< ciso
brief />
Tag Banner

All news with #incident response tag

247 articles · page 10 of 13

Email and Remote Access Drive 90% of Cyber Claims in 2024

📧 At-Bay's 2025 InsurSec analysis finds email and remote access were central to 90% of cyber insurance claims in 2024. Email accounted for 43% of incidents and fraud schemes commonly begin with credential theft, domain spoofing, and impersonation. Google Workspace was cited as the most secure mail provider, though claims rose; MDR services were highlighted as the most reliable defense against full encryption.
read more →

Microsoft DNS Outage Disrupts Azure and Microsoft 365

⚠️ Microsoft is experiencing a global DNS outage that began about an hour ago, causing widespread access problems to Azure and Microsoft 365 services. Customers worldwide report they cannot log into corporate networks or reach portals including Azure, Intune, and the Exchange admin center, and some report the Azure Front Door CDN is also unavailable. Microsoft attributes the interruptions to DNS failures, warns of intermittent request failures and latency, and is reviewing telemetry while working on mitigation; it recommends programmatic access (PowerShell/CLI) when portals are unreachable.
read more →

Dentsu Confirms Data Breach at U.S. Subsidiary Merkle

🔒 Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, saying attackers accessed and stole files containing client, supplier, and employee information. The company detected abnormal activity, proactively took certain systems offline, and initiated incident response procedures while engaging third‑party responders. A circulated memo indicated exposed payroll and bank details, salary and National Insurance numbers, and personal contact details; impacted individuals are being notified and authorities in affected countries have been informed. Dentsu said Japan-based systems were not impacted and that the full scope and financial impact remain under investigation; no ransomware group has claimed responsibility so far.
read more →

Privileged Account Monitoring and Protection Guide Overview

🔐 This article outlines Mandiant's practical framework for securing privileged access across modern enterprise and cloud environments. It emphasizes a three-pillar approach—Prevention, Detection, and Response—and details controls such as PAM, PAWs, JIT/JEA, MFA, secrets rotation, and tiered access. The post highlights detection engineering, high-fidelity session capture, and SOAR automation to reduce dwell time and blast radius, and concludes with incident response guidance including enterprise password rotations and protected recovery paths.
read more →

Volvo Third-Party Breach Highlights Forensic Readiness Gaps

🔒 In August 2025 Volvo Group North America disclosed a breach that originated in its third‑party HR provider, Miljödata, and a slow timeline of detection and notification has raised questions about forensic readiness. Reported exposed records included Social Security numbers and sensitive employee identifiers, and Volvo offered 18 months of identity‑protection services. The author provides five practical recommendations to preserve evidentiary integrity: embed forensics from day zero, align IR and forensic priorities, automate collection and triage, contractually manage vendor response, and coordinate legal messaging to reduce litigation and regulatory risk.
read more →

Move Beyond the SOC: Adopt a Risk Operations Center

📡 The Resilience Risk Operations Center (ROC) reframes cyber defense by fusing technical, business and financial intelligence into a single operating environment. Rather than relying solely on a traditional SOC that reacts to alerts, the ROC prioritizes threats using actuarial and claims data to show potential financial impact and guide urgent decisions. Inspired by the US Air Force AOC, it co-locates multidisciplinary experts to anticipate attacks and accelerate response. Early use, including response to an April 2024 VPN zero-day, showed faster mitigation and reduced losses.
read more →

AWS Resource Explorer Adds 47 New Resource Types in AWS

🔍 AWS has expanded Resource Explorer to support 47 additional resource types across services including Amazon Bedrock, AWS Shield, AWS Glue, VPC Lattice, WAFv2, SageMaker, and S3. With this update, customers can search for and discover these resources centrally, improving inventory accuracy and operational visibility. The change aims to streamline compliance, incident response, and cross-service troubleshooting by making more resource types queryable from a single interface.
read more →

Internal Conflicts Often Worse Than Cyberattacks for CISOs

🛡️ Roughly 70% of senior security leaders say internal conflicts during a cyber crisis cause more disruption than the attack itself, according to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report. The survey of 480 US cybersecurity executives highlights blurred authority, poor communication, and unrehearsed roles that delay response. Experts recommend demonstrating security's business value, reducing operational friction with passwordless controls, and aligning incentives with lines of business.
read more →

AWS outage: DynamoDB DNS failure caused disruption

⚠️ Amazon says a major DNS failure in DynamoDB's DNS management system triggered a widespread AWS outage focused on the us-east-1 (Northern Virginia) region. A race condition at 11:48 PM PDT caused the accidental deletion of all IP addresses for the regional DynamoDB public endpoint, producing immediate DNS resolution failures for customer and internal traffic. The fault cascaded across services, kept automated recovery from restoring consistency, and required manual operator intervention to recover. AWS has disabled the problematic DNS automation globally, added protective checks, improved throttling, built new test suites, and apologized for the impact.
read more →

Threat Source: SharePoint Exploits and Patch Urgency

⚠ Cisco Talos reports a sharp increase in attacks against public-facing applications, with the ToolShell chain exploiting unpatched Microsoft SharePoint servers rising to over 60% of IR cases this quarter. Ransomware-related incidents fell to about 20% but show evolving tactics, including leveraging legitimate tools and compromised internal accounts for persistence and phishing. Organizations are urged to prioritize rapid patching, robust network segmentation, centralized logging, MFA, and user education to reduce exposure.
read more →

CISOs: Earning Business Respect Through Incident Response

🛡️ How a CISO handles a major incident can make or break their career. A Cytactic survey of 480 senior US cybersecurity leaders, including 165 CISOs, found that 65% said leading an incident response elevated their internal reputation while only 5% said it hurt it. Experts say a well-managed response can translate into better budgets and authority, but prevention work is often invisible and a single failure can still cost a CISO their job.
read more →

Amazon CloudWatch adds interactive incident reporting

📝 Amazon CloudWatch now offers interactive incident report generation, enabling customers to produce comprehensive post-incident analysis in minutes. The capability, available within CloudWatch investigations, automatically gathers and correlates telemetry data, user inputs, and investigation actions to produce streamlined reports. Reports include executive summaries, timelines, impact assessments, and actionable recommendations to help teams identify patterns and implement preventive measures. The feature is available in multiple AWS regions.
read more →

Ransomware Victim Responses and Human Impact Analysis

🔒 Ransomware attacks inflict both operational and deep personal harm, often devastating small businesses lacking cash reserves and cybersecurity expertise. Research underscores lasting trauma, exhaustion, and financial ruin that can outlast technical recovery. Organizations should pair an incident response plan with compassionate leadership and employee support. Cisco Talos also warns of evolving supply‑chain campaigns targeting developers and job seekers, reinforcing the need for layered defenses.
read more →

Quantum Readiness: Why Incident Response Won't Work

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.
read more →

Leading Incident Response Through Empathy and Care

🛡️ Laura Faria, an incident commander with Cisco Talos Incident Response, discusses leading through chaos, empathy, and teamwork during high-pressure security incidents. She traces a career across multiple cybersecurity vendors and sales roles before joining Talos and stepping into incident command. Laura emphasizes purpose-driven response work, particularly when outages affect critical infrastructure and patient safety. The interview highlights resilience, collaboration, and practical leadership lessons.
read more →

Most Companies Remain Poorly Prepared for Cyberattacks

🔒 Markus Weber, founder and managing director of dokuworks, describes the immediate steps his team takes when called in after a cyberattack: isolate and secure affected systems so IT forensics can operate, preserve extortion correspondence to help identify perpetrators, assess operational impact, and initiate emergency operations. He warns that ransomware is the predominant threat and generally advises against paying ransoms, though there are rare exceptions. Many organizations are improving technically but still neglect documented emergency organization and trusted external partnerships, leaving them vulnerable.
read more →

UK NCSC Reports 130% Rise in National Cyber Incidents

🔐 The UK’s National Cyber Security Centre (NCSC) reported 204 nationally significant incidents between September 2024 and August 2025, a 130% increase on the prior year’s 89 incidents. In total the agency received 1,727 incident tips and elevated 429 to cyber incidents requiring support, including 18 Category 2 “highly significant” events. NCSC leaders warned attackers are improving and urged businesses to harden defences and prioritise preparedness to sustain operations during attacks.
read more →

CISOs Must Rethink Tabletop Exercises and Readiness

⚠️ The Cytactic 2025 State of Cyber Incident Response Management report found that 57% of significant incidents involved attack types the security team had not rehearsed. The finding suggests many tabletop exercises focus on dramatic, familiar scenarios like ransomware rather than the subtle, realistic tactics adversaries commonly use. Reported failures include misplaced burner phones and stale contact lists, illustrating gaps in basic readiness. Experts recommend regularly refreshing tailored simulations, roleplaying smaller breaches, and practicing communications and logistics to build practical muscle memory.
read more →

Russia-Aligned Hacktivist Fooled by Water Honeypot

💧Forescout disclosed that a Russia-aligned hacktivist group, TwoNet, was tricked into attacking a honeypot designed to look like a water treatment utility. The actor accessed the HMI with default credentials and created an account named BARLATI to carry out defacement, PLC manipulation, log suppression and process disruption. Forescout said this incident reflects a broader shift from DDoS and defacement toward OT/ICS targeting and provided mitigation guidance.
read more →

Cloudflare Launches REACT: Unified Incident Response

🔒 Cloudflare today introduces REACT, a new incident response and advisory service from Cloudforce One designed to bridge the gap between edge defenses and in‑network remediation. REACT combines proactive advisory work—threat hunting, tabletop exercises, and readiness assessments—with emergency incident response and retainer options for guaranteed availability. As a network‑native, vendor‑agnostic service, REACT can deploy mitigations at the Cloudflare edge and coordinate investigations across on‑premise, cloud, and hybrid environments.
read more →