers Continue Reading

Horangi and Tokio Marine team up on cyber security services

Singapore-based Horangi will provide penetration testing, among other cyber security services, to Tokio Marine Insurance Singapore’s cyber risk insurance clients Continue Reading

Singapore among world’s top sources of online threats

Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state Continue Reading

Why ‘no breach’ is bad news for your compliance

You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case Continue Reading

The Security Interviews: Inside the world of bug bounties

You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow Continue Reading

Data breaches in Australia showing no signs of abating

Compromised login credentials and human error were the most common causes of data breaches reported under Australia’s notifiable data breach regime from July to December 2019 Continue Reading

NCSC makes ransomware attack guidance more accessible

Following a swathe of high-profile ransomware attacks, the UK’s National Cyber Security Centre has made changes to its guidance, emphasising the importance of offline backups Continue Reading

Clearview hack fuels debate over facial recognition

Customers of Clearview AI, a controversial startup that scrapes and sells billions of photos of people from social media to police forces, have found themselves at the centre of a major data breach Continue Reading

Redcar & Cleveland Council confirms ransomware attack

Local authority’s systems are still offline nearly three weeks after being attacked Continue Reading

Kr00k vulnerability compromises billions of Wi-Fi devices

Billions of Wi-Fi chips used in IoT devices, laptops, smartphones and tablets are vulnerable to a serious vulnerability Continue Reading

Cloud Snooper firewall bypass may be work of nation state

Cloud Snooper deploys a combination of specialised techniques to sneak past enterprise firewalls, warns Sophos Continue Reading

FCA data breach could happen to anybody, but easy to avoid

Minor data breach at the Financial Conduct Authority was the result of simple human error, and highlights the need for organisations to consider a wide range of potential threats Continue Reading

Sports retailer Decathlon left employee data exposed

More than 123 million records were accidentally exposed on an unsecured ElasticSearch server Continue Reading

The Security Interviews: Gil Shwed’s 10-year vision for security

Check Point founder Gil Shwed discusses his new Infinity Next concept and how he plans to remodel the world of cyber security in the next 10 years Continue Reading

WikiLeaks founder Assange ‘put lives at risk’ by disclosing names in leaked documents, court hears

WikiLeaks founder Julian Assange ‘put lives of US informants at risk’ by publishing unredacted documents, lawyers for the US argued at the first day of a week-long extradition hearing Continue Reading

Cisco goes all-in on security integration with SecureX platform

CISOs are struggling to stitch together disparate cyber security products and services – Cisco believes its cloud-native SecureX platform will change their working lives for the better Continue Reading

The greatest contest ever – privacy versus security

Examining the technical, legal and ethical challenges around the privacy versus security debate Continue Reading

UK and US accuse Russian spooks of Georgia cyber attacks

Foreign secretary describes 2019 campaign of cyber attacks as reckless, brazen and unacceptable Continue Reading

Google plans to send Brits’ data to US after Brexit

Move puts British user data beyond the reach of the EU’s GDPR, makes it more accessible to UK and US law enforcement agencies, and has prompted anger Continue Reading

Facilities firm ISS World crippled by ransomware attack

An apparent ransomware attack has compromised some IT and email systems at Danish facilities firm ISS World Continue Reading

Cost of cloud misconfigurations set at $5tn

Cloud security outfit DivvyCloud says more than 33 billion records have been exposed in cloud misconfiguration incidents in the past 24 months Continue Reading