News

Web application security

• November 15, 2016 15 Nov'16

  Amber Rudd orders Lauri Love extradition to US to face hacking charges

  Engineering student Lauri Love faces trials in three US states and a possible 99-year jail sentence for allegedly hacking into US government computer systems as part of a political protest, despite concerns over his health

• October 18, 2016 18 Oct'16

  Saving Lauri Love: activists plan their next move

  An eclectic bunch of activists, charity workers and reformed hackers spent a rainy Sunday afternoon plotting their next move in a campaign to save Lauri Love from extradition to the US on hacking charges

• July 12, 2016 12 Jul'16

  IBM sets up security centre in Canberra

  IBM leads the charge as large private businesses invest heavily in security resources across Australia in an attempt to close the security gap

• May 03, 2016 03 May'16

  Gov.uk Verify misses April go-live target

  The Government Digital Service didn’t meet its target of taking identity assurance service Verify out of beta by the end of April, but is “nearly there”, according to programme director Janet Hughes

• April 26, 2016 26 Apr'16

  Business failing to learn lessons of past cyber attacks, report shows

  Organisations are still failing to address basic security issues and well-known attack methods, Verizon’s latest Data Breach Investigations Report reveals

• April 15, 2016 15 Apr'16

  Israeli volunteers ready their cyber defences as Anonymous affiliates attack

  Every April, Israel braces itself for an onslaught from pro-Palestinian hackers, but the occupants of a small conference room in Tel Aviv stand in their way

• April 11, 2016 11 Apr'16

  Activist Lauri Love faces order to disclose encryption keys

  The UK’s National Crime Agency takes an unusual legal step to force a former university student accused of hacking to disclose encryption keys

• January 29, 2016 29 Jan'16

  HSBC online services hit by DDoS attack

  HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services.

• December 24, 2015 24 Dec'15

  Top 10 IT security stories of 2015

  Computer Weekly looks back at the most significant stories on IT security in the past 12 months

• December 03, 2015 03 Dec'15

  Veracode finds most web apps fail Owasp security check list

  The findings of a report on critical vulnerabilities in most web applications is raising concerns over potential security vulnerabilities in millions of websites

• December 03, 2015 03 Dec'15

  Workday ringfences support in Europe after Safe Harbour ruled unsafe

  US cloud HR and financial services provider reponds to Safe Harbour failure by ringfencing European data

• October 06, 2015 06 Oct'15

  Researchers find credential-stealing webmail server APT attack

  Security researchers have discovered a new and unique advanced persistent threat (APT) technique that involves a malicious module loaded onto a webmail server

• September 09, 2015 09 Sep'15

  Security vulnerability management more than patching, warns Secunia

  Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia

• April 30, 2015 30 Apr'15

  IoT benefits and privacy not mutually exclusive, says industry expert

  It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert

• April 22, 2015 22 Apr'15

  HSBC website mistake guides customers to porn

  HSBC’s Hong Kong website accidentally featured an out-of-date link that directed people to a porn site

• March 25, 2015 25 Mar'15

  UK government adds five authentication providers to Gov.uk Verify identity management system

  The Government Digital Service (GDS) adds five authentication providers to the Gov.uk Verify identity and access management scheme

• February 27, 2015 27 Feb'15

  Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence

  Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system

• December 17, 2014 17 Dec'14

  Cabinet Office begins procurement for next stage of Gov.uk Verify

  The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services

• November 28, 2014 28 Nov'14

  CGI secures communications between pilots and air traffic control

  Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI

• October 09, 2014 09 Oct'14

  WordPress most attacked application

  Websites that run the WordPress content management system are attacked 24% more often than those using other systems

• October 08, 2014 08 Oct'14

  Malware being used to steal cash from ATMs

  Criminals are using malware to steal cash from ATMs without debit and credit cards

• September 16, 2014 16 Sep'14

  GDS unveils 'Gov.UK Verify' public services identity assurance scheme

  The Government Digital Service (GDS) debuts a system to prove users’ identities when using public services online, branded as 'Gov.UK Verify'

• August 27, 2014 27 Aug'14

  Security experts identify top 10 software design flaws

  The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws

• August 11, 2014 11 Aug'14

  USB-connected devices present cyber vulnerabilities

  Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers

• July 22, 2014 22 Jul'14

  Hackers abuse Bitly API in novel attack, reports Websense

  A cyber attack targeting MSNBC highlights cybercriminals’ abuse of the public’s trust in news sites, says Websense Security Labs

• July 04, 2014 04 Jul'14

  Barclays passes government’s ‘internet-born threat’ test

  Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit

• February 05, 2014 05 Feb'14

  Bank of England publishes Waking Shark II cyber security exercise results

  Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack

• February 04, 2014 04 Feb'14

  NHS site malicious redirects are a warning to developers

  A coding error that redirected NHS website visitors to malicious content should be a warning to developers, say security experts

• January 23, 2014 23 Jan'14

  New Snapchat security measure easily by-passed, says researcher

  A new Snapchat security measure to verify users are human is easily by-passed, says researcher

• January 23, 2014 23 Jan'14

  US startup aims to turn tables on hackers

  US startup Shape Security is turning the tables against hackers by using one of their own techniques against them

• October 16, 2013 16 Oct'13

  Neustar to host first DDoS awareness day

  Communications firm Neustar is to host the first international awareness day on distributed denial of service (DDoS) attacks

• September 09, 2013 09 Sep'13

  Most websites could be targeted through PHP, warns Imperva

  Hackers are focusing on vulnerabilities in PHP web application development platform, threatening most websites, warns Imperva

• September 06, 2013 06 Sep'13

  NSA and GCHQ unlock online privacy encryption

  UK and US intelligence agencies have unlocked the technology used to encrypt online services, including email, online banking and medical records.

• August 05, 2013 05 Aug'13

  Websites hacked to show child abuse images

  More than 25 business websites worldwide have been hacked to show illegal images of child sex abuse

• July 16, 2013 16 Jul'13

  More than one-fifth of UK firms hit by DDoS attacks in 2012

  More than a fifth of UK firms experienced a disruptive distributed denial of service (DDoS) attack in 2012

• June 24, 2013 24 Jun'13

  Identity management key to browser-based IT strategy

  A cloud-based identity management system is key to enabling a browser-based IT strategy at online recruitment firm Reed.co.uk

• May 29, 2013 29 May'13

  Syrian hackers deface Sky Android apps

  Syrian hackers have defaced several of Sky’s Android apps, forcing the broadcaster to remove them temporarily from the Google Play store

• May 13, 2013 13 May'13

  Cyber criminals hack Washington court system

  Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers

• April 22, 2013 22 Apr'13

  US jails LulzSec hacker Cody Kretsinger

  The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011

• April 19, 2013 19 Apr'13

  Conficker makes way for web-based attacks, says Microsoft

  Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft

• April 11, 2013 11 Apr'13

  Bots and web apps among top threats to data security, says Check Point

  Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations

• January 24, 2013 24 Jan'13

  ICO hits Sony with £250,000 data breach penalty

  The Information Commissioner’s office (ICO) has fined Sony Computer Entertainment Europe £250,000 for breaching the Data Protection Act

• January 14, 2013 14 Jan'13

  Oracle rushes out patches for Java zero days

  Oracle has released two out-of-band security updates for the latest zero day vulnerabilities in Java

• December 12, 2012 12 Dec'12

  Ghost Shell hacktivists publish over a million credentials

  The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts

• December 07, 2012 07 Dec'12

  UK government jobs website exploited by hackers

  Hackers have been able to exploit security flaws in a new government jobs website to steal personal information about job applicants

• November 27, 2012 27 Nov'12

  Zero-day exploit for Yahoo Mail goes on sale

  Hacker sells $700 zero-day exploit for Yahoo Mail that allows attacker to use cross-site scripting vulnerability to steal cookies and hijack accounts

• October 30, 2012 30 Oct'12

  IT security budgets mismatched to hacker targets, study shows

  IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows

• October 10, 2012 10 Oct'12

  RSA Europe: Cloud key to future information security, says Qualys

  Cloud computing is an opportunity information security professionals should not miss, says Philippe Courtot, CEO of security firm Qualys

• October 05, 2012 05 Oct'12

  Security firm warns against Samsung Galaxy Tab for enterprise use

  Security specialist Context Information Security says vulnerabilities in the Samsung Galaxy Tab make it unsuitable for use in the enterprise

• October 02, 2012 02 Oct'12

  Hackers target White House military network

  Hackers using computers in China have infiltrated an “unclassified” network in the US White House, believed to be used for issuing nuclear commands.