News
Web application security
-
November 10, 2021
10
Nov'21
November Patch Tuesday drop fixes bugs in Excel, Exchange Server
Another relatively light Patch Tuesday drop from Microsoft addresses 55 vulnerabilities, two of them already being exploited
-
November 08, 2021
08
Nov'21
How cosmetics retailer Lush made over its approach to authentication
Evolving approaches to IT at cosmetics retailer Lush meant the organisation’s previous approach to authentication was no longer up to scratch. Find out how it overcame this hurdle
-
November 04, 2021
04
Nov'21
The Netherlands works on resilience with large-scale national cyber exercise
For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care
-
November 03, 2021
03
Nov'21
Spyware firm NSO and others added to US banned Entity List
US government bans target Israeli spyware makers and cyber firms in Russia and Singapore
-
October 21, 2021
21
Oct'21
Airport operator MAG boosts threat visibility with hybrid SOC
With budget concerns weighing heavy during the pandemic, Manchester Airports Group ditched an impending capex-heavy cyber investment in favour of a hybrid managed/in-house approach. Learn more about its experience
-
October 13, 2021
13
Oct'21
Google Cybersecurity Action Team springs into life
Google has announced a new Cybersecurity Action Team, with a mission to support security and digital transformation in governments, critical infrastructure, enterprises and small businesses
-
October 13, 2021
13
Oct'21
FCA warns over future hybrid working security risks
Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure
-
October 13, 2021
13
Oct'21
Microsoft warns of MysterySnail on October Patch Tuesday
Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets
-
October 08, 2021
08
Oct'21
Craft beer specialist Brewdog fixes serious app vulnerability
Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers
-
October 07, 2021
07
Oct'21
Twitch data breach investigations continue
Investigations are ongoing into a 125GB data breach that hit livestreaming platform Twitch, apparently the work of hacktivists
-
October 06, 2021
06
Oct'21
Gaming service Twitch hacked, data leaked
Users of livestreaming platform Twitch may be at risk after a 125GB torrent of data was leaked
-
October 06, 2021
06
Oct'21
Apache web server users urged to patch immediately
New zero-day in Apache HTTP Server is already being actively exploited and must be addressed immediately
-
October 06, 2021
06
Oct'21
Auto-enrolment begins for Google multi-factor authentication
Google has started to turn on multi-factor authentication on consumer accounts by default, and aims to auto-enrol 150 million users by the end of 2021
-
October 06, 2021
06
Oct'21
Israeli Orca to invest in UK cyber scene
Tel Aviv-headquartered Orca Security wants to set up a new R&D centre in the UK
-
October 05, 2021
05
Oct'21
New Python-based ransomware attacks unfold in record time
Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs
-
October 01, 2021
01
Oct'21
Amnesty International exploited in malware campaign
According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app
-
September 23, 2021
23
Sep'21
MoD in second leak of Afghan citizens’ data
A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence
-
September 23, 2021
23
Sep'21
Threat actors target VMware vCenter Server users
Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste
-
September 16, 2021
16
Sep'21
Dutch education administrators underestimate threat of cyber crime
Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks
-
September 15, 2021
15
Sep'21
Microsoft patches 66 vulnerabilities in September update
Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga
-
September 15, 2021
15
Sep'21
Australia and Singapore have higher incidences of insecure databases
Five-year longitudinal study by Imperva shows the proportion of databases with at least one known vulnerability in Australia and Singapore are among the world’s highest
-
September 14, 2021
14
Sep'21
Mass health tracker data breach has UK impact
The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK
-
September 09, 2021
09
Sep'21
Latest Microsoft zero-day being actively exploited
New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks
-
September 01, 2021
01
Sep'21
Experts warn on Office 365 phishing attacks
Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques
-
August 24, 2021
24
Aug'21
13 million malware attacks on Linux seen in wild
Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services
-
August 24, 2021
24
Aug'21
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited
-
August 19, 2021
19
Aug'21
Pub apps harvesting swathes of customer data unnecessarily
Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners
-
August 18, 2021
18
Aug'21
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks
-
August 18, 2021
18
Aug'21
Global VPN downloads soar in first half of 2021
Song remains the same with VPNs as repressive regimes’ continued regulatory demands and remote working see virtual private network usage rocket over the first six months of the year
-
August 17, 2021
17
Aug'21
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture
-
August 13, 2021
13
Aug'21
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses
-
August 11, 2021
11
Aug'21
The Netherlands still lacks digital resilience, says report
Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient
-
August 10, 2021
10
Aug'21
How Grab is using Kafka in fraud detection
Grab is using Apache Kafka in its fraud detection and prevention platform to ingest event streams from its mobile software development kits and client backends to pick up fraudulent activities
-
August 04, 2021
04
Aug'21
Initial access brokers unaffected by ransomware content bans
Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021
-
July 27, 2021
27
Jul'21
US lawmakers call for probe into ‘arrogant’ spyware firm
US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal
-
July 27, 2021
27
Jul'21
TikTok sets up cyber security hub in Dublin
Dublin-based cyber centre will oversee the security of TikTok’s users across Europe
-
July 26, 2021
26
Jul'21
Malicious actors turn to obscure programming languages
Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences
-
July 19, 2021
19
Jul'21
Pegasus mobile RAT abused to monitor journalists and activists
Israel-based surveillance specialist NSO Group is facing renewed pressure after it emerged its Pegasus mobile surveillance tool may be being widely abused by repressive regimes
-
July 14, 2021
14
Jul'21
Multiple Microsoft bugs being actively exploited
Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited
-
July 12, 2021
12
Jul'21
Kaseya VSA services coming online after week-long outage
Kaseya has successfully deployed a patch to its ransomware-hit VSA product as per a revised schedule, and customers are beginning to come back online
-
July 08, 2021
08
Jul'21
PrintNightmare haunts Microsoft as patch may miss mark
Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied
-
July 07, 2021
07
Jul'21
ICO to probe Hancock over private email use
Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business
-
July 07, 2021
07
Jul'21
Opportunists seen targeting Kaseya REvil victims
Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident
-
July 06, 2021
06
Jul'21
About 60 Kaseya customers hit by REvil
Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend
-
July 02, 2021
02
Jul'21
Should I be worried about PrintNightmare?
The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?
-
July 02, 2021
02
Jul'21
Cyber attackers up the ante on embattled IT teams
Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements
-
July 01, 2021
01
Jul'21
Cyber espionage campaign targeted central Asian states
The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT
-
July 01, 2021
01
Jul'21
Nominations open for 2021 Security Serious Unsung Heroes Awards
Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators
-
June 30, 2021
30
Jun'21
LinkedIn denies exposure of 700 million user records is a data breach
Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach
-
June 30, 2021
30
Jun'21
Cops seize criminal VPN used by ransomware gangs
A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity