News

Application security and coding requirements

• August 23, 2022 23 Aug'22

  DevSecOps: Software developers lack sufficient security focus

  GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve

• August 19, 2022 19 Aug'22

  Cozy Bear targets MS 365 environments with new tactics

  Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments

• August 19, 2022 19 Aug'22

  Apple patches two zero-days in macOs, iOS

  Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems

• August 19, 2022 19 Aug'22

  Inside Singapore’s national digital identity journey

  Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years

• August 12, 2022 12 Aug'22

  Microsoft doles out $13.7m in bug bounties

  Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries

• August 10, 2022 10 Aug'22

  GitHub targets vulnerable open source components

  There are thousands of vulnerabilities in open source code – GitHub aims to help developers see if their projects are impacted

• August 10, 2022 10 Aug'22

  Microsoft fixes two-year-old MSDT vulnerability in August update

  August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.

• August 04, 2022 04 Aug'22

  Spyware activity particularly impactful in July

  After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 27, 2022 27 Jul'22

  Retail software firm PrestaShop warns users about SQL injection attacks

  Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise

• July 26, 2022 26 Jul'22

  Visibility and proactive stance needed to secure OT systems

  Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says

• July 25, 2022 25 Jul'22

  Latest Atlassian Confluence vulnerability raises concerns

  CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months

• July 25, 2022 25 Jul'22

  TMT firms among top targets for cyber attacks in Singapore

  Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide

• July 15, 2022 15 Jul'22

  Log4Shell on its way to becoming ‘endemic’

  US government report concludes that, like Covid, Log4Shell will be with us for a long time to come

• July 13, 2022 13 Jul'22

  July Patch Tuesday brings more than 80 fixes, one zero-day

  While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on

• July 12, 2022 12 Jul'22

  Microsoft Windows Autopatch now generally available

  Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service

• July 12, 2022 12 Jul'22

  Singapore doubles down on OT security

  The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state

• July 11, 2022 11 Jul'22

  Microsoft VBA macro block will return

  Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure

• July 08, 2022 08 Jul'22

  Microsoft appears to reverse VBA macro-blocking

  Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled

• July 06, 2022 06 Jul'22

  Plexal seeks new scaleups for next phase of Cyber Runway

  Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme

• June 28, 2022 28 Jun'22

  Avast uncovers ‘thieves’ kitchen’ of malware-writing teens

  Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware

• June 24, 2022 24 Jun'22

  Developers grapple with open source software security

  Software developers are taking longer to fix vulnerabilities and many do not know about the dependencies of open source software components they are using, study finds

• June 23, 2022 23 Jun'22

  SolarWinds unveils new development model to avoid a repeat of Sunburst

  SolarWinds has unveiled a new, secure-by-design software development model to protect itself from a repeat of the infamous 2020 cyber attack on its systems, and serve as a blueprint for the industry

• June 16, 2022 16 Jun'22

  Dundee security research centre opens with support from SBRC

  An £18m hub at Abertay University in Dundee forms the centrepiece of Scotland’s first security research cluster

• June 15, 2022 15 Jun'22

  Patch Tuesday dogged by concerns over Microsoft vulnerability response

  The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure

• June 14, 2022 14 Jun'22

  MS Azure Synapse vulnerability fixed after six-month slog

  Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga

• June 13, 2022 13 Jun'22

  Qatar bolsters cyber security in preparation for World Cup

  With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness

• June 09, 2022 09 Jun'22

  Cyber researchers step in to fill Patch Tuesday’s shoes

  Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss

• June 07, 2022 07 Jun'22

  Software house Mega achieves holistic SaaS security with Synopsys

  Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards

• June 01, 2022 01 Jun'22

  Executive interview: Jeetu Patel, general manager of collaboration and security, Cisco

  Anyone with an idea can help solve a problem if geography and distance don’t matter when bringing in talent, says Cisco’s collaboration and security chief

• June 01, 2022 01 Jun'22

  Security leaders call for more observability for cloud native apps

  New research highlights the challenges CISOs face securing modern, cloud native applications

• May 25, 2022 25 May'22

  Building a pathway to commercial quantum computing

  The shortage of expertise in quantum technologies will drive up salaries. A new report from TechUK assesses the route to commercialisation

• May 23, 2022 23 May'22

  How Ivanti views patch management with a security lens

  Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay

• May 20, 2022 20 May'22

  Microsoft drops emergency patch after Patch Tuesday screw up

  Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates

• May 19, 2022 19 May'22

  Red teaming will be standard in Dutch governmental organisations by 2025

  The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest

• May 18, 2022 18 May'22

  Mastercard biometric programme will allow payment authentication by smile

  Mastercard is inviting banks and merchants to join a programme to set standards for biometric payments technology

• May 17, 2022 17 May'22

  Australian CISOs least prepared for cyber attacks

  Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds

• May 13, 2022 13 May'22

  Open source community sets out path to secure software

  A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US

• May 11, 2022 11 May'22

  Emotet has commanding lead on Check Point monthly threat chart

  Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics

• May 11, 2022 11 May'22

  Microsoft fixes three zero-days on May Patch Tuesday

  It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days

• May 04, 2022 04 May'22

  UK government puts pressure on IT sector to clean up app security

  Apps can be exploited to carry malicious payloads that steal personal information and cause financial loss – and not enough is being done to secure them

• May 03, 2022 03 May'22

  Five TLS comms vulnerabilities hit Aruba, Avaya switching kit

  Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 26, 2022 26 Apr'22

  Emotet tests new tricks to thwart enhanced security

  The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users

• April 25, 2022 25 Apr'22

  Mimecast makes deeper push into ASEAN

  Mimecast opens regional office in Singapore and is looking at setting up a datacentre in Southeast Asia as it makes a deeper push into the region

• April 22, 2022 22 Apr'22

  How Adnovum is leveraging its Swiss roots

  Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats