Application security and coding requirements

Find and fix your Adobe Flash dependencies, says NCSC

As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies Continue Reading

GitHub makes code vulnerability scanning feature public

Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage Continue Reading

NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading

TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading

Race to patch as Microsoft confirms Zerologon attacks in the wild

Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading

Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading

Big questions to be answered over TikTok and WeChat reprieve

TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

Retailers urged to get to grips with Magento as attacks spike

A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento Continue Reading

Lorca security scaleups to get Splunk data expertise

Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading

Risky development practice leaves company access keys exposed

Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading

TikTok-Oracle partnership moves forward for consideration

Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China Continue Reading

Microsoft drops out of TikTok talks, paves way for Oracle partnership

Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Lorca security scaleups hit funding milestone

£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target Continue Reading

September’s Patch Tuesday heavy on RCE vulnerabilities

Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues Continue Reading

Why predictive threat intelligence is key

Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading

Northumbria University suffers major disruption after cyber attack

Some exams cancelled as university appoints external specialists to investigate incident Continue Reading

Security Think Tank: Security at the distributed edge

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

TikTok takes Trump to court

Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US Continue Reading

Reports Oracle to enter TikTok bidding war

Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT Continue Reading

Microsoft patches two zero-days with active exploits

Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals Continue Reading

Citrix users urged to patch five XenMobile CVEs

Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible Continue Reading

Don’t believe the hype: AI is no silver bullet

We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check Continue Reading

Qualcomm chip vulnerability puts millions of phones at risk

Qualcomm has patched multiple vulnerabilities in its chip hardware that left hundreds of millions of smartphones open to compromise by malicious actors Continue Reading

New foundation to bolster security of open source software

The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading

Microsoft offers way out of TikTok impasse

Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US Continue Reading

Labour Party is latest victim of Blackbaud ransomware attack

Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading

Businesses underestimate negative impact of bot traffic

Research from Netacea finds that although awareness of malicious bot activity is high, many are underestimating its true impact Continue Reading

Coronavirus shines spotlight on cyber security

Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading

Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update

The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update Continue Reading

Check Point unearths critical SigRed bug in Windows DNS

SigRed vulnerability is highly dangerous, but is being fixed as part of the July 2020 Patch Tuesday update Continue Reading

Recon vulnerability puts thousands of SAP customers at risk

Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems Continue Reading

Australian enterprises facing more cyber attacks

The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading

Zoom zero-day a reminder to stop using Windows 7

Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems Continue Reading

More Joker malware apps chucked off Google Play Store

Infamous Joker billing fraud malware continues to sneak past Google’s security controls Continue Reading

Security Think Tank: The past and future of security automation

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

Security funding soars despite Covid-19 slump, but problems lie ahead

The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going Continue Reading

Cyber4Summer scheme to divert young people from cyber crime

Cyber4Summer platform will offer 100 different tracks covering a range of security skills to divert them from falling into a life of cyber crime Continue Reading

Security Think Tank: Balancing human oversight with AI autonomy

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

Lorca scale-ups bring diverse security to the fore

London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort Continue Reading

North Korea behind spate of Magecart attacks

The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec Continue Reading

Security Think Tank: SIEM and AI – a match made in heaven?

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

Security Think Tank: Artificial intelligence will be no silver bullet for security

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

Security Think Tank: AI cyber attacks will be a step-change for criminals

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

UK’s unsung cyber security heroes sought

Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards Continue Reading

Zoom making progress on cyber security and privacy, says CEO

Three months after being hit by a spate of security incidents, Zoom’s CEO, Eric Yuan, has been discussing progress towards a more secure product Continue Reading

Mysterious EvilQuest macOS ransomware spreads through torrents

A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly Continue Reading

Security Think Tank: Get your house in order before deploying AI

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

FakeSpy Android malware targets Royal Mail app users

The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous Continue Reading

Security Think Tank: ‘Shift left’ to secure containers

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

Pub ‘check-in’ apps provoke fresh privacy concerns

With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened Continue Reading

Security Think Tank: Securing containers needn’t be taxing

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

How to apply zero-trust models to container security

Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them? Continue Reading

Neurodiversity on the rise among career hackers

More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd Continue Reading

Flash-based MacOS malware hides in plain sight

By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences Continue Reading

Cisco patches dangerous Webex vulnerability

CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service Continue Reading

Coronavirus: Cyber security spend to slow in 2020

Analysts revise down previous growth targets for security technology as the Covid-19 pandemic bites Continue Reading

Activists call on Zoom to implement encryption for all

A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users Continue Reading

Accessories store Claire’s hit by Magecart credit card fraudsters

Attackers gained access to retailer’s website as long ago as March Continue Reading

Coronavirus: Enterprise VPN adoption in India set to rise

Advancement in cloud technologies and secured remote access to applications will significantly contribute to the overall growth of India’s VPN market, says GlobalData Continue Reading

CISOs buying into unified security proposition

The time is right for all-in-one security solutions, according to a report Continue Reading

Security Think Tank: Container security starts with good DevOps practice

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

Government to fund nine advanced security projects

Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets Continue Reading

Decade-old vulnerability among 129 Patch Tuesday fixes

A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks Continue Reading

Virtual GP practice accidentally exposes patient video calls

A small number of users of Babylon’s GP at Hand service were briefly able to view other patients’ video GP consultations thanks to a bug in a new software feature Continue Reading

How Australian firms can defend against supply chain attacks

Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm Continue Reading

Poorly-secured AWS buckets used to launch Magecart attacks

Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data Continue Reading

What it takes to get DevSecOps right

DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools Continue Reading

Police chiefs working with Public Health England on contact-tracing security

Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme Continue Reading

The Security Interviews: How the BSI protects the IoT from itself

David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely Continue Reading

Security Think Tank: Four steps to container security best practice

Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading

Privacy campaigners call for radical changes to contact-tracing app

Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether Continue Reading

The impact of spycraft on how we secure our data

The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed Continue Reading

Public Health England to keep contact-tracing data for 20 years

PHE will retain the data it collects via the NHS Test and Trace programme for 20 years Continue Reading

Enterprise clouds hammered by cyber attacks during pandemic

Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee Continue Reading

Fears contact-tracing app will open the floodgates for cyber criminals

Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government Continue Reading

StrandHogg mobile vulnerability has evil twin

Variant of the dangerous StrandHogg vulnerability affecting Android phones could allow hackers to access almost all apps on a target device Continue Reading

Cancelled NCSC CyberUK event gets green light for 2021

The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales Continue Reading

DevOps improve code quality, but security must happen sooner

GitLab survey finds developers are adopting DevOps to improve code quality, but more needs to be done on secure coding Continue Reading

Harman seeks to bring private member’s bill over contact tracing

Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary Continue Reading

Venafi buys cloud protection service Jetstack

Jetstack specialises in open source machine identity protection software for Kubernetes and cloud native ecosystems Continue Reading

UK’s contact-tracing app targeted by scammers

Even though it is only operational on the Isle of Wight as a beta test, the UK government’s coronavirus contact-tracing app has already attracted the attention of cyber criminals Continue Reading

Report reveals inadequate cyber security at Schiphol Airport

A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport Continue Reading

Microsoft fixes 16 critical vulnerabilities on Patch Tuesday

The trend towards mammoth Patch Tuesdays continues as Microsoft fixes 111 vulnerabilities Continue Reading

Draft Covid-19 contact tracing legislation proposes formal oversight

Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app Continue Reading

What are the security priorities for the post-coronavirus world?

The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising? Continue Reading

Zoom buys secure messaging service Keybase

Unified comms platform Zoom says the acquisition of Keybase will finally let it bring end-to-end encryption to the table Continue Reading

Contact-tracing app fails to protect privacy and human rights

Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee Continue Reading

Next round of Zoom updates targets consumer security

Casual consumer users of Zoom will get additional protections in an update to be released over the long weekend Continue Reading

Re-purposing data and questionable effectiveness could undermine trust in NHS contact-tracing app

Experts call for greater clarity over how contact-tracing data will be used, while discussing the limitations of the coronavirus app Continue Reading

Contact tracing: The privacy vs protection debate

The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far? Continue Reading

Xen Orchestra latest victim of Salt cryptojackers

More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward Continue Reading

Blogging platform Ghost hacked through Salt vulnerability

Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability Continue Reading

IT Priorities 2020: Compliance and risk are top security concerns

When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study Continue Reading

Mobile banking customers at risk from new EventBot trojan

Customers of Barclays, HSBC, Santander and many other banks should be alert to a dangerous new trojan Continue Reading

Under the spotlight, video apps rush to strengthen security

Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement Continue Reading

The Security Interviews: Can AV go from dodgy scareware to cyber hero?

Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing Continue Reading