Data breach incident management and recovery
-
News
20 Nov 2024
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading
-
Feature
19 Nov 2024
Storage technology explained: Ransomware and storage and backup
We look at ransomware attacks, and the importance of good backup practice as well as immutable snapshots, air-gapping, network segmentation, AI anomaly detection and supplier warranties Continue Reading
-
News
28 Jun 2024
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence Continue Reading
-
News
24 Jun 2024
Sellafield pleads guilty to criminal charges over cyber security
Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information Continue Reading
-
News
21 Jun 2024
Qilin ransomware gang publishes stolen NHS data online
The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading
-
News
20 Jun 2024
Sir Alan Bates hits out at Post Office ‘incompetence’ after data breach
Victims of the scandal react with anger at news the Post Office published a document containing their names and addresses on its website Continue Reading
-
Opinion
18 Jun 2024
We need a judge-led inquiry into police spying on journalists and lawyers
When journalists Barry McCaffrey and Trevor Birney were wrongly arrested in 2018, their case led to the discovery of a widespread police surveillance operation targeting journalists and lawyers in Northern Ireland. Barry McCaffrey tells the story Continue Reading
-
News
13 Jun 2024
Black Basta ransomware crew may be exploiting Microsoft zero-day
A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn Continue Reading
-
News
11 Jun 2024
Pure Storage hit by Snowflake credential hackers
Pure Storage emerges as the latest victim of a fast-spreading breach of Snowflake customers targeting users with lax credential security measures in place Continue Reading
-
News
11 Jun 2024
More than 160 Snowflake customers hit in targeted data theft spree
Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading
-
News
10 Jun 2024
NHS blood stocks running low after ransomware attack
The NHS is appealing for people with O Positive and O Negative blood types to come forward to donate as hospitals in London struggle to keep critical services running after ransomware attack Continue Reading
-
News
07 Jun 2024
Bitdefender makes MDR services free to NHS bodies hit by Qilin
Bitdefender offers NHS bodies affected by a major cyber incident free access to its product suite, as the health service continues to deal with the impact of the Qilin ransomware attack on partner Synnovis Continue Reading
-
News
07 Jun 2024
Sophos uncovers Chinese state-sponsored campaign in Southeast Asia
Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea Continue Reading
-
News
06 Jun 2024
FBI finds 7,000 LockBit decryption keys in blow to criminal gang
The US authorities say they now have more than 7,000 LockBit decryption keys in their possession and are urging victims of the prolific ransomware gang to come forward Continue Reading
-
News
05 Jun 2024
Qilin ransomware gang likely behind crippling NHS attack
Security experts investigating a major cyber attack on an NHS partner that has caused frontline services across South London to grind to a halt say the Qilin ransomware gang appears to be the culprit Continue Reading
-
News
04 Jun 2024
OAIC files civil penalty action against Medibank
The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach Continue Reading
-
Opinion
04 Jun 2024
Security Think Tank: The cloud just got more complicated
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
04 Jun 2024
Building a more secure, and sustainable, open source ecosystem
In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading
-
News
04 Jun 2024
NHS services at major London hospitals disrupted by cyber attack
A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London Continue Reading
-
News
03 Jun 2024
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading
-
News
03 Jun 2024
Major breaches allegedly caused by unsecured Snowflake accounts
Significant data breaches at Ticketmaster and Santander appear to have been orchestrated through careful targeting of the victims’ Snowflake cloud data management accounts Continue Reading
-
News
03 Jun 2024
Sellafield local authority slammed over response to North Korean ransomware attack
The local authority for Europe’s biggest nuclear site has been slammed by auditors for its response to a North Korea-linked cyber attack that temporarily crippled its operations Continue Reading
-
News
02 Jun 2024
Ticketek Australia hit by data breach
Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm Continue Reading
-
News
31 May 2024
Law student ‘unfairly disciplined’ after reporting data breach blunder
A law student has accused a leading legal college of unethical behaviour and a “lack of integrity” after it brought misconduct proceedings against him when he reported a data security blunder Continue Reading
-
News
30 May 2024
Europol sting operation smokes multiple botnets
Malware droppers including Bumblebee and Smokeloader were among those targeted in one of the largest ever joint operations against cyber criminal botnets Continue Reading
-
News
21 May 2024
The Security Interviews: What is the real cyber threat from China?
Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
-
News
20 May 2024
WikiLeaks founder Julian Assange granted appeal
Two high court judges granted WikiLeaks founder Julian Assange leave to appeal against extradition to the US after defence lawyers argued that the US had failed to give adequate assurances Continue Reading
-
News
15 May 2024
US authorities crack BreachForums for a second time
The BreachForums data leak website has been seized by the FBI and international partners again Continue Reading
-
News
15 May 2024
WikiLeaks founder’s extradition case labelled ‘institutional corruption’
Call for Julian Assange to be prosecuted in the US has been condemned as ‘institutional corruption on a judicial level’ with the WikiLeaks founder a ‘political prisoner’ Continue Reading
-
News
14 May 2024
CyberUK 24: UK insurance industry gets tough on ransomware
Three of the UK’s largest insurance associations have signed on to a new initiative spearheaded by the NCSC to try to bring down the number of ransomware payments being made Continue Reading
-
Opinion
13 May 2024
The UK may not have a choice on a ransomware payment ban
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
10 May 2024
Major breach of customer information developing at Dell
Almost 50 million data records relating to Dell customers appear to have been compromised in a major cyber breach Continue Reading
-
News
10 May 2024
Over 5.3 billion data records exposed in April 2024
The number of data records breached in April 2024 hit over five billion, a staggering year-on-year increase Continue Reading
-
News
09 May 2024
Cyber attack victims need to speak up, says ICO
The Information Commissioner’s Office is urging organisations to be transparent and learn from each other’s mistakes as it reveals most of the cyber attacks it responds to stem from the same core errors Continue Reading
-
News
09 May 2024
Wales gets UK’s first national SOC
The first national security operations centre of its kind in the UK has opened in the south of Wales to safeguard public sector bodies across the country Continue Reading
-
Opinion
09 May 2024
Enhance identity controls before banning ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
07 May 2024
Chinese APT suspected of Ministry of Defence hack
A cyber attack on the Ministry of Defence is suspected to be the work of threat actors working on behalf of Chinese intelligence Continue Reading
-
News
07 May 2024
NCA unmasks LockBitSupp cyber gangster who toyed with pursuers
The NCA and its partners have named the administrator of the LockBit ransomware gang, LockBitSupp, as Dmitry Khoroshev, who now faces sanctions and criminal charges Continue Reading
-
News
06 May 2024
Microsoft beefs up cyber initiative after hard-hitting US report
Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems Continue Reading
-
News
03 May 2024
Patch GitLab vuln without delay, users warned
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
-
News
03 May 2024
EU calls out Fancy Bear over attacks on Czech, German governments
The European Union, alongside member states Czechia and Germany, have accused Russian government APT Fancy Bear of being behind a series of attacks on political parties and government bodies Continue Reading
-
News
03 May 2024
Why IAM is central to cyber security
BeyondTrust’s chief security strategist talks up the importance of identity and access management, and the role of cyber insurance in driving security improvements Continue Reading
-
News
02 May 2024
NCSC updates warning over hacktivist threat to CNI
The NCSC and CISA have warned about the evolving threat from Russia-backed hacktivist threat actors targeting critical national infrastructure, after a number of American utilities were attacked Continue Reading
-
News
02 May 2024
Dropbox Sign user information accessed in data breach
Account data belonging to Dropbox Sign users was accessed by an unknown threat actor after they hacked into the organisation’s backend infrastructure Continue Reading
-
News
02 May 2024
Ukrainian national sentenced over REvil ransomware spree
A 24-year-old Ukrainian man has been sentenced to more than 13 years in prison after being convicted of his role in the REvil ransomware attacks Continue Reading
-
News
02 May 2024
BBC instructs lawyers over allegations of police surveillance of journalist
Lawyers for the BBC have written to the Investigatory Powers Tribunal over allegations that the Police Service of Northern Ireland spied on investigative journalist Vincent Kearney Continue Reading
-
News
02 May 2024
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks Continue Reading
-
News
01 May 2024
EMEA CISOs must address human factors behind cyber incidents
The 17th annual Verizon report on data breaches makes for sobering reading for security pros, urging them to do more to address the human factors involved in cyber incidents, and highlighting ongoing issues with zero-day patching Continue Reading
-
Opinion
01 May 2024
Better hygiene may mitigate the need to ban ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
01 May 2024
Australia’s Qantas apologises for mobile app data breach
Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions Continue Reading
-
News
30 Apr 2024
Persistent data breaches deny people with HIV dignity and privacy
The ICO has urged charities and healthcare organisations that work with people living with HIV to do better when it comes to protecting their personal data, after the HIV status of more than 100 people was accidentally disclosed by London’s Central YMCA Continue Reading
-
Opinion
29 Apr 2024
Ransomware payment bans need universal buy-in
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
Opinion
26 Apr 2024
Security Think Tank: Maybe let's negotiate with terrorists
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
25 Apr 2024
Zero trust is a strategy, not a technology
Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag Continue Reading
-
Opinion
23 Apr 2024
Security Think Tank: Cyber sector, you have failed this community
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
23 Apr 2024
GooseEgg proves golden for Fancy Bear, says Microsoft
Microsoft’s threat researchers have uncovered GooseEgg, a never-before-seen tool being used by Forest Blizzard, or Fancy Bear, in conjunction with vulnerabilities in Windows Print Spooler Continue Reading
-
Opinion
23 Apr 2024
Questions for IT and cyber leaders from the CSRB Microsoft report
The US government's CSRB report on last year's state sponsored cyber attacks on Microsoft raises significant concerns for Redmond and its customers. Expert Owen Sayers outlines five key questions IT and cyber security leaders should now consider Continue Reading
-
News
22 Apr 2024
Fujifilm plans to ‘make tape easy’ with Kangaroo SME appliance
Fujifilm to add 100TB SME-focused Kangaroo tape infrastructure in a box to existing 1PB offer, as energy efficiency and security of tape make it alluring to customers Continue Reading
-
News
18 Apr 2024
CSA warns of emerging security risks with cloud and AI
Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh Continue Reading
-
Opinion
18 Apr 2024
Security Think Tank: Approaches to ransomware need a course correction
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
17 Apr 2024
Mandiant formally pins Sandworm cyber attacks on APT44 group
Mandiant has formally attributed a long-running campaign of cyber attacks by a Russian state actor known as Sandworm to a newly designated advanced persistent threat group to be called APT44 Continue Reading
-
News
16 Apr 2024
CISOs not yet convinced to invest in AI
CISOs say their eyes are fixed firmly on threats like ransomware and supply chain attacks, and while AI is becoming a threat that needs to be dealt with, it’s not yet an immediate spending priority Continue Reading
-
News
16 Apr 2024
Recognising APAC’s trailblazers in digital transformation
DBS Bank and NUS were among the top industry innovators that were lauded for various transformational initiatives at the Computer Weekly Innovation Awards APAC 2024 Continue Reading
-
News
09 Apr 2024
UK plc failing on multiple cyber measures
Government report shows 50% of businesses and 32% of charities reported a cyber attack or breach in the past 12 months and organisations across the UK are failing on multiple cyber measures Continue Reading
-
News
08 Apr 2024
UK vet network CVS hit by cyber attack
Operations at UK-based veterinary network CVS have been disrupted by a cyber incident of an as-yet undisclosed nature Continue Reading
-
News
05 Apr 2024
How Oracle Red Bull Racing guards against cyber threats
The F1 team is tapping managed security services, conducting penetration tests and improving security awareness among employees to fend off cyber threats such as phishing and ransomware Continue Reading
-
News
04 Apr 2024
Changes needed for SOCs and CSIRTs, claims Dutch research institute
Cyber security specialists need a game-changer to keep up with their adversaries, who increasingly use automation and AI for their attacks Continue Reading
-
News
03 Apr 2024
RDP abused in over 90% of cyber attacks, Sophos finds
Threat actors continue to see great success using simple, tried and tested methods, and many defenders are failing to do the basics Continue Reading
-
News
03 Apr 2024
Ransomware kill switch may save 99% of files from encryption
MDR specialist Adlumin says its new features will help customers stop in-progress ransomware attacks before they can cause significant damage Continue Reading
-
Opinion
02 Apr 2024
Security Think Tank: How to tackle the scourge of ransomware?
