News

Data breach incident management and recovery

• March 15, 2023 15 Mar'23

  Microsoft patches Outlook zero-day for March Patch Tuesday

  A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update

• March 08, 2023 08 Mar'23

  How ForgeRock is tackling identity management

  ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy

• March 07, 2023 07 Mar'23

  APAC IT leaders bullish on tech spending

  Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas

• March 01, 2023 01 Mar'23

  Data breaches in Australia on the rise, says OAIC

  Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner

• February 28, 2023 28 Feb'23

  LastPass attack saw employee’s home computer hacked

  The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package

• February 24, 2023 24 Feb'23

  Royal Mail stands firm as LockBit leaks data and renews ransom demand

  The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail’s systems, but the postal service is not entertaining the possibility of giving in

• February 23, 2023 23 Feb'23

  WithSecure proposes ‘undo’ button for ransomware

  WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening

• February 22, 2023 22 Feb'23

  UK forces lead live-fire cyber war exercise

  The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces

• February 22, 2023 22 Feb'23

  Researchers find new bug ‘class’ in Apple devices

  A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix

• February 21, 2023 21 Feb'23

  Royal Mail resumes full export service after cyber attack

  Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business

• February 20, 2023 20 Feb'23

  Singapore organisations struggle to operationalise threat intelligence

  Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges

• February 16, 2023 16 Feb'23

  Financial advisory firm Succession Wealth probes cyber attack

  Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February

• February 15, 2023 15 Feb'23

  Royal Mail refused to pay £66m LockBit ransom demand, logs reveal

  Leaked chat logs reveal Royal Mail has supposedly refused to pay a £66m ransom demand from the LockBit ransomware gang

• February 13, 2023 13 Feb'23

  Security buyers lack insight into threats, attackers, report finds

  The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report

• February 13, 2023 13 Feb'23

  Killnet DDoS attacks disrupt Nato websites

  A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable

• February 13, 2023 13 Feb'23

  Whistleblower in limbo as sensitive NatWest customer files remain under her bed

  Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data

• February 10, 2023 10 Feb'23

  Social media platform Reddit breached in phishing attack

  An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack

• February 09, 2023 09 Feb'23

  UK imposes sanctions on Conti ransomware gang leaders

  Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK

• February 09, 2023 09 Feb'23

  How Check Point is keeping pace with the cyber security landscape

  Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security

• February 08, 2023 08 Feb'23

  Campaigners lament lack of movement on Computer Misuse Act reform

  Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed

• February 07, 2023 07 Feb'23

  LockBit cartel finally claims Royal Mail ransomware attack

  The LockBit ransomware gang claims it has stolen sensitive data from Royal Mail and will leak it later this week if its demands go unmet

• February 07, 2023 07 Feb'23

  APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

  MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest

• February 06, 2023 06 Feb'23

  Post Office branches struggling after Royal Mail cyber attack

  Royal Mail has restored almost all of its international services to some extent, but remains unable to accept parcels bought over the counter in a Post Office branch

• February 06, 2023 06 Feb'23

  The Security Interviews: How to overcome data protection compliance challenges

  Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?

• February 06, 2023 06 Feb'23

  Ransomware operator turns their fire on two-year-old VMware bug

  A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware

• February 05, 2023 05 Feb'23

  Australian organisations underinvesting in cyber security

  Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches

• February 03, 2023 03 Feb'23

  LockBit gang confirms Ion cyber attack as disruption continues

  The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February

• February 02, 2023 02 Feb'23

  North Korea’s Lazarus gang exposes itself in opsec failure

  WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up

• February 02, 2023 02 Feb'23

  Suspected LockBit ransomware attack causes havoc in City of London

  A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders

• February 02, 2023 02 Feb'23

  Arnold Clark customer data was stolen in Play ransomware attack

  Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack

• February 01, 2023 01 Feb'23

  Cloud security top risk to enterprises in 2023, says study

  A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year

• February 01, 2023 01 Feb'23

  CryptoRom scam abuses Apple and Google app stores to claim victims

  Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards

• January 31, 2023 31 Jan'23

  Russian DDoS hacktivists seen targeting western hospitals

  A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk

• January 31, 2023 31 Jan'23

  GitHub warns Desktop, Atom users after code-signing certificates pinched

  Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users

• January 31, 2023 31 Jan'23

  Royal Mail recovers more International Tracked services

  Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services

• January 30, 2023 30 Jan'23

  Data of 10 million JD Sports customers accessed in cyber attack

  Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack

• January 27, 2023 27 Jan'23

  Hive ransomware gang taken down after FBI hacks back

  The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation

• January 26, 2023 26 Jan'23

  Royal Mail resumes some international parcel services from UK

  Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack

• January 26, 2023 26 Jan'23

  Zero-trust implementations remain work in progress

  Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds

• January 25, 2023 25 Jan'23

  NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

  Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC

• January 25, 2023 25 Jan'23

  Arnold Clark cyber attack claimed by Play ransomware gang

  A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel

• January 25, 2023 25 Jan'23

  Boards struggle to resolve cyber risk in digital supply chains

  Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk

• January 24, 2023 24 Jan'23

  UK insurers need to up their game on cyber gaps, says PRA

  Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority

• January 24, 2023 24 Jan'23

  SSRF attacks hit 100,000 businesses globally since November

  There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers

• January 23, 2023 23 Jan'23

  NCSC warning over cyber risk to charity sector

  Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC

• January 22, 2023 22 Jan'23

  Royal Mail making limited progress on ransomware recovery

  Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common

• January 20, 2023 20 Jan'23

  Veeam survey finds ransomware blocks digital transformation

  Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered

• January 20, 2023 20 Jan'23

  WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

  The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising

• January 19, 2023 19 Jan'23

  International post resumes thanks to Royal Mail ‘workarounds’

  Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack

• January 19, 2023 19 Jan'23

  KFC, Pizza Hut parent shuts UK restaurants after cyber attack

  A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group