News
Web application security
-
May 15, 2024
15
May'24
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday
A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention
-
May 06, 2024
06
May'24
Microsoft beefs up cyber initiative after hard-hitting US report
Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems
-
May 03, 2024
03
May'24
Adobe expands bug bounty programme to account for GenAI
Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence
-
May 02, 2024
02
May'24
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks
-
May 01, 2024
01
May'24
Australia’s Qantas apologises for mobile app data breach
Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions
-
May 01, 2024
01
May'24
Secure coding benchmark to increase standards among developers
Developer security advocate Secure Code Warrior has launched what it claims is the industry’s first benchmark designed to quantify the security competence of its customers’ software developer teams
-
April 30, 2024
30
Apr'24
Bad bot traffic in Australia grew 23% in 2023
Traffic from bad bots that perform malicious tasks accounted for 30.2% of Australia’s internet traffic in 2023
-
April 25, 2024
25
Apr'24
Zero trust is a strategy, not a technology
Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag
-
April 24, 2024
24
Apr'24
Mandatory MFA pays off for GitHub and OSS community
Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further
-
April 24, 2024
24
Apr'24
Cyber training leader KnowBe4 to buy email security firm Egress
Security awareness training and phishing simulation specialist KnowBe4 is to buy email security expert Egress
-
April 24, 2024
24
Apr'24
TikTok ban sails through US Senate
A law that will ban TikTok in the US unless its owner sells up pronto passed the US Senate by a landslide majority after being included in a package of military aid
-
April 16, 2024
16
Apr'24
CW Innovation Awards: Balancing security and user experience
The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access
-
April 15, 2024
15
Apr'24
More social engineering attacks on open source projects observed
In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks
-
April 12, 2024
12
Apr'24
Apple iPhone security alert renews spyware concerns
An Apple security alert received by users in 92 countries raises fresh fears over ongoing campaigns by users of mercenary spyware products
-
April 10, 2024
10
Apr'24
Cyber crooks poison GitHub search to fool developers
Researchers share data on new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to distribute malware
-
April 10, 2024
10
Apr'24
Salesforce helps customers establish bug bounty programmes
Salesforce has added new learning content to its Trailhead platform designed to help customers develop their own bug bounty programmes
-
April 08, 2024
08
Apr'24
What Cisco’s Splunk acquisition means for APAC customers
APAC organisations can expect better visibility and insights into their networks and applications along with automation and response capabilities to improve their digital resilience
-
April 01, 2024
01
Apr'24
Open source alert over intentionally placed backdoor
A backdoor in the open source XZ Utils data compression library could have led to widespread compromise across the Linux ecosystem - and the community is on the trail of a developer who seems to be behind it
-
March 29, 2024
29
Mar'24
Organisations getting better at spotting identity fraud
As the barriers to committing identity fraud continue to drop, organisations should consider more sophisticated technical measures to successfully up their game, according to a report
-
March 28, 2024
28
Mar'24
UK plc going backwards on cyber maturity, Cisco report claims
Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape
-
March 27, 2024
27
Mar'24
Cyber spies, not cyber criminals, behind most zero-day exploitation
Analysis from Google has found that zero-day vulnerabilities are much more heavily exploited for espionage purposes than for financially motivated cyber crime
-
March 21, 2024
21
Mar'24
US sues Apple, alleging smartphone monopoly
A major legal action against Apple over its dominance of the smartphone market has kicked off in the US, alleging anticompetitive practices on Apple’s part that have damaged the sector and restricted consumer choice
-
March 19, 2024
19
Mar'24
Australia’s cyber security spending to grow 11.5% this year
Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner
-
March 13, 2024
13
Mar'24
US authorities move a step closer to banning TikTok
Lawmakers in Washington DC have moved a step closer to enacting a broad national ban on controversial video app TikTok in the US, with global ramifications
-
March 12, 2024
12
Mar'24
March Patch Tuesday throws up two critical Hyper-V flaws
Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday
-
March 08, 2024
08
Mar'24
OSS leaders detail commitments to bolster software security
CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives
-
March 06, 2024
06
Mar'24
Apple patches zero-days amid ‘foundational’ post-quantum update
Apple’s iOS 17.4 update not only fixes zero-day flaws that are being actively exploited, but includes important new security protocols to safeguard users against future attacks
-
March 05, 2024
05
Mar'24
Rapid7 hits out over botched vulnerability disclosure
Software development firm JetBrains and security specialist Rapid7 fall out over the handling of a critical vulnerability disclosure, while customers are left rushing to patch
-
February 27, 2024
27
Feb'24
Black Basta and Bl00dy ransomware gangs exploiting ConnectWise vulns
More ransomware gangs have been observed exploiting two dangerous vulnerabilities in ConnectWise ScreenConnect software, prompting new warnings for users to get patching
-
February 27, 2024
27
Feb'24
VulnCheck bug listing to help track new threats quicker
Exploit intelligence firm VulnCheck launches a proprietary Known Exploited Vulnerabilities catalogue in hopes of improving end-user access to intel on emerging threats and reaching those that the likes of CISA do not
-
February 22, 2024
22
Feb'24
Cyber experts alarmed by ‘trivial’ ConnectWise vulns
The disclosure of two dangerous vulnerabilities in the popular ConnectWise ScreenConnect product is drawing comparisons with major cyber incidents, including the 2021 Kaseya attack
-
February 21, 2024
21
Feb'24
CVE volumes set to increase 25% this year
The number of reported Common Vulnerabilities and Exposures is likely to grow significantly in 2024, hitting a new high of almost 35,000, according to Coalition, a cyber insurance specialist
-
February 15, 2024
15
Feb'24
Security-by-design push prompts new ISC2 accreditations
Security-by-design has become a hot-button regulatory issue. ISC2 has decided now is the time to upskill cyber pros around these vital software and hardware development principles
-
February 14, 2024
14
Feb'24
Microsoft: Nation-state hackers are exploiting ChatGPT
Threat actors from China, Iran, North Korea and Russia have all been probing use cases for generative AI service ChatGPT, but have yet to use such tools in a full-blown cyber attack
-
February 14, 2024
14
Feb'24
Microsoft patches two zero-days for Valentine’s Day
Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among more than 70 issues
-
February 13, 2024
13
Feb'24
New variants of Qakbot malware under development
Despite its infrastructure having been taken down by the FBI last year, someone appears to be actively working on a new and improved version of the infamous Qakbot malware
-
February 13, 2024
13
Feb'24
Hunter-killer malware volumes seen surging
Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences
-
February 09, 2024
09
Feb'24
MoD ethical hacking programme expands after initial success
The Ministry of Defence has expanded the scope of its defensive security partnership with HackerOne
-
January 25, 2024
25
Jan'24
Bugcrowd sees surge in vulnerability submissions, led by public sector
Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023
-
January 24, 2024
24
Jan'24
Inside Cisco’s security platform strategy
Raj Chopra, senior vice-president of Cisco’s security business, outlines the company’s security platform strategy and how it brought different products together into a single platform
-
January 24, 2024
24
Jan'24
Critical vulnerability exposes Fortra GoAnywhere users
Fortra GoAnywhere MFT users must take steps to address a newly disclosed zero-day vulnerability without delay
-
January 24, 2024
24
Jan'24
Salesforce’s bug bounty programme paid out $3m in 2023
Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards
-
January 11, 2024
11
Jan'24
Cisco fixes high-impact flaw in unified comms platform
Cisco unified comms customers are urged to patch a critical vulnerability in Unity Connection, a messaging and voicemail product
-
January 10, 2024
10
Jan'24
Davos 2024: AI-generated disinformation poses threat to elections, says World Economic Forum
Disinformation and misinformation are the top risks facing businesses, governments and the public over the next two years
-
January 10, 2024
10
Jan'24
Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs
Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors
-
January 10, 2024
10
Jan'24
SEC social media hack highlights value of MFA
The US SEC briefly appeared to approve new bitcoin trading rules after a social media account was targeted by troublemakers, proving the value of MFA once again
-
December 21, 2023
21
Dec'23
Top 10 cyber crime stories of 2023
Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics
-
December 19, 2023
19
Dec'23
Top 10 cyber security stories of 2023
The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact
-
December 18, 2023
18
Dec'23
How threat intelligence is applied in DNS security
Infoblox’s director of security architecture explains how the company leverages its threat intelligence capabilities to help organisations stay ahead of DNS security threats
-
December 14, 2023
14
Dec'23
The Security Interviews: Talking identity with Microsoft’s Joy Chik
Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming ...