< ciso
brief />
Tag Banner

All news with #incident response tag

247 articles · page 7 of 13

Windows 365 update blocks access to Cloud PC sessions

⚠️ Microsoft confirmed a recent Windows 365 update is preventing some customers from signing in to their Cloud PC sessions. The disruption began Tuesday at 19:00 UTC after automated monitoring detected a spike in failed connection attempts, and engineers traced the problem to the update. Microsoft says the change was intended to improve security and is now analyzing it to determine mitigation and a permanent fix. As temporary workarounds, affected users can connect via the Windows App Web Client or use the Remote Desktop client to reach Azure Virtual Desktop.
read more →

Monroe University breach: 320,973 records exposed nationwide

🔒 Monroe University disclosed that threat actors accessed its network from December 9 to December 23, 2024, and stole personal, financial, and health information affecting 320,973 people. The university said stolen records may include names, dates of birth, Social Security numbers, government IDs, medical and insurance data, account usernames, passwords, and financial account information. Notifications began January 2 and affected individuals were offered one year of free credit monitoring through Cyberscout; the incident follows prior ransomware attacks and broader targeting of higher education institutions.
read more →

PLUGGYAPE Backdoor Uses Signal and WhatsApp for Access

🛡️CERT-UA reports a campaign attributed with medium confidence to the group tracked as Void Blizzard that targeted Ukrainian defense forces between October and December 2025 with a Python backdoor dubbed PLUGGYAPE. Attackers used Signal and WhatsApp messages, impersonating charities and distributing password‑protected archives containing a PyInstaller executable. The backdoor supports remote code execution over WebSocket and, as of December 2025, MQTT, and retrieves base64‑encoded C2 addresses from paste services to maintain operational resilience. Successive builds have added obfuscation and anti‑analysis checks to avoid execution in virtual environments.
read more →

CNAME and A Record Order Ambiguity Causes DNS Failures

⚠️ On January 8, 2026, a memory-optimizing change to Cloudflare’s 1.1.1.1 resolver inadvertently reordered DNS answer records, placing CNAMEs after final A/AAAA answers and triggering widespread resolution failures. The bug primarily affected clients that parse answers sequentially—most notably glibc getaddrinfo and certain Cisco switch firmware—resulting in failed lookups and reboot loops in some devices. Cloudflare reverted the change promptly and has drafted an IETF Internet‑Draft to clarify expected answer ordering.
read more →

Phishing Click Rates Mislead; Focus on Containment

🔐 Many security teams rely on click rates to judge phishing risk, but that metric is volatile and often fails to predict real-world harm. The article argues that true maturity is measured by what an attacker can do after gaining mailbox access, not by simulated click statistics. It urges a layered approach—prevention, detection, and especially containment—and highlights Material Security as an example of automated remediation that reduces blast radius without constant manual triage.
read more →

Endpoint Breaches: Up to Two Weeks to Recover, Study

🔒 Endpoint disruption following serious breaches can take up to two weeks to remediate, and most US and UK organizations report recovery costs in the millions. In a survey of 750 CISOs compiled for an e-book, Absolute Security found 55% had experienced incidents that disabled mobile, remote or hybrid endpoints in the past 12 months. A majority (57%) required 3–6 days for full endpoint remediation, while 19% needed 7–14 days. The report places the average cost per incident at $2.5m, with 98% of respondents spending between $1m and $5m on recovery.
read more →

New BSI Portal Enables NIS2 Registration and Reporting

🛡️ The new BSI portal lets companies register as NIS2 entities and report significant IT security incidents to the Federal Office for Information Security. Launched after NIS2 took effect in Germany in early December, the platform provides risk-analysis tools, legal guidance for registrants and access to the Alliance for Cyber Security. Hosted on AWS, it aims to deliver real-time data, daily situation reports and anonymous vulnerability reporting, though the cloud choice has attracted criticism over digital sovereignty.
read more →

Logitech Options+ and G HUB Fail on macOS After Cert Expiry

⚠️Logitech's Options+ and G HUB apps on macOS stopped launching after their code-signing certificate expired, preventing users from accessing custom gestures, button mappings, lighting presets, and other saved settings. Logitech acknowledged the outage on its support portal and said it will push a new macOS installer that preserves user profiles without changing the visible app version. Community-proposed workarounds include rolling the system date back, installing older builds, or blocking network access, but these are unverified and may have trade-offs. Until an official update is released, users are advised not to delete configuration files to avoid losing customizations.
read more →

Microsoft Incident Response: New Proactive Services

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.
read more →

Classic Outlook bug prevents opening encrypted emails

🔒 Microsoft is investigating a bug in the classic Outlook client introduced by Current Channel Version 2511 (Build 19426.20218) that prevents recipients from opening messages encrypted with Encrypt Only permissions. Impacted users may see a reading pane error asking them to verify credentials or encounter a message_v2.rpmsg attachment instead of readable content. The Outlook Team is working on a fix but has not provided an ETA. Microsoft recommends two temporary workarounds: have senders save encrypted messages before sending, or roll back to build 16.0.19426.20186.
read more →

