News
Web application security
-
June 12, 2020
12
Jun'20
NHS email service users ensnared in phishing attack
More than 100 accounts on the NHSmail service were affected by attack, but health service says no patient data was accessed
-
June 12, 2020
12
Jun'20
Fake contact-tracing apps delivering banking trojans
Spoof government coronavirus apps are popping up all over the world, says the Anomali Threat Research team
-
June 12, 2020
12
Jun'20
100,000 cheap wireless cameras vulnerable to hacking
Active devices built by Chinese firm HiChip have been sold in the UK as webcams and connected baby monitors
-
June 12, 2020
12
Jun'20
Twitter kills thousands of misinformation accounts
The accounts were linked to the governments of China, Russia and Turkey, and engaged in systematic operations against pro-democracy activists, political opponents and dissidents
-
June 10, 2020
10
Jun'20
Government to fund nine advanced security projects
Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets
-
June 10, 2020
10
Jun'20
Decade-old vulnerability among 129 Patch Tuesday fixes
A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks
-
June 10, 2020
10
Jun'20
Unsecured Elasticsearch server breached in eight hours flat
Comparitech’s Bob Diachenko wanted to find out how long it would take for hackers to find and attack an unsecured, public internet-facing database, so he set up a honeypot
-
June 10, 2020
10
Jun'20
Virtual GP practice accidentally exposes patient video calls
A small number of users of Babylon’s GP at Hand service were briefly able to view other patients’ video GP consultations thanks to a bug in a new software feature
-
June 09, 2020
09
Jun'20
Poorly-secured AWS buckets used to launch Magecart attacks
Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data
-
June 08, 2020
08
Jun'20
What it takes to get DevSecOps right
DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools
-
June 05, 2020
05
Jun'20
Police chiefs working with Public Health England on contact-tracing security
Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme
-
June 04, 2020
04
Jun'20
Small businesses failing on remote worker protection
Only one-third of people working for small businesses have received any guidance from their employers on how to secure their remote working set-up
-
June 04, 2020
04
Jun'20
Black Lives Matter activists targeted by cyber attacks
Civil liberties organisations are being targeted by far-right trolls as protests over the murder of George Floyd spread worldwide
-
June 04, 2020
04
Jun'20
The Security Interviews: How the BSI protects the IoT from itself
David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely
-
June 04, 2020
04
Jun'20
Coronavirus: Cyber criminals target laid-off workers
Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic
-
June 01, 2020
01
Jun'20
Privacy campaigners call for radical changes to contact-tracing app
Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether
-
May 29, 2020
29
May'20
Test and Trace has not passed data protection impact assessment
Public Health England failed to complete the required impact assessment before launching the Covid-19 Test and Trace programme
-
May 29, 2020
29
May'20
How Sega Europe slashed incident response times using cloud SIEM
Gaming company’s SOC radically improves its operational efficiency with Sumo Logic’s cloud SIEM service
-
May 28, 2020
28
May'20
Public Health England to keep contact-tracing data for 20 years
PHE will retain the data it collects via the NHS Test and Trace programme for 20 years
-
May 27, 2020
27
May'20
Enterprise clouds hammered by cyber attacks during pandemic
Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee
-
May 27, 2020
27
May'20
Fears contact-tracing app will open the floodgates for cyber criminals
Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government
-
May 26, 2020
26
May'20
Android security vulnerabilities differ by country, say researchers
Manufacturers of Android devices including Huawei, Samsung and Xiaomi shipped devices with different levels of security in different regions, leaving their users exposed to attack
-
May 22, 2020
22
May'20
Hancock to Harman: No contact-tracing privacy law
Health secretary claims existing data protection law is good enough to guarantee the security of contact-tracing data
-
May 20, 2020
20
May'20
NCSC discloses multiple vulnerabilities in contact-tracing app
National Cyber Security Centre has received mountains of feedback on the security of the government’s Covid-19 contact-tracing app, and has now taken the step of making multiple disclosures
-
May 20, 2020
20
May'20
Serco exposes contact tracers’ data in email error
Error saw almost 300 coronavirus contact tracers’ email addresses made visible to other recipients of the message
-
May 19, 2020
19
May'20
Cancelled NCSC CyberUK event gets green light for 2021
The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales
-
May 19, 2020
19
May'20
Doubts mount over effectiveness of UK contact-tracing app
Studies from BCS and Anomali reveal that a significant proportion of the UK population is not prepared to download the Covid-19 contact-tracing app
-
May 19, 2020
19
May'20
GitLab makes foray into Southeast Asia
GitLab expands in Southeast Asia with a Singapore presence to shore up its growing footprint across the Asia-Pacific region
-
May 14, 2020
14
May'20
Harman seeks to bring private member’s bill over contact tracing
Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary
-
May 14, 2020
14
May'20
Venafi buys cloud protection service Jetstack
Jetstack specialises in open source machine identity protection software for Kubernetes and cloud native ecosystems
-
May 14, 2020
14
May'20
UK’s contact-tracing app targeted by scammers
Even though it is only operational on the Isle of Wight as a beta test, the UK government’s coronavirus contact-tracing app has already attracted the attention of cyber criminals
-
May 13, 2020
13
May'20
Report reveals inadequate cyber security at Schiphol Airport
A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport
-
May 13, 2020
13
May'20
Microsoft fixes 16 critical vulnerabilities on Patch Tuesday
The trend towards mammoth Patch Tuesdays continues as Microsoft fixes 111 vulnerabilities
-
May 12, 2020
12
May'20
Draft Covid-19 contact tracing legislation proposes formal oversight
Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app
-
May 07, 2020
07
May'20
Zoom buys secure messaging service Keybase
Unified comms platform Zoom says the acquisition of Keybase will finally let it bring end-to-end encryption to the table
-
May 07, 2020
07
May'20
Contact-tracing app fails to protect privacy and human rights
Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee
-
May 07, 2020
07
May'20
Next round of Zoom updates targets consumer security
Casual consumer users of Zoom will get additional protections in an update to be released over the long weekend
-
May 04, 2020
04
May'20
Xen Orchestra latest victim of Salt cryptojackers
More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward
-
May 04, 2020
04
May'20
Blogging platform Ghost hacked through Salt vulnerability
Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability
-
May 04, 2020
04
May'20
IT Priorities 2020: Compliance and risk are top security concerns
When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study
-
April 30, 2020
30
Apr'20
Critical SaltStack vulnerability affects thousands of datacentres
Critical vulnerabilities in the Salt remote task and configuration framework enable hackers to take control of cloud servers and must be patched right away
-
April 30, 2020
30
Apr'20
Mobile banking customers at risk from new EventBot trojan
Customers of Barclays, HSBC, Santander and many other banks should be alert to a dangerous new trojan
-
April 28, 2020
28
Apr'20
Under the spotlight, video apps rush to strengthen security
Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement
-
April 28, 2020
28
Apr'20
Almost half of security pros being redeployed during pandemic
Close to half of cyber security professionals say they have been taken off some or all of their security duties to focus attention elsewhere during the Covid-19 coronavirus pandemic
-
April 28, 2020
28
Apr'20
Black Rose Lucy ransomware now posing as FBI porn warning
A new strain of Russian-developed ransomware impersonates US federal law enforcement to force payment, says Check Point
-
April 27, 2020
27
Apr'20
Microsoft patches .gif file vulnerability in Teams
Vulnerability could have enabled cyber criminals to use a malicious .gif file to scrape user data and take over Teams accounts
-
April 24, 2020
24
Apr'20
The Security Interviews: Can AV go from dodgy scareware to cyber hero?
Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing
-
April 23, 2020
23
Apr'20
iOS zero-day leaves iPhone users dangerously exposed
Researchers identify dangerous vulnerabilities in Apple’s iOS operating system that allow remote code execution on target devices
-
April 23, 2020
23
Apr'20
Zoom to roll out fresh cyber security updates
New features include support for advanced AES 256-bit encryption
-
April 22, 2020
22
Apr'20
Coronavirus: Cyber criminals may be changing tactics
Cyber criminals “may soon shift to heavier exploitation of footholds established through phishing and other scams”, warns Cyber Threat Coalition