Application security and coding requirements

Reddit enlists HackerOne to run public bug bounty programme

Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading

Ransomware, supply chain attacks show no sign of abating

Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors Continue Reading

Recruiters can’t afford to hold out for cyber ‘unicorns’

The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading

Apple OS updates patch multiple security holes

The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible Continue Reading

North London school wins NCSC girls’ cyber challenge

Highgate School in North London is the winner of this year’s CyberFirst Girls security competition Continue Reading

The Security Interviews: Making sense of outbound email security

Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this Continue Reading

Automation, zero-trust, API-based security priorities for EMEA CISOs

Report by FireMon sheds light on buyer behaviour across the EMEA region Continue Reading

Security Think Tank: Security culture must underpin vaccine passports

What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Health app myGP adds Covid-19 vaccine passport function

The new feature is described as the UK’s first NHS-assured Covid-19 certification feature Continue Reading

UK’s proposed IoT cyber security law gathers momentum

New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security Continue Reading

Codecov supply chain attack has echoes of SolarWinds

Supply chain attack on code auditing service may have compromised the likes of HPE and IBM Continue Reading

Shop and go – will Amazon’s cashless ‘just walk out’ store work?

In this week’s Computer Weekly, Amazon has opened its first ‘just walk out’ grocery store in the UK, but is it the right time to hit the high street? We examine the human and technical issues around email security. And we analyse Microsoft’s $19bn purchase of voice recognition supplier Nuance. Read the issue now. Continue Reading

Finnish government strengthens country’s IT network security

Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading

FBI accesses ProxyLogon target servers to disrupt cyber criminals

US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation Continue Reading

NSA unearths more MS Exchange vulnerabilities

Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency Continue Reading

Security Think Tank: Vaccine passports must be secure by design

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Millions of devices at risk from NAME:WRECK DNS bugs

Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk Continue Reading

Executive interview: Unleashing blockchain’s potential

Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology Continue Reading

Unpatched SAP applications are target-rich ground for hackers

Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Four in five UK businesses seek new security suppliers

Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves Continue Reading

Microsoft releases one-click ProxyLogon mitigation tool

Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers Continue Reading

Government calls for input into Covid-19 vaccine passports

Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme Continue Reading

Microsoft Exchange ProxyLogon attacks spike 10 times in four days

Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days Continue Reading

NCSC issues emergency alert on Microsoft Exchange patch

UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately Continue Reading

DearCry ransomware targets vulnerable Exchange servers

As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority Continue Reading

Norwegian government falls victim to Microsoft attacks

Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers Continue Reading

Patch Tuesday overshadowed by Microsoft Exchange attacks

Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks Continue Reading

Williams F1 car launch disrupted by data leak

Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack Continue Reading

Dealing with the challenge of beg bounties

The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, and how does it differ from a bug bounty? Continue Reading

Singapore Airlines the latest victim of supply chain attack

A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system Continue Reading

Microsoft Exchange CVEs more widely exploited than thought

US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer Continue Reading

Emergency patch addresses MS Exchange Server zero-days

Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server Continue Reading

Patching: Balancing technical requirements with business considerations

With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented. Continue Reading

Essential guide to operation-centric security

To stay ahead of cyber attackers, IT security teams need to take an operation-centric approach, to offer a real-time picture of activity across their estate. Continue Reading

Making sense of the UK Cybersecurity Sector

The UK cybersecurity industry is heavily concentrated. Only 150 suppliers, employing 2/3rd of the work force are large enough to provide realistic in-house work experience for trainees/apprentices. ... Continue Reading

Transport for NSW hit by Accellion breach

Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system Continue Reading

Vaccine passports prove an ethical minefield

Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading

Is Clubhouse safe, and should CISOs stop its use?

With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading

2020 a record year for cyber, thanks to Covid

The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy Continue Reading

Fingerprints will help payment cards retain relevance

Biometric payment cards using fingerprint technology could add billions to global banking revenues, says UBS Continue Reading

RDP, SSH exposures off the charts thanks to remote working

The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report Continue Reading

NCSC recognises UK’s top cyber schools

National Cyber Security Centre CyberFirst Schools initiative has handed out 14 gold, silver and bronze awards recognising excellence in cyber security teaching Continue Reading

