News

Web application security

• January 17, 2022 17 Jan'22

  Top three questions about the Log4j vulnerability

  Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability

• January 14, 2022 14 Jan'22

  Nato offers tech support after 'massive cyber attack' hits Ukraine

  Speculation mounts that Russia is behind a cyber attack which defaced Ukrainian government websites amid growing international tension

• January 14, 2022 14 Jan'22

  Umbrella company Brookson self-refers to NCSC following cyber attack on its network

  Contractor payroll, accounting and compliance firm confirms its networks have been targeted by an ‘extremely aggressive’ cyber attack that has resulted in some of its systems being proactively taken offline

• January 12, 2022 12 Jan'22

  MEPs demand EU probe into Pegasus spyware abuse

  A group of European Parliament Members has called for an EU-wide investigation into NSO Group’s Pegasus spyware after it emerged EU member states may have used it

• January 12, 2022 12 Jan'22

  Microsoft fixes six zero-days in January Patch Tuesday update

  A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell

• January 11, 2022 11 Jan'22

  Almost half of Log4j downloads still dangerously exposed

  Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j

• January 11, 2022 11 Jan'22

  Banks accused of neglecting customer security measures

  Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes

• January 03, 2022 03 Jan'22

  How APAC firms can stay ahead of cyber threats

  Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks

• December 23, 2021 23 Dec'21

  Top 10 cyber security stories of 2021

  Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do?

• December 15, 2021 15 Dec'21

  After Log4j, December Patch Tuesday piles on the pressure

  December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue

• December 14, 2021 14 Dec'21

  Almost half of networks probed for Log4Shell weaknesses

  Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug

• December 13, 2021 13 Dec'21

  What is Log4Shell, and why are we panicking about it?

  It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it

• December 09, 2021 09 Dec'21

  UK and US to collaborate on privacy innovation contest

  Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC

• December 08, 2021 08 Dec'21

  2021 another record-breaker for vulnerability disclosure

  More than 50 CVEs were logged every day in 2021, more than at any time since records began, while ethical hackers continue to prove their value

• November 26, 2021 26 Nov'21

  UK’s surveillance culture may be normalising use of tech for abuse

  Intense surveillance of public spaces by UK authorities may be playing a part in the normalisation of cyber stalking in intimate relationships

• November 18, 2021 18 Nov'21

  Memento ransomware gang quick to retool for ‘optimum’ outcome

  The operators of a new ransomware called Memento are quick to retool for ‘success’ if they run up against a competent defender, says Sophos

• November 17, 2021 17 Nov'21

  Security startups line up on Cyber Runway

  Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator

• November 17, 2021 17 Nov'21

  Zero-days: The next element of the service-based cyber economy?

  Digital Shadows researchers have reported on the emergence of zero-days as a service, which could be the next big thing in the cyber criminal underworld

• November 10, 2021 10 Nov'21

  November Patch Tuesday drop fixes bugs in Excel, Exchange Server

  Another relatively light Patch Tuesday drop from Microsoft addresses 55 vulnerabilities, two of them already being exploited

• November 08, 2021 08 Nov'21

  How cosmetics retailer Lush made over its approach to authentication

  Evolving approaches to IT at cosmetics retailer Lush meant the organisation’s previous approach to authentication was no longer up to scratch. Find out how it overcame this hurdle

• November 04, 2021 04 Nov'21

  The Netherlands works on resilience with large-scale national cyber exercise

  For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care

• November 03, 2021 03 Nov'21

  Spyware firm NSO and others added to US banned Entity List

  US government bans target Israeli spyware makers and cyber firms in Russia and Singapore

• October 21, 2021 21 Oct'21

  Airport operator MAG boosts threat visibility with hybrid SOC

  With budget concerns weighing heavy during the pandemic, Manchester Airports Group ditched an impending capex-heavy cyber investment in favour of a hybrid managed/in-house approach. Learn more about its experience

• October 13, 2021 13 Oct'21

  Google Cybersecurity Action Team springs into life

  Google has announced a new Cybersecurity Action Team, with a mission to support security and digital transformation in governments, critical infrastructure, enterprises and small businesses

• October 13, 2021 13 Oct'21

  FCA warns over future hybrid working security risks

  Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure

• October 13, 2021 13 Oct'21

  Microsoft warns of MysterySnail on October Patch Tuesday

  Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets

• October 08, 2021 08 Oct'21

  Craft beer specialist Brewdog fixes serious app vulnerability

  Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers

• October 07, 2021 07 Oct'21

  Twitch data breach investigations continue

  Investigations are ongoing into a 125GB data breach that hit livestreaming platform Twitch, apparently the work of hacktivists

• October 06, 2021 06 Oct'21

  Gaming service Twitch hacked, data leaked

  Users of livestreaming platform Twitch may be at risk after a 125GB torrent of data was leaked

• October 06, 2021 06 Oct'21

  Apache web server users urged to patch immediately

  New zero-day in Apache HTTP Server is already being actively exploited and must be addressed immediately

• October 06, 2021 06 Oct'21

  Auto-enrolment begins for Google multi-factor authentication

  Google has started to turn on multi-factor authentication on consumer accounts by default, and aims to auto-enrol 150 million users by the end of 2021

• October 06, 2021 06 Oct'21

  Israeli Orca to invest in UK cyber scene

  Tel Aviv-headquartered Orca Security wants to set up a new R&D centre in the UK

• October 05, 2021 05 Oct'21

  New Python-based ransomware attacks unfold in record time

  Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs

• October 01, 2021 01 Oct'21

  Amnesty International exploited in malware campaign

  According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app

• September 23, 2021 23 Sep'21

  MoD in second leak of Afghan citizens’ data

  A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence

• September 23, 2021 23 Sep'21

  Threat actors target VMware vCenter Server users

  Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste

• September 16, 2021 16 Sep'21

  Dutch education administrators underestimate threat of cyber crime

  Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks

• September 15, 2021 15 Sep'21

  Microsoft patches 66 vulnerabilities in September update

  Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga

• September 15, 2021 15 Sep'21

  Australia and Singapore have higher incidences of insecure databases

  Five-year longitudinal study by Imperva shows the proportion of databases with at least one known vulnerability in Australia and Singapore are among the world’s highest

• September 14, 2021 14 Sep'21

  Mass health tracker data breach has UK impact

  The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK

• September 09, 2021 09 Sep'21

  Latest Microsoft zero-day being actively exploited

  New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks

• September 01, 2021 01 Sep'21

  Experts warn on Office 365 phishing attacks

  Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques

• August 24, 2021 24 Aug'21

  13 million malware attacks on Linux seen in wild

  Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services

• August 24, 2021 24 Aug'21

  Half of MS Exchange servers at risk in ProxyShell debacle

  Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited

• August 19, 2021 19 Aug'21

  Pub apps harvesting swathes of customer data unnecessarily

  Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners

• August 18, 2021 18 Aug'21

  MoD seeks security tech to harden military systems

  The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks

• August 18, 2021 18 Aug'21

  Global VPN downloads soar in first half of 2021

  Song remains the same with VPNs as repressive regimes’ continued regulatory demands and remote working see virtual private network usage rocket over the first six months of the year

• August 17, 2021 17 Aug'21

  Security Think Tank: Building privacy-preserving apps and platforms

  ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture

• August 13, 2021 13 Aug'21

  Cyber Runway programme supports new security businesses

  The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses

• August 11, 2021 11 Aug'21

  The Netherlands still lacks digital resilience, says report

  Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient