Application security and coding requirements

Optus to acquire Hivint in cyber security deal

The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading

By

• Aaron Tan, TechTarget

Picking the right focus for web application security testing

Deciding which web applications on which to focus application security testing is a challenging task. Read this list of considerations to ensure you're addressing the right areas. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading

By

• Petra Wenham

Apps are gateway to business data for cyber attackers

Application security is becoming increasingly important because apps are often the main way cyber attackers are getting into corporate networks, a threat researcher warns Continue Reading

By

• Warwick Ashford, Senior analyst

Majority of businesses believe they are open to cyber attack

More than two-thirds of businesses believe their network is open to attack, a report on the state of web application security reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Norwegian state discusses vulnerabilities with IT sector

Government is collaborating with the country’s IT industry to improve the availability of security expertise Continue Reading

By

• Gerard O'Dwyer

Equifax fined by ICO for security failings

The Information Commissioners Office has fined Equifax UK in relation to a data breach at its UK parent last year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Supplement security with an MSSP to raise the bar

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Greg Temm

Security Think Tank: Adopt a proactive approach to software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Richard Hunt, Turnkey Consulting

Security Think Tank: Four key steps to managing software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Bruce Beam , (ISC)²

Security Think Tank: Four steps to managing software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Chris Hodson

British Airways data breach: Security researchers name suspects and query attack timeline

Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

Cyber criminals outspend businesses in cyber security battle

Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Balancing cost and risk in software vulnerability management

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Alexander Drabek, 2|SEC

Security Think Tank: No shortcuts to addressing software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: How to manage software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: How to achieve software hygiene

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Mike Gillespie

Security Think Tank: Eight controls to manage software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Kevin Murphy

Security Think Tank: Follow good practice to reduce risk of software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Paddy Francis

Apache Struts users urged to update due to new security flaw

Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading

By

• Warwick Ashford, Senior analyst

Inside DevOps, containers and enterprise security

Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way Continue Reading

By

• Christian Annesley

Microsoft looks at a Windows VM to sandbox rogue code

A feature revealed in the Windows Insider programme may appear in a future Windows 10 update for enterprises Continue Reading

By

• Cliff Saran, Managing Editor

Virus outbreak at iPhone chip plant could delay shipments

A computer virus at an iPhone chip manufacturing plant could delay shipments of Apple’s latest smartphones, but the impact will be limited, say analysts Continue Reading

By

• Warwick Ashford, Senior analyst

Bromium evolves virtualisation-based security

Virtualisation-based security firm Bromium has evolved its technology to offer bidirectional protection for applications and underlying operating systems Continue Reading

By

• Warwick Ashford, Senior analyst

Pentagon flags risky software suppliers

The Pentagon has drawn up a list of software suppliers that it wants the US military and defence contractors to avoid due to fears of risks to national security Continue Reading

By

• Warwick Ashford, Senior analyst

App users in developing APAC prefer convenience over security

By Kimberly Chua Mobile app users in developing Asia-Pacific (APAC) countries prefer convenience over security, signaling a potential rift between companies and users, a new F5 Networks study has ... Continue Reading

By

• Aaron Tan, TechTarget

Software development remains insecure

The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading

By

• Warwick Ashford, Senior analyst

ERP applications are under cyber attack, research confirms

ERP applications are increasingly being targeted by cyber criminals, hacktivists and nation-state actors, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Apache OpenWhisk users urged to patch

IBM has patched vulnerabilities in its Cloud Functions service that is based on Apache OpenWhisk in response to vulnerability disclosures, and all other users are urged to do the same Continue Reading

By

• Warwick Ashford, Senior analyst

Application attacks demand new security approach

Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise Continue Reading

By

• Warwick Ashford, Senior analyst

Google wants to ease hybrid cloud woes

Cloud supplier Google claims its Cloud Service Platform will alleviate complexities in managing microservices in a hybrid IT environment Continue Reading

By

• Aaron Tan, TechTarget

Most firms have software security vulnerability

Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

A third of organisations do not have a security expert, survey shows

Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Application and device security under the spotlight

The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, including legislative measures. Continue Reading

Cyber attackers cashing in on ‘hidden’ attack surface

Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

White-hat hackers find record number of vulnerabilities

White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Inside one of the world’s largest bug bounty programmes

Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading

By

• Aaron Tan, TechTarget

Brexit a greater risk to UK financial system than cyber attack

While Brexit is seen as the biggest risk to the stability of the UK financial system, cyber attack is the most difficult risk to manage for over half of firms Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

High-Tech Bridge bets on machine learning capabilities

Machine learning has a great potential to drive the automation of some security tasks to free up information security professionals to do more strategic work, says High-Tech Bridge founder Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, TechTarget

APAC remains a hotbed for software piracy

The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware Continue Reading

By

• Kimberly Chua

Application security more important than ever

Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading

By

• Nicholas Fearn

Cyber resilience key to securing industrial control systems

Operators of industrial control systems can build greater cyber resilience by getting IT and operational technology teams to work more closely together and improving the visibility of their infrastructure, among other security measures Continue Reading

By

• Aaron Tan, TechTarget

Grab outlines its approach to cyber security

Singapore-based ride-hailing company prefers detective controls rather than preventive ones to deter cyber threats – an approach it claims is less intrusive and costly to implement Continue Reading

By

• Aaron Tan, TechTarget

Application and device security under the spotlight

The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, including legislative measures Continue Reading

By

• Peter Ray Allison

Nutanix builds hooks to SDN and cloud with Flow, Era and Beam

Hyper-converged pioneer builds in functionality from acquisitions with Flow software-defined networking, Beam cloud monitoring and Era database provisioning and data protection Continue Reading

By

• Antony Adshead, Storage Editor

Majority of security professionals favour shorter disclosure deadline

Google’s Project Zero unit’s 90-day deadline for software suppliers to disclose vulnerabilities has always been controversial, but a survey reveals that most security professionals feel even that is too long Continue Reading

By

• Warwick Ashford, Senior analyst

City Police use Lego simulation to teach businesses cyber security

City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life Continue Reading

By

• Bill Goodwin, Computer Weekly

APAC is becoming a hotspot for DDoS attacks

The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink Continue Reading

By

• Aaron Tan, TechTarget

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

Firms need to move from DevOps to DevSecOps, says expert

In the face of competition, organisations are turning to DevOps to improve efficiency and accelerate innovation, but this is creating new security risks, an industry expert warns Continue Reading

By

• Warwick Ashford, Senior analyst

C-suite a cyber attack risk, say security chiefs

Those tasked with running organisations are the most likely group to expose them to a major cyber attack, a poll of UK information security executives shows Continue Reading

By

• Warwick Ashford, Senior analyst

Heartbleed and Shellshock thriving in Docker community

DevOps has revolutionised IT, but security best practices are being skimmed over, which means old vulnerabilities are finding a new lease of life in Docker Continue Reading

By

• Cliff Saran, Managing Editor

DocuTrac medical software is a breach risk, warns Rapid7

Security researchers have issued a security warning about medical billing and documentation software they say puts patients at risk of data breach Continue Reading

By

• Warwick Ashford, Senior analyst

Security researchers demonstrate ransomware attack on robots

Researchers have carried out a ransomware attack on robots to show that such attacks are possible and should be guarded against Continue Reading

By

• Warwick Ashford, Senior analyst

Mac malware more than doubled in 2017

Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading

By

• Warwick Ashford, Senior analyst

Only half of ransomware payments honoured

Only half of ransomware victims who pay ransoms to cyber criminals recover their data, a report reveals, pointing to a need for more effective strategies to deal with these attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Security remains an afterthought in DevOps

Enterprises in Asia are lapping up DevOps but less than one-third have baked security processes into their developments Continue Reading

By

• Aaron Tan, TechTarget

Spring Break flaw shows cross-industry collaboration

A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update Continue Reading

By

• Cliff Saran, Managing Editor

Developers urged to submit apps to NHS Apps Library

NHS Digital and NHS England have further opened up the newly updated NHS Apps Library, and are asking developers to submit their apps for assessment Continue Reading

By

• Lis Evenstad

Google calls out Microsoft for failing to fix reported flaw

Google’s Project Zero has gone public with a Windows 10 flaw that Microsoft claimed to have fixed in its February security update Continue Reading

By

• Warwick Ashford, Senior analyst

Botnets shift focus to credential abuse

Cyber criminals are increasingly using automated attacks that make use of stolen credentials, a security threat report warns Continue Reading

By

• Warwick Ashford, Senior analyst

Tech industry signs cyber security charter

Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally Continue Reading

By

• Warwick Ashford, Senior analyst

Blockchain to give global LGBT community a louder economic voice

Blockchain will underpin a global platform that aims to give the LGBT community a more powerful economic voice Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Telegram zero-day exploit is a warning

The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading

By

• Warwick Ashford, Senior analyst

Criminals hijack government sites to mine cryptocurrency used to hide wealth

Europol says criminals are hiding billions in cryptocurrencies, as thousands of government and other websites have reportedly been used to hijack computers to mine more Continue Reading

By

• Warwick Ashford, Senior analyst

Norway’s government backs cyber defence mobilisation

Norway has accelerated plans to scale up its national security infrastructure against threats emanating from the cyber domain Continue Reading

By

• Gerard O'Dwyer

Third party cyber breach risk set to rise

Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations Continue Reading

By

• Warwick Ashford, Senior analyst

How to manage application security risks and shortcomings

A lack of proper testing, communication and insight into best practices all contribute to application security shortcomings. Kevin Beaver explains how to manage the risks. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

GDPR: Don’t panic, but seize the chance to build trust, says ICO

With the compliance deadline for the EU’s GDPR just 112 days away, the UK’s information commissioner has urged organisations not to panic, but to seize the chance to build trust with customers Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Automating basic security tasks

How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading

By

• Petra Wenham

Many businesses still using outdated security, says Troy Hunt

Too many businesses are using out-of-date approaches to security, a world-renowned cyber security author and trainer warns Continue Reading

By

• Warwick Ashford, Security Editor

AI is moving towards acceptance in cyber security, says Check Point

Artificial intelligence is well on its way to being a useful tool in the cyber security professional’s kit, but according to Check Point, there are still big challenges to overcome Continue Reading

By

• Alex Scroxton, Security Editor

NHS organisations to get cyber security alerts service

As part of a deal between NHS Digital and Microsoft, NHS organisations will be able to get a threat detection service, alerting them to any cyber security issues Continue Reading

By

• Lis Evenstad

Do website design platforms pose too big a security risk?

Cloud-based website design platforms are booming in popularity because of their simplicity and affordability, but business security should be considered carefully when using such services Continue Reading

By

• Gamil Jassin

China’s Yitu eyes ASEAN market with facial recognition know-how

Facial recognition software specialist Yitu, which recently won a face identification accuracy contest in the US, has already nabbed regional clients such as Singapore’s Certis Cisco Continue Reading

By

• Aaron Tan, TechTarget

Spectre of IT vulnerability looms large

In some ways the Meltdown and Spectre flaws represent a risk that goes to the very heart of computing. This microprocessor flaw has resulted in major network, server, PC and mobile hardware firms ... Continue Reading

By

• Cliff Saran, Managing Editor

Mobile app flaws are a risk to industrial IT systems, says report

Cyber security vulnerabilities in mobile applications could be exploited to compromise industrial network infrastructure, a report warns Continue Reading

By

• Warwick Ashford, Senior analyst

UAE tech growth prompts firms to review internal IT security

As IT becomes more prominent in the UAE economy, more and more internal connections between people and systems are created, all of which need to be secured Continue Reading

By

• Alicia Buller

Cyber attacks in 2017 drive Nordic security efforts

The volume of cyber attacks last year has increased boardroom focus on security in the Nordic region Continue Reading

By

• Eeva Haaramo

Sweden steps up cyber defence measures

Sweden is tightening up its cyber security defences as part of a wider national security strategy Continue Reading

By

• Gerard O'Dwyer

Top IT priorities for Nordic CIOs in 2018

Nordic CIOs tell Computer Weekly about their intentions for the year ahead Continue Reading

By

• Eeva Haaramo

Top 10 IT security stories of 2017

Here are Computer Weekly's top 10 IT security stories of 2017 Continue Reading

By

• Warwick Ashford, Senior analyst

UK government blames North Korea for WannaCry cyber attack

The UK and US governments say a North Korean group was responsible for the ransomware attacks that hit the NHS and other organisations globally this year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Barclays Bank stops offering Kaspersky software to new users

Bank is no longer offering customers Kaspersky anti-virus software after UK security agency issues warning Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Lauri Love: how reformed hackers halted the WannaCry virus

Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT. Continue Reading

By

• Bill Goodwin, Computer Weekly

UK sale of surveillance equipment to Macedonia raises questions over export licence policy

The UK approved an export licence for the sale of surveillance equipment to Macedonia – while the country was engaged in an illegal surveillance programme against its citizens. A senior minister was consulted on the decision Continue Reading

By

• Tena Prelec

How the biggest cyber security disasters could have been avoided

The headline-grabbing breaches that hit Accenture and Equifax in 2017 could have been averted had basic cyber hygiene been in place Continue Reading

By

• Jessica McGreal, Contino

RSA’s Middle East cyber security conference gains its own identity

RSA Abu Dhabi conference focuses on region’s cyber security needs as digital technology deployments expand Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Can DevOps deliver on its productivity promises?

DevOps and agile working are often cited as key elements of successful digital transformation – in this week’s Computer Weekly, we examine the challenges to delivering on that promise. Many retailers are investing in emerging technologies to gain an edge – but are they getting too far ahead of the curve? And we hear how a new spirit of collaboration could help UK broadband roll-out. Read the issue now. Continue Reading

People with non-IT backgrounds could help fill cyber security skills gap

Organisations should look to fill cyber security roles with people who are curious and have work experience rather than focusing solely on graduates Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

VMware making bigger push into cloud, cyber security

The virtualisation bigwig is making it easier for VMware customers to adopt public cloud services, starting with a partnership with Amazon Web Services Continue Reading

By

• Aaron Tan, TechTarget

Developers lack skills needed for secure DevOps, survey shows

The growing demand for developers with security skills is outpacing supply, but a survey reveals that a lack of formal security education and training by employers is contributing to the growing skills gap Continue Reading

By

• Warwick Ashford, Senior analyst

Gaming apps ‘main source’ of mobile phishing attacks, research shows

Analysis of 100,000 corporate devices shows more than a quarter of traffic going to phishing domains was from gaming apps Continue Reading

By

• Zach Emmanuel, Computer Weekly

CW ANZ: Cyber security plan bears fruit

Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. In this month’s CW ANZ, we take a look at the progress of Australia’s national cyber security blueprint and what else needs to be done to better protect Australia’s interests in the global cyber security landscape. Also, read about what the Australian government is doing to better guard public sector IT systems against cyber attacks. Continue Reading

CW ASEAN: Stay alert to threats

With cyber threats intensifying in recent years, from the global outbreak of ransomware to intrusions of university networks to access government data, the role of threat intelligence in anticipating and mitigating threats has become more important than ever. In this month’s CW ASEAN, learn how organizations can make the most out of threat data feeds in an intelligence-driven security strategy. Also, find out how companies can navigate the ominous cyber threat landscape by investing in cyber security technology and processes. Continue Reading

Airbus helps secure critical infrastructure

In this week's ezine, Computer Weekly explores how to secure industrial control systems, which have often lagged behind the leading edge of IT security and pose serious risks to critical national infrastructure. Airbus believes that despite the vulnerabilities of individual components, industrial control systems as a whole are quite resilient. We also speak to the head of technology at Centrica about how the utility company is becoming a specialist provider of data lake integration tools, and we explore the 802.11ac Wave 2 standard. Continue Reading

Danish shipping giant Maersk recovering from major Petya cyber attack

Company confirms attack took down its IT system across multiple sites and business units, but has now been contained Continue Reading

By

• Eeva Haaramo