News

Web application security

• December 24, 2019 24 Dec'19

  Top 10 cyber crime stories of 2019

  Here are Computer Weekly’s top 10 cyber crime stories of 2019

• December 23, 2019 23 Dec'19

  Top 10 cyber security stories of 2019

  Here are Computer Weekly’s top 10 cyber security stories of 2019

• December 20, 2019 20 Dec'19

  Finnish government supports local authorities in cyber security initiative

  The Finnish government has committed resources to a cyber security project aimed at local authorities

• December 13, 2019 13 Dec'19

  Alarm bells ring, the IoT is listening

  With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts

• December 09, 2019 09 Dec'19

  Jailed hacker ordered to pay back £270k

  An Essex man jailed in April over malware offences dating back years has been ordered to pay back the profits of his crime spree, and sell valuable assets

• December 06, 2019 06 Dec'19

  Great Cannon DDoS operation fires on Hong Kong protesters

  AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong

• December 05, 2019 05 Dec'19

  Two Russians indicted over Dridex and Zeus malware

  The US Department of Justice has indicted two Russian citizens over their alleged role in the distribution of the virulent Bugat, or Dridex, and Zeus banking trojans

• December 05, 2019 05 Dec'19

  Black Hat Europe: Mental health websites are leaking user data

  At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites

• December 05, 2019 05 Dec'19

  Aviatrix VPN vulnerability left user endpoints wide open

  Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets

• December 02, 2019 02 Dec'19

  Top Android apps at risk from StrandHogg vulnerability

  Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability

• November 29, 2019 29 Nov'19

  Hack Friday: This Christmas, fight back against cyber criminals

  It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene?

• November 25, 2019 25 Nov'19

  Uber app exploit posed safety risk to passengers

  A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel

• November 25, 2019 25 Nov'19

  Tim Berners-Lee launches nine principles for the web

  Inventor of the worldwide web sets out Contract for the Web to protect its freedom, data privacy and access for all

• November 19, 2019 19 Nov'19

  Macy’s Magecart breach presages Christmas fraud spike

  US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack

• November 15, 2019 15 Nov'19

  Notorious hackers claim responsibility for Labour DDoS

  Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party

• November 14, 2019 14 Nov'19

  Home Office Brexit app contains multiple security flaws

  The Home Office’s Brexit app may be putting EU citizens’ personal data at risk

• November 14, 2019 14 Nov'19

  Cyber criminals tool up for Christmas fraud season

  Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques

• November 13, 2019 13 Nov'19

  Attack on Labour shows need for DDoS defence but should alarm few

  After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t

• November 12, 2019 12 Nov'19

  Nordic SMEs lack the money needed for cyber security

  Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country

• November 12, 2019 12 Nov'19

  ‘Robust’ security foils cyber attack on Labour Party

  Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked

• November 12, 2019 12 Nov'19

  Shared responsibility model key to solving 5G security problem

  Both buyers and sellers need to cooperate to solve the thorny issues around 5G security

• November 07, 2019 07 Nov'19

  Saudis recruited Twitter employees to spy on critics

  Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents

• November 06, 2019 06 Nov'19

  Global security workforce must more than double to meet demand

  There are about 2.8 million cyber security professionals working today, and the world needs four million more

• November 05, 2019 05 Nov'19

  Ransomware authors seeking new ways to avoid being spotted

  Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls

• November 04, 2019 04 Nov'19

  EU patches 20-year-old open source vulnerability

  Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability

• November 01, 2019 01 Nov'19

  Banks let customers down with mixed approaches to security

  Treasury Committee report recommends new measures to tackle financial fraud

• October 23, 2019 23 Oct'19

  Take responsibility for cyber security basics, urges NCSC CEO

  At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load

• October 22, 2019 22 Oct'19

  NordVPN blames datacentre provider for server breach

  VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue

• October 22, 2019 22 Oct'19

  Attacker hit VPN firm Avast through its VPN

  Avast has published details of how attackers attempted to gain access to its network over a five month period

• October 22, 2019 22 Oct'19

  Over-30s tend to do better at cyber security than younger colleagues

  Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security

• October 21, 2019 21 Oct'19

  Sodinokibi emerging as a diverse, multi-vector threat to businesses

  McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots

• October 08, 2019 08 Oct'19

  IBM, McAfee among founders of open source security alliance

  A group of cyber security suppliers have come together to form the Open Cybersecurity Alliance

• October 04, 2019 04 Oct'19

  UK and US call on Facebook to walk back encryption plans

  The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp

• October 03, 2019 03 Oct'19

  LogRhythm touts unlimited data plan for SIEM systems

  SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank

• September 26, 2019 26 Sep'19

  Attackers breached supplier systems to steal Airbus secrets

  Airbus has been the subject of at least four major cyber attacks in the past 12 months, with contractors and suppliers targeted through their VPNs

• September 26, 2019 26 Sep'19

  Overinvestment breeds overconfidence among security pros

  CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach

• September 24, 2019 24 Sep'19

  Google pushes back on scale of YouTube phishing threat

  Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure

• September 12, 2019 12 Sep'19

  UN agency Unicef praised for response to accidental data leak

  The UN’s children’s agency has disclosed an inadvertent leak of personal data belonging to users of its online learning platform Agora

• September 05, 2019 05 Sep'19

  Singapore’s SecureAge eyes US market

  The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan

• August 26, 2019 26 Aug'19

  VMware’s latest acquisitions point to emerging platform war

  VMware’s buyout of Carbon Black and Pivotal is a sign of an emerging platform war following the IBM-Red Hat deal

• August 23, 2019 23 Aug'19

  Kaspersky eyes enterprise business, opens APAC transparency hub

  The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials

• August 21, 2019 21 Aug'19

  Silence APT group eyes APAC banks

  Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks

• August 20, 2019 20 Aug'19

  Even fintech startups battling to meet cyber security challenges

  A study shows that most fintech startups, like most banks, are failing to address vulnerabilities in the web and mobile applications, underlining the scale of the challenge

• August 19, 2019 19 Aug'19

  How EDR is moving beyond the endpoint

  An emerging breed of detection and response offerings is going beyond endpoints to collect and decipher telemetry data from across the enterprise

• August 15, 2019 15 Aug'19

  Formjacking dominates web-related data breaches

  Formjacking has become one of the most popular data stealing methods, say researchers, who urge commercial websites to review all third-party coding practices without delay

• August 14, 2019 14 Aug'19

  DCMS funding aims to increase diversity in cyber sector

  A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector

• August 14, 2019 14 Aug'19

  Digital domain identified as major security threat by Norway’s intelligence service

  Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks

• August 14, 2019 14 Aug'19

  British Airways e-ticketing system could expose passenger details

  British Airways has not addressed a potential leak of passenger details despite warnings from security researchers, but says it is aware of the issue and is taking action

• August 13, 2019 13 Aug'19

  BACnet IoT building automation devices vulnerable to attack

  A security researcher has revealed that internet-connected building automating devices using the BACnet communication protocol are vulnerable to cyber attack

• August 09, 2019 09 Aug'19

  F-Secure warns of F5 Big IP-related security issue

  F-Secure has discovered security issues relating to an F5 device that it says could potentially turn hundreds of thousands of load balancers into beachheads for cyber attacks

• August 09, 2019 09 Aug'19

  NCC Group warns of security risks of leading printers

  Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems

• July 31, 2019 31 Jul'19

  Financial services top cyber attack target

  Financial services are among the most attractive targets for cyber attackers, security researchers reveal, with phishing and credential stuffing among the top threats

• July 24, 2019 24 Jul'19

  Global malware down but ransomware up, with UK hard hit

  Despite a global decrease in the volume of malware in the past year, ransomware is surging once again, and the UK is one of the worst-hit countries, a report reveals

• June 25, 2019 25 Jun'19

  APT attack on telcos highlights need for comprehensive defence

  A global cyber attack against multiple telecommunications firms underlines need for comprehensive approach to cyber defence, say researchers and industry commentators

• June 17, 2019 17 Jun'19

  DevSecOps is key to uniting opposing forces

  Unifying DevOps and security teams with the aid of automation will bring harmony and added business benefits, says systems engineer

• June 17, 2019 17 Jun'19

  Inside F5’s cyber security playbook

  F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors

• June 04, 2019 04 Jun'19

  Beware of security blind spots in encrypted traffic

  The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption

• May 23, 2019 23 May'19

  Lapse in LinkedIn security certificate update

  A lapse in the update of LinkedIn’s security certificate has once again underlined the importance of keeping track to avoid disruptions and phishing attacks, and how even big players are failing to get it right

• April 01, 2019 01 Apr'19

  Black Hat Asia 2019: Get ready for the cyber arms race

  The arms race is now squarely in the cyber realm as defence teams and threat actors arm themselves with AI tools

• March 29, 2019 29 Mar'19

  Magento e-commerce sites urged to apply security update

  Security experts are urging companies using the Magento e-commerce site to apply security updates without delay to avoid a disastrous hacking campaign

• March 26, 2019 26 Mar'19

  Firms urged to gear up for new malware and tactics as threats proliferate

  The volume of malware attacks reached a record level in 2018, with UK and India bucking global trend of increased ransomware attacks, a study shows

• March 18, 2019 18 Mar'19

  CyLon announces latest cyber security accelerator cohort

  Swiss and Israeli cyber security startups join teams from the UK for CyLon’s ninth London accelerator cohort

• March 01, 2019 01 Mar'19

  Facebook facing 10 GDPR investigations in Ireland

  Ireland’s Data Protection Commission has revealed it has 10 active probes into Facebook, Instagram and WhatsApp, as well as Apple, LinkedIn and Twitter, on its books

• February 22, 2019 22 Feb'19

  Facebook planned to spy on Android phone users, internal emails reveal

  Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to ‘single’ people, confidential documents show

• February 12, 2019 12 Feb'19

  Telegram bot gets users hooked

  Popular social media service provides a rich set of features for cyber criminals, RSA warns

• February 11, 2019 11 Feb'19

  Lauri Love takes legal action against NCA for return of seized computers

  Lauri Love, a former engineering student who won a battle with the US Department of Justice against extradition to the US to face hacking charges, is suing the UK's intelligence agency, the NCA, for the return of his seized computers

• January 30, 2019 30 Jan'19

  How traffic scrubbing can guard against DDoS attacks

  Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed

• January 10, 2019 10 Jan'19

  UK firms say £6.6bn annual security testing cost too high

  Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high

• December 23, 2018 23 Dec'18

  'Serious' Twitter flaw allows hackers to post on other people's accounts

  A vulnerability in Twitter allows hackers to send tweets, private messages, post images or videos, and turn off security features, says British security researcher

• December 18, 2018 18 Dec'18

  APAC cyber security landscape to be more tumultuous in 2019

  Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene

• December 11, 2018 11 Dec'18

  Mac malware makes debut in top 10 list

  Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report

• December 04, 2018 04 Dec'18

  ‘Open-minded’ DVSA cuts cost of MOT testing

  Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests

• November 30, 2018 30 Nov'18

  Marriott data breach highlights basic failings

  A breach of a guest reservation database of the Starwood division of the Marriott International hotel group highlights basic personal data protection failures

• November 06, 2018 06 Nov'18

  APAC firms warm up to SD-WAN to solve networking woes

  A third of enterprises in the APAC region have already deployed SD-WAN at most of their sites, while 55% are in the process of doing so, a study shows

• October 11, 2018 11 Oct'18

  Optus to acquire Hivint in cyber security deal

  The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents

• September 12, 2018 12 Sep'18

  Two-thirds of emails not clean, says research

  Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research

• September 11, 2018 11 Sep'18

  British Airways data breach: Security researchers name suspects and query attack timeline

  Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought

• September 11, 2018 11 Sep'18

  Public cloud use surges among DDoS attackers, research shows

  According to data accrued by DDoS mitigation firm, Link11, the number of attackers that rely on public cloud services soared during the 12 months to June 2018

• September 10, 2018 10 Sep'18

  Cyber criminals outspend businesses in cyber security battle

  Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result

• August 23, 2018 23 Aug'18

  Apache Struts users urged to update due to new security flaw

  Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017

• August 08, 2018 08 Aug'18

  Check Point warns of WhatsApp vulnerabilities

  Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat

• August 06, 2018 06 Aug'18

  Mobile banking Trojans reach all-time high

  Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab

• July 26, 2018 26 Jul'18

  Software development remains insecure

  The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development

• July 24, 2018 24 Jul'18

  Most firms have software security vulnerability

  Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed

• July 17, 2018 17 Jul'18

  A third of organisations do not have a security expert, survey shows

  Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey

• July 12, 2018 12 Jul'18

  Cyber attackers cashing in on ‘hidden’ attack surface

  Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals

• July 11, 2018 11 Jul'18

  White-hat hackers find record number of vulnerabilities

  White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals

• July 09, 2018 09 Jul'18

  Inside one of the world’s largest bug bounty programmes

  Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug

• June 29, 2018 29 Jun'18

  UK government cyber security standard welcomed

  The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences

• June 19, 2018 19 Jun'18

  Singapore remains hotbed for cyber threats

  Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency

• May 21, 2018 21 May'18

  Pen testers find weaknesses in banks’ cyber security

  Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed

• May 17, 2018 17 May'18

  European cyber attacks up nearly a third in first quarter 2018

  The volume of cyber attacks hitting digital transactions in Europe was up by almost a third in the first quarter of 2018 compared with same period a year ago, a report reveals

• April 18, 2018 18 Apr'18

  APAC is becoming a hotspot for DDoS attacks

  The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink

• April 11, 2018 11 Apr'18

  Government to set up £13.5m cyber security centre

  Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security

• March 28, 2018 28 Mar'18

  Facebook announces more privacy control updates

  Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns

• March 26, 2018 26 Mar'18

  Dutch SMEs’ cyber security is insufficient

  Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security

• March 09, 2018 09 Mar'18

  Cryptojacking cyber criminals up their game

  Cyber criminals hijacking computing resources to mine for cryptocurrencies are raising their efforts to bypass enterprise security controls, researchers have found

• March 08, 2018 08 Mar'18

  Mac malware more than doubled in 2017

  Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes

• February 16, 2018 16 Feb'18

  Tech industry signs cyber security charter

  Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally

• February 14, 2018 14 Feb'18

  Telegram zero-day exploit is a warning

  The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned