News

Application security and coding requirements

• January 10, 2024 10 Jan'24

  Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs

  Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors

• January 02, 2024 02 Jan'24

  China’s UNC4841 pivots to new Barracuda ESG zero-day

  The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas

• December 21, 2023 21 Dec'23

  Top 10 cyber crime stories of 2023

  Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics

• December 19, 2023 19 Dec'23

  Top 10 cyber security stories of 2023

  The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact

• December 13, 2023 13 Dec'23

  Microsoft’s Christmas present for cyber teams: no zero-days

  Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023

• December 06, 2023 06 Dec'23

  Government launches UK-wide Cyber Explorers Cup

  Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition

• November 28, 2023 28 Nov'23

  Volume of unique malware samples threatens to overwhelm defenders

  A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them

• November 23, 2023 23 Nov'23

  North Korean APTs go all in on supply chain attacks, warns NCSC

  Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks

• November 23, 2023 23 Nov'23

  Australia ups ante on cyber security

  Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities

• November 21, 2023 21 Nov'23

  The ‘application generation’ demands more from developers

  The latest Cisco AppDynamics poll of consumers has identified a new breed of app user that has emerged post-pandemic

• November 15, 2023 15 Nov'23

  November Patch Tuesday heralds five new MS zero-days

  Microsoft pushes fixes for five new zero-days in its latest monthly update

• November 15, 2023 15 Nov'23

  How Gigamon is making its mark in deep observability

  Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth

• November 07, 2023 07 Nov'23

  Researchers ‘break’ rule designed to guard against Barracuda vulnerability

  Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective

• November 02, 2023 02 Nov'23

  Admins told to take action over F5 Big-IP platform flaws

  Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 27, 2023 27 Oct'23

  Google launches bug bounties for generative AI attack scenarios

  Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology

• October 24, 2023 24 Oct'23

  Cisco hackers likely taking steps to avoid identification

  Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 24, 2023 24 Oct'23

  Kaspersky opens up over spyware campaign targeting its staffers

  Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group

• October 23, 2023 23 Oct'23

  Cisco pushes update to stop exploitation of two IOS XE zero-days

  Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software

• October 20, 2023 20 Oct'23

  Computer Weekly contributor named Godfather of UK Security

  Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards

• October 19, 2023 19 Oct'23

  Fears grow over extent of Cisco IOS XE zero-day

  Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures

• October 19, 2023 19 Oct'23

  Loughborough Uni to create five cyber AI research posts

  Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security

• October 17, 2023 17 Oct'23

  Alert sounded over dangerous Cisco IOS XE zero-day

  Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems

• October 03, 2023 03 Oct'23

  CIISec scores DSIT funding to expand successful CyberEPQ scheme

  DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date

• September 28, 2023 28 Sep'23

  Businesses disconnected from realities of API security

  Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report

• September 28, 2023 28 Sep'23

  Yahoo picks Intigriti to run crowdsourced bug bounty programme

  Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GitHub fixes race condition that could have led to ‘repojacking’

  A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 13, 2023 13 Sep'23

  Cisco tightens link between observability and security

  The company's observability platform now offers a way for IT decision-makers to understand the impact of security issues

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 22, 2023 22 Aug'23

  Singapore to bolster OT security capabilities

  Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns

• August 16, 2023 16 Aug'23

  CyberArk eyes growth beyond PAM

  CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management

• August 12, 2023 12 Aug'23

  Datacentre management vulnerabilities leave public clouds at risk

  At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure

• August 10, 2023 10 Aug'23

  Google speeds up security update frequency for Chrome

  Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities

• August 09, 2023 09 Aug'23

  Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

  Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks

• August 07, 2023 07 Aug'23

  Microsoft fixes Azure flaw that was subject of researcher criticism

  Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes

• August 04, 2023 04 Aug'23

  Log4Shell, ProxyShell still among most widely exploited flaws

  Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list

• August 04, 2023 04 Aug'23

  Biden’s SBOM mandate a ‘shot heard around the world’, report says

  Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response

• August 03, 2023 03 Aug'23

  Microsoft attacked over ‘grossly irresponsible’ security practice

  The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’

• August 02, 2023 02 Aug'23

  Ivanti MDM users told to patch against two dangerous flaws

  Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government

• July 28, 2023 28 Jul'23

  How Indian organisations are keeping pace with cyber security

  Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics

• July 27, 2023 27 Jul'23

  Ant Group teams with NTU to advance privacy-preserving technologies

  The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties

• July 18, 2023 18 Jul'23

  Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

  Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed

• July 12, 2023 12 Jul'23

  Hackers: We won’t let artificial intelligence get the better of us

  AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker