News

Application security and coding requirements

• September 27, 2024 27 Sep'24

  Printing vulnerability affecting Linux distros raises alarm

  Security pros need to get in front of a series of vulnerabilities affecting the Cups Linux printing service after an apparently botched disclosure process saw technical details published in advance of a patch

• September 25, 2024 25 Sep'24

  CrowdStrike apologises to US government for global mega-outage

  CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history

• September 25, 2024 25 Sep'24

  Splunk and Cisco integration moving apace

  Splunk is rapidly integrating with Cisco’s technology to enable seamless transitions between their platforms while delivering advanced threat detection capabilities

• September 23, 2024 23 Sep'24

  Microsoft shares progress on Secure Future Initiative

  Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture

• September 17, 2024 17 Sep'24

  First CyberBoost Catalyse startup cohort named

  The first group of companies named to a cyber incubator programme run by Plexal and the National University of Singapore includes two growing UK businesses

• September 13, 2024 13 Sep'24

  Cyber workforce must almost double to meet global talent need

  Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses

• September 11, 2024 11 Sep'24

  How Sonar is elevating code quality in the age of AI

  Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market

• September 10, 2024 10 Sep'24

  JFrog and GitHub unveil open source security integrations

  Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform

• September 09, 2024 09 Sep'24

  Multiple Veeam vulns spark concern among defenders

  Veeam users are urged to patch a series of vulnerabilities in the firm’s Backup & Replication product to get out ahead of potential exploitation by ransomware gangs

• September 04, 2024 04 Sep'24

  PyPI loophole puts thousands of packages at risk of compromise

  Thousands of PyPI packages are at risk of an attack technique dubbed Revival Hijack, which exploits a loophole in the platform’s package naming feature

• August 29, 2024 29 Aug'24

  Study highlights secure software supply chain best practices

  Security trends report from open source firm shows the approaches IT leaders take to secure their software supply chain

• August 28, 2024 28 Aug'24

  Global cyber spend to rise 15% in 2025, pushed along by AI

  Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner

• August 19, 2024 19 Aug'24

  Challenges of deploying PQC globally

  Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy

• August 19, 2024 19 Aug'24

  Popular Microsoft apps for Mac at risk of code injection attacks

  Researchers at Cisco Talos turn up evidence suggesting that Microsoft apps running on the Apple macOS operating system are not as secure as they seem

• August 16, 2024 16 Aug'24

  Thousands of NetSuite customers accidentally exposing their data

  Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say

• August 14, 2024 14 Aug'24

  August Patch Tuesday proves busy with six zero-days to fix

  Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update

• August 13, 2024 13 Aug'24

  NIST debuts three quantum-safe encryption algorithms

  NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can

• August 07, 2024 07 Aug'24

  Microsoft and CrowdStrike hit back at Delta’s legal threats

  Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...

• August 06, 2024 06 Aug'24

  2024 seeing more CVEs than ever before, but few are weaponised

  The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies

• August 05, 2024 05 Aug'24

  Chinese cyber attack sparks alert over six-year-old MS vuln

  After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824

• August 02, 2024 02 Aug'24

  How CrowdStrike is leveraging AI to empower security teams

  CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help to enhance analyst efficiency and tackle cyber security challenges

• August 01, 2024 01 Aug'24

  CrowdStrike shareholders sue, alleging false security claims

  A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage

• July 31, 2024 31 Jul'24

  API attacks surge by 65% in APAC, fuelled by rapid digitisation

  Akamai's report reveals a significant rise in cyber attacks on web applications and APIs in the region over the past year, with financial and commerce sectors hardest hit

• July 29, 2024 29 Jul'24

  Scam CrowdStrike domains growing in volume

  Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out

• July 29, 2024 29 Jul'24

  CrowdStrike says most Falcon sensors now up and running

  The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week

• July 25, 2024 25 Jul'24

  Why is CrowdStrike allowed to run in the Windows kernel?

  Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS

• July 24, 2024 24 Jul'24

  CrowdStrike blames outage on content configuration update

  CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world

• July 24, 2024 24 Jul'24

  CrowdStrike chaos: Enterprises urged to take protective action in wake of botched software update

  Enterprises that emerged unscathed from the roll-out of the botched CrowdStrike software update are being urged to view it as a wake-up call rather than a lucky escape

• July 23, 2024 23 Jul'24

  Innovations to power secure-by-design development

  Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident

• July 23, 2024 23 Jul'24

  Why did CrowdStrike cause the Windows Blue Screen?

  The ‘blue screen of death’ signals a catastrophic Windows failure, which is exactly what many people faced on 19 July 2024 – but why did it happen?

• July 22, 2024 22 Jul'24

  CrowdStrike chaos shows risks of concentrated ‘big IT’

  The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous

• July 16, 2024 16 Jul'24

  Incubator Plexal heads to Singapore for CyberBoost

  Cyber startup hub Plexal expands its presence to Singapore through a new initiative, and sets its sights on helping new UK businesses break into the booming Asia-Pacific market

• July 15, 2024 15 Jul'24

  How Snowflake is tackling AI challenges

  Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations

• July 11, 2024 11 Jul'24

  Dutch research firm TNO pictures the SOC of the future

  In only a few years, security operations centres will have a different design and layout, and far fewer will remain

• July 09, 2024 09 Jul'24

  Hyper-V zero-day stands out on a busy Patch Tuesday

  Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention

• June 13, 2024 13 Jun'24

  Black Basta ransomware crew may be exploiting Microsoft zero-day

  A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn

• May 15, 2024 15 May'24

  Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday

  A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention

• May 15, 2024 15 May'24

  Government focuses on improving AI security

  Two codes of practice are now available to help developers boost the security of their AI applications

• May 06, 2024 06 May'24

  Microsoft beefs up cyber initiative after hard-hitting US report

  Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems

• May 03, 2024 03 May'24

  Adobe expands bug bounty programme to account for GenAI

  Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence

• May 03, 2024 03 May'24

  Patch GitLab vuln without delay, users warned

  The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern

• May 02, 2024 02 May'24

  How Okta is fending off identity-based attacks

  Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks

• May 01, 2024 01 May'24

  Australia’s Qantas apologises for mobile app data breach

  Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions

• May 01, 2024 01 May'24

  Secure coding benchmark to increase standards among developers

  Developer security advocate Secure Code Warrior has launched what it claims is the industry’s first benchmark designed to quantify the security competence of its customers’ software developer teams

• April 25, 2024 25 Apr'24

  Zero trust is a strategy, not a technology

  Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag

• April 24, 2024 24 Apr'24

  Mandatory MFA pays off for GitHub and OSS community

  Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further

• April 18, 2024 18 Apr'24

  CSA warns of emerging security risks with cloud and AI

  Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh

• April 16, 2024 16 Apr'24

  CW Innovation Awards: Balancing security and user experience

  The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access

• April 15, 2024 15 Apr'24

  More social engineering attacks on open source projects observed

  In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks

• April 10, 2024 10 Apr'24

  Cyber crooks poison GitHub search to fool developers

  Researchers share data on new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to distribute malware