News

Application security and coding requirements

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 22, 2023 22 Aug'23

  Singapore to bolster OT security capabilities

  Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns

• August 16, 2023 16 Aug'23

  CyberArk eyes growth beyond PAM

  CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management

• August 12, 2023 12 Aug'23

  Datacentre management vulnerabilities leave public clouds at risk

  At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure

• August 10, 2023 10 Aug'23

  Google speeds up security update frequency for Chrome

  Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities

• August 09, 2023 09 Aug'23

  Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

  Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks

• August 07, 2023 07 Aug'23

  Microsoft fixes Azure flaw that was subject of researcher criticism

  Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes

• August 04, 2023 04 Aug'23

  Log4Shell, ProxyShell still among most widely exploited flaws

  Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list

• August 04, 2023 04 Aug'23

  Biden’s SBOM mandate a ‘shot heard around the world’, report says

  Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response

• August 03, 2023 03 Aug'23

  Microsoft attacked over ‘grossly irresponsible’ security practice

  The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’

• August 02, 2023 02 Aug'23

  Ivanti MDM users told to patch against two dangerous flaws

  Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government

• July 28, 2023 28 Jul'23

  How Indian organisations are keeping pace with cyber security

  Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics

• July 27, 2023 27 Jul'23

  Ant Group teams with NTU to advance privacy-preserving technologies

  The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties

• July 18, 2023 18 Jul'23

  Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

  Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed

• July 12, 2023 12 Jul'23

  Hackers: We won’t let artificial intelligence get the better of us

  AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker

• July 12, 2023 12 Jul'23

  Microsoft users on high alert over dangerous RCE zero-day

  A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet

• July 11, 2023 11 Jul'23

  Apple pushes Rapid Response patch to fix WebKit zero-day

  Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser

• July 07, 2023 07 Jul'23

  Suspicious email reported every five seconds in UK

  National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year

• July 07, 2023 07 Jul'23

  JumpCloud issues notice to customers to refresh API keys

  JumpCloud has asked its customers to update their API cryptographic keys following a security incident

• June 27, 2023 27 Jun'23

  WithSecure forges ahead with green coding initiative

  WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow

• June 23, 2023 23 Jun'23

  Phishing and ransomware dominate Singapore’s cyber threat landscape

  Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene

• June 14, 2023 14 Jun'23

  No zero-days for June Patch Tuesday, but plenty to chew over

  On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention

• June 14, 2023 14 Jun'23

  Cyber attacks against APAC commerce sector surpass 1.1 billion

  Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings

• June 12, 2023 12 Jun'23

  Ofcom data stolen in MOVEit cyber attack

  Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang

• June 12, 2023 12 Jun'23

  Progress Software releases patch for second MOVEit Transfer vulnerability

  Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning

• June 08, 2023 08 Jun'23

  Vulnerability exploitation volumes up over 50% in 2022

  Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild

• June 08, 2023 08 Jun'23

  Clop may have been sitting on MOVEit vulnerability for two years

  The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years

• May 17, 2023 17 May'23

  Pentera ups ante in penetration testing

  The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform

• May 15, 2023 15 May'23

  MS macro-blocking has forced cyber criminals to innovate

  One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate

• May 10, 2023 10 May'23

  Secure Boot vulnerability causes Patch Tuesday headache for admins

  Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft

• May 04, 2023 04 May'23

  Inside BlackBerry’s cyber security playbook

  BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises

• May 03, 2023 03 May'23

  Cyber Action Plan for Wales launched

  The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country

• May 03, 2023 03 May'23

  TikTok fixes vulnerability that could have exposed user activity data

  A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed

• May 03, 2023 03 May'23

  Mystery Apple security update sparks speculation

  Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed

• April 27, 2023 27 Apr'23

  Tenable opens playground for generative AI cyber tools

  A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with

• April 21, 2023 21 Apr'23

  Prototype cyber tech has revolutionary potential

  The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies

• April 20, 2023 20 Apr'23

  3CX incident may be world’s first double supply chain attack

  It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise

• April 19, 2023 19 Apr'23

  Global finance firms take part in NATO cyber attack simulation

  Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure

• April 19, 2023 19 Apr'23

  How organisations can succeed with zero trust

  By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm

• April 18, 2023 18 Apr'23

  Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms

  The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens

• April 18, 2023 18 Apr'23

  Focus on these three risky behaviours to boost cloud security

  Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report

• April 13, 2023 13 Apr'23

  Thousands at risk from critical RCE bug in legacy MS service

  Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running

• April 12, 2023 12 Apr'23

  April Patch Tuesday fixes zero-day used to deliver ransomware

  A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update

• April 03, 2023 03 Apr'23

  CIO interview: Carter Busse, CIO, Workato

  Workato CIO Carter Busse talks up the company’s approach towards automation and its efforts to drive the technology across its business

• March 30, 2023 30 Mar'23

  OSC&R supply chain security framework goes live on Github

  The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework

• March 30, 2023 30 Mar'23

  3CX unified comms users hit by supply chain attacks

  Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors