Data breach incident management and recovery

Prepare for your worst day: How to create a cyber incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• James Allman-Talbot

Rhysida gang stole hundreds of gigabytes of British Library data

The Rhysida ransomware gang behind the cyber attack on the British Library has published almost 600GB of stolen data to its dark web leak site Continue Reading

By

• Alex Scroxton, Security Editor

Law enforcement dismembers major ransomware operation in Ukraine

A joint law enforcement operation between the Ukrainian authorities, Europol and Eurojust has seem five ransomware operators taken into custody Continue Reading

By

• Alex Scroxton, Security Editor

Scope of Okta helpdesk breach widens to impact all users

Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light Continue Reading

By

• Alex Scroxton, Security Editor

Meta faces GDPR complaint over processing personal data without 'free consent'

Paid-for service means data protection is only available to those who can afford it, privacy group argues in data protection complaint Continue Reading

By

• Bill Goodwin, Computer Weekly

Scope of British Library data breach widens

Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again Continue Reading

By

• Alex Scroxton, Security Editor

The Security Interviews: Zeki Turedi, field CTO Europe, CrowdStrike

Organisations are racing to keep their security up to date against the latest threats. CrowdStrike’s Zeki Turedi explains how to protect against novel and innovative cyber attacks Continue Reading

By

• Peter Ray Allison

DORA raises the stakes for cloud use in financial services

The EU's DORA regulations will raise the stakes for cloud in financial services but resilience is more than just a tech issue, says NetApp's Steve Rackham Continue Reading

By

• Steve Rackham

APAC organisations warm to microsegmentation

Nearly two-thirds of organisations in the APAC region see microsegmentation as a way to protect their IT assets, but lack the skills to deploy the technology Continue Reading

By

• Aaron Tan, TechTarget

MOVEit incident spurred UK decision makers to spend big on cyber

The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

North Korean APTs go all in on supply chain attacks, warns NCSC

Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading

By

• Alex Scroxton, Security Editor

Australia ups ante on cyber security

Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading

By

• Stephen Withers

An inside look at a Scattered Spider cyber attack

Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated Continue Reading

By

• Alex Scroxton, Security Editor

CISA reveals how LockBit hacked Boeing via Citrix Bleed

As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew Continue Reading

By

• Alex Scroxton, Security Editor

Canada’s Mounties among government employees hit by LockBit

A LockBit attack on a specialist supplier of relocation services has engulfed multiple government agencies in Canada Continue Reading

By

• Alex Scroxton, Security Editor

Why transparency and accountability are important in cyber security

If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading

By

• Casey Ellis

Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack

Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder Continue Reading

By

• Bill Goodwin, Computer Weekly

Security incident response teams are human, too

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Mandy Andress, Elastic

Royal Mail spent £10m on cyber measures after LockBit attack

Royal Mail has spent approximately £10m on recovery and improved cyber resilience measures in the wake of the January 2023 LockBit ransomware attack Continue Reading

By

• Alex Scroxton, Security Editor

Ransomware gang grasses up uncooperative victim to US regulator

The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading

By

• Alex Scroxton, Security Editor

British Library’s Halloween cyber scare was ransomware

The British Library has provided an update on an ongoing cyber incident affecting its systems, confirming it to be the result of a ransomware attack Continue Reading

By

• Alex Scroxton, Security Editor

BlackCat affiliate seen using malvertising to spread ransomware

Researchers at eSentire identified a wave activity from an ALPHV/BlackCat ransomware affiliate which has adopted a somewhat unusual approach to delivering its locker Continue Reading

By

• Alex Scroxton, Security Editor

US government reinforces ICBC hack link to Citrix Bleed

US Treasury adds weight to reports that a ransomware gang gained access to the systems of Chinese bank ICBC by exploiting a critical Citrix flaw Continue Reading

By

• Alex Scroxton, Security Editor

How Gigamon is making its mark in deep observability

Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth Continue Reading

By

• Aaron Tan, TechTarget

Fast-acting cyber gangs increasingly disabling telemetry logs

Sophos guidance for security practitioners and defenders highlights a growing trend for threat actors to disable or wipe telemetry logs to cover their tracks Continue Reading

By

• Alex Scroxton, Security Editor

The UK AI Safety Summit – what did it achieve?

In this week’s Computer Weekly, we look back at the UK government’s AI Safety Summit and assess what it achieved – and what it didn’t. Our latest buyer’s guide examines the future of business software and modernising legacy applications. And we find out how the UK Product Security and Telecommunications Infrastructure Act aims to protect your smart devices. Read the issue now. Continue Reading

Rogue state-aligned actors are most critical cyber threat to UK

The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night Continue Reading

By

• Alex Scroxton, Security Editor

Lloyds Bank warns over rising threat of crypto scams

Report by Lloyds Banking Group finds there has been a 23% increase in cryptocurrency scams in 2023 compared with last year, targeting mostly younger investors Continue Reading

By

• Scarlet Charles

Victims’ legal action over 2015 Carphone Warehouse breach moves forward

A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading

By

• Alex Scroxton, Security Editor

ICO alerted after technical ‘issue’ exposed college files to student barristers

A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees Continue Reading

By

• Tommy Greene

Breached? Don't panic… if you created a robust IR plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Paul Lewis, Nominet

Ransomware attack on major Chinese lender disrupts financial markets

The financial services arm of one of the world’s largest banks was taken offline by a supposed LockBit ransomware attack, causing problems for US markets Continue Reading

By

• Alex Scroxton, Security Editor

crisis communication

Crisis communication is a strategic approach to corresponding with people and organizations during a disruptive event. Continue Reading

By

• Rahul Awati
• Paul Crocetti, Executive Editor

Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure

New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine Continue Reading

By

• Alex Scroxton, Security Editor

The best IR plans are well-revised and deeply familiar

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Elliott Wilkes

Suspected ransomware attack hits Scottish council

Systems at Comhairle nan Eilean Siar were downed on 7 November in a suspected ransomware attack Continue Reading

By

• Alex Scroxton, Security Editor

The plan for the inevitable cyber attack: Get the gist of NIST

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Theodore Wiggins, Airbus Protect

Iconic Singapore hotel caught up in major data breach

The Marina Bay Sands resort in Singapore uncovered a data breach of its guest loyalty programme last month Continue Reading

By

• Alex Scroxton, Security Editor

King’s Speech misses the mark on cyber law reform, says campaign

A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading

By

• Alex Scroxton, Security Editor

Enhancing security: The crucial role of incident response plans

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Chris McGowan

IR plans: The difference between disaster and recovery

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Becky Gelder, Turnkey Consulting

Shadow IT use at Okta behind series of damaging breaches

Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account Continue Reading

By

• Alex Scroxton, Security Editor

How Trellix’s CISO keeps threat actors at bay

Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading

By

• Aaron Tan, TechTarget

Incident response planning requires constant testing

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Jack Chapman

Admins told to take action over F5 Big-IP platform flaws

Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading

By

• Alex Scroxton, Security Editor

UK workers exhibit poor security behaviours, report reveals

Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working Continue Reading

By

• Scarlet Charles

Use existing structures to build your incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Sam Lascelles

Incident response planning is vulnerable to legacy thinking

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

By

• Mike Gillespie

British Library falls victim to cyber attack

The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading

By

• Alex Scroxton, Security Editor

SEC sues SolarWinds, alleging serious security failures

SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading

By

• Alex Scroxton, Security Editor

Domestic abuse charities surface fresh worries over NHS data sharing

With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft warns over growing threat from Octo Tempest gang

The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft Continue Reading

By

• Alex Scroxton, Security Editor

How Elastic manages cyber security threats

Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings Continue Reading

By

• Aaron Tan, TechTarget

Germany: European Court opinion kicks questions over EncroChat back to national courts

Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading

By

• Bill Goodwin, Computer Weekly

ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading

By

• Alex Scroxton, Security Editor

Exploitation of Citrix NetScaler vulns reaching dangerous levels

Observed activity exploiting two new Citrix NetScaler vulnerabilities disclosed earlier this month is ramping up, and users may be running out of time to patch lest they be attacked Continue Reading

By

• Alex Scroxton, Security Editor

UK Finance paints mixed picture of fraud as losses top £500m

UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading

By

• Alex Scroxton, Security Editor

1Password caught up in Okta support breach

After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems Continue Reading

By

• Alex Scroxton, Security Editor

Cisco hackers likely taking steps to avoid identification

Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery Continue Reading

By

• Alex Scroxton, Security Editor

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading

By

• Alex Scroxton, Security Editor

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading

By

• Alex Scroxton, Security Editor

Customers speak out over Okta’s response to latest breach

Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired Continue Reading

By

• Alex Scroxton, Security Editor

NetApp ‘unified storage’ adds new ASA block storage at Insight

Las Vegas event sees NetApp continue its evolution to hybrid cloud and data management player announce ASA C-series and Keystone and Kubernetes storage enhancements Continue Reading

By

• Antony Adshead, Storage Editor

Cisco pushes update to stop exploitation of two IOS XE zero-days

Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software Continue Reading

By

• Alex Scroxton, Security Editor

How Ensign is leading the charge in cyber security

Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem Continue Reading

By

• Aaron Tan, TechTarget

CW APAC: Buyer’s guide to IAM

Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading

RagnarLocker cyber gang that pioneered double extortion busted

Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline Continue Reading

By

• Alex Scroxton, Security Editor

Fears grow over extent of Cisco IOS XE zero-day

Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures Continue Reading

By

• Alex Scroxton, Security Editor

Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading

By

• Tommy Greene

DORA: Moving into a new era of digital resilience

The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading

By

• Kate Needham-Bennett

What are the cyber risks from the latest Middle Eastern conflict?

The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading

By

• Alex Scroxton, Security Editor

Five Eyes issues five tips on thwarting nation state threats

Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats Continue Reading

By

• Alex Scroxton, Security Editor

MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Ransomware dwell times now measured in hours, says Secureworks

Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report Continue Reading

By

• Alex Scroxton, Security Editor

Ransomware: All the ways you can protect storage and backup

We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading

By

• Stephen Pritchard

CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading

By

• Alex Scroxton, Security Editor

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading

The trust deficit in CNI: How to address a growing concern

When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading

By

• Steve Cobb

Automated cloud IR: Empowering cyber with AI-powered playbooks

As cyber threats increasingly target cloud infrastructure, demand for robust and reliable incident response measures is through the roof. Find out why you might want to consider bringing artificial intelligence into play Continue Reading

By

• Isla Sibanda

Researchers offer free threat briefings on Vegas casino hackers

Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment Continue Reading

By

• Alex Scroxton, Security Editor

City of Las Vegas masters cyber incident response with Darktrace

The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence Continue Reading

By

• Alex Scroxton, Security Editor

Sony alleged victim of new extortion gang

A little-known threat actor claims it has breached IT systems and networks at electronics and entertainment giant Sony, and is threatening to release the organisation’s data unless paid off Continue Reading

By

• Alex Scroxton, Security Editor

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job Continue Reading

By

• Alex Scroxton, Security Editor

‘Top’ ransomware gangs favour smaller businesses

Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses Continue Reading

By

• Alex Scroxton, Security Editor

Organisations failing to proactively address insider cyber risk

Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk Continue Reading

By

• Alex Scroxton, Security Editor

Okta confirms link to cyber attacks on Las Vegas casinos

Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed Continue Reading

By

• Alex Scroxton, Security Editor

38TB Microsoft data leak highlights risks of oversharing

An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing Continue Reading

By

• Alex Scroxton, Security Editor

Government seeks industry views on cyber threat to UK CNI

The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure Continue Reading

By

• Alex Scroxton, Security Editor

Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading

By

• Alex Scroxton, Security Editor

Manchester police data breach a classic supply chain incident

The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading

By

• Alex Scroxton, Security Editor

Data on over 3,000 Airbus suppliers leaked after breach

An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines Continue Reading

By

• Alex Scroxton, Security Editor

BlackCat on the hook for cyber attack that crippled Vegas casinos

The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues Continue Reading

By

• Alex Scroxton, Security Editor

Google, Microsoft and Mozilla push browser updates to foil zero-day

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading

By

• Alex Scroxton, Security Editor

BianLian ransomware gang holds Save the Children hostage

The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected Continue Reading

By

• Alex Scroxton, Security Editor

Is it time for ICO to implement the 2016 Cybersecurity Select Committee recommendations?

turn the corporate priority from data breach notification to enabling staff and customers to report attempts at impersonation, whether or not there is evidence of an actual breach.  Such a change ... Continue Reading

By

• Philip Virgo, Winsafe Ltd

NCSC and ICO sign MoU to forge deeper collaborative links

The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties Continue Reading

By

• Alex Scroxton, Security Editor

US casino giant MGM Resorts battles 36-hour outage after cyber attack

Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos Continue Reading

By

• Alex Scroxton, Security Editor

Professional ransomware gangs clearly a threat, but attacks can be easily stopped

NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do Continue Reading

By

• Alex Scroxton, Security Editor

Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents Continue Reading

By

• Bill Goodwin, Computer Weekly