News

Web application security

• October 22, 2020 22 Oct'20

  Protecting remote workers an opportunity to do security better

  Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report

• October 21, 2020 21 Oct'20

  NSA’s top CVE list a timely reminder to patch

  Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies

• October 21, 2020 21 Oct'20

  Trump and Biden campaign apps easy targets for cyber criminals

  You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it

• October 21, 2020 21 Oct'20

  Customer loyalty accounts in danger from cyber criminals

  Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy

• October 20, 2020 20 Oct'20

  Police given access to self-isolation data

  NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules

• October 14, 2020 14 Oct'20

  Microsoft fixes 87 bugs in October 2020 Patch Tuesday

  Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019

• October 13, 2020 13 Oct'20

  Suppliers neglecting virtual appliance security, putting users at risk

  Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report

• October 12, 2020 12 Oct'20

  Five Eyes spy group again demands access to private messages

  Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms

• October 12, 2020 12 Oct'20

  Cyber security skills ad branded ‘crass’ by minister

  Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic

• October 09, 2020 09 Oct'20

  Magecart strikes website of school payments service Wisepay

  Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period

• October 08, 2020 08 Oct'20

  NCSC relaunches SME security guide with home working focus

  The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020

• October 05, 2020 05 Oct'20

  Fake news tops list of online concerns worldwide

  Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation

• October 02, 2020 02 Oct'20

  Find and fix your Adobe Flash dependencies, says NCSC

  As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies

• September 30, 2020 30 Sep'20

  GitHub makes code vulnerability scanning feature public

  Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage

• September 29, 2020 29 Sep'20

  NCSC expands schools programme to north-east England and Northern Ireland

  Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland

• September 29, 2020 29 Sep'20

  NatWest offers online banking customers free security services

  Bank responds to a surge in cyber crime targeting users of online banking services

• September 29, 2020 29 Sep'20

  Remote working world reveals cloud/SaaS security concerns

  Research reveals pivotal moment when the cloud is playing a more important role than ever to support mass remote working, with CISO concerns over cloud security remaining stubbornly high

• September 28, 2020 28 Sep'20

  TikTok ban stayed after last-minute court case

  TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States

• September 28, 2020 28 Sep'20

  Security now main driving force behind digital transformation

  Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda

• September 24, 2020 24 Sep'20

  Third-party code bug left Instagram users at risk of account takeover

  A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device

• September 24, 2020 24 Sep'20

  Government blasted over ‘reckless’ contact-tracing security

  The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security

• September 24, 2020 24 Sep'20

  Race to patch as Microsoft confirms Zerologon attacks in the wild

  Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug

• September 23, 2020 23 Sep'20

  Video gamers barraged with cyber attacks

  From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks

• September 22, 2020 22 Sep'20

  Scam mobile apps spreading via rogue TikTok accounts

  Malicious TikTok accounts are promoting a number of adware scam mobile apps

• September 21, 2020 21 Sep'20

  Big questions to be answered over TikTok and WeChat reprieve

  TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain

• September 18, 2020 18 Sep'20

  Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

  Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump

• September 18, 2020 18 Sep'20

  US government deplatforms TikTok and WeChat

  The Commerce Department of the US government has banned new downloads of TikTok and WeChat in the US, and announced new prohibitions on doing business with them

• September 18, 2020 18 Sep'20

  Rampant Kitten spent six years hacking Iranian dissidents

  Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists

• September 17, 2020 17 Sep'20

  Saudi Arabia sees cyber security boom as coronavirus bites

  Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods

• September 17, 2020 17 Sep'20

  Assange revelations among most important in US history, says Daniel Ellsberg

  Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes

• September 16, 2020 16 Sep'20

  Retailers urged to get to grips with Magento as attacks spike

  A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento

• September 16, 2020 16 Sep'20

  Lorca security scaleups to get Splunk data expertise

  Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise

• September 15, 2020 15 Sep'20

  Risky development practice leaves company access keys exposed

  Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development

• September 15, 2020 15 Sep'20

  TikTok-Oracle partnership moves forward for consideration

  Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China

• September 15, 2020 15 Sep'20

  Data of every Welsh Covid-19 patient leaked online

  Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error

• September 14, 2020 14 Sep'20

  Microsoft drops out of TikTok talks, paves way for Oracle partnership

  Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle

• September 11, 2020 11 Sep'20

  Travel industry websites are laughably insecure, claims Which?

  The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation

• September 10, 2020 10 Sep'20

  Lorca security scaleups hit funding milestone

  £153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target

• September 10, 2020 10 Sep'20

  Government launches £500k healthcare security plan

  A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic

• September 10, 2020 10 Sep'20

  Assange prosecution would put journalists around the world at risk

  Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes WikiLeaks founder Julian Assange, every reporter who receives a secret document will be criminalised

• September 09, 2020 09 Sep'20

  September’s Patch Tuesday heavy on RCE vulnerabilities

  Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues

• September 06, 2020 06 Sep'20

  Why predictive threat intelligence is key

  Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur

• September 02, 2020 02 Sep'20

  Northumbria University suffers major disruption after cyber attack

  Some exams cancelled as university appoints external specialists to investigate incident

• August 28, 2020 28 Aug'20

  Machine learning wards off threats at TV studio Bunim Murray

  TV studio behind reality hits including The Real World and Keeping Up With The Kardashians turned to Darktrace’s Antigena email protection service to keep its people safe from Covid-19 threats

• August 28, 2020 28 Aug'20

  Benefit fraud: Underground trade in stolen identities revealed

  A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds

• August 27, 2020 27 Aug'20

  TikTok CEO clocks off

  TikTok CEO Kevin Mayer has resigned from the firm after just three months

• August 25, 2020 25 Aug'20

  TikTok takes Trump to court

  Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US

• August 21, 2020 21 Aug'20

  TikTok’s GDPR compliance probed amid accusations of data misuse

  Dutch privacy organisation SOMI claims TikTok falls short in protecting young users, and that it is likely violating GDPR

• August 20, 2020 20 Aug'20

  Social media data leak highlights murky world of data scraping

  A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it

• August 18, 2020 18 Aug'20

  Reports Oracle to enter TikTok bidding war

  Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT