Data breach incident management and recovery

AI may open dangerous new frontiers in geopolitics

Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen Continue Reading

Conservatives propose national cyber crime force

Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework” Continue Reading

Mystery surrounds leak of four billion user records

Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery Continue Reading

British Airways cancels flights due to technical issue

British Airways customers are suffering delays and cancellations as a result as a technical issue Continue Reading

Mimecast blocked 99 billion suspicious emails in third quarter

Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest Continue Reading

Massive increase in fraud attacks on TSB customers during IT meltdown

There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018 Continue Reading

Public sector risks downplayed by senior IT leaders

Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading

Macy’s Magecart breach presages Christmas fraud spike

US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack Continue Reading

Managed services fuelling APAC security market

Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region Continue Reading

Notorious hackers claim responsibility for Labour DDoS

Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party Continue Reading

Cyber criminals tool up for Christmas fraud season

Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques Continue Reading

Business leaders fibbing to cover up lax security posture

Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves Continue Reading

Attack on Labour shows need for DDoS defence but should alarm few

After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t Continue Reading

Cyber risk insurance is more than just insurance

Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading

Nordic SMEs lack the money needed for cyber security

Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading

PCI DSS payment security compliance drops again

Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling Continue Reading

‘Robust’ security foils cyber attack on Labour Party

Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked Continue Reading

Morrisons in new appeal over data breach fine

The Supreme Court has heard an appeal from retailer Morrisons as it attempts to overturn prior judgments holding it liable for a 2014 leak of employee data Continue Reading

Saudis recruited Twitter employees to spy on critics

Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents Continue Reading

Trend Micro insider breach exposes need for data-centric protection

Simple measures could have saved consumer security product supplier from insider breach Continue Reading

Global security workforce must more than double to meet demand

There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading

Professional cyber criminals command $75k per annum

An ill-advised career in cyber crime is potentially almost as well-paying as a job as a threat researcher in the industry, according to Tenable researchers Continue Reading

Ransomware authors seeking new ways to avoid being spotted

Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls Continue Reading

Making the case for integrated risk management

Security experts discuss how an integrated approach to risk and governance can be effectively managed Continue Reading

Facebook agrees to pay £500,000 fine over Cambridge Analytica data law breaches

Social media giant also promises to change the way its platform is used to protect people’s data Continue Reading

NordVPN enlists ethical hackers, launches bug bounty programme

Breached consumer VPN supplier details steps it is taking to shore up its cyber security posture after an unknown actor gained access to one of its servers Continue Reading

Fancy Bear resumes Olympic hacks ahead of Tokyo games

Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft Continue Reading

Know Fraud database became backlog dump

Reports to Action Fraud handled by City of London Police’s National Fraud Intelligence Bureau were quarantined as security risk, finds HM’s Inspectorate of Constabulary and Fire and Rescue Services Continue Reading

£4,000 bug bounty could have saved BA from record ICO fine

British Airways and others could have saved themselves millions of pounds’ worth of fines by having ethical hackers check their systems for simple vulnerabilities Continue Reading

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

NordVPN blames datacentre provider for server breach

VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue Continue Reading

Malware volumes decline, but risks are higher

More insidious and targeted strains of malware are going after high-quality targets, rather than a large volume of targets Continue Reading

Attacker hit VPN firm Avast through its VPN

Avast has published details of how attackers attempted to gain access to its network over a five month period Continue Reading

Equifax lawsuit offers more evidence against passwords

Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, according to a lawsuit, demonstrating fundamental insecurities inherent in the use of passwords Continue Reading

Alleged state hackers adapting to cover their tracks, says NCSC

A group called Turla with suspected links to the Russian government stole Iranian tools and infrastructure to obscure the origins of attacks on multiple other countries, according to new evidence Continue Reading

Trend Micro buys cloud security firm to broaden offering

Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals Continue Reading

Sodinokibi emerging as a diverse, multi-vector threat to businesses

McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading

BEIS launches multimillion-pound security investment package

Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme Continue Reading

NHSX could transform NHS security capabilities

The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading

Pitney Bowes ‘considering options’ after malware attack

Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack Continue Reading

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Researchers reveal the cyber campaign that built China's new airliner

CrowdStrike has published details of a coordinated campaign of cyber espionage and hacking, forced technology transfer and physical theft as China seeks to gain an advantage in the commercial aviation industry Continue Reading

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

IT contractor charged over cyber attack on property valuation firm

Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading

LogRhythm touts unlimited data plan for SIEM systems

SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading

Local authorities hit by 800 cyber attacks every hour

Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year Continue Reading

New threat group behind Airbus cyber attacks, claim researchers

Context Information Security’s threat intel and response teams says it has evidence that the recent supply chain attacks on Airbus are the work of a newly identified group called Avivore Continue Reading

Cyber war as big a threat as nuclear war, says ex-RSA head Coviello

Former RSA chairman Art Coviello has been speaking about the devastating potential of cyber weapons, and warned that humanity must learn from history in order to control them Continue Reading

Singapore outlines initiatives to tackle OT and IoT security

The Cyber Security Agency of Singapore has developed a blueprint to secure operational technology systems in critical sectors, among other measures to secure cyber-physical systems and the internet of things Continue Reading

Five million DoorDash customers’ details lost in data breach

Takeaway delivery service was breached in May 2019, resulting in the data of millions of users and delivery drivers being stolen Continue Reading

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

Attackers breached supplier systems to steal Airbus secrets

Airbus has been the subject of at least four major cyber attacks in the past 12 months, with contractors and suppliers targeted through their VPNs Continue Reading

Overinvestment breeds overconfidence among security pros

CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading

Teen TalkTalk hacker accused of cryptocurrency fraud in US

Elliott Gunton, one of the teenage hackers who broke into TalkTalk’s systems in 2015, faces extradition to the US to face fraud charges Continue Reading

Singapore payment card data compromised by JavaScript sniffers

Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading

Enterprises exposed to data loss by cloud configuration errors

Only 1% of misconfigured cloud environments are spotted and attackers are capitalising on this, claims McAfee Continue Reading

Google pushes back on scale of YouTube phishing threat

Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure Continue Reading

WannaCry variants accidentally protecting against WannaCry

New variants of the infamous WannaCry malware continue to emerge, and many of them have accidentally turned themselves into a somewhat effective, although ill-advised, vaccine against infection Continue Reading

Emotet phishing botnet returns from summer vacation

The Emotet phishing trojan-turned-botnet is back in action after a three-and-a-half month break, say threat researchers Continue Reading

Ecuador citizens’ data breach holds lessons for enterprises

What caused the mass breach of Ecuadorian citizens’ data, and what can businesses learn from it? Continue Reading

Ensign InfoSecurity opens global headquarters in Singapore

The Singapore-based cyber security firm’s new headquarters will also be home to a new security operations centre that will be supported by Singapore-centric threat intelligence Continue Reading

When AIs go to war: Autonomous cyber weapons ‘inevitable’

CISOs must start thinking about how to engage with intelligent, adaptive, non-human attackers, says Trend Micro’s Rik Ferguson Continue Reading

UN agency Unicef praised for response to accidental data leak

The UN’s children’s agency has disclosed an inadvertent leak of personal data belonging to users of its online learning platform Agora Continue Reading

Mirai descendants dominate IoT threat environment

Attacks leveraging compromised IoT devices are growing in size, scale and frequency, report security experts at F-Secure and Trend Micro, with Mirai-related botnets a major source of trouble Continue Reading

Equifax and Heartbleed are most-Googled cyber security terms

Analysis of 15 years’ worth of Google search data has revealed some insight into what cyber security trends are capturing the imagination Continue Reading

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

A tech boost for social care

In this week’s Computer Weekly, we explore how local authorities across the UK have been looking at assistive technologies, ranging from collaborative robots to voice assistants, to support delivery of adult social care services. We also look into the ramifications of HMRC targeting 1,500 GlaxoSmithKline IT contractors. Read the issue now. Continue Reading

Social engineering a factor in virtually all cyber attacks, report claims

Almost every single cyber attack will, at some stage, require a human to be tricked into doing something, according to research by Proofpoint Continue Reading

Australia government to chart 2020 cyber security strategy

Australia’s home affairs ministry has released a discussion paper to seek views from all segments of society on the country’s next cyber security blueprint Continue Reading

Singapore’s SecureAge eyes US market

The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading

Finland’s security agencies collaborate after cyber attacks

National Bureau of Investigations and National Cyber Security Centre aim to increase expertise and capability to defend Finland’s critical IT infrastructure Continue Reading

A helping hand from the Nordics in the eye of the GDPR storm

Nordic IT companies are well suited to supporting enterprises in their data protection projects, even though openness is more natural to them Continue Reading

Box aims to shield businesses from data loss threat

Box has introduced an add-in to its cloud-based collaboration platform to lock down and monitor access to files and folders Continue Reading

Silence APT group eyes APAC banks

Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks Continue Reading

How EDR is moving beyond the endpoint

An emerging breed of detection and response offerings is going beyond endpoints to collect and decipher telemetry data from across the enterprise Continue Reading

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

GDPR faces growing pains across Europe

The General Data Protection Regulation is over a year old now, but it faces challenges across Europe where compliance has taken place at different speeds Continue Reading

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

CW Benelux: Dutch academic hunts the personality behind the hacker

Rutger Leukfeldt, senior researcher on cyber crime at the Netherlands Institute for the Study of Crime and Law Enforcement, is working to help organisations understand the personalities behind criminal hackers. Also in this issue, read about research that shows over half of Dutch organisations admit their knowledge of blockchain is substandard. We also feature an article about ABN Amro’s work with researchers to explore how quantum computing can be used to secure online banking. Continue Reading

Southeast Asian ‘white hat’ urges more countries to sign the Paris Call

A renowned ethical hacker in Malaysia has called for more nations to support the Paris Call for Trust and Security in Cyberspace to counter the threat of cyber warfare Continue Reading

Enhancing business purpose with privacy compliance

Computer Weekly looks at the importance of building on basic GDPR compliance and making privacy a key foundation of business culture Continue Reading

Leaked Sephora databases peddled on dark web

Cyber security firm finds two databases likely to be related to the Sephora data breach that affected online customers in Southeast Asia, Australia and New Zealand Continue Reading

Australian firms grappling with “train-smash” of security legislation

While businesses should avoid going into checkbox compliance mode, the constant flux of regulations on cyber security and privacy has led to calls for more legislative coherence from regulators Continue Reading

Think beyond tick-box compliance

A year on since GDPR, many organisations are yet to stop fretting over fines and focus instead on business value Continue Reading

Cyber kill chain is outdated, says Carbon Black

The chief cyber security officer of Carbon Black calls for a new cognitive paradigm to fend off cyber adversaries that are now attacking in cycles Continue Reading

F-Secure talks up threat-hunting to stay ahead of cyber attacks in APAC

Cyber security firm calls for organisations to double up on threat-hunting now that nearly all attack and reconnaissance traffic is automated Continue Reading

Why investment is needed in the cyber insurance market

The number of cyber insurance policies on offer is beginning to grow, but insurers still have a long way to go to develop policies that address market concerns Continue Reading

Zuckerberg responsible for Facebook privacy compliance after $5bn FTC fine

Facebook pays record fine after breaching users’ privacy, following settlements with Federal Trade Commission and Securities and Exchange Commission Continue Reading

Microsoft talks up benefits and pitfalls of machine learning in security

Software giant Microsoft uses machine learning models to detect emerging threats while keeping an eye on potential bias in security data points that could derail its analysis Continue Reading

Analytics and GDPR compliance: How to achieve it

Mathieu Gorge, CEO of Vigitrust, looks at technologies such as pseudonymisation that can help organisations stay GDPR-compliant while gaining value from analytics on customer data Continue Reading

US fines Equifax $700m over 2017 breach

Global settlement with US authorities follows systems breach that saw more than 140 million customer records stolen Continue Reading

AI security tech is making waves in incident response

Experts weigh in on the latest smart cybersecurity tools -- how they work, the implications for your IT security team and whether the investment is worth the expense. Continue Reading

CW ASEAN: Trend Watch – Security

Artificial intelligence tools are becoming a vital part of the security arsenal for organizations and cyber criminals alike. In this handbook, Computer Weekly looks at how ASEAN firms are using AI to combat cyber threats and experts discuss the latest smart cyber security tools. Continue Reading

Some Australian firms still in the dark about cyber security

A report suggesting Australian firms are experiencing fewer cyber incidents has left its co-author perplexed with the findings. Continue Reading

CW ANZ: Trend Watch – Security

With regulations pushing data protection up the business agenda, we look at how Australia’s Notifiable Data Breaches scheme has been received and consider why a survey that found Australian firms are experiencing fewer cyber breach incidents appears to conflict with anecdotal evidence that suggests the opposite. Continue Reading

Singapore shores up data protection capabilities

The Singapore government has developed a skills framework for data protection officers and is looking to certify organisations under a regional cross-border privacy rules system Continue Reading

Podcast: The Computer Weekly Downtime Upload – Episode 24

In this week’s episode of the Computer Weekly Downtime Upload podcast, Brian McKenna, Caroline Donnelly and Clare McDonald talk about using Alexa to search for medical advice, how a good cup of tea can solve most problems and whether more should be done to provide childcare at tech events Continue Reading

BA/Marriott GDPR fines: What they were for and how to avoid them

We talk to Mathieu Gorge, CEO of Vigitrust, about the BA and Marriott GDPR fines and what organisations can do to ensure they achieve compliance with GDPR and similar regulations Continue Reading