News
Application security and coding requirements
-
August 19, 2024
19
Aug'24
Challenges of deploying PQC globally
Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy
-
August 19, 2024
19
Aug'24
Popular Microsoft apps for Mac at risk of code injection attacks
Researchers at Cisco Talos turn up evidence suggesting that Microsoft apps running on the Apple macOS operating system are not as secure as they seem
-
August 16, 2024
16
Aug'24
Thousands of NetSuite customers accidentally exposing their data
Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say
-
August 14, 2024
14
Aug'24
August Patch Tuesday proves busy with six zero-days to fix
Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update
-
August 13, 2024
13
Aug'24
NIST debuts three quantum-safe encryption algorithms
NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can
-
August 07, 2024
07
Aug'24
Microsoft and CrowdStrike hit back at Delta’s legal threats
Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...
-
August 06, 2024
06
Aug'24
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies
-
August 05, 2024
05
Aug'24
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824
-
August 02, 2024
02
Aug'24
How CrowdStrike is leveraging AI to empower security teams
CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help to enhance analyst efficiency and tackle cyber security challenges
-
August 01, 2024
01
Aug'24
CrowdStrike shareholders sue, alleging false security claims
A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage
-
July 31, 2024
31
Jul'24
API attacks surge by 65% in APAC, fuelled by rapid digitisation
Akamai's report reveals a significant rise in cyber attacks on web applications and APIs in the region over the past year, with financial and commerce sectors hardest hit
-
July 29, 2024
29
Jul'24
Scam CrowdStrike domains growing in volume
Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out
-
July 29, 2024
29
Jul'24
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week
-
July 25, 2024
25
Jul'24
Why is CrowdStrike allowed to run in the Windows kernel?
Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS
-
July 24, 2024
24
Jul'24
CrowdStrike blames outage on content configuration update
CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world
-
July 24, 2024
24
Jul'24
CrowdStrike chaos: Enterprises urged to take protective action in wake of botched software update
Enterprises that emerged unscathed from the roll-out of the botched CrowdStrike software update are being urged to view it as a wake-up call rather than a lucky escape
-
July 23, 2024
23
Jul'24
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident
-
July 23, 2024
23
Jul'24
Why did CrowdStrike cause the Windows Blue Screen?
The ‘blue screen of death’ signals a catastrophic Windows failure, which is exactly what many people faced on 19 July 2024 – but why did it happen?
-
July 22, 2024
22
Jul'24
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous
-
July 16, 2024
16
Jul'24
Incubator Plexal heads to Singapore for CyberBoost
Cyber startup hub Plexal expands its presence to Singapore through a new initiative, and sets its sights on helping new UK businesses break into the booming Asia-Pacific market
-
July 15, 2024
15
Jul'24
How Snowflake is tackling AI challenges
Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations
-
July 11, 2024
11
Jul'24
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain
-
July 09, 2024
09
Jul'24
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention
-
June 13, 2024
13
Jun'24
Black Basta ransomware crew may be exploiting Microsoft zero-day
A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn
-
May 15, 2024
15
May'24
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday
A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention
-
May 15, 2024
15
May'24
Government focuses on improving AI security
Two codes of practice are now available to help developers boost the security of their AI applications
-
May 06, 2024
06
May'24
Microsoft beefs up cyber initiative after hard-hitting US report
Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems
-
May 03, 2024
03
May'24
Adobe expands bug bounty programme to account for GenAI
Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence
-
May 03, 2024
03
May'24
Patch GitLab vuln without delay, users warned
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern
-
May 02, 2024
02
May'24
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks
-
May 01, 2024
01
May'24
Australia’s Qantas apologises for mobile app data breach
Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions
-
May 01, 2024
01
May'24
Secure coding benchmark to increase standards among developers
Developer security advocate Secure Code Warrior has launched what it claims is the industry’s first benchmark designed to quantify the security competence of its customers’ software developer teams
-
April 25, 2024
25
Apr'24
Zero trust is a strategy, not a technology
Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag
-
April 24, 2024
24
Apr'24
Mandatory MFA pays off for GitHub and OSS community
Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further
-
April 18, 2024
18
Apr'24
CSA warns of emerging security risks with cloud and AI
Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh
-
April 16, 2024
16
Apr'24
CW Innovation Awards: Balancing security and user experience
The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access
-
April 15, 2024
15
Apr'24
More social engineering attacks on open source projects observed
In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks
-
April 10, 2024
10
Apr'24
Cyber crooks poison GitHub search to fool developers
Researchers share data on new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to distribute malware
-
April 10, 2024
10
Apr'24
Salesforce helps customers establish bug bounty programmes
Salesforce has added new learning content to its Trailhead platform designed to help customers develop their own bug bounty programmes
-
April 05, 2024
05
Apr'24
How Oracle Red Bull Racing guards against cyber threats
The F1 team is tapping managed security services, conducting penetration tests and improving security awareness among employees to fend off cyber threats such as phishing and ransomware
-
April 01, 2024
01
Apr'24
Open source alert over intentionally placed backdoor
A backdoor in the open source XZ Utils data compression library could have led to widespread compromise across the Linux ecosystem - and the community is on the trail of a developer who seems to be behind it
-
March 27, 2024
27
Mar'24
Cyber spies, not cyber criminals, behind most zero-day exploitation
Analysis from Google has found that zero-day vulnerabilities are much more heavily exploited for espionage purposes than for financially motivated cyber crime
-
March 26, 2024
26
Mar'24
Apple, Meta and Alphabet under EU scrutiny
Under the new Digital Markets Act, European commissioners are looking at potential issues with the way Apple, Alphabet and Meta operate their platforms
-
March 21, 2024
21
Mar'24
US sues Apple, alleging smartphone monopoly
A major legal action against Apple over its dominance of the smartphone market has kicked off in the US, alleging anticompetitive practices on Apple’s part that have damaged the sector and restricted consumer choice
-
March 19, 2024
19
Mar'24
EMEA security spend will have another boom year in 2024
Cyber security services and technology will once again be the focus of major investment across EMEA during 2024, according to the latest Technology Spending Intentions study from TechTarget and ESG
-
March 19, 2024
19
Mar'24
Australia’s cyber security spending to grow 11.5% this year
Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner
-
March 12, 2024
12
Mar'24
March Patch Tuesday throws up two critical Hyper-V flaws
Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday
-
March 08, 2024
08
Mar'24
OSS leaders detail commitments to bolster software security
CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives
-
March 05, 2024
05
Mar'24
Rapid7 hits out over botched vulnerability disclosure
Software development firm JetBrains and security specialist Rapid7 fall out over the handling of a critical vulnerability disclosure, while customers are left rushing to patch
-
March 05, 2024
05
Mar'24
IT chiefs fear Kubernetes data log overload
IT architectures are set to grow in complexity, and more mission-critical systems are being deployed on Kubernetes, meaning log files are becoming unmanageable