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
01 Apr 2024
Open source alert over intentionally placed backdoor
A backdoor in the open source XZ Utils data compression library could have led to widespread compromise across the Linux ecosystem - and the community is on the trail of a developer who seems to be behind it Continue Reading
-
News
28 Mar 2024
UK plc going backwards on cyber maturity, Cisco report claims
Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape Continue Reading
-
News
28 Mar 2024
Sellafield to be prosecuted over alleged cyber compliance failure
Sellafield Ltd, the organisation responsible for cleaning up and decommissioning the UK's largest nuclear waste site, is to be prosecuted over alleged cyber security failings dating back to 2019 Continue Reading
-
News
27 Mar 2024
Ransomware gang leaks data stolen from Scottish NHS board
Data stolen from an earlier attack on NHS Dumfries and Galloway has been leaked by a ransomware gang that claims to be in possession of much more content Continue Reading
-
News
26 Mar 2024
Qilin ransomware gang claims cyber attack on the Big Issue
A ransomware attack on the systems of publisher and social enterprise Big Issue Group has been claimed by the Qilin gang Continue Reading
-
News
26 Mar 2024
NCSC reaffirms guidance for those at risk of Chinese state hacking
As the UK and US governments announce sanctions and indictments of a Chinese state threat actor, the NCSC has reiterated its security advice for individuals at risk of being targeted for espionage purposes Continue Reading
-
News
26 Mar 2024
US authorities charge seven over Chinese hacking
The US Department of Justice has charged seven Chinese nationals linked to the APT31 threat actor that targeted politicians in the UK and US Continue Reading
-
News
21 Mar 2024
NCSC guidance to help CEOs work through cyber incidents
The NCSC has published in-depth guidance on how business leaders should respond to a cyber attack or data breach. Learn about some of the key steps you will need to follow Continue Reading
-
News
20 Mar 2024
Ukrainians crack network that stole 100m email, social accounts
Three members of an organised cyber criminal group who hacked and appropriated personal email and social media accounts face up to 15 years in prison Continue Reading
-
News
20 Mar 2024
UK’s cyber resilience stagnates as more fall victim to attacks
The government is calling on businesses to ramp up their cyber protections as study shows improvements to resilience are stagnating amid an ever-growing volume of attacks Continue Reading
-
News
19 Mar 2024
Australia’s cyber security spending to grow 11.5% this year
Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner Continue Reading
-
News
17 Mar 2024
UK’s AI ambitions pointless while cyber security is still neglected
The UK’s AI ambitions may be at considerable risk without stronger cyber defences across the private and public sectors Continue Reading
-
News
15 Mar 2024
London Mayor’s Office reprimanded over data breach
The London Mayor’s Office has been reprimanded by the ICO after an internal error exposed the data of people who had made complaints against the Metropolitan Police Continue Reading
-
News
13 Mar 2024
Microsoft AI-powered cyber service to go live in April
After a year being previewed by beta customers, Microsoft’s much vaunted Copilot for Security service is about to go on general release, promising time savings and improved accuracy for hard-pressed security pros Continue Reading
-
News
13 Mar 2024
British Library opens up over ransomware attack to help others
The British Library has opted for full transparency after experiencing a devastating ransomware attack, publishing details of the intrusion, its response and the lessons it has learned Continue Reading
-
News
12 Mar 2024
More DDoS attacks launched against APAC financial firms
The financial sector in Asia-Pacific saw more DDoS attacks in 2023, but no notable impact was reported, according to a report by Akamai and FS-ISAC Continue Reading
-
News
11 Mar 2024
Government not facing up to CNI cyber risks, committee warns
The Joint Committee on the National Security Strategy has accused the government of burying its head in the sand over the cyber threat to UK critical infrastructure Continue Reading
-
Podcast
11 Mar 2024
Podcast: Immutable storage essential against ransomware, but...
...not all immutable storage is created equal. That’s the message from Paul Speciale of Scality, who looks at immutable storage, its variants and what’s needed to secure data Continue Reading
-
News
06 Mar 2024
Nation states buying hacking tools from underground Russian cyber forums
State-sponsored hacking groups, posing as hacktivists, are using Russian cyber crime forums to stock up on cyber weapons, says Check Point Software’s threat analyst, Sergey Shykevich Continue Reading
-
News
05 Mar 2024
ALPHV/BlackCat gang vanishes amid ransomware ‘turmoil’
Mystery surrounds the apparent disappearance of the ALPHV/BlackCat cyber crime gang amid reports that a prominent US victim paid a $22m ransom Continue Reading
-
News
05 Mar 2024
Banning ransomware payments back on the agenda
The idea of banning ransomware payments to cyber criminals is back on the agenda, with former NCSC chief Ciaran Martin arguing that tougher measures need to be taken Continue Reading
-
Feature
01 Mar 2024
Ivanti vulnerabilities explained: Everything you need to know
A series of vulnerabilities in Ivanti products have caused concern worldwide. Delve into some of the key issues arising from the Ivanti disclosures, looking at the vulnerabilities and their impact, what affected users should do, and learn about new developments Continue Reading
-
News
01 Mar 2024
Fancy Bear sniffs out Ubiquiti router users
The authorities have warned users of Ubiquiti EdgeRouter products to take remedial action after a number of devices were hijacked into a malicious botnet by a Russian cyber espionage unit Continue Reading
-
News
01 Mar 2024
APAC firms bullish on IT spending
More than half of organisations plan to spend more on key areas such as cyber security, generative AI and cloud in a sign of growing optimism across the region Continue Reading
-
News
29 Feb 2024
Okta doubles down on cyber in wake of high-profile breaches
Okta launches Secure Identity Commitment to shore up its technology in the wake of a damaging breach and elevate best practice around identity Continue Reading
-
News
28 Feb 2024
New version of ALPHV/BlackCat ransomware hits victims
An updated version of the ALPHV/BlackCat ransomware has been spotted in the wild amid a series of attacks on American healthcare providers, prompting a new alert from the authorities Continue Reading
-
News
28 Feb 2024
75% of third-party breaches target software, IT supply chains
Data drawn from SecurityScorecard’s telemetry reveals how supply chain breaches are becoming a weapon of choice for threat actors Continue Reading
-
News
27 Feb 2024
Black Basta and Bl00dy ransomware gangs exploiting ConnectWise vulns
More ransomware gangs have been observed exploiting two dangerous vulnerabilities in ConnectWise ScreenConnect software, prompting new warnings for users to get patching Continue Reading
-
News
27 Feb 2024
Majority of UK employees ‘willingly gamble’ with security
Human-centric threats originating from employees continue to damage organisations both financially and reputationally, according to a report Continue Reading
-
Definition
27 Feb 2024
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Continue Reading
-
News
27 Feb 2024
Cozy Bear and other APTs changing tack as cloud adoption increases
A change in APT tactics has been observed resulting from greater adoption of cloud-based services, according to the NCSC Continue Reading
-
News
26 Feb 2024
LockBit bids to save face after NCA takedown
The LockBit gang’s ringleader resurfaces with new infrastructure and new victims, claiming to have shrugged off a multinational police sting Continue Reading