News

Application security and coding requirements

• July 16, 2021 16 Jul'21

  Legacy SonicWall kit exploited in ransom campaign

  Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign

• July 14, 2021 14 Jul'21

  Multiple Microsoft bugs being actively exploited

  Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited

• July 13, 2021 13 Jul'21

  Modipwn vulnerability puts millions of building systems at risk

  Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover

• July 08, 2021 08 Jul'21

  PrintNightmare haunts Microsoft as patch may miss mark

  Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied

• July 07, 2021 07 Jul'21

  Opportunists seen targeting Kaseya REvil victims

  Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident

• July 02, 2021 02 Jul'21

  Should I be worried about PrintNightmare?

  The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?

• July 02, 2021 02 Jul'21

  Cyber attackers up the ante on embattled IT teams

  Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 25, 2021 25 Jun'21

  AWS launches bug-busting programme for developers

  Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console

• June 23, 2021 23 Jun'21

  How containerisation helps VW develop car software

  Volkswagen’s R&D centre is working with Red Hat to use containerisation to improve how it develops and tests software for the control systems in cars

• June 18, 2021 18 Jun'21

  NHS App reaches six million users, thanks to Covid vaccine feature

  More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 09, 2021 09 Jun'21

  Microsoft fixes seven zero-days on its Patch Tuesday rounds

  Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update

• June 03, 2021 03 Jun'21

  Norway’s auditor general lifts lid on energy industry’s cyber security risks

  Auditor General’s Office questions the security posture of Norway’s energy industry

• June 03, 2021 03 Jun'21

  Pandemic a ‘once-in-a-lifetime’ chance to reshape security

  The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 21, 2021 21 May'21

  Lack of developer attention to cloud security prompts alerts

  The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations

• May 14, 2021 14 May'21

  Okta and Auth0 to expand APAC coverage

  Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic

• May 13, 2021 13 May'21

  Publishing exploit code does more harm than good, says report

  Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security

• May 12, 2021 12 May'21

  Microsoft fixes four critical bugs on lighter Patch Tuesday

  Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away

• May 11, 2021 11 May'21

  Collaboration key to success of UK’s Cyber Security Council

  The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 07, 2021 07 May'21

  Ransomware, supply chain attacks show no sign of abating

  Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 27, 2021 27 Apr'21

  Apple OS updates patch multiple security holes

  The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible

• April 27, 2021 27 Apr'21

  North London school wins NCSC girls’ cyber challenge

  Highgate School in North London is the winner of this year’s CyberFirst Girls security competition

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  UK’s proposed IoT cyber security law gathers momentum

  New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM

• April 16, 2021 16 Apr'21

  Finnish government strengthens country’s IT network security

  Finland’s government has created a new national organisation to help public and private bodies improve network security

• April 14, 2021 14 Apr'21

  FBI accesses ProxyLogon target servers to disrupt cyber criminals

  US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  Millions of devices at risk from NAME:WRECK DNS bugs

  Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk

• April 11, 2021 11 Apr'21

  Executive interview: Unleashing blockchain’s potential

  Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology

• April 07, 2021 07 Apr'21

  Unpatched SAP applications are target-rich ground for hackers

  Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities

• March 31, 2021 31 Mar'21

  Cyber Security Council to champion UK security pros

  A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base

• March 25, 2021 25 Mar'21

  Four in five UK businesses seek new security suppliers

  Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves

• March 16, 2021 16 Mar'21

  Microsoft releases one-click ProxyLogon mitigation tool

  Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers

• March 16, 2021 16 Mar'21

  Government calls for input into Covid-19 vaccine passports

  Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme

• March 15, 2021 15 Mar'21

  Microsoft Exchange ProxyLogon attacks spike 10 times in four days

  Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days

• March 12, 2021 12 Mar'21

  NCSC issues emergency alert on Microsoft Exchange patch

  UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately

• March 12, 2021 12 Mar'21

  DearCry ransomware targets vulnerable Exchange servers

  As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority

• March 11, 2021 11 Mar'21

  Norwegian government falls victim to Microsoft attacks

  Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers

• March 10, 2021 10 Mar'21

  Patch Tuesday overshadowed by Microsoft Exchange attacks

  Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks

• March 05, 2021 05 Mar'21

  Williams F1 car launch disrupted by data leak

  Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack

• March 05, 2021 05 Mar'21

  Singapore Airlines the latest victim of supply chain attack

  A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system

• March 04, 2021 04 Mar'21

  Microsoft Exchange CVEs more widely exploited than thought

  US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer

• March 03, 2021 03 Mar'21

  Emergency patch addresses MS Exchange Server zero-days

  Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server

• February 24, 2021 24 Feb'21

  Transport for NSW hit by Accellion breach

  Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Is Clubhouse safe, and should CISOs stop its use?

  With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it

• February 18, 2021 18 Feb'21

  2020 a record year for cyber, thanks to Covid

  The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy

• February 18, 2021 18 Feb'21

  Fingerprints will help payment cards retain relevance

  Biometric payment cards using fingerprint technology could add billions to global banking revenues, says UBS

• February 16, 2021 16 Feb'21

  RDP, SSH exposures off the charts thanks to remote working

  The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report

• February 15, 2021 15 Feb'21

  NCSC recognises UK’s top cyber schools

  National Cyber Security Centre CyberFirst Schools initiative has handed out 14 gold, silver and bronze awards recognising excellence in cyber security teaching

• February 11, 2021 11 Feb'21

  Low-complexity CVEs a growing concern

  Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments

• February 11, 2021 11 Feb'21

  Singtel falls prey to supply chain attack

  The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack

• February 10, 2021 10 Feb'21

  Windows 10, Server 2019 users must patch serious zero-day

  Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update

• February 05, 2021 05 Feb'21

  Google Chrome update to patch serious zero-day

  A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible

• February 04, 2021 04 Feb'21

  SolarWinds chases multiple leads in breach investigation

  Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• January 27, 2021 27 Jan'21

  Emergency Apple updates patch exploited zero-days

  Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals

• January 17, 2021 17 Jan'21

  NCSC CyberFirst Girls 2021 contest kicks off

  UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic

• January 14, 2021 14 Jan'21

  APAC firms grapple with cyber security amid pandemic

  Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Palo Alto Networks opens Australia cloud location

  The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Early stage UK security startups face funding crisis

  Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• January 11, 2021 11 Jan'21

  Kaspersky claims link between Solorigate and Kazuar backdoors

  Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship

• January 11, 2021 11 Jan'21

  New Zealand central bank IT system breached in cyber attack

  Bank is responding to a cyber attack after hackers breached the system of a third-party supplier

• January 08, 2021 08 Jan'21

  Which? online banking investigation reveals ‘worrying gaps’ in security

  Consumer rights organisation has ranked the security of UK online current account providers

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 18, 2020 18 Dec'20

  Finnish government tables laws to protect data from cyber criminals

  Government is strengthening its legal framework to protect data from hackers in the wake of a massive breach at a psychotherapy centre

• December 17, 2020 17 Dec'20

  Dodgy browser extensions put social media users at risk

  More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast

• December 17, 2020 17 Dec'20

  FireEye and partners release SolarWinds kill-switch

  A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue

• December 11, 2020 11 Dec'20

  Disputed PostgreSQL bug exploited in cryptomining botnet

  PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL

• December 09, 2020 09 Dec'20

  Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

  The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users

• December 09, 2020 09 Dec'20

  Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

  The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance

• December 08, 2020 08 Dec'20

  Russian state actors exploiting VMware bug to hijack data, users warned

  Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings

• December 07, 2020 07 Dec'20

  Grindr and others patch critical Android bug

  Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability

• December 04, 2020 04 Dec'20

  Avast and Borsetta to support Intel’s AI security project

  Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project

• December 03, 2020 03 Dec'20

  Lax Android app developers putting millions of users at risk

  Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk

• December 02, 2020 02 Dec'20

  Singapore government remains ‘juicy target’ for cyber attackers

  The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats

• November 26, 2020 26 Nov'20

  APAC plagued by APT, ransomware attacks

  The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020

• November 24, 2020 24 Nov'20

  Belgian security researcher hacks Tesla with Raspberry Pi

  Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard

• November 11, 2020 11 Nov'20

  Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates

  November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of

• November 10, 2020 10 Nov'20

  IT Priorities 2020: After Covid-19, security goes back to basics

  This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals

• November 05, 2020 05 Nov'20

  Microsoft to support next generation of security startups

  Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups

• October 28, 2020 28 Oct'20

  Trump supporters targeted by cryptocurrency scammers

  The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime

• October 28, 2020 28 Oct'20

  Barracuda eyes Indochina markets

  Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos

• October 21, 2020 21 Oct'20

  NSA’s top CVE list a timely reminder to patch

  Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies

• October 21, 2020 21 Oct'20

  Trump and Biden campaign apps easy targets for cyber criminals

  You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it

• October 14, 2020 14 Oct'20

  Microsoft fixes 87 bugs in October 2020 Patch Tuesday

  Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019

• October 13, 2020 13 Oct'20

  Suppliers neglecting virtual appliance security, putting users at risk

  Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report

• October 12, 2020 12 Oct'20

  Five Eyes spy group again demands access to private messages

  Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms