News

Application security and coding requirements

• June 25, 2019 25 Jun'19

  UK firms downloading vulnerable open source software

  Vulnerable open source software components are posing a security threat to UK firms, according to a report that also shows how best practice, including automation, can reduce the risk

• June 17, 2019 17 Jun'19

  Inside F5’s cyber security playbook

  F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors

• June 04, 2019 04 Jun'19

  Beware of security blind spots in encrypted traffic

  The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption

• May 02, 2019 02 May'19

  Microservices introduce hidden security complexity, analyst warns

  Microservice architecture – an approach to application development in which applications are built as a suite of modular services – simplifies development but complicates security, says KuppingerCole

• May 01, 2019 01 May'19

  BSA releases framework for secure software

  Software industry advocacy group releases framework to facilitate flexible and comprehensive software security assessments

• April 17, 2019 17 Apr'19

  Nearly a quarter of tech firms do not security check products

  Nearly a quarter of organisations polled do not run security checks on products, and nearly a third admitted to shipping products with known security vulnerabilities, a survey shows

• April 15, 2019 15 Apr'19

  How Palo Alto Networks fends off its cyber adversaries

  Palo Alto Networks CIO Naveen Zutshi talks up the company’s approach in keeping threat actors at bay

• January 30, 2019 30 Jan'19

  How traffic scrubbing can guard against DDoS attacks

  Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed

• January 10, 2019 10 Jan'19

  UK firms say £6.6bn annual security testing cost too high

  Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high

• January 06, 2019 06 Jan'19

  Singapore Airlines’ software glitch exposed customer data

  More than 280 members of the Krisflyer frequent flyer programme had their personal information compromised by a one-off software bug

• December 18, 2018 18 Dec'18

  APAC cyber security landscape to be more tumultuous in 2019

  Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene

• November 02, 2018 02 Nov'18

  DevSecOps not limited to coding, says analyst

  DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole

• October 16, 2018 16 Oct'18

  UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC

  The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states

• October 11, 2018 11 Oct'18

  Optus to acquire Hivint in cyber security deal

  The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents

• October 04, 2018 04 Oct'18

  Apps are gateway to business data for cyber attackers

  Application security is becoming increasingly important because apps are often the main way cyber attackers are getting into corporate networks, a threat researcher warns

• October 03, 2018 03 Oct'18

  Majority of businesses believe they are open to cyber attack

  More than two-thirds of businesses believe their network is open to attack, a report on the state of web application security reveals

• September 27, 2018 27 Sep'18

  Norwegian state discusses vulnerabilities with IT sector

  Government is collaborating with the country’s IT industry to improve the availability of security expertise

• September 19, 2018 19 Sep'18

  Equifax fined by ICO for security failings

  The Information Commissioners Office has fined Equifax UK in relation to a data breach at its UK parent last year

• September 11, 2018 11 Sep'18

  British Airways data breach: Security researchers name suspects and query attack timeline

  Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought

• September 10, 2018 10 Sep'18

  Cyber criminals outspend businesses in cyber security battle

  Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result

• August 23, 2018 23 Aug'18

  Apache Struts users urged to update due to new security flaw

  Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017

• August 10, 2018 10 Aug'18

  Microsoft looks at a Windows VM to sandbox rogue code

  A feature revealed in the Windows Insider programme may appear in a future Windows 10 update for enterprises

• August 06, 2018 06 Aug'18

  Virus outbreak at iPhone chip plant could delay shipments

  A computer virus at an iPhone chip manufacturing plant could delay shipments of Apple’s latest smartphones, but the impact will be limited, say analysts

• August 01, 2018 01 Aug'18

  Bromium evolves virtualisation-based security

  Virtualisation-based security firm Bromium has evolved its technology to offer bidirectional protection for applications and underlying operating systems

• July 30, 2018 30 Jul'18

  Pentagon flags risky software suppliers

  The Pentagon has drawn up a list of software suppliers that it wants the US military and defence contractors to avoid due to fears of risks to national security

