News

Web application security

• July 26, 2022 26 Jul'22

  Ducktail infostealer targets Facebook Business users

  Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts

• July 25, 2022 25 Jul'22

  Latest Atlassian Confluence vulnerability raises concerns

  CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months

• July 22, 2022 22 Jul'22

  LinkedIn most impersonated brand in phishing attacks

  Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks

• July 21, 2022 21 Jul'22

  Buy ‘plug-n-play’ malware for the price of a pint of beer

  Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide

• July 20, 2022 20 Jul'22

  Cato aims to bust cyber myths as it extends network protections

  Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network ...

• July 15, 2022 15 Jul'22

  Log4Shell on its way to becoming ‘endemic’

  US government report concludes that, like Covid, Log4Shell will be with us for a long time to come

• July 13, 2022 13 Jul'22

  Slippery phish wriggles around MFA protections, says Microsoft

  Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence

• July 13, 2022 13 Jul'22

  Digital break-up kit to help women get out of bad relationships safely

  Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally

• July 13, 2022 13 Jul'22

  July Patch Tuesday brings more than 80 fixes, one zero-day

  While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on

• July 12, 2022 12 Jul'22

  Microsoft Windows Autopatch now generally available

  Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service

• July 11, 2022 11 Jul'22

  Microsoft VBA macro block will return

  Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure

• July 08, 2022 08 Jul'22

  Microsoft appears to reverse VBA macro-blocking

  Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled

• July 06, 2022 06 Jul'22

  Plexal seeks new scaleups for next phase of Cyber Runway

  Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme

• June 29, 2022 29 Jun'22

  Romance scammers exploit Ukraine war in cynical campaign

  Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war they are playing on deeper emotions

• June 28, 2022 28 Jun'22

  Avast uncovers ‘thieves’ kitchen’ of malware-writing teens

  Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware

• June 24, 2022 24 Jun'22

  US cyber agency in fresh warning over Log4Shell risk to VMware

  Many VMware Horizon and UAG servers remain defenceless against Log4Shell, and organisations continue to fall victim to the vulnerability

• June 24, 2022 24 Jun'22

  Developers grapple with open source software security

  Software developers are taking longer to fix vulnerabilities and many do not know about the dependencies of open source software components they are using, study finds

• June 23, 2022 23 Jun'22

  SolarWinds unveils new development model to avoid a repeat of Sunburst

  SolarWinds has unveiled a new, secure-by-design software development model to protect itself from a repeat of the infamous 2020 cyber attack on its systems, and serve as a blueprint for the industry

• June 16, 2022 16 Jun'22

  Dundee security research centre opens with support from SBRC

  An £18m hub at Abertay University in Dundee forms the centrepiece of Scotland’s first security research cluster

• June 16, 2022 16 Jun'22

  Office 365 loophole may give ransomware an easy shot at your files

  Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive

• June 15, 2022 15 Jun'22

  Patch Tuesday dogged by concerns over Microsoft vulnerability response

  The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure

• June 14, 2022 14 Jun'22

  MS Azure Synapse vulnerability fixed after six-month slog

  Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga

• June 13, 2022 13 Jun'22

  Qatar bolsters cyber security in preparation for World Cup

  With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness

• June 10, 2022 10 Jun'22

  Commercialising open source

  Most software developed today takes advantage of open source, but there are still gaps in understanding what open source means in business

• June 09, 2022 09 Jun'22

  Cyber researchers step in to fill Patch Tuesday’s shoes

  Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss

• June 07, 2022 07 Jun'22

  Software house Mega achieves holistic SaaS security with Synopsys

  Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards

• May 31, 2022 31 May'22

  Researchers discover zero-day Microsoft vulnerability in Office

  Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions

• May 31, 2022 31 May'22

  Singapore doubles down on quantum technology

  The city-state is shoring up its quantum talent and quantum device manufacturing capabilities in a bid to advance its knowhow in the emerging technology

• May 24, 2022 24 May'22

  Bad bots make up a quarter of APAC’s web traffic

  Bots that run automated tasks have been responsible for stealing personal information among other malicious activities in the Asia-Pacific region, study finds

• May 23, 2022 23 May'22

  How Ivanti views patch management with a security lens

  Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay

• May 19, 2022 19 May'22

  Red teaming will be standard in Dutch governmental organisations by 2025

  The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest

• May 13, 2022 13 May'22

  Open source community sets out path to secure software

  A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US

• May 11, 2022 11 May'22

  Emotet has commanding lead on Check Point monthly threat chart

  Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics

• May 11, 2022 11 May'22

  Microsoft fixes three zero-days on May Patch Tuesday

  It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days

• May 10, 2022 10 May'22

  CyberUK 22: NCSC refreshes cloud security guidance

  The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 26, 2022 26 Apr'22

  Emotet tests new tricks to thwart enhanced security

  The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 21, 2022 21 Apr'22

  Zoom adds new round of cyber security enhancements

  Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements

• April 21, 2022 21 Apr'22

  Impact of Lapsus$ attack on Okta less than feared

  Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential

• April 20, 2022 20 Apr'22

  AWS fixes vulnerabilities in Log4Shell hot patch

  AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation

• April 13, 2022 13 Apr'22

  Microsoft patches two zero-days, 10 critical bugs

  Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 11, 2022 11 Apr'22

  Singapore to start licensing cyber security service providers

  Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards

• April 11, 2022 11 Apr'22

  Open source CMS platform Directus patches XSS bug

  A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data

• April 08, 2022 08 Apr'22

  Was Spring4Shell a lot of hot air? No, but...

  Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better

• April 06, 2022 06 Apr'22

  Denonia malware may be first to target AWS Lambda

  The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind

• April 04, 2022 04 Apr'22

  How remote browser isolation can mitigate cyber threats

  Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device