News
Web application security
-
March 10, 2021
10
Mar'21
Patch Tuesday overshadowed by Microsoft Exchange attacks
Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks
-
March 09, 2021
09
Mar'21
Significant jump in number of hackers reporting vulnerabilities to companies
Since the onset of the Covid-19 pandemic, the number of hackers reporting security vulnerabilities and bugs to enterprises has increased by nearly two-thirds
-
March 05, 2021
05
Mar'21
Williams F1 car launch disrupted by data leak
Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack
-
March 04, 2021
04
Mar'21
Okta picks up Auth0 for $6.5bn
Multibillion-dollar acquisition a vote of confidence in future of identity and access management services
-
February 24, 2021
24
Feb'21
Vaccine passports prove an ethical minefield
Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design
-
February 24, 2021
24
Feb'21
Is Clubhouse safe, and should CISOs stop its use?
With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it
-
February 24, 2021
24
Feb'21
Warning on security risk from virtual events platforms
Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack
-
February 18, 2021
18
Feb'21
2020 a record year for cyber, thanks to Covid
The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy
-
February 16, 2021
16
Feb'21
RDP, SSH exposures off the charts thanks to remote working
The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report
-
February 11, 2021
11
Feb'21
Low-complexity CVEs a growing concern
Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments
-
February 10, 2021
10
Feb'21
Dating app users warned to watch out for scammers
A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report
-
February 10, 2021
10
Feb'21
Windows 10, Server 2019 users must patch serious zero-day
Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update
-
February 09, 2021
09
Feb'21
Data breaches are a ticking timebomb for consumers
Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure
-
February 09, 2021
09
Feb'21
NHS reports fewer phishing emails in 2020
The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020
-
February 05, 2021
05
Feb'21
Google Chrome update to patch serious zero-day
A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible
-
February 04, 2021
04
Feb'21
SolarWinds chases multiple leads in breach investigation
Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised
-
February 03, 2021
03
Feb'21
SolarWinds patches two critical CVEs in Orion platform
New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet
-
January 27, 2021
27
Jan'21
Grindr complaint results in €9.6m GDPR fine
Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices
-
January 27, 2021
27
Jan'21
Emergency Apple updates patch exploited zero-days
Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately
-
January 21, 2021
21
Jan'21
Incompetent cyber criminals leak data in opsec failure
Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals
-
January 20, 2021
20
Jan'21
Malwarebytes also hit by SolarWinds attackers
The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals
-
January 19, 2021
19
Jan'21
Click fraud levels reach new heights in pandemic
Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike
-
January 13, 2021
13
Jan'21
Critical zero-day features in first Patch Tuesday of 2021
Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender
-
January 12, 2021
12
Jan'21
Palo Alto Networks opens Australia cloud location
The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services
-
January 12, 2021
12
Jan'21
Mimecast latest security firm to be compromised
Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident
-
January 12, 2021
12
Jan'21
Early stage UK security startups face funding crisis
Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away
-
January 11, 2021
11
Jan'21
New SolarWinds CEO sets out rescue plan
Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community
-
December 24, 2020
24
Dec'20
Top 10 cyber crime stories of 2020
Here are Computer Weekly’s top 10 cyber crime stories of 2020
-
December 23, 2020
23
Dec'20
Top 10 cyber security stories of 2020
Here are Computer Weekly’s 10 top cyber security stories of 2020
-
December 17, 2020
17
Dec'20
Dodgy browser extensions put social media users at risk
More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast
-
December 17, 2020
17
Dec'20
FireEye and partners release SolarWinds kill-switch
A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue
-
December 10, 2020
10
Dec'20
French regulators fine Google and Amazon over cookie policies
Google and Amazon rapped over their use of advertising cookies by the French data protection authorities
-
December 09, 2020
09
Dec'20
Amnesia:33 IoT flaws dangerous and patches unlikely, say experts
The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users
-
December 09, 2020
09
Dec'20
Patch Tuesday: Microsoft presents just 58 CVEs for Christmas
The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance
-
December 08, 2020
08
Dec'20
Russian state actors exploiting VMware bug to hijack data, users warned
Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings
-
December 07, 2020
07
Dec'20
Grindr and others patch critical Android bug
Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability
-
December 04, 2020
04
Dec'20
Avast and Borsetta to support Intel’s AI security project
Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project
-
December 03, 2020
03
Dec'20
Cyber Aware campaign to help safeguard Christmas shoppers
New government campaign sets out to raise awareness of online shopping fraud in the run-up to Christmas
-
December 03, 2020
03
Dec'20
Lax Android app developers putting millions of users at risk
Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk
-
December 01, 2020
01
Dec'20
DHL, Amazon and FedEx are most phished delivery services
DHL has emerged as the most imitated delivery brand in Europe, accounting for 77% of the total volume of phishing emails received in November 2020
-
November 24, 2020
24
Nov'20
Nominet introduces new resources for cyber scam victims
Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams
-
November 23, 2020
23
Nov'20
NCSC issues retail security alert ahead of Black Friday sales
National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season
-
November 16, 2020
16
Nov'20
Human error blamed in Welsh Covid-19 patient data leak
Public Health Wales accepts recommendations of independent probe into data breach that saw PII on 18,105 coronavirus patients leaked
-
November 11, 2020
11
Nov'20
Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates
November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of
-
November 10, 2020
10
Nov'20
Zoom rapped over historic security practices
The US Federal Trade Commission rules that Zoom’s practices undermined the security of its users
-
November 10, 2020
10
Nov'20
IT Priorities 2020: After Covid-19, security goes back to basics
This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals
-
November 09, 2020
09
Nov'20
EU moves closer to encryption ban after Austria, France attacks
Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week
-
November 06, 2020
06
Nov'20
ICO sued over ‘failure’ to address ad industry practices
Privacy campaigner the Open Rights Group claims the advertising technology industry is systematically breaching the GDPR, and the ICO is doing nothing about it
-
November 05, 2020
05
Nov'20
Microsoft to support next generation of security startups
Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups
-
October 28, 2020
28
Oct'20
Trump supporters targeted by cryptocurrency scammers
The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime