News

Data breach incident management and recovery

• November 19, 2021 19 Nov'21

  GCHQ, NSA chiefs recommit to counter cyber threats

  UK and US intelligence services reaffirm a joint commitment to disrupt and deter new and emerging cyber threats

• November 18, 2021 18 Nov'21

  Memento ransomware gang quick to retool for ‘optimum’ outcome

  The operators of a new ransomware called Memento are quick to retool for ‘success’ if they run up against a competent defender, says Sophos

• November 18, 2021 18 Nov'21

  Alert over spate of Iran-linked BitLocker attacks

  A joint advisory from western cyber agencies warns of a campaign of ‘ongoing malicious activity’ by an Iran-linked APT group exploiting BitLocker to extort its targets

• November 17, 2021 17 Nov'21

  Security startups line up on Cyber Runway

  Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator

• November 17, 2021 17 Nov'21

  Out of the shadows: The rise of ethical hackers in 2021

  Ethical hackers working on the Bugcrowd platform have saved organisations almost $30bn in risk during the Covid-19 pandemic, as the community sheds old stereotypes

• November 16, 2021 16 Nov'21

  One-fifth of NCSC-supported cyber incidents linked to Covid-19

  National Cyber Security Centre has helped to thwart multiple cyber incidents that could have seriously disrupted the UK’s response to the pandemic

• November 15, 2021 15 Nov'21

  UK government proposes new rules for digital supply chain security

  Proposals could see IT service providers legally required to adhere to the NCSC’s Cyber Assessment Framework, among other things

• November 12, 2021 12 Nov'21

  BT applies Covid-19 R number modelling to threat response

  A prototype cyber security tool developed at BT uses epidemiological principles to detect and respond to cyber threats

• November 11, 2021 11 Nov'21

  HPE’s Aruba networking unit hit by cyber attack

  Undisclosed threat actor compromised data buckets used to run the Aruba Central cloud environment using a stolen access key

• November 11, 2021 11 Nov'21

  Finance ombudsman overturns more than three-quarters of bank decisions on APP fraud

  The financial services ombudsman is siding with customers in over 75% of complaints against banks that refuse to repay losses to authorised push payment fraud

• November 11, 2021 11 Nov'21

  Scale of crime-as-a-service economy a growing concern, say researchers

  The cyber criminal underground continues its evolution towards a service-based economy

• November 09, 2021 09 Nov'21

  US seeks to extradite REvil affiliate who attacked Kaseya

  US Department of Justice unseals charges against a Ukrainian national accused of being behind the summer 2021 REvil ransomware attack on Kaseya

• November 08, 2021 08 Nov'21

  REvil associates arrested in international ransomware crackdown

  Two individuals suspected of conducting 5,000 REvil ransomware attacks were arrested by Romanian police last week as an international crackdown on the crime gang gathers pace

• November 05, 2021 05 Nov'21

  US offers $10m reward for intel on DarkSide ransomware gang

  US government puts up a $10m reward for information on the DarkSide ransomware gang, the group that attacked Colonial Pipeline six months ago

• November 04, 2021 04 Nov'21

  The Netherlands works on resilience with large-scale national cyber exercise

  For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care

• November 03, 2021 03 Nov'21

  UK’s Labour Party hit by third-party data breach

  Data on Labour Party members was recently compromised in an apparent cyber attack on a third-party data processor

• November 03, 2021 03 Nov'21

  BlackMatter ransomware crew shuts down, leaves victims in a bind

  The BlackMatter ransomware gang appears to be winding down its activities, possibly due to pressure from law enforcement

• November 02, 2021 02 Nov'21

  Electronic waste excluded from COP26 agenda

  Data sanitation industry group calls on UK government to add electronic waste to the climate summit’s agenda

• November 02, 2021 02 Nov'21

  Convicted Silk Road admin stripped of £500k in crypto earnings

  Jailed Silk Road administrator Thomas White, aka Cthulhu, has been ordered to hand over more than £490,000 of illicit earnings

• October 28, 2021 28 Oct'21

  CIA sought revenge against Julian Assange over hacking tool leaks, court hears

  The CIA discussed kidnapping Julian Assange after WikiLeaks published thousands of documents revealing its arsenal of hacking tools, defence lawyers tell a London court

• October 28, 2021 28 Oct'21

  How ransomware crews pile on the pressure to get victims to pay

  Sophos researchers share some of the more common tactics ransomware gangs use to pressurise their victims into paying up

• October 27, 2021 27 Oct'21

  ‘No-one extradited from UK to US has committed suicide,’ US tells court in Assange appeal

  US government claims that a district judge has given WikiLeaks founder Julian Assange a ‘trump card’ to avoid extradition  

• October 27, 2021 27 Oct'21

  Government commits millions to security investment

  Spending Review adds more than £750m of funding to improve cyber security resilience across government

• October 27, 2021 27 Oct'21

  Cyber sector growth exacerbating skills shortage

  Data from security association (ISC)² shows demand for cyber pros is still outpacing supply as the sector continues an upward growth trajectory

• October 26, 2021 26 Oct'21

  DarkMarket takedown results in 150 arrests

  A coordinated operation by law enforcement has seen 150 taken into custody amid allegations of buying or selling illicit goods on the dark web

• October 26, 2021 26 Oct'21

  Lacework expands into ANZ, eyes APAC market

  DevSecOps supplier Lacework’s expansion into Australia and New Zealand will pave the way for a broader move into the Asia-Pacific region

• October 13, 2021 13 Oct'21

  Google Cybersecurity Action Team springs into life

  Google has announced a new Cybersecurity Action Team, with a mission to support security and digital transformation in governments, critical infrastructure, enterprises and small businesses

• October 13, 2021 13 Oct'21

  FCA warns over future hybrid working security risks

  Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure

• October 13, 2021 13 Oct'21

  Australia unveils ransomware action plan

  The Australian government has established a task force to address the ransomware menace and is proposing legislation to mandate reporting of ransomware incidents by businesses

• October 11, 2021 11 Oct'21

  Malaysia’s highway authority improves DR capabilities

  The Malaysian Highway Authority is now more resilient against cyber attacks through a local disaster-recovery-as-a-service offering powered by Veeam software

• October 11, 2021 11 Oct'21

  Covid-19 will loom over cyber strategy for years to come

  In remarks delivered to a Chatham House conference, NCSC head Lindy Cameron reflects on the security challenges facing the UK, and sets out some plans for the future

• October 11, 2021 11 Oct'21

  Sensitive documents to stay with whistleblower after deadline for agreement for their return passes

  A deadllne to agree the safe return of the sensitive banking details of former and current NatWest Group customers has passed without agreement

• October 08, 2021 08 Oct'21

  Craft beer specialist Brewdog fixes serious app vulnerability

  Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers

• October 08, 2021 08 Oct'21

  Fast-moving Ryuk campaign targets healthcare organisations

  Newly designated FIN12 gang leverages the work of the cyber criminal ecosystem to conduct lightning-fast ransomware attacks

• October 07, 2021 07 Oct'21

  ICO expresses concerns over its future independence

  In its response to the government’s data protection consultation, the Information Commissioner’s Office has raised worries over its future ability to function independently of government interference

• October 07, 2021 07 Oct'21

  Twitch data breach investigations continue

  Investigations are ongoing into a 125GB data breach that hit livestreaming platform Twitch, apparently the work of hacktivists

• October 06, 2021 06 Oct'21

  US lawmakers propose ransomware reporting rules

  Former presidential candidate Elizabeth Warren lends her support to a bill that would require corporate ransomware victims to disclose more information about their attacks to the authorities

• October 06, 2021 06 Oct'21

  Gaming service Twitch hacked, data leaked

  Users of livestreaming platform Twitch may be at risk after a 125GB torrent of data was leaked

• October 06, 2021 06 Oct'21

  Apache web server users urged to patch immediately

  New zero-day in Apache HTTP Server is already being actively exploited and must be addressed immediately

• October 05, 2021 05 Oct'21

  New Python-based ransomware attacks unfold in record time

  Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs

• October 04, 2021 04 Oct'21

  Mandiant name returns to fore ahead of FireEye sale

  Mandiant has completed its corporate rebrand pending the imminent sale of the FireEye products business to a private equity group

• October 04, 2021 04 Oct'21

  Two arrests made in European ransomware investigation

  Unnamed ransomware operation was disrupted last week in Kiev, Ukraine, following a coordinated investigation

• October 01, 2021 01 Oct'21

  JVCKenwood hit by Conti ransomware attack

  Nearly 2TB of data was stolen from Japanese electronics firm in a Conti ransomware hit

• October 01, 2021 01 Oct'21

  IR35: Giant Group cyber attack prompts renewed calls for statutory regulation of umbrella companies

  As details about the fallout from the cyber attack on the Giant Group umbrella company emerge, stakeholders say the incident should prompt the government to expedite regulating contractor payroll processing firms

• September 29, 2021 29 Sep'21

  FoggyWeb malware latest tool of dangerous Nobelium APT

  Microsoft’s threat intelligence team warns of a new strain of malware being used by the Russia-linked Nobelium APT

• September 29, 2021 29 Sep'21

  The Security Interviews: How SolarWinds came through its darkest hour

  In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario

• September 29, 2021 29 Sep'21

  UK consumer trust in banks, retailers and telcos declines as scams increase

  Consumers are blaming banks, retailers and social media for the huge increase in online scams, survey shows

• September 28, 2021 28 Sep'21

  How one red team exercise averted a new SolarWinds-style attack

  Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack

• September 27, 2021 27 Sep'21

  Women and BAME people bear brunt of cyber crime impact

  Cyber crime has a disproportionate impact on women and BAME people, according to a new report

• September 27, 2021 27 Sep'21

  Giant Umbrella contractors suffer salary payment delays following suspected ‘data breach’

  Following the discovery of “suspicious network activity” in its systems, payroll processing firm Giant Umbrella has taken itself offline, leaving contractors to fume over missing salary payments