• July 26, 2018 26 Jul'18

  Software development remains insecure

  The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development

• July 25, 2018 25 Jul'18

  ERP applications are under cyber attack, research confirms

  ERP applications are increasingly being targeted by cyber criminals, hacktivists and nation-state actors, a report reveals

• July 25, 2018 25 Jul'18

  Apache OpenWhisk users urged to patch

  IBM has patched vulnerabilities in its Cloud Functions service that is based on Apache OpenWhisk in response to vulnerability disclosures, and all other users are urged to do the same

• July 25, 2018 25 Jul'18

  Application attacks demand new security approach

  Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise

• July 24, 2018 24 Jul'18

  Google wants to ease hybrid cloud woes

  Cloud supplier Google claims its Cloud Service Platform will alleviate complexities in managing microservices in a hybrid IT environment

• July 24, 2018 24 Jul'18

  Most firms have software security vulnerability

  Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed

• July 17, 2018 17 Jul'18

  A third of organisations do not have a security expert, survey shows

  Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey

• July 12, 2018 12 Jul'18

  Cyber attackers cashing in on ‘hidden’ attack surface

  Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals

• July 11, 2018 11 Jul'18

  White-hat hackers find record number of vulnerabilities

  White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals

• July 09, 2018 09 Jul'18

  Inside one of the world’s largest bug bounty programmes

  Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug

• June 27, 2018 27 Jun'18

  Brexit a greater risk to UK financial system than cyber attack

  While Brexit is seen as the biggest risk to the stability of the UK financial system, cyber attack is the most difficult risk to manage for over half of firms

• June 26, 2018 26 Jun'18

  High-Tech Bridge bets on machine learning capabilities

  Machine learning has a great potential to drive the automation of some security tasks to free up information security professionals to do more strategic work, says High-Tech Bridge founder

• June 19, 2018 19 Jun'18

  Singapore remains hotbed for cyber threats

  Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency

• June 11, 2018 11 Jun'18

  APAC remains a hotbed for software piracy

  The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware

• May 24, 2018 24 May'18

  Grab outlines its approach to cyber security

  Singapore-based ride-hailing company prefers detective controls rather than preventive ones to deter cyber threats – an approach it claims is less intrusive and costly to implement

• May 09, 2018 09 May'18

  Nutanix builds hooks to SDN and cloud with Flow, Era and Beam

  Hyper-converged pioneer builds in functionality from acquisitions with Flow software-defined networking, Beam cloud monitoring and Era database provisioning and data protection

• May 08, 2018 08 May'18

  Majority of security professionals favour shorter disclosure deadline

  Google’s Project Zero unit’s 90-day deadline for software suppliers to disclose vulnerabilities has always been controversial, but a survey reveals that most security professionals feel even that is too long

• May 03, 2018 03 May'18

  City Police use Lego simulation to teach businesses cyber security

  City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life

• April 18, 2018 18 Apr'18

  APAC is becoming a hotspot for DDoS attacks

  The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink

• April 11, 2018 11 Apr'18

  Government to set up £13.5m cyber security centre

  Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security

• March 28, 2018 28 Mar'18

  Facebook announces more privacy control updates

  Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns

• March 26, 2018 26 Mar'18

  Dutch SMEs’ cyber security is insufficient

  Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security

• March 20, 2018 20 Mar'18

  Firms need to move from DevOps to DevSecOps, says expert

  In the face of competition, organisations are turning to DevOps to improve efficiency and accelerate innovation, but this is creating new security risks, an industry expert warns

• March 19, 2018 19 Mar'18

  C-suite a cyber attack risk, say security chiefs

  Those tasked with running organisations are the most likely group to expose them to a major cyber attack, a poll of UK information security executives shows

• March 19, 2018 19 Mar'18

  Heartbleed and Shellshock thriving in Docker community

  DevOps has revolutionised IT, but security best practices are being skimmed over, which means old vulnerabilities are finding a new lease of life in Docker