News
Web application security
-
December 02, 2022
02
Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
-
November 29, 2022
29
Nov'22
Cyber criminals exploiting naked TikTok ‘challenge’
Malware operators lured targets by promising them they would be able to view nude videos of TikTok users
-
November 27, 2022
27
Nov'22
Plexal inducts six into cyber leadership scheme
Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders
-
November 24, 2022
24
Nov'22
Not-for-profit aims to encourage 1,300 girls into cyber careers
CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber
-
November 22, 2022
22
Nov'22
Ducktail spins new tales to hijack Facebook Business accounts
The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts
-
November 21, 2022
21
Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts
Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
-
November 18, 2022
18
Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?
With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
-
November 14, 2022
14
Nov'22
How Google and Mandiant are forging synergies in cyber security
Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security
-
November 09, 2022
09
Nov'22
Microsoft serves smorgasbord of six zero-days
November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity
-
November 04, 2022
04
Nov'22
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022
The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare
-
November 03, 2022
03
Nov'22
The Security Interviews: Building trust online
Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities
-
November 02, 2022
02
Nov'22
OpenSSL vulnerabilities ‘not as bad as feared’
As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared
-
October 31, 2022
31
Oct'22
Prepare today for potentially high-impact OpenSSL bug
OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed
-
October 27, 2022
27
Oct'22
LinkedIn adds new features to safeguard user privacy, security
Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity
-
October 18, 2022
18
Oct'22
Apache vulnerability a risk, but not as widespread as Log4Shell
A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell
-
October 18, 2022
18
Oct'22
Virtually all vulnerable open source downloads are avoidable
Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report
-
October 14, 2022
14
Oct'22
Malicious WhatsApp add-on highlights risks of third-party mods
Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods
-
October 14, 2022
14
Oct'22
Office 365 email encryption flaw could pose risk to user privacy
A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are
-
October 13, 2022
13
Oct'22
Gartner: Remote work, zero trust, cloud still driving cyber spend
Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud
-
October 12, 2022
12
Oct'22
Microsoft fixes lone zero-day on October Patch Tuesday
Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen
-
October 11, 2022
11
Oct'22
Contractor left Toyota source code exposed for five years
Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor
-
October 10, 2022
10
Oct'22
How Cloudflare is staying ahead of the curve
Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape
-
September 29, 2022
29
Sep'22
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC
Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts
-
September 28, 2022
28
Sep'22
Most hackers exfiltrate data within five hours of gaining access
Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access
-
September 26, 2022
26
Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove
Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials
-
September 26, 2022
26
Sep'22
More than 30 startups to join Plexal’s Cyber Runway accelerator
Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation
-
September 22, 2022
22
Sep'22
Nordic private equity firms pursue cyber security acquisitions
Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets
-
September 21, 2022
21
Sep'22
15-year-old Python bug present in 350,000 open source projects
A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix
-
September 16, 2022
16
Sep'22
Uber suffers major cyber attack
Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist
-
September 14, 2022
14
Sep'22
Microsoft patches 64 vulnerabilities on September Patch Tuesday
Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update
-
September 13, 2022
13
Sep'22
Cloud compromise a doddle for threat actors as victims attest
Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud
-
September 13, 2022
13
Sep'22
Users warned over Azure Active Directory authentication flaw
Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users
-
September 12, 2022
12
Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
-
September 08, 2022
08
Sep'22
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into
-
September 07, 2022
07
Sep'22
August ’22 a bumper month for high-impact vulnerabilities
Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
-
September 07, 2022
07
Sep'22
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
-
August 31, 2022
31
Aug'22
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
-
August 30, 2022
30
Aug'22
LastPass breach limited in scale and well-managed, say experts
A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
-
August 25, 2022
25
Aug'22
Millions of Plex users may be at risk in password breach
Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
-
August 23, 2022
23
Aug'22
DevSecOps: Software developers lack sufficient security focus
GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve
-
August 19, 2022
19
Aug'22
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
-
August 19, 2022
19
Aug'22
Apple patches two zero-days in macOs, iOS
Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
-
August 18, 2022
18
Aug'22
Growing MFA use spurs ‘pass-the-cookie’ attacks
The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools
-
August 12, 2022
12
Aug'22
Microsoft doles out $13.7m in bug bounties
Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
-
August 11, 2022
11
Aug'22
NHS may take a month to recover from supply chain attack
Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations
-
August 10, 2022
10
Aug'22
GitHub targets vulnerable open source components
There are thousands of vulnerabilities in open source code – GitHub aims to help developers see if their projects are impacted
-
August 10, 2022
10
Aug'22
Microsoft fixes two-year-old MSDT vulnerability in August update
August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.
-
August 04, 2022
04
Aug'22
Spyware activity particularly impactful in July
After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report
-
July 28, 2022
28
Jul'22
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses
-
July 28, 2022
28
Jul'22
Cyber criminals pivot away from macros as Microsoft changes bite
As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect