News
Application security and coding requirements
-
August 05, 2021
05
Aug'21
Cloud misconfiguration a growing cause of security incidents
Rapid cloud adoption during the pandemic has increased the attack surface and heightened the risk of misconfiguring services, leaving organisations more vulnerable to cyber attacks
-
August 04, 2021
04
Aug'21
Initial access brokers unaffected by ransomware content bans
Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021
-
August 03, 2021
03
Aug'21
UK MoD turns to hackers to help secure digital assets
Hackers given direct access to internal Ministry of Defence systems to identify and report security vulnerabilities
-
July 29, 2021
29
Jul'21
Technical hiccups force Babuk ransomware gang to change tactics
The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee
-
July 27, 2021
27
Jul'21
TikTok sets up cyber security hub in Dublin
Dublin-based cyber centre will oversee the security of TikTok’s users across Europe
-
July 27, 2021
27
Jul'21
How IBM is solving the data privacy problem
IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy
-
July 26, 2021
26
Jul'21
Malicious actors turn to obscure programming languages
Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences
-
July 16, 2021
16
Jul'21
Legacy SonicWall kit exploited in ransom campaign
Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign
-
July 14, 2021
14
Jul'21
Multiple Microsoft bugs being actively exploited
Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited
-
July 13, 2021
13
Jul'21
Modipwn vulnerability puts millions of building systems at risk
Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover
-
July 08, 2021
08
Jul'21
PrintNightmare haunts Microsoft as patch may miss mark
Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied
-
July 07, 2021
07
Jul'21
Opportunists seen targeting Kaseya REvil victims
Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident
-
July 02, 2021
02
Jul'21
Should I be worried about PrintNightmare?
The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?
-
July 02, 2021
02
Jul'21
Cyber attackers up the ante on embattled IT teams
Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements
-
July 01, 2021
01
Jul'21
Nominations open for 2021 Security Serious Unsung Heroes Awards
Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators
-
June 25, 2021
25
Jun'21
AWS launches bug-busting programme for developers
Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console
-
June 23, 2021
23
Jun'21
How containerisation helps VW develop car software
Volkswagen’s R&D centre is working with Red Hat to use containerisation to improve how it develops and tests software for the control systems in cars
-
June 18, 2021
18
Jun'21
NHS App reaches six million users, thanks to Covid vaccine feature
More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status
-
June 18, 2021
18
Jun'21
Lorca Ignite programme targets breakout cyber talent
Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme
-
June 09, 2021
09
Jun'21
Microsoft fixes seven zero-days on its Patch Tuesday rounds
Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update
-
June 03, 2021
03
Jun'21
Norway’s auditor general lifts lid on energy industry’s cyber security risks
Auditor General’s Office questions the security posture of Norway’s energy industry
-
June 03, 2021
03
Jun'21
Pandemic a ‘once-in-a-lifetime’ chance to reshape security
The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up
-
May 24, 2021
24
May'21
Dutch researchers build security software to mimic human immune system
Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection
-
May 21, 2021
21
May'21
Lack of developer attention to cloud security prompts alerts
The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations
-
May 14, 2021
14
May'21
Okta and Auth0 to expand APAC coverage
Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic
-
May 13, 2021
13
May'21
Publishing exploit code does more harm than good, says report
Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security
-
May 12, 2021
12
May'21
Microsoft fixes four critical bugs on lighter Patch Tuesday
Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away
-
May 11, 2021
11
May'21
Collaboration key to success of UK’s Cyber Security Council
The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event
-
May 07, 2021
07
May'21
Reddit enlists HackerOne to run public bug bounty programme
Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet
-
May 07, 2021
07
May'21
Ransomware, supply chain attacks show no sign of abating
Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors
-
April 28, 2021
28
Apr'21
Recruiters can’t afford to hold out for cyber ‘unicorns’
The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic
-
April 27, 2021
27
Apr'21
Apple OS updates patch multiple security holes
The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible
-
April 27, 2021
27
Apr'21
North London school wins NCSC girls’ cyber challenge
Highgate School in North London is the winner of this year’s CyberFirst Girls security competition
-
April 27, 2021
27
Apr'21
The Security Interviews: Making sense of outbound email security
Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this
-
April 22, 2021
22
Apr'21
Automation, zero-trust, API-based security priorities for EMEA CISOs
Report by FireMon sheds light on buyer behaviour across the EMEA region
-
April 20, 2021
20
Apr'21
Health app myGP adds Covid-19 vaccine passport function
The new feature is described as the UK’s first NHS-assured Covid-19 certification feature
-
April 20, 2021
20
Apr'21
UK’s proposed IoT cyber security law gathers momentum
New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security
-
April 20, 2021
20
Apr'21
Codecov supply chain attack has echoes of SolarWinds
Supply chain attack on code auditing service may have compromised the likes of HPE and IBM
-
April 16, 2021
16
Apr'21
Finnish government strengthens country’s IT network security
Finland’s government has created a new national organisation to help public and private bodies improve network security
-
April 14, 2021
14
Apr'21
FBI accesses ProxyLogon target servers to disrupt cyber criminals
US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation
-
April 14, 2021
14
Apr'21
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency
-
April 13, 2021
13
Apr'21
Millions of devices at risk from NAME:WRECK DNS bugs
Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk
-
April 11, 2021
11
Apr'21
Executive interview: Unleashing blockchain’s potential
Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology
-
April 07, 2021
07
Apr'21
Unpatched SAP applications are target-rich ground for hackers
Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities
-
March 31, 2021
31
Mar'21
Cyber Security Council to champion UK security pros
A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base
-
March 25, 2021
25
Mar'21
Four in five UK businesses seek new security suppliers
Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves
-
March 16, 2021
16
Mar'21
Microsoft releases one-click ProxyLogon mitigation tool
Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers
-
March 16, 2021
16
Mar'21
Government calls for input into Covid-19 vaccine passports
Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme
-
March 15, 2021
15
Mar'21
Microsoft Exchange ProxyLogon attacks spike 10 times in four days
Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days
-
March 12, 2021
12
Mar'21
NCSC issues emergency alert on Microsoft Exchange patch
UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately