News

Data breach incident management and recovery

• February 09, 2021 09 Feb'21

  ‘Batman Begins’ cyber attack is a warning to CNI providers

  A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services

• February 08, 2021 08 Feb'21

  Data of thousands of Dutch citizens leaked from government Covid-19 systems

  Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19

• February 05, 2021 05 Feb'21

  Security firm Stormshield loses source code in cyber attack

  Source code from two products developed by French cyber security firm was compromised in a December 2020 incident

• February 04, 2021 04 Feb'21

  Woodland Trust hit by cyber attack in December

  Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members

• February 04, 2021 04 Feb'21

  SolarWinds chases multiple leads in breach investigation

  Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised

• February 04, 2021 04 Feb'21

  Fraud and cyber crime still vastly under-reported

  The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate

• February 03, 2021 03 Feb'21

  Foxtons rejects claims of slow reaction to data leak

  Investigators have unearthed 16,000 data records that seem to have been stolen in an attack on property firm Foxtons last year, but the organisation says it acted by the book in dealing with the incident

• February 03, 2021 03 Feb'21

  ‘Classic’ Cerber ransomware targets health sector in high volumes

  Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• February 01, 2021 01 Feb'21

  Serco confirms Babuk ransomware attack

  Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal

• February 01, 2021 01 Feb'21

  UKRI suspends services after ransomware attack

  UK Research and Innovation was hit by an undisclosed strain of ransomware at the end of January

• February 01, 2021 01 Feb'21

  CISOs invisible to their organisations, says BT report

  Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard

• February 01, 2021 01 Feb'21

  SBRC picks Check Point to support cyber helpline

  The Scottish Business Resilience Centre has enlisted Check Point as the first security supplier to join its incident response partnership programme

• January 31, 2021 31 Jan'21

  Indian firms see growing value of data

  Half of Indian IT leaders see a permanent increase in value of data as their organisations come under threat from mounting cyber attacks amid the pandemic

• January 29, 2021 29 Jan'21

  Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

  The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices

• January 29, 2021 29 Jan'21

  Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

  Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee

• January 29, 2021 29 Jan'21

  Manufacturing particularly at risk of Solorigate-linked breaches

  Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers

• January 29, 2021 29 Jan'21

  Human factor dominates Australia’s latest data breach numbers

  The number of data breaches resulting from human error increased by 18% in the second half of 2020, according to Australian government’s latest notifiable data breaches report

• January 28, 2021 28 Jan'21

  End of Emotet: A blow to cyber crime, but don’t drop your guard

  The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact

• January 27, 2021 27 Jan'21

  Mimecast breach was work of SolarWinds attackers

  Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December

• January 27, 2021 27 Jan'21

  Emotet botnet goes offline as cops seize servers

  The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement

• January 27, 2021 27 Jan'21

  Grindr complaint results in €9.6m GDPR fine

  Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices

• January 26, 2021 26 Jan'21

  Conservatives broke data law to racially profile millions

  The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard

• January 26, 2021 26 Jan'21

  North Korean state attacks legitimate security researchers

  Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group

• January 26, 2021 26 Jan'21

  ICO extends commissioner Denham’s term of office

  Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor

• January 22, 2021 22 Jan'21

  Sepa data leaks as agency resists ransom demands

  The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Gamarue malware found on government-issued school laptops

  Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Should I be worried about MFA-bypassing pass-the-cookie attacks?

  Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations?

• January 19, 2021 19 Jan'21

  Questions raised by New Zealand central bank boss, following cyber attack investigation

  The governor of New Zealand’s central bank said the organisation must answer questions about its security following a ‘significant’ attack

• January 19, 2021 19 Jan'21

  Value of GDPR fines shows dramatic increase in 2020

  European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise

• January 19, 2021 19 Jan'21

  Criminals fiddled stolen Covid-19 vaccine data to damage trust

  Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA

• January 19, 2021 19 Jan'21

  MAS offers guidance on mitigating supply chain threats

  Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks

• January 18, 2021 18 Jan'21

  Australians lost A$176m to scams in 2020

  Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering

• January 15, 2021 15 Jan'21

  US cyber security agencies get $9bn in Biden plan

  New funding proposals come as US government reels from the impact of the December 2020 SolarWinds attack

• January 14, 2021 14 Jan'21

  Old, on-premise systems targeted in Hackney ransomware attack

  Council reveals some more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology

• January 14, 2021 14 Jan'21

  Unforeseen consequences of new technologies put UK at risk

  Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems

• January 14, 2021 14 Jan'21

  APAC firms grapple with cyber security amid pandemic

  Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work

• January 13, 2021 13 Jan'21

  World’s largest dark web market disrupted in major police operation

  Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline

• January 13, 2021 13 Jan'21

  Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

  Data dump understood to include screenshots of emails, peer review information, PDFs and PowerPoint presentations

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Parler collapse opens door to phishing attacks

  The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern

• January 11, 2021 11 Jan'21

  Kaspersky claims link between Solorigate and Kazuar backdoors

  Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship

• January 11, 2021 11 Jan'21

  New Zealand central bank IT system breached in cyber attack

  Bank is responding to a cyber attack after hackers breached the system of a third-party supplier

• January 08, 2021 08 Jan'21

  Which? online banking investigation reveals ‘worrying gaps’ in security

  Consumer rights organisation has ranked the security of UK online current account providers

• January 07, 2021 07 Jan'21

  Hackney Council data leaked by Pysa ransomware gang

  Council data stolen in October is leaked online in a double extortion attack

• January 06, 2021 06 Jan'21

  SolarWinds attack almost certainly work of Russian spooks

  Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays

• January 05, 2021 05 Jan'21

  Scammers impersonating the ACSC on the prowl

  The Australian Cyber Security Centre warns of scammers who are using its name to gain control of personal computers and trick users into revealing personal information

• December 31, 2020 31 Dec'20

  Top 10 investigations and national security stories of 2020

  Here are Computer Weekly’s top 10 investigations and national security stories of 2020