Microsoft Defender Experts Suite: Expert-Led Security

🔒 The new Microsoft Defender Experts Suite combines managed extended detection and response (MXDR), proactive and reactive incident response, and a designated Microsoft security advisor to help organizations counter advanced, AI-accelerated threats. Microsoft analysts deliver 24/7 triage, continuous threat hunting, and on-demand expertise across endpoints, identities, email, cloud apps, and cloud workloads. Enhanced Designated Engineering supports secure deployment and operational modernization, while Incident Response offers planning, simulations, and rapid remediation. Eligible customers can access a limited-time promotional discount through 2026.
read more →

Focus Investigations: Move Beyond Detection and Response

🔍 Organizations often overemphasize detection and response at the expense of thorough investigation. While IDS, firewalls, and response teams are essential to stop immediate damage, investigation provides the root-cause insights—examining exploited vulnerabilities, attacker entry paths, and post-compromise activity—that prevent recurrence. Investing in deep packet inspection and forensic analysis turns incidents into learning opportunities and strengthens long-term resilience.
read more →

Resecurity Lures Alleged ShinyHunters into Decoy Data Trap

🔒 Resecurity says it intentionally diverted attackers into a honeypot after individuals claiming ties to the Scattered Lapsus$ Hunters (SLH) alliance posted screenshots alleging a breach. The company reports it detected reconnaissance of exposed services and steered the activity to an emulated environment populated with synthetic consumer and payment records. According to Resecurity, the adversaries interacted with the decoy, generating telemetry that revealed tooling and methods, while independent researchers have found no evidence that production systems or client data were compromised.
read more →

How AI Is Reshaping Cybersecurity Operations and Teams

🤖 Generative AI is rapidly transforming CyberOps by automating routine tasks, accelerating investigations and raising overall team productivity. Tools—some developed in-house and some by vendors—assist with forensics, incident response, log analysis, orchestration, vulnerability management and reporting. While AI scales capabilities and elevates junior staff, leaders stress the need for AI governance, prompt engineering skills and human oversight to manage risk.
read more →

Cybercrime Inc.: How Organized Hackers Outpace IT Defenses

⚠️ Cybercrime has matured into a structured, global underground economy that often outstrips corporate defenders. Groups now operate with division of labor, formal processes and professional marketing, and Ransomware-as-a-Service offerings enable nontechnical actors to lease malware, support and revenue-sharing schemes. The result is scalable, fast-moving criminal supply chains that exploit human error, weaponize stolen data and exploit slow, bureaucratic response models. Organizations must move beyond pure prevention to measurable resilience, rehearsed recovery and decisive incident leadership.
read more →

Effective Post-Incident Security Reviews: Key Practices

🔍 Post-incident reviews are a structured means to understand security incidents and improve future defenses. Conducted promptly, they preserve fresh details and enable accurate timelines that reveal where delays or failures occurred. Reviews must include root-cause analysis, evaluation of detection and response performance, and assessment of business impact. Involving legal, governance, finance, HR, and board stakeholders helps connect technical findings to policy and risk decisions, while avoiding blame and assigning concrete, timebound follow-up is essential.
read more →

Interpol Operation Sentinel Disrupts Cybercrime in Africa

🔍 Interpol’s month-long Operation Sentinel targeted cybercriminal infrastructure across 19 African countries, producing 574 arrests, the decryption of six ransomware strains, and the takedown of roughly 6,000 malicious links. The sweep also uncovered a business email compromise (BEC) scheme that nearly cost a petroleum company $7.9 million and helped recover about $3 million. National law enforcement teams in Ghana, Benin and Cameroon executed targeted takedowns, recovered terabytes of data, and seized devices and servers with assistance from private cybersecurity organizations.
read more →

Six Essential Components for an Effective Incident Response

🔒 An effective Incident Response plan must combine impact analysis, communications, clear roles, threat awareness, testing, and modular simplicity. The article outlines six essential components—including Business Impact Analysis, a comprehensive communications strategy, defined response roles, visibility across the threat landscape, regular testing, and modular playbooks—that help organizations maintain resilience during major outages or cyberattacks. Experts emphasize practical playbooks, pre-approved message templates, and disciplined After-Action Reviews to reduce downtime and ensure continuous improvement.
read more →

Code Orange: Cloudflare’s Fail Small Resilience Plan

⚠️ Cloudflare has opened a company‑wide "Code Orange: Fail Small" initiative after two network incidents in November and December 2025 that disrupted customer traffic. The program prioritizes three workstreams: require controlled rollouts for configuration changes, review and harden failure modes across services, and overhaul break‑glass procedures to remove circular dependencies. Changes will be delivered iteratively, using existing Health Mediated Deployments (HMD) and updates to Quicksilver to stage and validate configuration updates before global propagation.
read more →

Microsoft Confirms Teams Messaging Delays Across Regions

⚠️ Microsoft is investigating a widespread incident affecting Microsoft Teams, with thousands of users reporting messaging delays, failed sends, and issues with other service functions. The outage began around 2:30 PM ET and is impacting users across the United States and Europe. Microsoft says it is observing recovery in telemetry, is continuing analysis to identify impacted scenarios and determine root cause, and will share updates; this is a developing story.
read more →