Low-complexity CVEs a growing concern

Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments Continue Reading

Singtel falls prey to supply chain attack

The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack Continue Reading

Windows 10, Server 2019 users must patch serious zero-day

Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update Continue Reading

Google Chrome update to patch serious zero-day

A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible Continue Reading

SolarWinds chases multiple leads in breach investigation

Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised Continue Reading

SolarWinds patches two critical CVEs in Orion platform

New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet Continue Reading

Emergency Apple updates patch exploited zero-days

Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately Continue Reading

Malwarebytes also hit by SolarWinds attackers

The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals Continue Reading

Security Think Tank: It’s time to secure the collaboration revolution

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hotcakes? Continue Reading

NCSC CyberFirst Girls 2021 contest kicks off

UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic Continue Reading

APAC firms grapple with cyber security amid pandemic

Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work Continue Reading

Critical zero-day features in first Patch Tuesday of 2021

Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender Continue Reading

Palo Alto Networks opens Australia cloud location

The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services Continue Reading

Mimecast latest security firm to be compromised

Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident Continue Reading

Early stage UK security startups face funding crisis

Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away Continue Reading

New SolarWinds CEO sets out rescue plan

Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community Continue Reading

Kaspersky claims link between Solorigate and Kazuar backdoors

Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship Continue Reading

New Zealand central bank IT system breached in cyber attack

Bank is responding to a cyber attack after hackers breached the system of a third-party supplier Continue Reading

Which? online banking investigation reveals ‘worrying gaps’ in security

Consumer rights organisation has ranked the security of UK online current account providers Continue Reading

Security Think Tank: Cyber effectiveness, efficiency key in 2021

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Top 10 cyber crime stories of 2020

Here are Computer Weekly’s top 10 cyber crime stories of 2020 Continue Reading

Security Long Reads: Cyber insiders reveal what’s to come in 2021

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading

Top 10 cyber security stories of 2020

Here are Computer Weekly’s 10 top cyber security stories of 2020 Continue Reading

Patching: Balancing technical requirements with business considerations

With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented Continue Reading

Finnish government tables laws to protect data from cyber criminals

Government is strengthening its legal framework to protect data from hackers in the wake of a massive breach at a psychotherapy centre Continue Reading

Dodgy browser extensions put social media users at risk

More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast Continue Reading

FireEye and partners release SolarWinds kill-switch

A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue Continue Reading

How security will be different after Covid-19

In this week’s Computer Weekly, the world of cyber security will probably never return to its pre-pandemic state – we look ahead. The combination of remote working and streaming video is putting extra strain on networks. And we look at how digital transformation is changing the way contact centres are run. Read the issue now. Continue Reading

Disputed PostgreSQL bug exploited in cryptomining botnet

PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL Continue Reading

Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users Continue Reading

Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance Continue Reading

Russian state actors exploiting VMware bug to hijack data, users warned

Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings Continue Reading

Grindr and others patch critical Android bug

Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability Continue Reading

Avast and Borsetta to support Intel’s AI security project

Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project Continue Reading

Lax Android app developers putting millions of users at risk

Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk Continue Reading

Singapore government remains ‘juicy target’ for cyber attackers

The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats Continue Reading

APAC plagued by APT, ransomware attacks

The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020 Continue Reading

Belgian security researcher hacks Tesla with Raspberry Pi

Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard Continue Reading

How Covid-19 has accelerated tech innovation in the NHS

Of all the terrible things that Covid is, what it has done is accelerate the digital journey. In this issue of Computer Weekly, we look at the track and trace app, which was redeveloped and enhanced at breakneck speed, and explore how the pandemic has accelerated the roll-out of new technology such as artificial intelligence and video conferencing tools at NHS trusts. We also present some research into how Covid has affected IT spending. Read the issue now. Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

CW APAC: Expert advice on zero-trust security

Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading

How Mastercard is taking digital payments into a new era

In this week’s Computer Weekly, we talk to Mastercard about how the credit card giant is using new technologies to take digital payments into a new era. After months of unprecedented uncertainty, we ask CIOs how they are planning for the next 12 months. And we examine how the growth in remote working will affect IT salaries. Read the issue now. Continue Reading

Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates

November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of Continue Reading

IT Priorities 2020: After Covid-19, security goes back to basics

This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals Continue Reading

Microsoft to support next generation of security startups

Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups Continue Reading

Trump supporters targeted by cryptocurrency scammers

The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime Continue Reading

Barracuda eyes Indochina markets

Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos Continue Reading

NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading

Trump and Biden campaign apps easy targets for cyber criminals

You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it Continue Reading

Microsoft fixes 87 bugs in October 2020 Patch Tuesday

Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019 Continue Reading

Suppliers neglecting virtual appliance security, putting users at risk

Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report Continue Reading

Five Eyes spy group again demands access to private messages

Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading

Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

Magecart strikes website of school payments service Wisepay

Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

MosaicRegressor APT campaign using rare malware variant

Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware Continue Reading