News

Web application security

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals

• January 19, 2021 19 Jan'21

  Click fraud levels reach new heights in pandemic

  Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Palo Alto Networks opens Australia cloud location

  The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Early stage UK security startups face funding crisis

  Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 17, 2020 17 Dec'20

  Dodgy browser extensions put social media users at risk

  More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast

• December 17, 2020 17 Dec'20

  FireEye and partners release SolarWinds kill-switch

  A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue

• December 10, 2020 10 Dec'20

  French regulators fine Google and Amazon over cookie policies

  Google and Amazon rapped over their use of advertising cookies by the French data protection authorities

• December 09, 2020 09 Dec'20

  Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

  The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users

• December 09, 2020 09 Dec'20

  Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

  The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance

• December 08, 2020 08 Dec'20

  Russian state actors exploiting VMware bug to hijack data, users warned

  Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings

• December 07, 2020 07 Dec'20

  Grindr and others patch critical Android bug

  Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability

• December 04, 2020 04 Dec'20

  Avast and Borsetta to support Intel’s AI security project

  Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project

• December 03, 2020 03 Dec'20

  Cyber Aware campaign to help safeguard Christmas shoppers

  New government campaign sets out to raise awareness of online shopping fraud in the run-up to Christmas

• December 03, 2020 03 Dec'20

  Lax Android app developers putting millions of users at risk

  Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk

• December 01, 2020 01 Dec'20

  DHL, Amazon and FedEx are most phished delivery services

  DHL has emerged as the most imitated delivery brand in Europe, accounting for 77% of the total volume of phishing emails received in November 2020

• November 24, 2020 24 Nov'20

  Nominet introduces new resources for cyber scam victims

  Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams

• November 23, 2020 23 Nov'20

  NCSC issues retail security alert ahead of Black Friday sales

  National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season

• November 16, 2020 16 Nov'20

  Human error blamed in Welsh Covid-19 patient data leak

  Public Health Wales accepts recommendations of independent probe into data breach that saw PII on 18,105 coronavirus patients leaked

• November 11, 2020 11 Nov'20

  Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates

  November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of

• November 10, 2020 10 Nov'20

  Zoom rapped over historic security practices

  The US Federal Trade Commission rules that Zoom’s practices undermined the security of its users

• November 10, 2020 10 Nov'20

  IT Priorities 2020: After Covid-19, security goes back to basics

  This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals

• November 09, 2020 09 Nov'20

  EU moves closer to encryption ban after Austria, France attacks

  Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week

• November 06, 2020 06 Nov'20

  ICO sued over ‘failure’ to address ad industry practices

  Privacy campaigner the Open Rights Group claims the advertising technology industry is systematically breaching the GDPR, and the ICO is doing nothing about it

• November 05, 2020 05 Nov'20

  Microsoft to support next generation of security startups

  Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups

• October 28, 2020 28 Oct'20

  Trump supporters targeted by cryptocurrency scammers

  The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime

• October 28, 2020 28 Oct'20

  Barracuda eyes Indochina markets

  Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos

• October 22, 2020 22 Oct'20

  Protecting remote workers an opportunity to do security better

  Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report

• October 21, 2020 21 Oct'20

  NSA’s top CVE list a timely reminder to patch

  Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies

• October 21, 2020 21 Oct'20

  Trump and Biden campaign apps easy targets for cyber criminals

  You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it

• October 21, 2020 21 Oct'20

  Customer loyalty accounts in danger from cyber criminals

  Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy

• October 20, 2020 20 Oct'20

  Police given access to self-isolation data

  NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules

• October 14, 2020 14 Oct'20

  Microsoft fixes 87 bugs in October 2020 Patch Tuesday

  Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019

• October 13, 2020 13 Oct'20

  Suppliers neglecting virtual appliance security, putting users at risk

  Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report

• October 12, 2020 12 Oct'20

  Five Eyes spy group again demands access to private messages

  Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms

• October 12, 2020 12 Oct'20

  Cyber security skills ad branded ‘crass’ by minister

  Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic

• October 09, 2020 09 Oct'20

  Magecart strikes website of school payments service Wisepay

  Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period

• October 08, 2020 08 Oct'20

  NCSC relaunches SME security guide with home working focus

  The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020

• October 05, 2020 05 Oct'20

  Fake news tops list of online concerns worldwide

  Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation

• October 02, 2020 02 Oct'20

  Find and fix your Adobe Flash dependencies, says NCSC

  As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies

• September 30, 2020 30 Sep'20

  GitHub makes code vulnerability scanning feature public

  Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage

• September 29, 2020 29 Sep'20

  NCSC expands schools programme to north-east England and Northern Ireland

  Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland

• September 29, 2020 29 Sep'20

  NatWest offers online banking customers free security services

  Bank responds to a surge in cyber crime targeting users of online banking services

• September 29, 2020 29 Sep'20

  Remote working world reveals cloud/SaaS security concerns

  Research reveals pivotal moment when the cloud is playing a more important role than ever to support mass remote working, with CISO concerns over cloud security remaining stubbornly high

• September 28, 2020 28 Sep'20

  TikTok ban stayed after last-minute court case

  TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States