News
Web application security
-
November 13, 2023
13
Nov'23
Rogue state-aligned actors are most critical cyber threat to UK
The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night
-
November 02, 2023
02
Nov'23
Admins told to take action over F5 Big-IP platform flaws
Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild
-
November 01, 2023
01
Nov'23
Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals
As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings
-
October 31, 2023
31
Oct'23
SEC sues SolarWinds, alleging serious security failures
SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks
-
October 27, 2023
27
Oct'23
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances
-
October 27, 2023
27
Oct'23
Google launches bug bounties for generative AI attack scenarios
Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology
-
October 24, 2023
24
Oct'23
Cisco hackers likely taking steps to avoid identification
Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery
-
October 24, 2023
24
Oct'23
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks
-
October 23, 2023
23
Oct'23
Cisco pushes update to stop exploitation of two IOS XE zero-days
Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software
-
October 19, 2023
19
Oct'23
Fears grow over extent of Cisco IOS XE zero-day
Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures
-
October 19, 2023
19
Oct'23
Loughborough Uni to create five cyber AI research posts
Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security
-
October 17, 2023
17
Oct'23
What it takes to succeed in DevSecOps
Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey
-
October 03, 2023
03
Oct'23
CIISec scores DSIT funding to expand successful CyberEPQ scheme
DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date
-
September 28, 2023
28
Sep'23
Businesses disconnected from realities of API security
Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report
-
September 28, 2023
28
Sep'23
Security and risk management spending to grow 14% next year
Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024
-
September 28, 2023
28
Sep'23
Yahoo picks Intigriti to run crowdsourced bug bounty programme
Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate
-
September 18, 2023
18
Sep'23
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation
-
September 14, 2023
14
Sep'23
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers
-
September 13, 2023
13
Sep'23
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked
-
September 13, 2023
13
Sep'23
Storm-0324 gathers over Microsoft Teams
An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks
-
September 13, 2023
13
Sep'23
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release
-
September 11, 2023
11
Sep'23
Salesforce and Zoom embrace ethical hackers. You should, too
Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers
-
September 08, 2023
08
Sep'23
Apple patches Blastpass exploit abused by spyware makers
Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO
-
September 07, 2023
07
Sep'23
UK minister fails to reassure tech companies over encryption risk
Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough
-
September 06, 2023
06
Sep'23
French supreme court dismisses legal challenge to EncroChat cryptophone evidence
Defence lawyers plan to appeal to the European Court of Human Rights after the French supreme court disallowed an appeal over the legality of EncroChat evidence
-
September 05, 2023
05
Sep'23
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed
-
September 04, 2023
04
Sep'23
How startup Once.net and Cloudflare secured the 2023 Eurovision vote
When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night
-
September 01, 2023
01
Sep'23
Threat actors exploiting unpatched Juniper Networks devices
A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed
-
August 24, 2023
24
Aug'23
Google bets on AI-backed cyber controls for Workspace users
Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users
-
August 17, 2023
17
Aug'23
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns
-
August 16, 2023
16
Aug'23
CyberArk eyes growth beyond PAM
CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management
-
August 10, 2023
10
Aug'23
Google speeds up security update frequency for Chrome
Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities
-
August 09, 2023
09
Aug'23
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks
-
August 08, 2023
08
Aug'23
Many UK organisations considering ChatGPT bans on employee devices
More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices
-
August 07, 2023
07
Aug'23
Microsoft fixes Azure flaw that was subject of researcher criticism
Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes
-
August 07, 2023
07
Aug'23
Rise in fraudsters spoofing the websites of leading UK banks
Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale
-
August 04, 2023
04
Aug'23
Log4Shell, ProxyShell still among most widely exploited flaws
Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list
-
August 04, 2023
04
Aug'23
Biden’s SBOM mandate a ‘shot heard around the world’, report says
Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response
-
August 03, 2023
03
Aug'23
Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
Microsoft shares intelligence on a newly observed Cozy Bear campaign that saw the APT take over genuine Microsoft 365 tenants and subvert them to try to phish its victims
-
August 03, 2023
03
Aug'23
Microsoft attacked over ‘grossly irresponsible’ security practice
The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’
-
August 01, 2023
01
Aug'23
Singtel adds Zscaler SSE to managed security services portfolio
Singtel teams up with Zscaler to offer a managed security service edge service as it looks to ramp up its enterprise business
-
July 27, 2023
27
Jul'23
Ant Group teams with NTU to advance privacy-preserving technologies
The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties
-
July 18, 2023
18
Jul'23
Critical Adobe ColdFusion flaws chained in ongoing cyber attacks
Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed
-
July 13, 2023
13
Jul'23
One month after MOVEit: New vulnerabilities found as more victims are named
Five weeks after the mass MOVEit breach, new vulnerabilities in the file transfer tool are coming to light as the Clop cyber crime group continues to terrorise victims. But has the gang bitten off more than it can chew?
-
July 12, 2023
12
Jul'23
Hackers: We won’t let artificial intelligence get the better of us
AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker
-
July 12, 2023
12
Jul'23
Microsoft users on high alert over dangerous RCE zero-day
A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet
-
July 04, 2023
04
Jul'23
How Maxeon is forging the path to SASE
Maxeon Solar Technologies is building out its security service edge capabilities with an eye on a SASE implementation that combines best of breed offerings from different suppliers
-
June 19, 2023
19
Jun'23
How Fastly thinks differently about CDNs and the edge
Fastly is counting on its developer chops and different approaches towards security and other areas to compete with its rivals
-
June 19, 2023
19
Jun'23
Early June Microsoft outages were result of large-scale DDoS hit
Investigations into recent outages on Microsoft Azure and Outlook services have turned up evidence of a massive distributed denial-of-service attack
-
June 14, 2023
14
Jun'23
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention