All news with #incident response tag

🤝 Microsoft announced a collaboration with Beazley that designates Microsoft Incident Response as an approved incident response provider for Beazley’s InfoSec and Media Tech policies. This alignment brings technical responders, insurers, brokers, and legal counsel together to accelerate detection, containment, and recovery. Microsoft Incident Response, supported by Microsoft Threat Intelligence and direct engineering access, offers streamlined invoicing aligned to insurance standards. Eligible incident response services used during a cyber event are considered reimbursable, helping customers secure faster claims and recovery.

🎥 This Emergency Communications Month, the National Council of Statewide Interoperability Coordinators (NCSWIC) Planning, Training, and Exercise Committee released a concise educational video, 'What is a PACE Plan', that explains the components of a PACE plan (Primary, Alternate, Contingency, Emergency) and why it matters for public safety communications. NCSWIC members describe how communications can change in atypical situations and demonstrate why agencies should know their PACE and routinely practice it. The video is a practical tool to help agencies maintain continuity of communications when primary systems degrade.

🔒 Palo Alto Networks Unit 42 and Amazon Web Services have expanded their partnership to offer a no-cost Unit 42 Incident Response Retainer in AWS Marketplace for qualified customers. The retainer provides 250 hours of initial incident response, a 2-hour response SLA and 24/7/365 access to Unit 42’s incident response team. The offering is designed to accelerate containment, enable holistic investigations across cloud and enterprise environments, and reduce procurement overhead while providing preferred pricing for proactive services.

🔧 AWS announced the preview of AWS DevOps Agent, a frontier agent designed to investigate incidents and proactively prevent outages across AWS, multicloud, and hybrid environments. The agent autonomously triages alerts, correlates telemetry, code, and deployment data, and guides teams to faster resolution to reduce MTTR. During preview it is available at no additional cost in US East (N. Virginia).

🔒 The Royal Borough of Kensington and Chelsea (RBKC) has warned residents their data may have been compromised after unusual activity linked to a shared IT service provider was detected earlier this week. The council says it has evidence that some historical data was copied and removed and that the material could end up in the public domain. RBKC urged residents to be vigilant for phishing and social‑engineering attempts via email, text and phone while services are restored, and warned disruption could continue for at least two weeks as investigations and recovery proceed.

🔒Gainsight has confirmed the cyber‑attack tied to Salesforce affected more customers than initially reported, though the vendor says the number remains limited and affected customers were notified. As a precaution Gainsight temporarily disabled Salesforce read/write access for several products, including Customer Success (CS), Community (CC), Northpass (CE), Skilljar (SJ) and Staircase (ST). Other vendors such as Gong.io, Zendesk and HubSpot have also disabled their connectors. Gainsight engaged Mandiant for an independent forensic investigation and is advising customers to rotate credentials and S3 keys, reset NXT passwords where appropriate, re-authorize integrations, and follow proactive hardening guidance while the investigation continues.

⚠️ Multiple London local authorities, including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council, are responding to a serious cybersecurity incident identified on Monday. Both councils have informed the ICO and are working with the NCSC while invoking business continuity and emergency plans to protect critical services. A number of systems, including phone lines and shared IT services, are affected across boroughs. RBKC reports successful mitigations are in place and recovery work is continuing.

🔒 Major US banks including JPMorgan Chase, Citi and Morgan Stanley are assessing potential customer data exposure after third-party mortgage servicer SitusAMC disclosed a breach discovered on Nov. 12 and confirmed on Nov. 22. SitusAMC says corporate records and 'certain data' related to clients' customers may have been accessed; the company reports services remain operational and the incident is contained. The FBI is investigating, has found no operational impact to banking services so far, and the company has implemented credential resets, disabled remote access tools, updated firewall rules and engaged third-party advisors while forensic analysis continues.

🔐 The International Association of Cryptologic Research (IACR) nullified its 2025 online election after trustee Moti Yung irretrievably lost his private decryption key. The election used the Helios voting system with a strict 3-of-3 trustee decryption scheme, so the missing key meant the system could not compute the final decryption shares or verify the outcome. The loss was an honest human error; the IACR will rerun the vote under a 2-of-3 threshold to permit recovery, and the incident was reported by outlets including Ars Technica and The New York Times.

🔎 The new AI-powered investigative agent in AWS Security Incident Response automates evidence collection, correlation, and timeline building to speed incident investigations from hours to minutes. It interactively asks clarifying questions, queries CloudTrail, IAM, EC2, and cost data, and summarizes critical findings and timelines. The capability is available now across commercial AWS Regions and is included with the service’s metered pricing.

🔍 AWS Security Incident Response now offers an agentic AI investigative capability that automatically gathers, correlates, and summarizes evidence across AWS data sources. The investigative agent assesses new cases, asks submitters clarifying questions for missing indicators or timeframes, and collects logs from AWS CloudTrail, AWS Identity and Access Management (IAM), Amazon EC2, and AWS Cost Explorer. Findings are presented as clear, actionable summaries, and the feature is enabled automatically at no extra cost in supported Regions.

🔍 Post-incident learning often falls behind containment, with Foundry’s Security Priorities study reporting 57% of security leaders struggled to identify root causes last year. Experts warn that prioritizing firefighting over forensic investigation leaves organizations exposed to repeat breaches and that disciplined evidence preservation is essential. Centralized telemetry such as SIEM, and forensic-capable services like MDR and XDR, plus structured postmortems, are key to building long-term resilience.

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.

⚠️ Cloudflare suffered its worst outage in six years after a database permissions change caused its Bot Management system to generate an oversized configuration feature file containing duplicate entries. The file exceeded a hardcoded 200-feature limit, triggering a Rust panic that crashed core proxy software and produced widespread 5xx errors. Engineers restored service by replacing the problematic file, and full recovery was achieved several hours later.

🔒 Stadtwerke Detmold has reported a widespread IT outage following an apparent hacker attack that prompted the operator to take all systems offline. Online services are unavailable and the company cannot be reached by phone or email. The utility says the supply of drinking water, electricity, gas and district heating remains assured, and customers can report technical problems via a hotline. Authorities are investigating the incident and, so far, no ransom demand has been reported.

⚠️ Cloudflare is investigating an outage that has produced widespread 500 internal server errors and impacted its Dashboard and API, disrupting access to numerous customer websites and platforms. The company first reported support portal availability issues and then an incident at 11:48 UTC affecting the Cloudflare Global Network, with multiple European nodes observed offline. Downdetector logged tens of thousands of reports, and Cloudflare says it is working to mitigate the incident; partial recovery has been reported for Access and WARP while remediation continues for application services.

⚠️ On 18 November 2025, Cloudflare experienced a major outage after a permissions change in a ClickHouse database caused duplicated metadata to be emitted into a Bot Management feature file, doubling its size. The oversized file exceeded a preallocated feature limit in the core proxy, triggering a Rust panic and widespread HTTP 5xx errors. Cloudflare halted propagation, restored a known-good file, and restarted the proxy; services were largely restored by 14:30 UTC and fully recovered by 17:06 UTC. The company apologized and pledged architectural and process hardening to prevent recurrence.

🔒 The Immersive Cyber Workforce Benchmark Report 2025 warns that cyber readiness is stalling despite increased confidence in incident response: resilience scores have remained flat since 2023 and the median time to complete critical exercises is 17 days. In the Orchid Corp crisis scenario participants averaged 22% decision accuracy and took 29 hours to contain incidents. Immersive highlights that only 41% of organisations include non-technical roles in simulations and that 60% of training focuses on CVEs older than two years, urging regular, completed training, senior leadership involvement and a focus on current threats and the three pillars: prove, improve, report.

🔍 ESG research shows that environmental complexity, not malware or phishing, is viewed by most organizations as the primary barrier to effective detection and response. As alerts proliferate and validation can take hours, teams are turning to the one transit every attack must cross — the network — for a reliable, unbiased source of truth. Shared network visibility between SecOps and NetOps, together with continuous packet capture, improves investigation speed and confidence. Vendors such as NETSCOUT Omnis Cyber Intelligence (OCI) deliver alert-independent, packet-level context and deep packet inspection to reduce dwell time and streamline incident response.

🔒 The Bundestag approved the federal government's draft law to implement the NIS2 Directive on 13 November 2025, bringing new cybersecurity obligations for an estimated 29,850 companies and federal authorities. Affected organizations must strengthen risk analyses, incident response, backups and encryption, and report incidents to the BSI within 24/72/30 hours/days. The law expands BSI supervisory powers and allows bans on "critical components" coordinated by the Interior Ministry, drawing criticism from industry groups.