News

Application security and coding requirements

• July 06, 2020 06 Jul'20

  Lorca scale-ups bring diverse security to the fore

  London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort

• July 06, 2020 06 Jul'20

  North Korea behind spate of Magecart attacks

  The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec

• July 01, 2020 01 Jul'20

  UK’s unsung cyber security heroes sought

  Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards

• July 01, 2020 01 Jul'20

  Zoom making progress on cyber security and privacy, says CEO

  Three months after being hit by a spate of security incidents, Zoom’s CEO, Eric Yuan, has been discussing progress towards a more secure product

• July 01, 2020 01 Jul'20

  Mysterious EvilQuest macOS ransomware spreads through torrents

  A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly

• July 01, 2020 01 Jul'20

  FakeSpy Android malware targets Royal Mail app users

  The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous

• June 25, 2020 25 Jun'20

  Pub ‘check-in’ apps provoke fresh privacy concerns

  With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened

• June 23, 2020 23 Jun'20

  Neurodiversity on the rise among career hackers

  More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd

• June 23, 2020 23 Jun'20

  Flash-based MacOS malware hides in plain sight

  By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences

• June 18, 2020 18 Jun'20

  Cisco patches dangerous Webex vulnerability

  CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service

• June 17, 2020 17 Jun'20

  Coronavirus: Cyber security spend to slow in 2020

  Analysts revise down previous growth targets for security technology as the Covid-19 pandemic bites

• June 16, 2020 16 Jun'20

  Activists call on Zoom to implement encryption for all

  A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users

• June 15, 2020 15 Jun'20

  Accessories store Claire’s hit by Magecart credit card fraudsters

  Attackers gained access to retailer’s website as long ago as March

• June 14, 2020 14 Jun'20

  Coronavirus: Enterprise VPN adoption in India set to rise

  Advancement in cloud technologies and secured remote access to applications will significantly contribute to the overall growth of India’s VPN market, says GlobalData

• June 11, 2020 11 Jun'20

  CISOs buying into unified security proposition

  The time is right for all-in-one security solutions, according to a report

• June 10, 2020 10 Jun'20

  Government to fund nine advanced security projects

  Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets

• June 10, 2020 10 Jun'20

  Decade-old vulnerability among 129 Patch Tuesday fixes

  A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks

• June 10, 2020 10 Jun'20

  Virtual GP practice accidentally exposes patient video calls

  A small number of users of Babylon’s GP at Hand service were briefly able to view other patients’ video GP consultations thanks to a bug in a new software feature

• June 10, 2020 10 Jun'20

  How Australian firms can defend against supply chain attacks

  Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm

• June 09, 2020 09 Jun'20

  Poorly-secured AWS buckets used to launch Magecart attacks

  Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data

• June 08, 2020 08 Jun'20

  What it takes to get DevSecOps right

  DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools

• June 05, 2020 05 Jun'20

  Police chiefs working with Public Health England on contact-tracing security

  Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme

• June 04, 2020 04 Jun'20

  The Security Interviews: How the BSI protects the IoT from itself

  David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely

• June 01, 2020 01 Jun'20

  Privacy campaigners call for radical changes to contact-tracing app

  Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether

• May 28, 2020 28 May'20

  Public Health England to keep contact-tracing data for 20 years

  PHE will retain the data it collects via the NHS Test and Trace programme for 20 years

• May 27, 2020 27 May'20

  Enterprise clouds hammered by cyber attacks during pandemic

  Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee

• May 27, 2020 27 May'20

  Fears contact-tracing app will open the floodgates for cyber criminals

  Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government

• May 26, 2020 26 May'20

  StrandHogg mobile vulnerability has evil twin

  Variant of the dangerous StrandHogg vulnerability affecting Android phones could allow hackers to access almost all apps on a target device

• May 19, 2020 19 May'20

  Cancelled NCSC CyberUK event gets green light for 2021

  The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales

• May 18, 2020 18 May'20

  DevOps improve code quality, but security must happen sooner

  GitLab survey finds developers are adopting DevOps to improve code quality, but more needs to be done on secure coding

• May 14, 2020 14 May'20

  Harman seeks to bring private member’s bill over contact tracing

  Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary

• May 14, 2020 14 May'20

  Venafi buys cloud protection service Jetstack

  Jetstack specialises in open source machine identity protection software for Kubernetes and cloud native ecosystems

• May 14, 2020 14 May'20

  UK’s contact-tracing app targeted by scammers

  Even though it is only operational on the Isle of Wight as a beta test, the UK government’s coronavirus contact-tracing app has already attracted the attention of cyber criminals

• May 13, 2020 13 May'20

  Report reveals inadequate cyber security at Schiphol Airport

  A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport

• May 13, 2020 13 May'20

  Microsoft fixes 16 critical vulnerabilities on Patch Tuesday

  The trend towards mammoth Patch Tuesdays continues as Microsoft fixes 111 vulnerabilities

• May 12, 2020 12 May'20

  Draft Covid-19 contact tracing legislation proposes formal oversight

  Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app

• May 07, 2020 07 May'20

  Zoom buys secure messaging service Keybase

  Unified comms platform Zoom says the acquisition of Keybase will finally let it bring end-to-end encryption to the table

• May 07, 2020 07 May'20

  Contact-tracing app fails to protect privacy and human rights

  Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee

• May 07, 2020 07 May'20

  Next round of Zoom updates targets consumer security

  Casual consumer users of Zoom will get additional protections in an update to be released over the long weekend

• May 06, 2020 06 May'20

  Re-purposing data and questionable effectiveness could undermine trust in NHS contact-tracing app

  Experts call for greater clarity over how contact-tracing data will be used, while discussing the limitations of the coronavirus app

• May 04, 2020 04 May'20

  Xen Orchestra latest victim of Salt cryptojackers

  More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward

• May 04, 2020 04 May'20

  Blogging platform Ghost hacked through Salt vulnerability

  Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability

• May 04, 2020 04 May'20

  IT Priorities 2020: Compliance and risk are top security concerns

  When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study

• April 30, 2020 30 Apr'20

  Mobile banking customers at risk from new EventBot trojan

  Customers of Barclays, HSBC, Santander and many other banks should be alert to a dangerous new trojan

• April 28, 2020 28 Apr'20

  Under the spotlight, video apps rush to strengthen security

  Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement

• April 24, 2020 24 Apr'20

  The Security Interviews: Can AV go from dodgy scareware to cyber hero?

  Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing

• April 23, 2020 23 Apr'20

  iOS zero-day leaves iPhone users dangerously exposed

  Researchers identify dangerous vulnerabilities in Apple’s iOS operating system that allow remote code execution on target devices

• April 23, 2020 23 Apr'20

  Zoom to roll out fresh cyber security updates

  New features include support for advanced AES 256-bit encryption

• April 20, 2020 20 Apr'20

  Dutch organisations address business email compromise fraud

  Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks

• April 15, 2020 15 Apr'20

  Coronavirus: Standard Chartered bans employees from Zoom

  Standard Chartered is the first bank to have instructed its staff to refrain from using Zoom