News
Application security and coding requirements
-
February 09, 2022
09
Feb'22
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day
-
February 08, 2022
08
Feb'22
DPD delivers swift fix for serious API flaw
API vulnerability potentially left PII on DPD Group’s customers dangerously exposed, but was rapidly fixed on disclosure
-
February 08, 2022
08
Feb'22
Microsoft to start blocking macros to thwart malware
Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security
-
February 08, 2022
08
Feb'22
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions
-
February 01, 2022
01
Feb'22
Check Point buys Spectral to safeguard cloud development
Check Point’s latest acquisition of Israel-based startup Spectral expands its developer-centric security toolset
-
January 27, 2022
27
Jan'22
Nightmare Log4Shell scenario averted by prompt, professional action
Prompt and professional community response to the Log4Shell disclosure means the dangerous and widespread vulnerability has not been exploited to the extent many had feared
-
January 26, 2022
26
Jan'22
PwnKit bug endangers Linux distributions worldwide
Qualys researchers share intel on a memory corruption vulnerability in a program installed by default on every major Linux distribution
-
January 20, 2022
20
Jan'22
MoonBounce firmware bootkit shows advances in malicious implants
MoonBounce firmware bootkit shows evident technical improvements over others, making it a more dangerous threat to organisations. It is being used by Chinese state-backed actors
-
January 19, 2022
19
Jan'22
Investigators find Beijing 2022 app riddled with security flaws
Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack
-
January 17, 2022
17
Jan'22
Top three questions about the Log4j vulnerability
Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability
-
January 12, 2022
12
Jan'22
Microsoft fixes six zero-days in January Patch Tuesday update
A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell
-
January 11, 2022
11
Jan'22
Almost half of Log4j downloads still dangerously exposed
Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j
-
January 11, 2022
11
Jan'22
Banks accused of neglecting customer security measures
Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes
-
December 23, 2021
23
Dec'21
Top 10 cyber security stories of 2021
Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do?
-
December 15, 2021
15
Dec'21
After Log4j, December Patch Tuesday piles on the pressure
December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue
-
December 14, 2021
14
Dec'21
Almost half of networks probed for Log4Shell weaknesses
Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug
-
December 13, 2021
13
Dec'21
What is Log4Shell, and why are we panicking about it?
It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it
-
December 09, 2021
09
Dec'21
UK and US to collaborate on privacy innovation contest
Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC
-
December 08, 2021
08
Dec'21
2021 another record-breaker for vulnerability disclosure
More than 50 CVEs were logged every day in 2021, more than at any time since records began, while ethical hackers continue to prove their value
-
November 30, 2021
30
Nov'21
HP patches bugs in over 150 printer models
More than 150 HP multifunction printers are at risk of compromise through a series of newly disclosed vulnerabilities, one of them wormable
-
November 24, 2021
24
Nov'21
Apple sues under-fire malware firm NSO
Lawsuit alleges spyware firm NSO Group targeted Apple’s users, adding to the pressure on the under-fire company
-
November 17, 2021
17
Nov'21
Security startups line up on Cyber Runway
Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator
-
November 17, 2021
17
Nov'21
Zero-days: The next element of the service-based cyber economy?
Digital Shadows researchers have reported on the emergence of zero-days as a service, which could be the next big thing in the cyber criminal underworld
-
November 10, 2021
10
Nov'21
November Patch Tuesday drop fixes bugs in Excel, Exchange Server
Another relatively light Patch Tuesday drop from Microsoft addresses 55 vulnerabilities, two of them already being exploited
-
November 08, 2021
08
Nov'21
How cosmetics retailer Lush made over its approach to authentication
Evolving approaches to IT at cosmetics retailer Lush meant the organisation’s previous approach to authentication was no longer up to scratch. Find out how it overcame this hurdle
-
November 04, 2021
04
Nov'21
The Netherlands works on resilience with large-scale national cyber exercise
For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care
-
November 01, 2021
01
Nov'21
Businesses and governments urged to take action over Trojan Source supply chain attacks
Businesses and governments have been put on alert to guard against Trojan Source hacking attacks
-
October 26, 2021
26
Oct'21
Lacework expands into ANZ, eyes APAC market
DevSecOps supplier Lacework’s expansion into Australia and New Zealand will pave the way for a broader move into the Asia-Pacific region
-
October 13, 2021
13
Oct'21
Microsoft warns of MysterySnail on October Patch Tuesday
Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets
-
October 08, 2021
08
Oct'21
Craft beer specialist Brewdog fixes serious app vulnerability
Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers
-
October 05, 2021
05
Oct'21
New Python-based ransomware attacks unfold in record time
Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs
-
September 30, 2021
30
Sep'21
Team leaders urged to address developer mental health
The pandemic led to many developers working from home, and many have experienced burnout
-
September 29, 2021
29
Sep'21
The Security Interviews: How SolarWinds came through its darkest hour
In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario
-
September 28, 2021
28
Sep'21
How one red team exercise averted a new SolarWinds-style attack
Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack
-
September 23, 2021
23
Sep'21
Threat actors target VMware vCenter Server users
Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste
-
September 16, 2021
16
Sep'21
Dutch education administrators underestimate threat of cyber crime
Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks
-
September 15, 2021
15
Sep'21
Microsoft patches 66 vulnerabilities in September update
Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga
-
September 14, 2021
14
Sep'21
Apple patches ForcedEntry vulnerability used by spyware firm NSO
Apple patches ForcedEntry vulnerability that was used to target political activists with spyware
-
September 09, 2021
09
Sep'21
Latest Microsoft zero-day being actively exploited
New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks
-
September 07, 2021
07
Sep'21
OT security in APAC remains work in progress
Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges
-
August 31, 2021
31
Aug'21
GovTech launches vulnerability rewards programme
Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems
-
August 24, 2021
24
Aug'21
13 million malware attacks on Linux seen in wild
Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services
-
August 24, 2021
24
Aug'21
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited
-
August 18, 2021
18
Aug'21
How Australia’s Octopus Deploy is simplifying DevOps
Brisbane-based startup Octopus Deploy recently secured $172.5m in venture funding to advance its goal of simplifying software deployments for DevOps teams
-
August 18, 2021
18
Aug'21
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks
-
August 17, 2021
17
Aug'21
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture
-
August 13, 2021
13
Aug'21
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses
-
August 13, 2021
13
Aug'21
Hospitals see cyber security investment as a low priority
Almost half of hospitals have experienced an IT shutdown as a result of a cyber attack in the past six months, but just over one in 10 hospital executives see cyber security investment as a high priority
-
August 11, 2021
11
Aug'21
The Netherlands still lacks digital resilience, says report
Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient
-
August 05, 2021
05
Aug'21
SAP customers more alert to internal than external threats
SAP customers are more concerned by insider threats than by external attacks, according to a report. And yet the average SAP customer has around 2,500 vulnerabilities within their customised SAP code