News
Application security and coding requirements
-
November 21, 2022
21
Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts
Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
-
November 09, 2022
09
Nov'22
Microsoft serves smorgasbord of six zero-days
November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity
-
November 03, 2022
03
Nov'22
The Security Interviews: Building trust online
Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities
-
November 02, 2022
02
Nov'22
OpenSSL vulnerabilities ‘not as bad as feared’
As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared
-
October 31, 2022
31
Oct'22
Prepare today for potentially high-impact OpenSSL bug
OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed
-
October 25, 2022
25
Oct'22
Apple patches new iPhone zero-day
Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products
-
October 18, 2022
18
Oct'22
Apache vulnerability a risk, but not as widespread as Log4Shell
A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell
-
October 18, 2022
18
Oct'22
Virtually all vulnerable open source downloads are avoidable
Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report
-
October 14, 2022
14
Oct'22
Australia becoming hotbed for cyber attacks
Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency
-
October 13, 2022
13
Oct'22
Gartner: Remote work, zero trust, cloud still driving cyber spend
Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud
-
October 12, 2022
12
Oct'22
Microsoft fixes lone zero-day on October Patch Tuesday
Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen
-
October 11, 2022
11
Oct'22
Contractor left Toyota source code exposed for five years
Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor
-
October 05, 2022
05
Oct'22
Forrester: US set to dominate AI enterprise software market
Artificial intelligence is the fastest growth area in software. This is driving adoption, which will make AI mainstream technology in business software
-
September 29, 2022
29
Sep'22
Optus breach casts spotlight on cyber resilience
The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia
-
September 26, 2022
26
Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove
Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials
-
September 22, 2022
22
Sep'22
Nordic private equity firms pursue cyber security acquisitions
Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets
-
September 21, 2022
21
Sep'22
15-year-old Python bug present in 350,000 open source projects
A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix
-
September 20, 2022
20
Sep'22
Thousands of customers affected in Revolut data breach
Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack
-
September 16, 2022
16
Sep'22
Six new vulnerabilities added to CISA catalogue
CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010
-
September 14, 2022
14
Sep'22
Microsoft patches 64 vulnerabilities on September Patch Tuesday
Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update
-
September 12, 2022
12
Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
-
September 08, 2022
08
Sep'22
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into
-
September 07, 2022
07
Sep'22
August ’22 a bumper month for high-impact vulnerabilities
Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
-
September 07, 2022
07
Sep'22
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
-
September 06, 2022
06
Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture
Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
-
August 31, 2022
31
Aug'22
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
-
August 31, 2022
31
Aug'22
Norway has NOK200m plan to bolster cyber defences
Norway is investing heavily in its cyber defences amid heightened threat from Russia
-
August 23, 2022
23
Aug'22
DevSecOps: Software developers lack sufficient security focus
GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve
-
August 19, 2022
19
Aug'22
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
-
August 19, 2022
19
Aug'22
Apple patches two zero-days in macOs, iOS
Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
-
August 19, 2022
19
Aug'22
Inside Singapore’s national digital identity journey
Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years
-
August 12, 2022
12
Aug'22
Microsoft doles out $13.7m in bug bounties
Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
-
August 10, 2022
10
Aug'22
GitHub targets vulnerable open source components
There are thousands of vulnerabilities in open source code – GitHub aims to help developers see if their projects are impacted
-
August 10, 2022
10
Aug'22
Microsoft fixes two-year-old MSDT vulnerability in August update
August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.
-
August 04, 2022
04
Aug'22
Spyware activity particularly impactful in July
After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report
-
July 28, 2022
28
Jul'22
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses
-
July 28, 2022
28
Jul'22
Cyber criminals pivot away from macros as Microsoft changes bite
As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect
-
July 27, 2022
27
Jul'22
Retail software firm PrestaShop warns users about SQL injection attacks
Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise
-
July 26, 2022
26
Jul'22
Visibility and proactive stance needed to secure OT systems
Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says
-
July 25, 2022
25
Jul'22
Latest Atlassian Confluence vulnerability raises concerns
CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months
-
July 25, 2022
25
Jul'22
TMT firms among top targets for cyber attacks in Singapore
Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society
-
July 20, 2022
20
Jul'22
(ISC)² expands entry-level cyber programme after UK success
Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide
-
July 15, 2022
15
Jul'22
Log4Shell on its way to becoming ‘endemic’
US government report concludes that, like Covid, Log4Shell will be with us for a long time to come
-
July 13, 2022
13
Jul'22
July Patch Tuesday brings more than 80 fixes, one zero-day
While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on
-
July 12, 2022
12
Jul'22
Microsoft Windows Autopatch now generally available
Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service
-
July 12, 2022
12
Jul'22
Singapore doubles down on OT security
The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state
-
July 11, 2022
11
Jul'22
Microsoft VBA macro block will return
Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure
-
July 08, 2022
08
Jul'22
Microsoft appears to reverse VBA macro-blocking
Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled
-
July 06, 2022
06
Jul'22
Plexal seeks new scaleups for next phase of Cyber Runway
Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme
-
June 28, 2022
28
Jun'22
Avast uncovers ‘thieves’ kitchen’ of malware-writing teens
Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware