Application security and coding requirements
-
News
29 Apr 2025
Kaspersky calls for cyber immunity amid growing cyber threats
The rise of professional cyber crime groups and state-sponsored actors targeting critical infrastructure requires a move towards inherently secure ‘cyber immune’ systems, says Kaspersky CEO Eugene Kaspersky Continue Reading
-
Feature
23 Apr 2025
Enterprise strategies for API management
Application programming interfaces are the connective tissue of the modern enterprise, driving innovation and integration. But managing them effectively requires enterprises to consider governance, security and lifecycle management while preparing for emerging threats and technologies like AI Continue Reading
-
Opinion
18 Sep 2023
Security Think Tank: A user’s guide to encryption
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
Feature
18 Sep 2023
Simplifying cloud integrations with legacy IT
Subscription-based software is easier to integrate than traditional enterprise software, but the challenge for IT leaders is governance for SaaS connectivity Continue Reading
-
News
14 Sep 2023
As vehicle safety regulations loom, carmakers fret over cyber risks
Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading
-
News
13 Sep 2023
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading
-
News
13 Sep 2023
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release Continue Reading
-
News
13 Sep 2023
Cisco tightens link between observability and security
The company's observability platform now offers a way for IT decision-makers to understand the impact of security issues Continue Reading
-
Podcast
12 Sep 2023
Podcast: ‘Data first’ a key principle of digital transformation
Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading
-
E-Zine
12 Sep 2023
The dangers of breaking encryption
In this week’s Computer Weekly, we detail the concerns of the BCS and other IT experts about the UK’s Online Safety Bill’s proposals to weaken end-to-end message encryption. Our buyer’s guide continues to look at the issues around integrating software-as-a-service applications, with a particular eye to the proliferation of SaaS during the Covid pandemic. Red Hat’s CEO Matt Hicks retails the company’s efforts to support generative AI. And we discover how immersive technologies can shape a brave new world of training and design. Read the issue now. Continue Reading
-
News
11 Sep 2023
Salesforce and Zoom embrace ethical hackers. You should, too
Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers Continue Reading
-
News
05 Sep 2023
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading
-
News
01 Sep 2023
Threat actors exploiting unpatched Juniper Networks devices
A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed Continue Reading
-
News
30 Aug 2023
NCSC warns over possible AI prompt injection attacks
The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots Continue Reading
-
Opinion
25 Aug 2023
AI and supply chain visibility key to mitigating OT security threats
Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading
-
News
22 Aug 2023
Singapore to bolster OT security capabilities
Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading
-
News
17 Aug 2023
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading
-
News
16 Aug 2023
CyberArk eyes growth beyond PAM
CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading
-
News
12 Aug 2023
Datacentre management vulnerabilities leave public clouds at risk
At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure Continue Reading
-
Blog Post
12 Aug 2023
Whose needs are UK Cyber Skills policies intended to meet?
Among those businesses that do not outsource incident management, 4 in 10 (41%) are not very or not at all confidence that they would be able to deal with a cyber security breach or attack compared ... Continue Reading
-
News
10 Aug 2023
Google speeds up security update frequency for Chrome
Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities Continue Reading
-
News
09 Aug 2023
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks Continue Reading
-
News
07 Aug 2023
Microsoft fixes Azure flaw that was subject of researcher criticism
Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes Continue Reading
-
News
04 Aug 2023
Log4Shell, ProxyShell still among most widely exploited flaws
Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list Continue Reading
-
News
04 Aug 2023
Biden’s SBOM mandate a ‘shot heard around the world’, report says
Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response Continue Reading
-
News
03 Aug 2023
Microsoft attacked over ‘grossly irresponsible’ security practice
The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’ Continue Reading
-
News
02 Aug 2023
Ivanti MDM users told to patch against two dangerous flaws
Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government Continue Reading
-
News
28 Jul 2023
How Indian organisations are keeping pace with cyber security
Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading
-
News
27 Jul 2023
Ant Group teams with NTU to advance privacy-preserving technologies
The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties Continue Reading
-
Opinion
19 Jul 2023
We have lift off… The opportunities and risks of generative AI
How you can use AI to benefit your business while navigating the risks Continue Reading
-
News
18 Jul 2023
Critical Adobe ColdFusion flaws chained in ongoing cyber attacks
Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed Continue Reading
-
Opinion
