News
Web application security
-
April 21, 2022
21
Apr'22
Impact of Lapsus$ attack on Okta less than feared
Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential
-
April 20, 2022
20
Apr'22
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation
-
April 13, 2022
13
Apr'22
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service
-
April 12, 2022
12
Apr'22
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study
-
April 11, 2022
11
Apr'22
Singapore to start licensing cyber security service providers
Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards
-
April 11, 2022
11
Apr'22
Open source CMS platform Directus patches XSS bug
A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data
-
April 08, 2022
08
Apr'22
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better
-
April 06, 2022
06
Apr'22
Denonia malware may be first to target AWS Lambda
The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind
-
April 04, 2022
04
Apr'22
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device
-
March 31, 2022
31
Mar'22
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 17, 2022
17
Mar'22
Kaspersky CEO: Ukraine war must end through diplomacy
Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting
-
March 16, 2022
16
Mar'22
Kubernetes vulnerability underscores repeated security warnings
The disclosure of a new vulnerability in an important container runtime engine that underpins Kubernetes has drawn fresh warnings to pay attention to securing Kubernetes environments
-
March 10, 2022
10
Mar'22
Tech brands sign on to HackerOne responsible security drive
Tech companies sign HackerOne’s new corporate security responsibility pledge to bring cyber out of the shadows and promote effective, secure development practices
-
March 10, 2022
10
Mar'22
Government to force tech firms to stop fraudsters using their platforms for scams
Changes to legislation will make social media and search engine firms responsible for preventing fraudsters using their platforms to commit crimes
-
March 09, 2022
09
Mar'22
China’s APT41 exploited Log4j within hours
APT41 compromised multiple government organisations via the Log4Shell exploit within hours of its initial disclosure, Mandiant claims
-
March 09, 2022
09
Mar'22
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders
-
March 03, 2022
03
Mar'22
Use of encrypted Telegram platform soars in Ukraine, Russia
Encrypted messaging service Telegram is proving a valuable asset to both sides in Russia’s war on Ukraine
-
March 02, 2022
02
Mar'22
Cyber companies step up support for Ukraine
Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine
-
March 01, 2022
01
Mar'22
BBC blasted with millions of malicious emails
Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day
-
February 28, 2022
28
Feb'22
Ukraine cyber attacks seen spiking, but no destructive cyber war yet
While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region
-
February 28, 2022
28
Feb'22
Cloudflare: Our network is our product
Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats
-
February 24, 2022
24
Feb'22
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021
-
February 23, 2022
23
Feb'22
Salesforce pays out over £2m in bug bounties
Salesforce says it received more than 4,000 vulnerability reports in 2021 alone as it delivers a rare public update on its bug bounty programme
-
February 23, 2022
23
Feb'22
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region
-
February 21, 2022
21
Feb'22
Zoom gains NCSC Cyber Essentials Plus and NHS security badges
Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats
-
February 16, 2022
16
Feb'22
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment
-
February 11, 2022
11
Feb'22
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy
-
February 09, 2022
09
Feb'22
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day
-
February 08, 2022
08
Feb'22
DPD delivers swift fix for serious API flaw
API vulnerability potentially left PII on DPD Group’s customers dangerously exposed, but was rapidly fixed on disclosure
-
February 08, 2022
08
Feb'22
Microsoft to start blocking macros to thwart malware
Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security
-
February 08, 2022
08
Feb'22
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions
-
February 04, 2022
04
Feb'22
Check Point looks to plug ASEAN’s cyber security gap
Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors
-
February 03, 2022
03
Feb'22
Crisp supply shortage looms after KP Snacks hit by ransomware
Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks
-
February 02, 2022
02
Feb'22
MPs call on government to ‘push harder’ and ‘act faster’ amid online fraud epidemic
MPs on the Treasury Committee want the government to act quickly to reduce the amount of money being stolen through online fraud
-
February 01, 2022
01
Feb'22
Check Point buys Spectral to safeguard cloud development
Check Point’s latest acquisition of Israel-based startup Spectral expands its developer-centric security toolset
-
January 27, 2022
27
Jan'22
Novel phishing campaign highlights need for MFA, says Microsoft
Microsoft details a new multi-stage phishing campaign that only affects victims without multifactor authentication in place
-
January 27, 2022
27
Jan'22
Nightmare Log4Shell scenario averted by prompt, professional action
Prompt and professional community response to the Log4Shell disclosure means the dangerous and widespread vulnerability has not been exploited to the extent many had feared
-
January 20, 2022
20
Jan'22
Updated cyber security regulations proposed for managed services sector
The Network and Information Systems regulations are to be updated to include MSPs and outsourcers, following a spate of supply chain attacks
-
January 19, 2022
19
Jan'22
Investigators find Beijing 2022 app riddled with security flaws
Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack
-
January 17, 2022
17
Jan'22
Top three questions about the Log4j vulnerability
Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability
-
January 14, 2022
14
Jan'22
Nato offers tech support after 'massive cyber attack' hits Ukraine
Speculation mounts that Russia is behind a cyber attack which defaced Ukrainian government websites amid growing international tension
-
January 14, 2022
14
Jan'22
Umbrella company Brookson self-refers to NCSC following cyber attack on its network
Contractor payroll, accounting and compliance firm confirms its networks have been targeted by an ‘extremely aggressive’ cyber attack that has resulted in some of its systems being proactively taken offline
-
January 12, 2022
12
Jan'22
MEPs demand EU probe into Pegasus spyware abuse
A group of European Parliament Members has called for an EU-wide investigation into NSO Group’s Pegasus spyware after it emerged EU member states may have used it
-
January 12, 2022
12
Jan'22
Microsoft fixes six zero-days in January Patch Tuesday update
A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell
-
January 11, 2022
11
Jan'22
Almost half of Log4j downloads still dangerously exposed
Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j
-
January 11, 2022
11
Jan'22
Banks accused of neglecting customer security measures
Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes
-
January 03, 2022
03
Jan'22
How APAC firms can stay ahead of cyber threats
Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks
-
December 23, 2021
23
Dec'21
Top 10 cyber security stories of 2021
Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do?