News
Application security and coding requirements
-
April 20, 2021
20
Apr'21
Codecov supply chain attack has echoes of SolarWinds
Supply chain attack on code auditing service may have compromised the likes of HPE and IBM
-
April 16, 2021
16
Apr'21
Finnish government strengthens country’s IT network security
Finland’s government has created a new national organisation to help public and private bodies improve network security
-
April 14, 2021
14
Apr'21
FBI accesses ProxyLogon target servers to disrupt cyber criminals
US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation
-
April 14, 2021
14
Apr'21
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency
-
April 13, 2021
13
Apr'21
Millions of devices at risk from NAME:WRECK DNS bugs
Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk
-
April 11, 2021
11
Apr'21
Executive interview: Unleashing blockchain’s potential
Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology
-
April 07, 2021
07
Apr'21
Unpatched SAP applications are target-rich ground for hackers
Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities
-
March 31, 2021
31
Mar'21
Cyber Security Council to champion UK security pros
A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base
-
March 25, 2021
25
Mar'21
Four in five UK businesses seek new security suppliers
Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves
-
March 16, 2021
16
Mar'21
Microsoft releases one-click ProxyLogon mitigation tool
Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers
-
March 16, 2021
16
Mar'21
Government calls for input into Covid-19 vaccine passports
Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme
-
March 15, 2021
15
Mar'21
Microsoft Exchange ProxyLogon attacks spike 10 times in four days
Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days
-
March 12, 2021
12
Mar'21
NCSC issues emergency alert on Microsoft Exchange patch
UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately
-
March 12, 2021
12
Mar'21
DearCry ransomware targets vulnerable Exchange servers
As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority
-
March 11, 2021
11
Mar'21
Norwegian government falls victim to Microsoft attacks
Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers
-
March 10, 2021
10
Mar'21
Patch Tuesday overshadowed by Microsoft Exchange attacks
Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks
-
March 05, 2021
05
Mar'21
Williams F1 car launch disrupted by data leak
Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack
-
March 05, 2021
05
Mar'21
Singapore Airlines the latest victim of supply chain attack
A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system
-
March 04, 2021
04
Mar'21
Microsoft Exchange CVEs more widely exploited than thought
US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer
-
March 03, 2021
03
Mar'21
Emergency patch addresses MS Exchange Server zero-days
Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server
-
February 24, 2021
24
Feb'21
Transport for NSW hit by Accellion breach
Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system
-
February 24, 2021
24
Feb'21
Vaccine passports prove an ethical minefield
Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design
-
February 24, 2021
24
Feb'21
Is Clubhouse safe, and should CISOs stop its use?
With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it
-
February 18, 2021
18
Feb'21
2020 a record year for cyber, thanks to Covid
The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy
-
February 18, 2021
18
Feb'21
Fingerprints will help payment cards retain relevance
Biometric payment cards using fingerprint technology could add billions to global banking revenues, says UBS
-
February 16, 2021
16
Feb'21
RDP, SSH exposures off the charts thanks to remote working
The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report
-
February 15, 2021
15
Feb'21
NCSC recognises UK’s top cyber schools
National Cyber Security Centre CyberFirst Schools initiative has handed out 14 gold, silver and bronze awards recognising excellence in cyber security teaching
-
February 11, 2021
11
Feb'21
Low-complexity CVEs a growing concern
Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments
-
February 11, 2021
11
Feb'21
Singtel falls prey to supply chain attack
The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack
-
February 10, 2021
10
Feb'21
Windows 10, Server 2019 users must patch serious zero-day
Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update
-
February 05, 2021
05
Feb'21
Google Chrome update to patch serious zero-day
A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible
-
February 04, 2021
04
Feb'21
SolarWinds chases multiple leads in breach investigation
Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised
-
February 03, 2021
03
Feb'21
SolarWinds patches two critical CVEs in Orion platform
New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet
-
January 27, 2021
27
Jan'21
Emergency Apple updates patch exploited zero-days
Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately
-
January 20, 2021
20
Jan'21
Malwarebytes also hit by SolarWinds attackers
The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals
-
January 17, 2021
17
Jan'21
NCSC CyberFirst Girls 2021 contest kicks off
UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic
-
January 14, 2021
14
Jan'21
APAC firms grapple with cyber security amid pandemic
Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work
-
January 13, 2021
13
Jan'21
Critical zero-day features in first Patch Tuesday of 2021
Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender
-
January 12, 2021
12
Jan'21
Palo Alto Networks opens Australia cloud location
The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services
-
January 12, 2021
12
Jan'21
Mimecast latest security firm to be compromised
Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident
-
January 12, 2021
12
Jan'21
Early stage UK security startups face funding crisis
Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away
-
January 11, 2021
11
Jan'21
New SolarWinds CEO sets out rescue plan
Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community
-
January 11, 2021
11
Jan'21
Kaspersky claims link between Solorigate and Kazuar backdoors
Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship
-
January 11, 2021
11
Jan'21
New Zealand central bank IT system breached in cyber attack
Bank is responding to a cyber attack after hackers breached the system of a third-party supplier
-
January 08, 2021
08
Jan'21
Which? online banking investigation reveals ‘worrying gaps’ in security
Consumer rights organisation has ranked the security of UK online current account providers
-
December 24, 2020
24
Dec'20
Top 10 cyber crime stories of 2020
Here are Computer Weekly’s top 10 cyber crime stories of 2020
-
December 23, 2020
23
Dec'20
Top 10 cyber security stories of 2020
Here are Computer Weekly’s 10 top cyber security stories of 2020
-
December 18, 2020
18
Dec'20
Finnish government tables laws to protect data from cyber criminals
Government is strengthening its legal framework to protect data from hackers in the wake of a massive breach at a psychotherapy centre
-
December 17, 2020
17
Dec'20
Dodgy browser extensions put social media users at risk
More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast
-
December 17, 2020
17
Dec'20
FireEye and partners release SolarWinds kill-switch
A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue
-
December 11, 2020
11
Dec'20
Disputed PostgreSQL bug exploited in cryptomining botnet
PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL
-
December 09, 2020
09
Dec'20
Amnesia:33 IoT flaws dangerous and patches unlikely, say experts
The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users
-
December 09, 2020
09
Dec'20
Patch Tuesday: Microsoft presents just 58 CVEs for Christmas
The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance
-
December 08, 2020
08
Dec'20
Russian state actors exploiting VMware bug to hijack data, users warned
Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings
-
December 07, 2020
07
Dec'20
Grindr and others patch critical Android bug
Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability
-
December 04, 2020
04
Dec'20
Avast and Borsetta to support Intel’s AI security project
Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project
-
December 03, 2020
03
Dec'20
Lax Android app developers putting millions of users at risk
Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk
-
December 02, 2020
02
Dec'20
Singapore government remains ‘juicy target’ for cyber attackers
The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats
-
November 26, 2020
26
Nov'20
APAC plagued by APT, ransomware attacks
The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020
-
November 24, 2020
24
Nov'20
Belgian security researcher hacks Tesla with Raspberry Pi
Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard
-
November 11, 2020
11
Nov'20
Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates
November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of
-
November 10, 2020
10
Nov'20
IT Priorities 2020: After Covid-19, security goes back to basics
This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals
-
November 05, 2020
05
Nov'20
Microsoft to support next generation of security startups
Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups
-
October 28, 2020
28
Oct'20
Trump supporters targeted by cryptocurrency scammers
The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime
-
October 28, 2020
28
Oct'20
Barracuda eyes Indochina markets
Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos
-
October 21, 2020
21
Oct'20
NSA’s top CVE list a timely reminder to patch
Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies
-
October 21, 2020
21
Oct'20
Trump and Biden campaign apps easy targets for cyber criminals
You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it
-
October 14, 2020
14
Oct'20
Microsoft fixes 87 bugs in October 2020 Patch Tuesday
Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019
-
October 13, 2020
13
Oct'20
Suppliers neglecting virtual appliance security, putting users at risk
Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report
-
October 12, 2020
12
Oct'20
Five Eyes spy group again demands access to private messages
Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms
-
October 12, 2020
12
Oct'20
Cyber security skills ad branded ‘crass’ by minister
Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic
-
October 12, 2020
12
Oct'20
Making sense of zero-trust security
Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint
-
October 09, 2020
09
Oct'20
Magecart strikes website of school payments service Wisepay
Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period
-
October 08, 2020
08
Oct'20
NCSC relaunches SME security guide with home working focus
The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020
-
October 05, 2020
05
Oct'20
MosaicRegressor APT campaign using rare malware variant
Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware
-
October 02, 2020
02
Oct'20
Find and fix your Adobe Flash dependencies, says NCSC
As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies
-
September 30, 2020
30
Sep'20
GitHub makes code vulnerability scanning feature public
Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage
-
September 29, 2020
29
Sep'20
NCSC expands schools programme to north-east England and Northern Ireland
Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland
-
September 28, 2020
28
Sep'20
TikTok ban stayed after last-minute court case
TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States
-
September 28, 2020
28
Sep'20
Security now main driving force behind digital transformation
Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda
-
September 24, 2020
24
Sep'20
Third-party code bug left Instagram users at risk of account takeover
A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device
-
September 24, 2020
24
Sep'20
Race to patch as Microsoft confirms Zerologon attacks in the wild
Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug
-
September 22, 2020
22
Sep'20
Scam mobile apps spreading via rogue TikTok accounts
Malicious TikTok accounts are promoting a number of adware scam mobile apps
-
September 21, 2020
21
Sep'20
Big questions to be answered over TikTok and WeChat reprieve
TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain
-
September 17, 2020
17
Sep'20
Saudi Arabia sees cyber security boom as coronavirus bites
Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods
-
September 16, 2020
16
Sep'20
Retailers urged to get to grips with Magento as attacks spike
A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento
-
September 16, 2020
16
Sep'20
Lorca security scaleups to get Splunk data expertise
Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise
-
September 15, 2020
15
Sep'20
Risky development practice leaves company access keys exposed
Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development
-
September 15, 2020
15
Sep'20
TikTok-Oracle partnership moves forward for consideration
Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China
-
September 14, 2020
14
Sep'20
Microsoft drops out of TikTok talks, paves way for Oracle partnership
Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle
-
September 10, 2020
10
Sep'20
Cyber security is next frontier for open source
Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM
-
September 10, 2020
10
Sep'20
Lorca security scaleups hit funding milestone
£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target
-
September 09, 2020
09
Sep'20
September’s Patch Tuesday heavy on RCE vulnerabilities
Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues
-
September 06, 2020
06
Sep'20
Why predictive threat intelligence is key
Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur
-
September 02, 2020
02
Sep'20
Northumbria University suffers major disruption after cyber attack
Some exams cancelled as university appoints external specialists to investigate incident
-
August 25, 2020
25
Aug'20
TikTok takes Trump to court
Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US
-
August 18, 2020
18
Aug'20
Reports Oracle to enter TikTok bidding war
Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT
-
August 12, 2020
12
Aug'20
Microsoft patches two zero-days with active exploits
Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals
-
August 11, 2020
11
Aug'20
Citrix users urged to patch five XenMobile CVEs
Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible
-
August 06, 2020
06
Aug'20
Qualcomm chip vulnerability puts millions of phones at risk
Qualcomm has patched multiple vulnerabilities in its chip hardware that left hundreds of millions of smartphones open to compromise by malicious actors