17 Jul 2023
The essential role of PETs in unlocking the trillion dollar SaaS market
Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise Continue Reading
-
News
12 Jul 2023
Hackers: We won’t let artificial intelligence get the better of us
AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker Continue Reading
-
News
12 Jul 2023
Microsoft users on high alert over dangerous RCE zero-day
A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet Continue Reading
-
News
11 Jul 2023
Apple pushes Rapid Response patch to fix WebKit zero-day
Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser Continue Reading
-
News
07 Jul 2023
Suspicious email reported every five seconds in UK
National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading
-
News
07 Jul 2023
JumpCloud issues notice to customers to refresh API keys
JumpCloud has asked its customers to update their API cryptographic keys following a security incident Continue Reading
-
News
27 Jun 2023
WithSecure forges ahead with green coding initiative
WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow Continue Reading
-
News
23 Jun 2023
Phishing and ransomware dominate Singapore’s cyber threat landscape
Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading
-
Podcast
14 Jun 2023
Podcast: Containers, Kubernetes, data protection and compliance
Containers offer benefits to application deployment, but they proliferate, so tracking them for compliance purposes can be a challenge. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading
-
News
14 Jun 2023
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention Continue Reading
-
News
14 Jun 2023
Cyber attacks against APAC commerce sector surpass 1.1 billion
Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings Continue Reading
-
News
12 Jun 2023
Ofcom data stolen in MOVEit cyber attack
Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang Continue Reading
-
News
12 Jun 2023
Progress Software releases patch for second MOVEit Transfer vulnerability
Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning Continue Reading
-
Feature
12 Jun 2023
Building a secure coding philosophy
A proportion of cyber security spend goes towards securing application development. Software teams are also budgeting for IT security Continue Reading
-
News
08 Jun 2023
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild Continue Reading
-
News
08 Jun 2023
Clop may have been sitting on MOVEit vulnerability for two years
The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years Continue Reading
-
Opinion
01 Jun 2023
Generative AI – the next biggest cyber security threat?
Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in favour of opportunity or risk? Continue Reading
-
Opinion
31 May 2023
Security Think Tank: A brief history of (secure) coding
From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think Continue Reading
-
E-Zine
30 May 2023
Can the UK cash in on chips?
In this week’s Computer Weekly, the UK government has committed £1bn to the semiconductor sector – but can it ever compete with the US and China? The potential of 5G networking could transform manufacturing – we examine the implications. And we talk to the global CIO at cloud storage provider Box about plans to incorporate AI and machine learning. Read the issue now. Continue Reading
-
Feature
29 May 2023
Driving secure-by-design principles
Errors can and will occur in code – the key is to minimise the impact and ensure you streamline remediation Continue Reading
-
Opinion
26 May 2023
Security Think Tank: Why “secure coding” is neither
Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle Continue Reading
-
E-Zine
23 May 2023
How to secure your software supply chain
In this week’s Computer Weekly, our latest buyer’s guide looks at secure coding, and kicks off by examining the challenges of securing your software supply chain. Cyber law enforcement leaders are calling on firms to end the secrecy around ransomware attacks. And we find out how facial recognition technology is being adopted by retailers. Read the issue now. Continue Reading
-
22 May 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains. Continue Reading
-
19 May 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading
-
E-Zine
19 May 2023
CW APAC: Expert advice on security and threat intelligence
Organisations are all too aware of the importance of cyber defence. In this handbook, focused on security and threat intelligence in the Asia-Pacific region, Computer Weekly looks at the software supply chain, Mimecast’s email security, Australian data breaches and Singapore’s threat intelligence. Continue Reading
-
News
17 May 2023
Pentera ups ante in penetration testing
The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform Continue Reading
-
Podcast
16 May 2023
Code experiments: A Computer Weekly Downtime Upload podcast
We speak to GoDaddy CTO Charles Beadnall about how to prove an IT project works as intended Continue Reading
-
Opinion
15 May 2023
Security Think Tank: To secure code effectively, verify at every step
Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham Continue Reading
-
News
15 May 2023
MS macro-blocking has forced cyber criminals to innovate
One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate Continue Reading
-
Opinion
12 May 2023
What secure coding practices mean to modern cyber security
Joseph Foote of PA Consulting explores how we know the services we use most are protected, what we mean when we say 'secure coding practices', and what happens when secure coding practices are not followed? Continue Reading
-
News
10 May 2023
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft Continue Reading
-
News
04 May 2023
Inside BlackBerry’s cyber security playbook
BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises Continue Reading
-
News
03 May 2023
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading
-
News
03 May 2023
TikTok fixes vulnerability that could have exposed user activity data
A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed Continue Reading
-
News
03 May 2023
Mystery Apple security update sparks speculation
Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed Continue Reading
-
News
27 Apr 2023
Tenable opens playground for generative AI cyber tools
A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with Continue Reading
-
News
21 Apr 2023
Prototype cyber tech has revolutionary potential
The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies Continue Reading
-
News
20 Apr 2023
3CX incident may be world’s first double supply chain attack
It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise Continue Reading
-
News
19 Apr 2023
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading
-
News
19 Apr 2023
How organisations can succeed with zero trust
By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading
-
News
18 Apr 2023
Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms
The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens Continue Reading
-
News
18 Apr 2023
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading
-
Feature
14 Apr 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading
-
News
13 Apr 2023
Thousands at risk from critical RCE bug in legacy MS service
Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running Continue Reading
-
News
12 Apr 2023
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading
-
News
03 Apr 2023
CIO interview: Carter Busse, CIO, Workato
Workato CIO Carter Busse talks up the company’s approach towards automation and its efforts to drive the technology across its business Continue Reading
-
News
30 Mar 2023
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework Continue Reading
-
News
30 Mar 2023
3CX unified comms users hit by supply chain attacks
Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors Continue Reading
-
News
28 Mar 2023
Apple security updates fix 33 iPhone vulnerabilities
A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels Continue Reading
-
News
27 Mar 2023
France latest to ban TikTok on government devices
Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices Continue Reading
-
News
21 Mar 2023
Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading
-
News
21 Mar 2023
How Mimecast thinks differently about email security
Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading
-
News
16 Mar 2023
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine
A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading
-
News
15 Mar 2023
Microsoft patches Outlook zero-day for March Patch Tuesday
A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading
-
News
14 Mar 2023
NCSC warns over AI language models but rejects cyber alarmism
The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic Continue Reading
-
Definition
08 Mar 2023
hackathon
A hackathon, also known as a codefest, is a social coding event that brings computer programmers and other interested people together to improve upon or build a new software program. Continue Reading
-
News
07 Mar 2023
Dutch hospitals underestimate impact of cyber attack
IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading
-
News
27 Feb 2023
Advanced digital resiliency can save organisations millions
Businesses that build out their digital resiliency are not only more secure, they also have more opportunities to innovate with IT Continue Reading
-
News
22 Feb 2023
Researchers find new bug ‘class’ in Apple devices
A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading
-
News
15 Feb 2023
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
05 Feb 2023
Australian organisations underinvesting in cyber security
Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches Continue Reading
-
News
03 Feb 2023
LockBit gang confirms Ion cyber attack as disruption continues
The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February Continue Reading
-
News
01 Feb 2023
Cisco fixes two bugs that could have led to supply chain attacks on users
Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them Continue Reading
-
News
31 Jan 2023
GitHub warns Desktop, Atom users after code-signing certificates pinched
Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading
-
News
26 Jan 2023
Zero-trust implementations remain work in progress
Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading
-
News
23 Jan 2023
Trellix automates patching for 62,000 vulnerable open source projects
Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
-
News
12 Jan 2023
Chrome vulnerability could have led to widespread data theft
A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen Continue Reading
-
Opinion
12 Jan 2023
Europe’s cyber security strategy must be clear about open source
Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
-
News
11 Jan 2023
Microsoft fixes EoP zero-day on January Patch Tuesday
On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading
-
News
05 Jan 2023
Cashless Denmark has no bank robberies in a year for first time
Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase Continue Reading