News

Application security and coding requirements

• October 21, 2020 21 Oct'20

  NSA’s top CVE list a timely reminder to patch

  Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies

• October 21, 2020 21 Oct'20

  Trump and Biden campaign apps easy targets for cyber criminals

  You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it

• October 14, 2020 14 Oct'20

  Microsoft fixes 87 bugs in October 2020 Patch Tuesday

  Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019

• October 13, 2020 13 Oct'20

  Suppliers neglecting virtual appliance security, putting users at risk

  Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report

• October 12, 2020 12 Oct'20

  Five Eyes spy group again demands access to private messages

  Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms

• October 12, 2020 12 Oct'20

  Cyber security skills ad branded ‘crass’ by minister

  Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic

• October 12, 2020 12 Oct'20

  Making sense of zero-trust security

  Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint

• October 09, 2020 09 Oct'20

  Magecart strikes website of school payments service Wisepay

  Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period

• October 08, 2020 08 Oct'20

  NCSC relaunches SME security guide with home working focus

  The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020

• October 05, 2020 05 Oct'20

  MosaicRegressor APT campaign using rare malware variant

  Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware

• October 02, 2020 02 Oct'20

  Find and fix your Adobe Flash dependencies, says NCSC

  As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies

• September 30, 2020 30 Sep'20

  GitHub makes code vulnerability scanning feature public

  Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage

• September 29, 2020 29 Sep'20

  NCSC expands schools programme to north-east England and Northern Ireland

  Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland

• September 28, 2020 28 Sep'20

  TikTok ban stayed after last-minute court case

  TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States

• September 28, 2020 28 Sep'20

  Security now main driving force behind digital transformation

  Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda

• September 24, 2020 24 Sep'20

  Third-party code bug left Instagram users at risk of account takeover

  A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device

• September 24, 2020 24 Sep'20

  Race to patch as Microsoft confirms Zerologon attacks in the wild

  Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug

• September 22, 2020 22 Sep'20

  Scam mobile apps spreading via rogue TikTok accounts

  Malicious TikTok accounts are promoting a number of adware scam mobile apps

• September 21, 2020 21 Sep'20

  Big questions to be answered over TikTok and WeChat reprieve

  TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain

• September 17, 2020 17 Sep'20

  Saudi Arabia sees cyber security boom as coronavirus bites

  Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods

• September 16, 2020 16 Sep'20

  Retailers urged to get to grips with Magento as attacks spike

  A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento

• September 16, 2020 16 Sep'20

  Lorca security scaleups to get Splunk data expertise

  Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise

• September 15, 2020 15 Sep'20

  Risky development practice leaves company access keys exposed

  Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development

• September 15, 2020 15 Sep'20

  TikTok-Oracle partnership moves forward for consideration

  Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China

• September 14, 2020 14 Sep'20

  Microsoft drops out of TikTok talks, paves way for Oracle partnership

  Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle

• September 10, 2020 10 Sep'20

  Cyber security is next frontier for open source

  Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM

• September 10, 2020 10 Sep'20

  Lorca security scaleups hit funding milestone

  £153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target

• September 09, 2020 09 Sep'20

  September’s Patch Tuesday heavy on RCE vulnerabilities

  Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues

• September 06, 2020 06 Sep'20

  Why predictive threat intelligence is key

  Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur

• September 02, 2020 02 Sep'20

  Northumbria University suffers major disruption after cyber attack

  Some exams cancelled as university appoints external specialists to investigate incident

• August 25, 2020 25 Aug'20

  TikTok takes Trump to court

  Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US

• August 18, 2020 18 Aug'20

  Reports Oracle to enter TikTok bidding war

  Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT

• August 12, 2020 12 Aug'20

  Microsoft patches two zero-days with active exploits

  Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals

• August 11, 2020 11 Aug'20

  Citrix users urged to patch five XenMobile CVEs

  Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible

• August 06, 2020 06 Aug'20

  Qualcomm chip vulnerability puts millions of phones at risk

  Qualcomm has patched multiple vulnerabilities in its chip hardware that left hundreds of millions of smartphones open to compromise by malicious actors

• August 04, 2020 04 Aug'20

  New foundation to bolster security of open source software

  The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software

• August 03, 2020 03 Aug'20

  Microsoft offers way out of TikTok impasse

  Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US

• July 31, 2020 31 Jul'20

  Labour Party is latest victim of Blackbaud ransomware attack

  Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour

• July 20, 2020 20 Jul'20

  Businesses underestimate negative impact of bot traffic

  Research from Netacea finds that although awareness of malicious bot activity is high, many are underestimating its true impact

