News

Web application security

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  MP told to ditch official email over hacking fears

  MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked

• April 09, 2021 09 Apr'21

  Egypt, Italy and US most affected in Facebook leak

  Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook

• April 09, 2021 09 Apr'21

  NCSC: Using your pet’s name as a password is very stupid

  If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said

• April 07, 2021 07 Apr'21

  Facebook ducks calls to apologise over huge data leak

  Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise

• March 31, 2021 31 Mar'21

  Cyber Security Council to champion UK security pros

  A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base

• March 26, 2021 26 Mar'21

  Remote working burn-out a factor in security risk

  After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected

• March 25, 2021 25 Mar'21

  Four in five UK businesses seek new security suppliers

  Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves

• March 25, 2021 25 Mar'21

  Facebook disrupts Chinese espionage operation

  Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority

• March 18, 2021 18 Mar'21

  Vaccine passports cannot put basic rights at risk, warns BCS

  BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports

• March 17, 2021 17 Mar'21

  Digital Green Certificate proposed for travel in Europe

  Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union

• March 16, 2021 16 Mar'21

  Government calls for input into Covid-19 vaccine passports

  Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme

• March 12, 2021 12 Mar'21

  NCSC issues emergency alert on Microsoft Exchange patch

  UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately

• March 12, 2021 12 Mar'21

  DearCry ransomware targets vulnerable Exchange servers

  As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority

• March 11, 2021 11 Mar'21

  After Emotet takedown, Trickbot roars up threat charts

  Malicious actors are turning to new tricks as Emotet fades away

• March 11, 2021 11 Mar'21

  Norwegian government falls victim to Microsoft attacks

  Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers

• March 10, 2021 10 Mar'21

  Patch Tuesday overshadowed by Microsoft Exchange attacks

  Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks

• March 09, 2021 09 Mar'21

  Significant jump in number of hackers reporting vulnerabilities to companies

  Since the onset of the Covid-19 pandemic, the number of hackers reporting security vulnerabilities and bugs to enterprises has increased by nearly two-thirds

• March 05, 2021 05 Mar'21

  Williams F1 car launch disrupted by data leak

  Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack

• March 04, 2021 04 Mar'21

  Okta picks up Auth0 for $6.5bn

  Multibillion-dollar acquisition a vote of confidence in future of identity and access management services

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Is Clubhouse safe, and should CISOs stop its use?

  With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it

• February 24, 2021 24 Feb'21

  Warning on security risk from virtual events platforms

  Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack

• February 18, 2021 18 Feb'21

  2020 a record year for cyber, thanks to Covid

  The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy

• February 16, 2021 16 Feb'21

  RDP, SSH exposures off the charts thanks to remote working

  The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report

• February 11, 2021 11 Feb'21

  Low-complexity CVEs a growing concern

  Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments

• February 10, 2021 10 Feb'21

  Dating app users warned to watch out for scammers

  A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report

• February 10, 2021 10 Feb'21

  Windows 10, Server 2019 users must patch serious zero-day

  Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update

• February 09, 2021 09 Feb'21

  Data breaches are a ticking timebomb for consumers

  Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure

• February 09, 2021 09 Feb'21

  NHS reports fewer phishing emails in 2020

  The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020

• February 05, 2021 05 Feb'21

  Google Chrome update to patch serious zero-day

  A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible

• February 04, 2021 04 Feb'21

  SolarWinds chases multiple leads in breach investigation

  Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• January 27, 2021 27 Jan'21

  Grindr complaint results in €9.6m GDPR fine

  Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices

• January 27, 2021 27 Jan'21

  Emergency Apple updates patch exploited zero-days

  Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals

• January 19, 2021 19 Jan'21

  Click fraud levels reach new heights in pandemic

  Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Palo Alto Networks opens Australia cloud location

  The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Early stage UK security startups face funding crisis

  Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 17, 2020 17 Dec'20

  Dodgy browser extensions put social media users at risk

  More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast

• December 17, 2020 17 Dec'20

  FireEye and partners release SolarWinds kill-switch

  A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue

• December 10, 2020 10 Dec'20

  French regulators fine Google and Amazon over cookie policies

  Google and Amazon rapped over their use of advertising cookies by the French data protection authorities

• December 09, 2020 09 Dec'20

  Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

  The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users

• December 09, 2020 09 Dec'20

  Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

  The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance