Application security and coding requirements

Microsoft to start blocking macros to thwart malware

Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security Continue Reading

The Security Interviews: Building the UK’s future cyber ecosystem

As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading

Security's Buoyancy Aid - Keeping Your Head Above Murky Cyber Waters With Swimlane

Towards the end of last year, I spoke about a vendor, Swimlane, who appeared to be getting the concept of automation and orchestration absolutely on the money – and in the area where it is most ... Continue Reading

What neurodivergent people really think of working in cyber security

Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading

Check Point buys Spectral to safeguard cloud development

Check Point’s latest acquisition of Israel-based startup Spectral expands its developer-centric security toolset Continue Reading

Nightmare Log4Shell scenario averted by prompt, professional action

Prompt and professional community response to the Log4Shell disclosure means the dangerous and widespread vulnerability has not been exploited to the extent many had feared Continue Reading

PwnKit bug endangers Linux distributions worldwide

Qualys researchers share intel on a memory corruption vulnerability in a program installed by default on every major Linux distribution Continue Reading

MoonBounce firmware bootkit shows advances in malicious implants

MoonBounce firmware bootkit shows evident technical improvements over others, making it a more dangerous threat to organisations. It is being used by Chinese state-backed actors Continue Reading

Investigators find Beijing 2022 app riddled with security flaws

Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack Continue Reading

2022: Time to take algorithm-enhanced online abuse seriously

The algorithms used by dominant social media companies have compounded the risks to unsupervised children in their bedrooms by automating the processes predators use to find and groom potential ... Continue Reading

Top three questions about the Log4j vulnerability

Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability Continue Reading

Microsoft fixes six zero-days in January Patch Tuesday update

A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell Continue Reading

Almost half of Log4j downloads still dangerously exposed

Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j Continue Reading

Banks accused of neglecting customer security measures

Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes Continue Reading

Top 10 cyber security stories of 2021

Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do? Continue Reading

What is Log4Shell, and why are we panicking about it?

 Continue Reading

After Log4j, December Patch Tuesday piles on the pressure

December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue Continue Reading

Log4Shell: Why aren't we taking the security of the internet seriously?

To be caught out once may be an oversight, and lessons can be learned. But twice over a seven year timespan, shows a laissez faire attitude to the stability of the internet. In 2014, Heartbleed ... Continue Reading

Almost half of networks probed for Log4Shell weaknesses

Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug Continue Reading

What is Log4Shell, and why are we panicking about it?

It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it Continue Reading

UK and US to collaborate on privacy innovation contest

Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC Continue Reading

2021 another record-breaker for vulnerability disclosure

More than 50 CVEs were logged every day in 2021, more than at any time since records began, while ethical hackers continue to prove their value Continue Reading

Security Think Tank: In the cloud, anti-human approaches set us up to fail

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading

HP patches bugs in over 150 printer models

More than 150 HP multifunction printers are at risk of compromise through a series of newly disclosed vulnerabilities, one of them wormable Continue Reading

Apple sues under-fire malware firm NSO

Lawsuit alleges spyware firm NSO Group targeted Apple’s users, adding to the pressure on the under-fire company Continue Reading

Security startups line up on Cyber Runway

Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator Continue Reading

Zero-days: The next element of the service-based cyber economy?

Digital Shadows researchers have reported on the emergence of zero-days as a service, which could be the next big thing in the cyber criminal underworld Continue Reading

November Patch Tuesday drop fixes bugs in Excel, Exchange Server

Another relatively light Patch Tuesday drop from Microsoft addresses 55 vulnerabilities, two of them already being exploited Continue Reading

How cosmetics retailer Lush made over its approach to authentication

Evolving approaches to IT at cosmetics retailer Lush meant the organisation’s previous approach to authentication was no longer up to scratch. Find out how it overcame this hurdle Continue Reading

The Netherlands works on resilience with large-scale national cyber exercise

For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care Continue Reading

A For Automation

You might think that 3+ decades into the life of dedicated IT security products that said security landscape would be clearly defined and managed. In reality, it is anything but. The problem is not ... Continue Reading

Businesses and governments urged to take action over Trojan Source supply chain attacks

Businesses and governments have been put on alert to guard against Trojan Source hacking attacks Continue Reading

Changing the rules against cyber attacks

UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing Continue Reading

Lacework expands into ANZ, eyes APAC market

DevSecOps supplier Lacework’s expansion into Australia and New Zealand will pave the way for a broader move into the Asia-Pacific region Continue Reading

No easy fix for vulnerability exploitation, so be prepared

Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this Continue Reading

Doing the right thing: How CISOs should approach responsible disclosure

Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure Continue Reading

Microsoft warns of MysterySnail on October Patch Tuesday

Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets Continue Reading

Craft beer specialist Brewdog fixes serious app vulnerability

Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers Continue Reading

Security Think Tank: Responsible vulnerability disclosure is a joint effort

By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity Continue Reading

New strategies needed to close the cyber security skills gap

Teaching cyber security in schools is a long-term solution to a present-day problem Continue Reading

New Python-based ransomware attacks unfold in record time

Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs Continue Reading

Team leaders urged to address developer mental health

The pandemic led to many developers working from home, and many have experienced burnout Continue Reading

The Security Interviews: How SolarWinds came through its darkest hour

In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario Continue Reading

How one red team exercise averted a new SolarWinds-style attack

Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack Continue Reading

Threat actors target VMware vCenter Server users

Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste Continue Reading

Please protect us from our own stupidity

It seems like the simplest thing. Compose an email message and then CC colleagues. But,due to a Ministry of Defence blunder,  this simple action, built into pretty much every piece of email client ... Continue Reading

Dutch education administrators underestimate threat of cyber crime

Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks Continue Reading

Microsoft patches 66 vulnerabilities in September update

Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga Continue Reading

Apple patches ForcedEntry vulnerability used by spyware firm NSO

Apple patches ForcedEntry vulnerability that was used to target political activists with spyware Continue Reading

Latest Microsoft zero-day being actively exploited

New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks Continue Reading

Bridging the gender gap in cyber security

Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap Continue Reading

OT security in APAC remains work in progress

Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges Continue Reading

GovTech launches vulnerability rewards programme

Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems Continue Reading

How the cyber security market is evolving

The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading

13 million malware attacks on Linux seen in wild

Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services Continue Reading

Half of MS Exchange servers at risk in ProxyShell debacle

Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading

Considerations when deciding on a new SIEM or SOAR tool

A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading

How Australia’s Octopus Deploy is simplifying DevOps

Brisbane-based startup Octopus Deploy recently secured $172.5m in venture funding to advance its goal of simplifying software deployments for DevOps teams Continue Reading

MoD seeks security tech to harden military systems

The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks Continue Reading

Security Think Tank: Building privacy-preserving apps and platforms

ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading

How to choose between SIEM and SOAR

In this week’s Computer Weekly, our buyer’s guide examines the use of SIEM and SOAR to improve IT security, and asks which you should use, and when? We look at what you need to know about NVMe over Fabrics, the emerging storage networking technology. And we find out how Oracle customers are introducing its Fusion Cloud suite. Read the issue now. Continue Reading

Cyber Runway programme supports new security businesses

The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading

Hospitals see cyber security investment as a low priority

Almost half of hospitals have experienced an IT shutdown as a result of a cyber attack in the past six months, but just over one in 10 hospital executives see cyber security investment as a high priority Continue Reading

The Netherlands still lacks digital resilience, says report

Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient Continue Reading

SAP customers more alert to internal than external threats

SAP customers are more concerned by insider threats than by external attacks, according to a report. And yet the average SAP customer has around 2,500 vulnerabilities within their customised SAP code Continue Reading

Cloud misconfiguration a growing cause of security incidents

Rapid cloud adoption during the pandemic has increased the attack surface and heightened the risk of misconfiguring services, leaving organisations more vulnerable to cyber attacks Continue Reading

Initial access brokers unaffected by ransomware content bans

Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021 Continue Reading

UK MoD turns to hackers to help secure digital assets

Hackers given direct access to internal Ministry of Defence systems to identify and report security vulnerabilities Continue Reading

Technical hiccups force Babuk ransomware gang to change tactics

The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee Continue Reading

TikTok sets up cyber security hub in Dublin

Dublin-based cyber centre will oversee the security of TikTok’s users across Europe Continue Reading

How IBM is solving the data privacy problem

IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy Continue Reading

Malicious actors turn to obscure programming languages

Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences Continue Reading

Government-led innovation can help cyber startups find a market

There are many reasons why early-stage cyber startups often struggle to get off the ground, but government-backed programmes can help them find a path Continue Reading

Five ways to ensure remote working security and compliance

A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading

Tips to minimise vulnerabilities in web and mobile apps

Agile software development can sometimes be at odds with secure by design principles. We look at how organisations are balancing security with coding Continue Reading

Legacy SonicWall kit exploited in ransom campaign

Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign Continue Reading

Multiple Microsoft bugs being actively exploited

Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited Continue Reading

Modipwn vulnerability puts millions of building systems at risk

Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover Continue Reading

PrintNightmare haunts Microsoft as patch may miss mark

Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading

Opportunists seen targeting Kaseya REvil victims

Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident Continue Reading

Security Think Tank: As offices reopen, address patching and ‘build drift’

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Toughening up web and mobile apps

We look at how organisations can secure internal and web-facing applications against ransomware and injection-style attacks Continue Reading

Should I be worried about PrintNightmare?

The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading

Cyber attackers up the ante on embattled IT teams

Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading

Nominations open for 2021 Security Serious Unsung Heroes Awards

Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators Continue Reading

AWS launches bug-busting programme for developers

Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console Continue Reading

How containerisation helps VW develop car software

Volkswagen’s R&D centre is working with Red Hat to use containerisation to improve how it develops and tests software for the control systems in cars Continue Reading

NHS App reaches six million users, thanks to Covid vaccine feature

More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status Continue Reading

Lorca Ignite programme targets breakout cyber talent

Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme Continue Reading

Why agility is the key to secure software

Continuous delivery of software product releases demands continuous security. Businesses and regulators are right to wonder whether organisations are valuing cyber security by the design of their products Continue Reading

Microsoft fixes seven zero-days on its Patch Tuesday rounds

Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update Continue Reading

The rise and rise of supply chain attacks

Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading

Norway’s auditor general lifts lid on energy industry’s cyber security risks

Auditor General’s Office questions the security posture of Norway’s energy industry Continue Reading

Pandemic a ‘once-in-a-lifetime’ chance to reshape security

The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up Continue Reading

Dutch researchers build security software to mimic human immune system

Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading

Lack of developer attention to cloud security prompts alerts

The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations Continue Reading

Okta and Auth0 to expand APAC coverage

Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic Continue Reading

Publishing exploit code does more harm than good, says report

Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading

Microsoft fixes four critical bugs on lighter Patch Tuesday

Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away Continue Reading

Collaboration key to success of UK’s Cyber Security Council

The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading