News

Application security and coding requirements

May 15, 2023 15 May'23
MS macro-blocking has forced cyber criminals to innovate

One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate
May 10, 2023 10 May'23
Secure Boot vulnerability causes Patch Tuesday headache for admins

Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft
May 04, 2023 04 May'23
Inside BlackBerry’s cyber security playbook

BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises
May 03, 2023 03 May'23
Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country

May 03, 2023 03 May'23
TikTok fixes vulnerability that could have exposed user activity data

A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed
May 03, 2023 03 May'23
Mystery Apple security update sparks speculation

Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed
April 27, 2023 27 Apr'23
Tenable opens playground for generative AI cyber tools

A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with
April 21, 2023 21 Apr'23
Prototype cyber tech has revolutionary potential

The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies
April 20, 2023 20 Apr'23
3CX incident may be world’s first double supply chain attack

It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise
April 19, 2023 19 Apr'23
Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure

April 19, 2023 19 Apr'23
How organisations can succeed with zero trust

By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm
April 18, 2023 18 Apr'23
Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms

The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens
April 18, 2023 18 Apr'23
Focus on these three risky behaviours to boost cloud security

Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report
April 13, 2023 13 Apr'23
Thousands at risk from critical RCE bug in legacy MS service

Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running
April 12, 2023 12 Apr'23
April Patch Tuesday fixes zero-day used to deliver ransomware

A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update
April 03, 2023 03 Apr'23
CIO interview: Carter Busse, CIO, Workato

Workato CIO Carter Busse talks up the company’s approach towards automation and its efforts to drive the technology across its business
March 30, 2023 30 Mar'23
OSC&R supply chain security framework goes live on Github

The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework
March 30, 2023 30 Mar'23
3CX unified comms users hit by supply chain attacks

Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors
March 28, 2023 28 Mar'23
Apple security updates fix 33 iPhone vulnerabilities

A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels
March 27, 2023 27 Mar'23
France latest to ban TikTok on government devices

Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices
March 21, 2023 21 Mar'23
Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat
March 21, 2023 21 Mar'23
How Mimecast thinks differently about email security

Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades
March 16, 2023 16 Mar'23
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly
March 15, 2023 15 Mar'23
Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update
March 14, 2023 14 Mar'23
NCSC warns over AI language models but rejects cyber alarmism

The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic
March 07, 2023 07 Mar'23
Dutch hospitals underestimate impact of cyber attack

IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals
February 27, 2023 27 Feb'23
Advanced digital resiliency can save organisations millions

Businesses that build out their digital resiliency are not only more secure, they also have more opportunities to innovate with IT
February 22, 2023 22 Feb'23
Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix
February 15, 2023 15 Feb'23
Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver
February 14, 2023 14 Feb'23
OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains
February 05, 2023 05 Feb'23
Australian organisations underinvesting in cyber security

Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches
February 03, 2023 03 Feb'23
LockBit gang confirms Ion cyber attack as disruption continues

The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February
February 01, 2023 01 Feb'23
Cisco fixes two bugs that could have led to supply chain attacks on users

Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them
January 31, 2023 31 Jan'23
GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users
January 26, 2023 26 Jan'23
Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds
January 23, 2023 23 Jan'23
Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months
January 12, 2023 12 Jan'23
Chrome vulnerability could have led to widespread data theft

A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen
January 11, 2023 11 Jan'23
Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns
January 05, 2023 05 Jan'23
Cashless Denmark has no bank robberies in a year for first time

Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase
January 02, 2023 02 Jan'23
China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures
December 22, 2022 22 Dec'22
Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
December 20, 2022 20 Dec'22
Top 10 software development stories of 2022

We look at how software development has adapted to the changing economic climate over the past 12 months
December 15, 2022 15 Dec'22
Lego fixes dangerous API vulnerability in BrickLink service

The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas
December 14, 2022 14 Dec'22
Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
December 14, 2022 14 Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
December 13, 2022 13 Dec'22
Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security
December 13, 2022 13 Dec'22
More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
December 09, 2022 09 Dec'22
CIISec, DCMS to fund vocational cyber courses for A-level students

The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers
December 08, 2022 08 Dec'22
Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers
December 08, 2022 08 Dec'22
Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals