News

Web application security

May 03, 2023 03 May'23
TikTok fixes vulnerability that could have exposed user activity data

A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed
April 27, 2023 27 Apr'23
Tenable opens playground for generative AI cyber tools

A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with
April 21, 2023 21 Apr'23
Prototype cyber tech has revolutionary potential

The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies
April 20, 2023 20 Apr'23
Bumblebee malware flies on the wings of Zoom and ChatGPT

Bumblebee malware, often used as a stepping stone to ransomware, is now spreading via trojanised installers for popular software applications

April 20, 2023 20 Apr'23
3CX incident may be world’s first double supply chain attack

It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise
April 19, 2023 19 Apr'23
Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure
April 13, 2023 13 Apr'23
Thousands at risk from critical RCE bug in legacy MS service

Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running
April 13, 2023 13 Apr'23
UK joins key allies to launch secure-by-design guidelines

The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process
April 13, 2023 13 Apr'23
Italy to lift ChatGPT ban subject to new data protection controls

Italian regulator will lift its ban on OpenAI’s ChatGPT subject to a strict new data protection regime
April 12, 2023 12 Apr'23
April Patch Tuesday fixes zero-day used to deliver ransomware

A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update

April 12, 2023 12 Apr'23
Okta integrates with Singapore’s national digital ID system

The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries
March 30, 2023 30 Mar'23
OSC&R supply chain security framework goes live on Github

The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework
March 30, 2023 30 Mar'23
3CX unified comms users hit by supply chain attacks

Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors
March 28, 2023 28 Mar'23
Apple security updates fix 33 iPhone vulnerabilities

A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels
March 28, 2023 28 Mar'23
Europol warns cops to prep for malicious AI abuse

In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work
March 27, 2023 27 Mar'23
France latest to ban TikTok on government devices

Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices
March 21, 2023 21 Mar'23
Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat
March 21, 2023 21 Mar'23
How Mimecast thinks differently about email security

Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades
March 17, 2023 17 Mar'23
UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for
March 15, 2023 15 Mar'23
Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update
March 07, 2023 07 Mar'23
Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale
February 20, 2023 20 Feb'23
Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges
February 16, 2023 16 Feb'23
How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl
February 15, 2023 15 Feb'23
Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver
February 14, 2023 14 Feb'23
OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains
February 06, 2023 06 Feb'23
Online banks still riddled with cyber security flaws, report says

Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.
February 03, 2023 03 Feb'23
LockBit gang confirms Ion cyber attack as disruption continues

The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February
January 31, 2023 31 Jan'23
GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users
January 26, 2023 26 Jan'23
Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds
January 25, 2023 25 Jan'23
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC
January 24, 2023 24 Jan'23
SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers
January 23, 2023 23 Jan'23
Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months
January 19, 2023 19 Jan'23
Mailchimp suffers third breach in 12 months

Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack
January 12, 2023 12 Jan'23
Chrome vulnerability could have led to widespread data theft

A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen
January 11, 2023 11 Jan'23
Should we be worried about malicious use of AI language models?

WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?
January 11, 2023 11 Jan'23
Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns
January 05, 2023 05 Jan'23
Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying
December 22, 2022 22 Dec'22
Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
December 15, 2022 15 Dec'22
Lego fixes dangerous API vulnerability in BrickLink service

The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas
December 14, 2022 14 Dec'22
Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
December 14, 2022 14 Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
December 13, 2022 13 Dec'22
Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security
December 13, 2022 13 Dec'22
More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
December 11, 2022 11 Dec'22
How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
December 08, 2022 08 Dec'22
Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers
December 08, 2022 08 Dec'22
Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
December 07, 2022 07 Dec'22
Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
December 07, 2022 07 Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
December 05, 2022 05 Dec'22
Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them
December 02, 2022 02 Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers