News
Application security and coding requirements
-
September 11, 2023
11
Sep'23
Salesforce and Zoom embrace ethical hackers. You should, too
Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers
-
September 05, 2023
05
Sep'23
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed
-
September 01, 2023
01
Sep'23
Threat actors exploiting unpatched Juniper Networks devices
A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed
-
August 30, 2023
30
Aug'23
NCSC warns over possible AI prompt injection attacks
The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots
-
August 22, 2023
22
Aug'23
Singapore to bolster OT security capabilities
Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities
-
August 17, 2023
17
Aug'23
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns
-
August 16, 2023
16
Aug'23
CyberArk eyes growth beyond PAM
CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management
-
August 12, 2023
12
Aug'23
Datacentre management vulnerabilities leave public clouds at risk
At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure
-
August 10, 2023
10
Aug'23
Google speeds up security update frequency for Chrome
Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities
-
August 09, 2023
09
Aug'23
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks
-
August 07, 2023
07
Aug'23
Microsoft fixes Azure flaw that was subject of researcher criticism
Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes
-
August 04, 2023
04
Aug'23
Log4Shell, ProxyShell still among most widely exploited flaws
Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list
-
August 04, 2023
04
Aug'23
Biden’s SBOM mandate a ‘shot heard around the world’, report says
Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response
-
August 03, 2023
03
Aug'23
Microsoft attacked over ‘grossly irresponsible’ security practice
The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’
-
August 02, 2023
02
Aug'23
Ivanti MDM users told to patch against two dangerous flaws
Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government
-
July 28, 2023
28
Jul'23
How Indian organisations are keeping pace with cyber security
Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics
-
July 27, 2023
27
Jul'23
Ant Group teams with NTU to advance privacy-preserving technologies
The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties
-
July 18, 2023
18
Jul'23
Critical Adobe ColdFusion flaws chained in ongoing cyber attacks
Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed
-
July 12, 2023
12
Jul'23
Hackers: We won’t let artificial intelligence get the better of us
AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker
-
July 12, 2023
12
Jul'23
Microsoft users on high alert over dangerous RCE zero-day
A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet
-
July 11, 2023
11
Jul'23
Apple pushes Rapid Response patch to fix WebKit zero-day
Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser
-
July 07, 2023
07
Jul'23
Suspicious email reported every five seconds in UK
National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year
-
July 07, 2023
07
Jul'23
JumpCloud issues notice to customers to refresh API keys
JumpCloud has asked its customers to update their API cryptographic keys following a security incident
-
June 27, 2023
27
Jun'23
WithSecure forges ahead with green coding initiative
WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow
-
June 23, 2023
23
Jun'23
Phishing and ransomware dominate Singapore’s cyber threat landscape
Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene
-
June 14, 2023
14
Jun'23
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention
-
June 14, 2023
14
Jun'23
Cyber attacks against APAC commerce sector surpass 1.1 billion
Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings
-
June 12, 2023
12
Jun'23
Ofcom data stolen in MOVEit cyber attack
Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang
-
June 12, 2023
12
Jun'23
Progress Software releases patch for second MOVEit Transfer vulnerability
Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning
-
June 08, 2023
08
Jun'23
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild
-
June 08, 2023
08
Jun'23
Clop may have been sitting on MOVEit vulnerability for two years
The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years
-
May 17, 2023
17
May'23
Pentera ups ante in penetration testing
The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform
-
May 15, 2023
15
May'23
MS macro-blocking has forced cyber criminals to innovate
One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate
-
May 10, 2023
10
May'23
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft
-
May 04, 2023
04
May'23
Inside BlackBerry’s cyber security playbook
BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises
-
May 03, 2023
03
May'23
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country
-
May 03, 2023
03
May'23
TikTok fixes vulnerability that could have exposed user activity data
A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed
-
May 03, 2023
03
May'23
Mystery Apple security update sparks speculation
Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed
-
April 27, 2023
27
Apr'23
Tenable opens playground for generative AI cyber tools
A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with
-
April 21, 2023
21
Apr'23
Prototype cyber tech has revolutionary potential
The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies
-
April 20, 2023
20
Apr'23
3CX incident may be world’s first double supply chain attack
It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise
-
April 19, 2023
19
Apr'23
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure
-
April 19, 2023
19
Apr'23
How organisations can succeed with zero trust
By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm
-
April 18, 2023
18
Apr'23
Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms
The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens
-
April 18, 2023
18
Apr'23
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report
-
April 13, 2023
13
Apr'23
Thousands at risk from critical RCE bug in legacy MS service
Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running
-
April 12, 2023
12
Apr'23
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update
-
April 03, 2023
03
Apr'23
CIO interview: Carter Busse, CIO, Workato
Workato CIO Carter Busse talks up the company’s approach towards automation and its efforts to drive the technology across its business
-
March 30, 2023
30
Mar'23
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework
-
March 30, 2023
30
Mar'23
3CX unified comms users hit by supply chain attacks
Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors