News

Data breach incident management and recovery

• January 19, 2023 19 Jan'23

  Mailchimp suffers third breach in 12 months

  Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack

• January 18, 2023 18 Jan'23

  Ukraine CERT leaders touch down in London for talks

  The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience

• January 18, 2023 18 Jan'23

  Ukraine cyber teams responded to more than 2,000 attacks in 2022

  The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day

• January 17, 2023 17 Jan'23

  Crest throws support behind CyberUp CMA reform campaign

  Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990

• January 17, 2023 17 Jan'23

  Royal Mail promises ‘workarounds’ to restore services after ransomware attack

  Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future

• January 13, 2023 13 Jan'23

  LockBit cartel suspected of Royal Mail cyber attack

  The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation

• January 12, 2023 12 Jan'23

  Companies warned to step up cyber security to become ‘insurable’

  Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks 

• January 12, 2023 12 Jan'23

  Guardian confirms Christmas 2022 cyber attack was ransomware

  Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack

• January 11, 2023 11 Jan'23

  Royal Mail services hit by major cyber attack

  UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack

• January 11, 2023 11 Jan'23

  Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

  Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming

• January 10, 2023 10 Jan'23

  New APT group targets ASEAN governments and militaries

  The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB

• January 10, 2023 10 Jan'23

  Insurer Beazley introduces catastrophe bond to ease cyber risk

  Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover

• January 06, 2023 06 Jan'23

  Proposed digital fraud refund rules risk excluding many victims

  Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned

• January 06, 2023 06 Jan'23

  Russia’s Turla falls back on old malware C2 domains to avoid detection

  Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals

• January 06, 2023 06 Jan'23

  Vice Society cyber gang targeted multiple UK schools

  The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK

• January 05, 2023 05 Jan'23

  Warning over ransomware attacks spreading via Fortinet kit

  Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web

• January 05, 2023 05 Jan'23

  Fallout from Guardian cyber attack to last at least a month

  The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time

• January 02, 2023 02 Jan'23

  China and India governments among top targets for cyber attackers

  Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 22, 2022 22 Dec'22

  Top 10 cyber crime stories of 2022

  Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents

• December 21, 2022 21 Dec'22

  Top 10 ANZ IT stories of 2022

  We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year

• December 16, 2022 16 Dec'22

  Shiseido data breach victims plan legal action over fake companies

  Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names

• December 15, 2022 15 Dec'22

  Lego fixes dangerous API vulnerability in BrickLink service

  The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas

• December 14, 2022 14 Dec'22

  Advanced Azov data wiper likely to become active threat

  Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily

• December 13, 2022 13 Dec'22

  EU issues draft data adequacy decision in favour of US

  The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 13, 2022 13 Dec'22

  More Uber data exposed in possible supply chain attack

  A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack

• December 13, 2022 13 Dec'22

  Customer frustrations mount as Rackspace investigation proceeds

  Rackspace says it is making progress on restoring services following a ransomware attack on its Hosted Exchange business, but customers are becoming frustrated with a lack of communication

• December 11, 2022 11 Dec'22

  How Zscaler is cracking APAC’s cloud security market

  Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better

• December 09, 2022 09 Dec'22

  Iranian APT seen exploiting GitHub repository as C2 mechanism

  A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• December 07, 2022 07 Dec'22

  Rackspace email outage confirmed as ransomware attack

  An ongoing outage affecting Rackspace email customers is the result of a ransomware attack

• December 06, 2022 06 Dec'22

  Don’t become an unwitting tool in Russia’s cyber war

  Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?

• December 05, 2022 05 Dec'22

  Cohesity doubles down on cyber-defence failings via backup

  Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact

• December 05, 2022 05 Dec'22

  French cyber consultancy Hackuity sets up UK operation

  Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base

• December 02, 2022 02 Dec'22

  Twitter ‘replacement’ Hive Social shuts off service in privacy alert

  Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers

• December 01, 2022 01 Dec'22

  LastPass probes new cyber incident related to August attack

  The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba

• November 30, 2022 30 Nov'22

  South Staffs Water customer data leaked after ransomware attack

  Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack

• November 30, 2022 30 Nov'22

  Latest LockBit ransomware versions have wormable capabilities

  Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter

• November 30, 2022 30 Nov'22

  NIS regulations to be extended to cover MSPs

  The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope

• November 29, 2022 29 Nov'22

  Cyber criminals exploiting naked TikTok ‘challenge’

  Malware operators lured targets by promising them they would be able to view nude videos of TikTok users

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 23, 2022 23 Nov'22

  Dutch national cyber security strategy aims to protect digital society

  Cabinet sets up national cyber security strategy to make the Netherlands digitally secure

• November 22, 2022 22 Nov'22

  Ducktail spins new tales to hijack Facebook Business accounts

  The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts

• November 21, 2022 21 Nov'22

  Bug Bounty Calculator helps organisations fine-tune their payouts

  Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 18, 2022 18 Nov'22

  New gold standard to protect good faith hackers

  HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking

• November 18, 2022 18 Nov'22

  CyberPeace Institute helps NGOs improve their security resilience

  Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people