Application security and coding requirements
-
E-Zine
18 Mar 2025
UK under-prepared for catastrophic cyber attack
In this week’s Computer Weekly, MPs have been told the UK is under-prepared to cope with a catastrophic cyber attack – we find out where the problems lie. Our new buyer’s guide assesses the challenges of datacentre capacity planning. And one of the UK’s most successful businessmen, Sir Martin Sorrell, gives his view on the risks and opportunities of AI. Read the issue now. Continue Reading
-
News
18 Mar 2025
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations Continue Reading
-
News
22 Apr 2022
How Adnovum is leveraging its Swiss roots
Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security Continue Reading
-
News
22 Apr 2022
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
-
News
21 Apr 2022
Zoom adds new round of cyber security enhancements
Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements Continue Reading
-
E-Zine
20 Apr 2022
CW APAC: Trend Watch: Cyber security
Protection from malicious actors has become a critical consideration for organisations in recent years. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at how to minimise edge security risks, India’s rise in cyber security revenues, Check Point’s sales force and partner ecosystem processes, and Trellix’s decision to democratise XDR access Continue Reading
-
News
20 Apr 2022
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation Continue Reading
-
News
20 Apr 2022
NSO Group faces court action after Pegasus spyware used against targets in UK
Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading
-
News
13 Apr 2022
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
-
News
11 Apr 2022
Singapore to start licensing cyber security service providers
Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards Continue Reading
-
News
11 Apr 2022
Open source CMS platform Directus patches XSS bug
A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data Continue Reading
-
Blog Post
11 Apr 2022
Just How Secure Are You?
Back in the autumn of last year, I talked about a vendor – Bugcrowd – that doesn’t simply rely on AI and ML within a microchip, but actually uses real flesh and bone people (AKA ethical hackers) to ... Continue Reading
-
News
08 Apr 2022
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better Continue Reading
-
News
06 Apr 2022
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions Continue Reading
-
News
06 Apr 2022
Denonia malware may be first to target AWS Lambda
The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind Continue Reading
-
News
01 Apr 2022
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild Continue Reading
-
News
31 Mar 2022
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it? Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
24 Mar 2022
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading
-
News
17 Mar 2022
Kaspersky CEO: Ukraine war must end through diplomacy
Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting Continue Reading
-
News
17 Mar 2022
FCSA takes steps to help umbrella company members protect themselves better from cyber attacks
After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better Continue Reading
-
News
16 Mar 2022
Kubernetes vulnerability underscores repeated security warnings
The disclosure of a new vulnerability in an important container runtime engine that underpins Kubernetes has drawn fresh warnings to pay attention to securing Kubernetes environments Continue Reading
-
News
10 Mar 2022
Tech brands sign on to HackerOne responsible security drive
Tech companies sign HackerOne’s new corporate security responsibility pledge to bring cyber out of the shadows and promote effective, secure development practices Continue Reading
-
News
09 Mar 2022
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders Continue Reading
-
Definition
08 Mar 2022
security identifier (SID)
In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate. Continue Reading
-
Feature
08 Mar 2022
How APAC organisations can mitigate edge security threats
The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks Continue Reading
-
Opinion
07 Mar 2022
When to pull the plug on an ecommerce site
Distributed denial of service and other attacks on websites have the potential to leak personally identifiable information Continue Reading
-
News
03 Mar 2022
Nato Cyber Security unit tests post-quantum VPN
Nato’s Cyber Security Centre has successfully tested secure communication flows in a post-quantum world using a UK-designed VPN Continue Reading
-
Blog Post
26 Feb 2022
Time to act on "Authorised Payment" Fraud
In 2014 a working group hosted by the DPA (Digital Policy Alliance) working with faster payment data from six banks established that 75% of fraudulent payments could have been stopped in real time ... Continue Reading
-
Opinion
24 Feb 2022
The UK’s cyber security sector is thriving, but our work has only just begun
The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading
-
News
23 Feb 2022
Salesforce pays out over £2m in bug bounties
Salesforce says it received more than 4,000 vulnerability reports in 2021 alone as it delivers a rare public update on its bug bounty programme Continue Reading
-
News
23 Feb 2022
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region Continue Reading
-
News
16 Feb 2022
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading
-
News
11 Feb 2022
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading
-
News
09 Feb 2022
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day Continue Reading
-
News
08 Feb 2022
DPD delivers swift fix for serious API flaw
API vulnerability potentially left PII on DPD Group’s customers dangerously exposed, but was rapidly fixed on disclosure Continue Reading
-
News
08 Feb 2022
Microsoft to start blocking macros to thwart malware
Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security Continue Reading
-
News
08 Feb 2022
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading
-
Blog Post
07 Feb 2022
Security's Buoyancy Aid - Keeping Your Head Above Murky Cyber Waters With Swimlane
Towards the end of last year, I spoke about a vendor, Swimlane, who appeared to be getting the concept of automation and orchestration absolutely on the money – and in the area where it is most ... Continue Reading
-
Feature
02 Feb 2022
What neurodivergent people really think of working in cyber security
Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading
-
News
01 Feb 2022
Check Point buys Spectral to safeguard cloud development
Check Point’s latest acquisition of Israel-based startup Spectral expands its developer-centric security toolset Continue Reading
-
News
27 Jan 2022
Nightmare Log4Shell scenario averted by prompt, professional action
Prompt and professional community response to the Log4Shell disclosure means the dangerous and widespread vulnerability has not been exploited to the extent many had feared Continue Reading
-
News
26 Jan 2022
PwnKit bug endangers Linux distributions worldwide
Qualys researchers share intel on a memory corruption vulnerability in a program installed by default on every major Linux distribution Continue Reading
-
Definition
25 Jan 2022
application security
Application security, or appsec, is the practice of using security software, hardware, techniques, best practices and procedures to protect computer applications from external security threats. Continue Reading
-
News
20 Jan 2022
MoonBounce firmware bootkit shows advances in malicious implants
MoonBounce firmware bootkit shows evident technical improvements over others, making it a more dangerous threat to organisations. It is being used by Chinese state-backed actors Continue Reading
-
News
19 Jan 2022
Investigators find Beijing 2022 app riddled with security flaws
Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack Continue Reading
-
Blog Post
19 Jan 2022
2022: Time to take algorithm-enhanced online abuse seriously
The algorithms used by dominant social media companies have compounded the risks to unsupervised children in their bedrooms by automating the processes predators use to find and groom potential ... Continue Reading
-
News
17 Jan 2022
Top three questions about the Log4j vulnerability
Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability Continue Reading
-
News
12 Jan 2022
Microsoft fixes six zero-days in January Patch Tuesday update
A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell Continue Reading
-
News
11 Jan 2022
Almost half of Log4j downloads still dangerously exposed
Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j Continue Reading
-
News
11 Jan 2022
Banks accused of neglecting customer security measures
Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes Continue Reading
-
News
23 Dec 2021
Top 10 cyber security stories of 2021
Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do? Continue Reading
- 20 Dec 2021
-
News
15 Dec 2021
After Log4j, December Patch Tuesday piles on the pressure
December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue Continue Reading
-
Blog Post
15 Dec 2021
Log4Shell: Why aren't we taking the security of the internet seriously?
To be caught out once may be an oversight, and lessons can be learned. But twice over a seven year timespan, shows a laissez faire attitude to the stability of the internet. In 2014, Heartbleed ... Continue Reading
-
News
14 Dec 2021
Almost half of networks probed for Log4Shell weaknesses
Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug Continue Reading
-
News
13 Dec 2021
What is Log4Shell, and why are we panicking about it?
It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it Continue Reading
-
News
09 Dec 2021
UK and US to collaborate on privacy innovation contest
Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC Continue Reading
-
News
08 Dec 2021
2021 another record-breaker for vulnerability disclosure
More than 50 CVEs were logged every day in 2021, more than at any time since records began, while ethical hackers continue to prove their value Continue Reading
-
Opinion
01 Dec 2021
Security Think Tank: In the cloud, anti-human approaches set us up to fail
Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
-
News
30 Nov 2021
HP patches bugs in over 150 printer models
More than 150 HP multifunction printers are at risk of compromise through a series of newly disclosed vulnerabilities, one of them wormable Continue Reading
-
News
24 Nov 2021
Apple sues under-fire malware firm NSO
Lawsuit alleges spyware firm NSO Group targeted Apple’s users, adding to the pressure on the under-fire company Continue Reading
-
News
17 Nov 2021
Security startups line up on Cyber Runway
Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator Continue Reading
-
News
17 Nov 2021
Zero-days: The next element of the service-based cyber economy?
Digital Shadows researchers have reported on the emergence of zero-days as a service, which could be the next big thing in the cyber criminal underworld Continue Reading
-
News
10 Nov 2021
November Patch Tuesday drop fixes bugs in Excel, Exchange Server
Another relatively light Patch Tuesday drop from Microsoft addresses 55 vulnerabilities, two of them already being exploited Continue Reading
-
News
08 Nov 2021
How cosmetics retailer Lush made over its approach to authentication
Evolving approaches to IT at cosmetics retailer Lush meant the organisation’s previous approach to authentication was no longer up to scratch. Find out how it overcame this hurdle Continue Reading
-
Definition
05 Nov 2021
cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
-
News
04 Nov 2021
The Netherlands works on resilience with large-scale national cyber exercise
For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care Continue Reading
-
Blog Post
04 Nov 2021
A For Automation
You might think that 3+ decades into the life of dedicated IT security products that said security landscape would be clearly defined and managed. In reality, it is anything but. The problem is not ... Continue Reading
-
News
01 Nov 2021
Businesses and governments urged to take action over Trojan Source supply chain attacks
Businesses and governments have been put on alert to guard against Trojan Source hacking attacks Continue Reading
-
Opinion
29 Oct 2021
Changing the rules against cyber attacks
UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing Continue Reading
-
News
26 Oct 2021
Lacework expands into ANZ, eyes APAC market
DevSecOps supplier Lacework’s expansion into Australia and New Zealand will pave the way for a broader move into the Asia-Pacific region Continue Reading
-
Opinion
18 Oct 2021
No easy fix for vulnerability exploitation, so be prepared
Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this Continue Reading
-
Opinion
15 Oct 2021
Doing the right thing: How CISOs should approach responsible disclosure
Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure Continue Reading
-
News
13 Oct 2021
Microsoft warns of MysterySnail on October Patch Tuesday
Microsoft has fixed a zero-day that is being actively exploited to deliver a new remote access trojan dubbed MysterySnail to targets Continue Reading
-
News
08 Oct 2021
Craft beer specialist Brewdog fixes serious app vulnerability
Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers Continue Reading
-
Opinion
06 Oct 2021
Security Think Tank: Responsible vulnerability disclosure is a joint effort
By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity Continue Reading
-
Opinion
05 Oct 2021
New strategies needed to close the cyber security skills gap
Teaching cyber security in schools is a long-term solution to a present-day problem Continue Reading
-
News
05 Oct 2021
New Python-based ransomware attacks unfold in record time
Sophos researchers detail a new variety of Python-based ransomware attack targeting VMware ESXi-hosted VMs Continue Reading
-
News
30 Sep 2021
Team leaders urged to address developer mental health
The pandemic led to many developers working from home, and many have experienced burnout Continue Reading
-
News
29 Sep 2021
The Security Interviews: How SolarWinds came through its darkest hour
In his first major UK press interview, SolarWinds CEO Sudhakar Ramakrishna tells Computer Weekly how a relentless focus on transparency saw the company safely through a nightmare cyber breach scenario Continue Reading
-
News
28 Sep 2021
How one red team exercise averted a new SolarWinds-style attack
Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack Continue Reading
-
News
23 Sep 2021
Threat actors target VMware vCenter Server users
Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste Continue Reading
-
Blog Post
22 Sep 2021
Please protect us from our own stupidity
It seems like the simplest thing. Compose an email message and then CC colleagues. But,due to a Ministry of Defence blunder, this simple action, built into pretty much every piece of email client ... Continue Reading
-
News
16 Sep 2021
Dutch education administrators underestimate threat of cyber crime
Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks Continue Reading
-
News
15 Sep 2021
Microsoft patches 66 vulnerabilities in September update
Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga Continue Reading
-
News
14 Sep 2021
Apple patches ForcedEntry vulnerability used by spyware firm NSO
Apple patches ForcedEntry vulnerability that was used to target political activists with spyware Continue Reading
-
News
09 Sep 2021
Latest Microsoft zero-day being actively exploited
New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks Continue Reading
-
Feature
08 Sep 2021
Bridging the gender gap in cyber security
Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap Continue Reading
-
News
07 Sep 2021
OT security in APAC remains work in progress
Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges Continue Reading
-
News
31 Aug 2021
GovTech launches vulnerability rewards programme
Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems Continue Reading
-
Opinion
27 Aug 2021
How the cyber security market is evolving
The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
-
News
24 Aug 2021
13 million malware attacks on Linux seen in wild
Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services Continue Reading
-
News
24 Aug 2021
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading
-
Feature
23 Aug 2021
Considerations when deciding on a new SIEM or SOAR tool
A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading
-
News
18 Aug 2021
How Australia’s Octopus Deploy is simplifying DevOps
Brisbane-based startup Octopus Deploy recently secured $172.5m in venture funding to advance its goal of simplifying software deployments for DevOps teams Continue Reading
-
News
18 Aug 2021
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks Continue Reading
-
News
17 Aug 2021
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading
-
E-Zine
17 Aug 2021
How to choose between SIEM and SOAR
In this week’s Computer Weekly, our buyer’s guide examines the use of SIEM and SOAR to improve IT security, and asks which you should use, and when? We look at what you need to know about NVMe over Fabrics, the emerging storage networking technology. And we find out how Oracle customers are introducing its Fusion Cloud suite. Read the issue now. Continue Reading
-
News
13 Aug 2021
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading
-
News
13 Aug 2021
Hospitals see cyber security investment as a low priority
Almost half of hospitals have experienced an IT shutdown as a result of a cyber attack in the past six months, but just over one in 10 hospital executives see cyber security investment as a high priority Continue Reading
-
News
11 Aug 2021
The Netherlands still lacks digital resilience, says report
Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient Continue Reading