• July 16, 2020 16 Jul'20

  Coronavirus shines spotlight on cyber security

  Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic

• July 15, 2020 15 Jul'20

  Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update

  The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update

• July 14, 2020 14 Jul'20

  Check Point unearths critical SigRed bug in Windows DNS

  SigRed vulnerability is highly dangerous, but is being fixed as part of the July 2020 Patch Tuesday update

• July 14, 2020 14 Jul'20

  Recon vulnerability puts thousands of SAP customers at risk

  Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems

• July 14, 2020 14 Jul'20

  Australian enterprises facing more cyber attacks

  The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country

• July 13, 2020 13 Jul'20

  Zoom zero-day a reminder to stop using Windows 7

  Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems

• July 09, 2020 09 Jul'20

  More Joker malware apps chucked off Google Play Store

  Infamous Joker billing fraud malware continues to sneak past Google’s security controls

• July 08, 2020 08 Jul'20

  Security funding soars despite Covid-19 slump, but problems lie ahead

  The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going

• July 07, 2020 07 Jul'20

  Cyber4Summer scheme to divert young people from cyber crime

  Cyber4Summer platform will offer 100 different tracks covering a range of security skills to divert them from falling into a life of cyber crime

• July 06, 2020 06 Jul'20

  Lorca scale-ups bring diverse security to the fore

  London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort

• July 06, 2020 06 Jul'20

  North Korea behind spate of Magecart attacks

  The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec

• July 01, 2020 01 Jul'20

  UK’s unsung cyber security heroes sought

  Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards

• July 01, 2020 01 Jul'20

  Zoom making progress on cyber security and privacy, says CEO

  Three months after being hit by a spate of security incidents, Zoom’s CEO, Eric Yuan, has been discussing progress towards a more secure product

• July 01, 2020 01 Jul'20

  Mysterious EvilQuest macOS ransomware spreads through torrents

  A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly

• July 01, 2020 01 Jul'20

  FakeSpy Android malware targets Royal Mail app users

  The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous

• June 25, 2020 25 Jun'20

  Pub ‘check-in’ apps provoke fresh privacy concerns

  With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened

• June 23, 2020 23 Jun'20

  Neurodiversity on the rise among career hackers

  More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd

• June 23, 2020 23 Jun'20

  Flash-based MacOS malware hides in plain sight

  By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences

• June 18, 2020 18 Jun'20

  Cisco patches dangerous Webex vulnerability

  CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service

• June 17, 2020 17 Jun'20

  Coronavirus: Cyber security spend to slow in 2020

  Analysts revise down previous growth targets for security technology as the Covid-19 pandemic bites

• June 16, 2020 16 Jun'20

  Activists call on Zoom to implement encryption for all

  A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users

• June 15, 2020 15 Jun'20

  Accessories store Claire’s hit by Magecart credit card fraudsters

  Attackers gained access to retailer’s website as long ago as March

• June 14, 2020 14 Jun'20

  Coronavirus: Enterprise VPN adoption in India set to rise

  Advancement in cloud technologies and secured remote access to applications will significantly contribute to the overall growth of India’s VPN market, says GlobalData

• June 11, 2020 11 Jun'20

  CISOs buying into unified security proposition

  The time is right for all-in-one security solutions, according to a report

• June 10, 2020 10 Jun'20

  Government to fund nine advanced security projects

  Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets

• June 10, 2020 10 Jun'20

  Decade-old vulnerability among 129 Patch Tuesday fixes

  A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks

• June 10, 2020 10 Jun'20

  Virtual GP practice accidentally exposes patient video calls

  A small number of users of Babylon’s GP at Hand service were briefly able to view other patients’ video GP consultations thanks to a bug in a new software feature

• June 10, 2020 10 Jun'20

  How Australian firms can defend against supply chain attacks

  Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm

• June 09, 2020 09 Jun'20

  Poorly-secured AWS buckets used to launch Magecart attacks

  Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data

• June 08, 2020 08 Jun'20

  What it takes to get DevSecOps right

  DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools

• June 05, 2020 05 Jun'20

  Police chiefs working with Public Health England on contact-tracing security

  Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme

• June 04, 2020 04 Jun'20

  The Security Interviews: How the BSI protects the IoT from itself

  David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely

• June 01, 2020 01 Jun'20

  Privacy campaigners call for radical changes to contact-tracing app

  Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether

• May 28, 2020 28 May'20

  Public Health England to keep contact-tracing data for 20 years

  PHE will retain the data it collects via the NHS Test and Trace programme for 20 years

• May 27, 2020 27 May'20

  Enterprise clouds hammered by cyber attacks during pandemic

  Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee

• May 27, 2020 27 May'20

  Fears contact-tracing app will open the floodgates for cyber criminals

  Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government

• May 26, 2020 26 May'20

  StrandHogg mobile vulnerability has evil twin

  Variant of the dangerous StrandHogg vulnerability affecting Android phones could allow hackers to access almost all apps on a target device

• May 19, 2020 19 May'20

  Cancelled NCSC CyberUK event gets green light for 2021

  The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales

• May 18, 2020 18 May'20

  DevOps improve code quality, but security must happen sooner

  GitLab survey finds developers are adopting DevOps to improve code quality, but more needs to be done on secure coding

• May 14, 2020 14 May'20

  Harman seeks to bring private member’s bill over contact tracing

  Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary

• May 14, 2020 14 May'20

  Venafi buys cloud protection service Jetstack

  Jetstack specialises in open source machine identity protection software for Kubernetes and cloud native ecosystems

• May 14, 2020 14 May'20

  UK’s contact-tracing app targeted by scammers

  Even though it is only operational on the Isle of Wight as a beta test, the UK government’s coronavirus contact-tracing app has already attracted the attention of cyber criminals

• May 13, 2020 13 May'20

  Report reveals inadequate cyber security at Schiphol Airport

  A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport

• May 13, 2020 13 May'20

  Microsoft fixes 16 critical vulnerabilities on Patch Tuesday

  The trend towards mammoth Patch Tuesdays continues as Microsoft fixes 111 vulnerabilities

• May 12, 2020 12 May'20

  Draft Covid-19 contact tracing legislation proposes formal oversight

  Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app

• May 07, 2020 07 May'20

  Zoom buys secure messaging service Keybase

  Unified comms platform Zoom says the acquisition of Keybase will finally let it bring end-to-end encryption to the table

• May 07, 2020 07 May'20

  Contact-tracing app fails to protect privacy and human rights

  Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee

• May 07, 2020 07 May'20

  Next round of Zoom updates targets consumer security

  Casual consumer users of Zoom will get additional protections in an update to be released over the long weekend

• May 06, 2020 06 May'20

  Re-purposing data and questionable effectiveness could undermine trust in NHS contact-tracing app

  Experts call for greater clarity over how contact-tracing data will be used, while discussing the limitations of the coronavirus app

• May 04, 2020 04 May'20

  Xen Orchestra latest victim of Salt cryptojackers

  More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward

• May 04, 2020 04 May'20

  Blogging platform Ghost hacked through Salt vulnerability

  Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability

• May 04, 2020 04 May'20

  IT Priorities 2020: Compliance and risk are top security concerns

  When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study

• April 30, 2020 30 Apr'20

  Mobile banking customers at risk from new EventBot trojan

  Customers of Barclays, HSBC, Santander and many other banks should be alert to a dangerous new trojan

• April 28, 2020 28 Apr'20

  Under the spotlight, video apps rush to strengthen security

  Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement

• April 24, 2020 24 Apr'20

  The Security Interviews: Can AV go from dodgy scareware to cyber hero?

  Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing

• April 23, 2020 23 Apr'20

  iOS zero-day leaves iPhone users dangerously exposed

  Researchers identify dangerous vulnerabilities in Apple’s iOS operating system that allow remote code execution on target devices

• April 23, 2020 23 Apr'20

  Zoom to roll out fresh cyber security updates

  New features include support for advanced AES 256-bit encryption

• April 20, 2020 20 Apr'20

  Dutch organisations address business email compromise fraud

  Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks

• April 15, 2020 15 Apr'20

  Coronavirus: Standard Chartered bans employees from Zoom

  Standard Chartered is the first bank to have instructed its staff to refrain from using Zoom

• April 15, 2020 15 Apr'20

  Coronavirus: Researcher finds security vulnerability in Slack

  Some common assumptions about the security of cloud-based messaging platform Slack may not be entirely accurate, says an Alien Labs researcher

• April 15, 2020 15 Apr'20

  Microsoft patches 19 critical bugs in another heavy Patch Tuesday

  The volume of vulnerabilities being uncovered by Microsoft remains high, with more than 100 fixes pushed out in April’s Patch Tuesday