News
Web application security
-
June 29, 2021
29
Jun'21
Video game industry under relentless cyber attacks
Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns
-
June 28, 2021
28
Jun'21
Lazada rolls out public bug bounty programme
Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty
-
June 25, 2021
25
Jun'21
AWS launches bug-busting programme for developers
Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console
-
June 18, 2021
18
Jun'21
NHS App reaches six million users, thanks to Covid vaccine feature
More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status
-
June 18, 2021
18
Jun'21
Lorca Ignite programme targets breakout cyber talent
Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme
-
June 09, 2021
09
Jun'21
Microsoft fixes seven zero-days on its Patch Tuesday rounds
Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update
-
June 07, 2021
07
Jun'21
Siloscape malware a risk to Windows containers, Kubernetes
Palo Alto’s Unit 42 reports on what appears to be the first-recorded malware targeting Kubernetes clusters through Windows containers
-
June 07, 2021
07
Jun'21
DNS attacks on the rise in APAC
Attacks on the domain name system in Asia-Pacific grew by 15% last year, with Malaysian organisations seeing the sharpest rise in damages among countries in the region
-
June 03, 2021
03
Jun'21
Norway’s auditor general lifts lid on energy industry’s cyber security risks
Auditor General’s Office questions the security posture of Norway’s energy industry
-
June 03, 2021
03
Jun'21
Pandemic a ‘once-in-a-lifetime’ chance to reshape security
The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up
-
May 26, 2021
26
May'21
More data stolen in January 2021 than in all of 2017, says report
The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva
-
May 25, 2021
25
May'21
Legacy vulnerabilities may be biggest enterprise cyber risk
While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats
-
May 24, 2021
24
May'21
Dutch researchers build security software to mimic human immune system
Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection
-
May 24, 2021
24
May'21
Why the security stack needs to move to the edge
Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge
-
May 21, 2021
21
May'21
Lack of developer attention to cloud security prompts alerts
The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations
-
May 20, 2021
20
May'21
Malicious scans for at-risk systems start minutes after disclosure
Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes
-
May 14, 2021
14
May'21
Okta and Auth0 to expand APAC coverage
Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic
-
May 13, 2021
13
May'21
Publishing exploit code does more harm than good, says report
Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security
-
May 13, 2021
13
May'21
Refuge launches tech safety site for domestic abuse victims
Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse
-
May 12, 2021
12
May'21
UK to fund national cyber teams in Global South
Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity
-
May 11, 2021
11
May'21
Collaboration key to success of UK’s Cyber Security Council
The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event
-
May 10, 2021
10
May'21
NCSC Active Cyber Defence blocks surge of pandemic scams
The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic
-
May 07, 2021
07
May'21
Reddit enlists HackerOne to run public bug bounty programme
Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet
-
April 30, 2021
30
Apr'21
EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful
Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat
-
April 28, 2021
28
Apr'21
Recruiters can’t afford to hold out for cyber ‘unicorns’
The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic
-
April 27, 2021
27
Apr'21
Apple OS updates patch multiple security holes
The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible
-
April 27, 2021
27
Apr'21
The Security Interviews: Making sense of outbound email security
Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this
-
April 22, 2021
22
Apr'21
ToxicEye malware exploits Telegram messaging service
The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye
-
April 20, 2021
20
Apr'21
Health app myGP adds Covid-19 vaccine passport function
The new feature is described as the UK’s first NHS-assured Covid-19 certification feature
-
April 20, 2021
20
Apr'21
Codecov supply chain attack has echoes of SolarWinds
Supply chain attack on code auditing service may have compromised the likes of HPE and IBM
-
April 20, 2021
20
Apr'21
Singapore’s ViewQwest debuts security service
ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats
-
April 16, 2021
16
Apr'21
Finnish government strengthens country’s IT network security
Finland’s government has created a new national organisation to help public and private bodies improve network security
-
April 15, 2021
15
Apr'21
Microsoft is most impersonated brand in phishing attempts
Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts
-
April 14, 2021
14
Apr'21
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency
-
April 13, 2021
13
Apr'21
MP told to ditch official email over hacking fears
MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked
-
April 09, 2021
09
Apr'21
Egypt, Italy and US most affected in Facebook leak
Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook
-
April 09, 2021
09
Apr'21
NCSC: Using your pet’s name as a password is very stupid
If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said
-
April 07, 2021
07
Apr'21
Facebook ducks calls to apologise over huge data leak
Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise
-
March 31, 2021
31
Mar'21
Cyber Security Council to champion UK security pros
A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base
-
March 26, 2021
26
Mar'21
Remote working burn-out a factor in security risk
After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected
-
March 25, 2021
25
Mar'21
Four in five UK businesses seek new security suppliers
Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves
-
March 25, 2021
25
Mar'21
Facebook disrupts Chinese espionage operation
Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority
-
March 18, 2021
18
Mar'21
Vaccine passports cannot put basic rights at risk, warns BCS
BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports
-
March 17, 2021
17
Mar'21
Digital Green Certificate proposed for travel in Europe
Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union
-
March 16, 2021
16
Mar'21
Government calls for input into Covid-19 vaccine passports
Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme
-
March 12, 2021
12
Mar'21
NCSC issues emergency alert on Microsoft Exchange patch
UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately
-
March 12, 2021
12
Mar'21
DearCry ransomware targets vulnerable Exchange servers
As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority
-
March 11, 2021
11
Mar'21
After Emotet takedown, Trickbot roars up threat charts
Malicious actors are turning to new tricks as Emotet fades away
-
March 11, 2021
11
Mar'21
Norwegian government falls victim to Microsoft attacks
Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers
-
March 10, 2021
10
Mar'21
Patch Tuesday overshadowed by Microsoft Exchange attacks
Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks