Application security and coding requirements

Internet Explorer zero day among 99 Patch Tuesday problems

After an eventful January Patch Tuesday that marked the end of support for Windows 7, the February 2020 update is another whopper, fixing close to 100 vulnerabilities Continue Reading

By

• Alex Scroxton, Security Editor

Inside the SOC: the nerve centre of security operations

Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel Continue Reading

By

• Aaron Tan, TechTarget

Mac-based security threats outpacing Windows

Security threats targeting Apple endpoints are growing more quickly than those targeting Windows machines, according to Malwarebytes Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Zero trust is complex, but has rich rewards

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

By

• Bhanu Jagasia

RobbinHood ransomware tricks Windows into deleting defences

By subverting kernel memory settings in Windows 7, Windows 8 and Windows 10, the RobbinHood ransomware can now delete cyber security defences from target systems Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: No trust in zero trust need not be a problem

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

By

• Silvano Sogus

Web app ubiquity gives cyber criminals new opportunities

The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading

By

• Alex Scroxton, Security Editor

NCSC launches study on cyber security diversity

The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading

By

• Alex Scroxton, Security Editor

UK cyber security sector worth more than £8bn

The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading

By

• Alex Scroxton, Security Editor

Government tightens law around IoT cyber security

New legislation developed by DCMS and the NCSC may help guarantee the security and privacy of users of consumer IoT devices Continue Reading

By

• Alex Scroxton, Security Editor

SANS Institute calls on Manchester security pros

Manchester will play host to a week-long cyber security training event during February Continue Reading

By

• Alex Scroxton, Security Editor

Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia

Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s computer password and sensitive details of its IT systems, on the internet Continue Reading

By

• Bill Goodwin, Computer Weekly

ICO code sets out digital privacy standards for children

The Information Commissioner’s Office has published its Age Appropriate Design Code, a set of 15 standards that online platforms must meet to protect the privacy of younger users Continue Reading

By

• Alex Scroxton, Security Editor

5G builders test vulnerabilities in Finnish hackathon

University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading

By

• Gerard O'Dwyer

Lorca announces new cohort of 20 security scaleups

20 scaleups will focus their attention on automation, zero trust and supply chain security Continue Reading

By

• Alex Scroxton, Security Editor

NSA Windows 10 security disclosure raises questions

In an unprecedented move, the NSA has got out in front of a critical cryptographic flaw in Windows 10, but in doing so has raised multiple questions Continue Reading

By

• Alex Scroxton, Security Editor

Threat landscape grew in complexity in 2019, no respite in sight

Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading

By

• Alex Scroxton, Security Editor

Researchers find cryptojacker hiding in Wav audio file

Victim network was compromised by obfuscated malware hiding a Monero cryptominer, lurking inside a Wav audio file Continue Reading

By

• Alex Scroxton, Security Editor

Turn the end of Windows 7 support into a security advantage

CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

TikTok video-sharing app left user data exposed

Check Point uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 cyber crime stories of 2019

Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 cyber security stories of 2019

Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading

By

• Alex Scroxton, Security Editor

Finnish government supports local authorities in cyber security initiative

The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading

By

• Gerard O'Dwyer

Group-IB CEO talks up global threat landscape

Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading

By

• Aaron Tan, TechTarget

Barco fixes ClickShare wireless flaw, but users still at risk

Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet Continue Reading

By

• Alex Scroxton, Security Editor

Alarm bells ring, the IoT is listening

With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts Continue Reading

By

• Alex Scroxton, Security Editor

Aviatrix VPN vulnerability left user endpoints wide open

Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: In-depth protection is a matter of basic hygiene

The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading

By

• Petra Wenham

Top Android apps at risk from StrandHogg vulnerability

Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability Continue Reading

By

• Alex Scroxton, Security Editor

CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com

In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies. Continue Reading

By

• Clare McDonald, Business Editor

Uber app exploit posed safety risk to passengers

A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading

By

• Alex Scroxton, Security Editor

Macy’s Magecart breach presages Christmas fraud spike

US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack Continue Reading

By

• Alex Scroxton, Security Editor

The Security Interviews: Applying AI to Lego, and security

Ann Johnson, Microsoft corporate vice-president of cyber security, is on a mission to prove that artificial intelligence holds great promise for the security sector, and she has the analogies to back it up. Continue Reading

Home Office Brexit app contains multiple security flaws

The Home Office’s Brexit app may be putting EU citizens’ personal data at risk Continue Reading

By

• Alex Scroxton, Security Editor

How APAC enterprises can keep pace with container security

For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. Continue Reading

CW APAC: Expert advice on container security

For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. In this handbook, Computer Weekly looks at the security challenges associated with container technology. Continue Reading

Nordic SMEs lack the money needed for cyber security

Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading

By

• Gerard O'Dwyer

Shared responsibility model key to solving 5G security problem

Both buyers and sellers need to cooperate to solve the thorny issues around 5G security Continue Reading

By

• Alex Scroxton, Security Editor

Global security workforce must more than double to meet demand

There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading

By

• Alex Scroxton, Security Editor

EU patches 20-year-old open source vulnerability

Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability Continue Reading

By

• Alex Scroxton, Security Editor

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

By

• Alex Scroxton, Security Editor

Sodinokibi emerging as a diverse, multi-vector threat to businesses

McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading

By

• Alex Scroxton, Security Editor

Huge rise in rogue banking apps driving fraud attacks

Fraud perpetrated through fake mobile apps purporting to be from legitimate banks has seen a statistically significant spike, says RSA Continue Reading

By

• Alex Scroxton, Security Editor

The Security Interviews: Applying AI to Lego, and security

Ann Johnson, Microsoft corporate vice-president of cyber security, is on a mission to prove that artificial intelligence holds great promise for the security sector, and she has the analogies to back it up Continue Reading

By

• Alex Scroxton, Security Editor

How APAC enterprises can keep pace with container security

For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities Continue Reading

By

• Aaron Tan, TechTarget

IBM, McAfee among founders of open source security alliance

A group of cyber security suppliers have come together to form the Open Cybersecurity Alliance Continue Reading

By

• Alex Scroxton, Security Editor

LogRhythm touts unlimited data plan for SIEM systems

SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading

By

• Aaron Tan, TechTarget

Overinvestment breeds overconfidence among security pros

CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading

By

• Alex Scroxton, Security Editor

Latest Lorca cyber security challenge has IoT focus

Government-backed cyber security innovation centre Lorca has issued new challenges around connectivity for its next intake of scaleups Continue Reading

By

• Alex Scroxton, Security Editor

Nordic countries deepen collaboration with Estonia-based cyber security operation

Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading

By

• Gerard O’Dwyer

Singapore’s SecureAge eyes US market

The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading

By

• Aaron Tan, TechTarget

Social media and enterprise apps pose big security risks

The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals Continue Reading

By

• Warwick Ashford, Security Editor

Dutch regulator reveals potential Microsoft privacy breach

Netherlands privacy watchdog has revealed potential breaches while testing Microsoft software changes Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

VMware’s latest acquisitions point to emerging platform war

VMware’s buyout of Carbon Black and Pivotal is a sign of an emerging platform war following the IBM-Red Hat deal Continue Reading

By

• Aaron Tan, TechTarget

Silence APT group eyes APAC banks

Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks Continue Reading

By

• Aaron Tan, TechTarget

Even fintech startups battling to meet cyber security challenges

A study shows that most fintech startups, like most banks, are failing to address vulnerabilities in the web and mobile applications, underlining the scale of the challenge Continue Reading

By

• Warwick Ashford, Senior analyst

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

By

• Clare McDonald, Business Editor

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

By

• Gerard O'Dwyer

How tech experts could earn millions as whistleblowers

In this week’s Computer Weekly, a tech expert is set to earn millions after successfully blowing the whistle on vulnerabilities in Cisco’s video surveillance software. Our latest buyer’s guide examines the issues around big data architecture. And we look at how the end of Windows 7 could spark a new era for desktop productivity. Read the issue now. Continue Reading

F-Secure warns of F5 Big IP-related security issue

F-Secure has discovered security issues relating to an F5 device that it says could potentially turn hundreds of thousands of load balancers into beachheads for cyber attacks Continue Reading

By

• Warwick Ashford, Senior analyst

NCC Group warns of security risks of leading printers

Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems Continue Reading

By

• Warwick Ashford, Senior analyst

AI will drive reskilling in problem solving, creativity and collaboration

A study from the Economist Intelligence Unit has found that executives do not believe that artificial intelligence will lead to job losses, but staff will need retraining Continue Reading

By

• Cliff Saran, Managing Editor

UK firms downloading vulnerable open source software

Vulnerable open source software components are posing a security threat to UK firms, according to a report that also shows how best practice, including automation, can reduce the risk Continue Reading

By

• Warwick Ashford, Senior analyst

Inside F5’s cyber security playbook

F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors Continue Reading

By

• Aaron Tan, TechTarget

Beware of security blind spots in encrypted traffic

The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption Continue Reading

By

• Aaron Tan, TechTarget

Vulnerability assessment done. Now what?

Vulnerability assessment establishes the current state of an organisation’s cyber security, but to meet industry best practices, companies should go beyond that to achieve continuous improvement Continue Reading

By

• Sam Bocetta

Security Think Tank: Proper segregation is more important than ever

What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Debugging bug bounty programmes

Bug bounty programmes have recently become a popular method of vulnerability management, but poor programme management can lead to development teams becoming overwhelmed and bugs being missed Continue Reading

By

• Peter Ray Allison

Microservices introduce hidden security complexity, analyst warns

Microservice architecture – an approach to application development in which applications are built as a suite of modular services – simplifies development but complicates security, says KuppingerCole Continue Reading

By

• Warwick Ashford, Senior analyst

BSA releases framework for secure software

Software industry advocacy group releases framework to facilitate flexible and comprehensive software security assessments Continue Reading

By

• Warwick Ashford, Senior analyst

Podcast: The Computer Weekly Downtime Upload – Episode 13

In this week’s episode of the Computer Weekly Downtime Upload podcast, the team are joined by security editor Warwick Ashford to talk about his time at the CyberUK conferences, as well as connected cars, education in the UK, and Brian McKenna’s trip to China Continue Reading

By

• Computer Weekly Staff

Nearly a quarter of tech firms do not security check products

Nearly a quarter of organisations polled do not run security checks on products, and nearly a third admitted to shipping products with known security vulnerabilities, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

How Palo Alto Networks fends off its cyber adversaries

Palo Alto Networks CIO Naveen Zutshi talks up the company’s approach in keeping threat actors at bay Continue Reading

By

• Aaron Tan, TechTarget

How IT leaders should work with marketing

In this week’s Computer Weekly, we hear expert advice on how IT and marketing chiefs can work together to deliver a high-quality customer experience. We examine how supercomputers are transforming science by processing large-scale data analytics. And we look at one of the key ethical aspects of artificial intelligence (AI) – how to explain the decisions an AI makes. Read the issue now. Continue Reading

The rise of DevSecOps

The increasing complexity of security threats is leading enterprises to DevSecOps approaches, so that all of the business is involved in security operations Continue Reading

A guide to choosing cloud-based security services

Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading

By

• Aaron Tan, TechTarget

Steps to improve an application environment and fix flaws

Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

How traffic scrubbing can guard against DDoS attacks

Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed Continue Reading

By

• Ai Lei Tao

How To Save IT From Drowning In Its Own Self-Containerised World (and other stories)

Anyone out there right now could be more than excused for thinking we're drowning in security start-ups; too many "me too" vendors trying to resolve the same perceived problems - niche or broad. ... Continue Reading

By

• Steve Broadhead, Broadband Testing

The rise of DevSecOps

The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading

By

• Finbarr Toesland

UK firms say £6.6bn annual security testing cost too high

Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading

By

• Warwick Ashford, Senior analyst

eIDAS and the EU’s mission to create a truly portable identity

It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes  Continue Reading

By

• Zac Cohen, Trulioo

Singapore Airlines’ software glitch exposed customer data

More than 280 members of the Krisflyer frequent flyer programme had their personal information compromised by a one-off software bug Continue Reading

By

• Aaron Tan, TechTarget

Security Think Tank: Pay attention to attribute-based system access permissions

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading

By

• Simon Persin, Turnkey Consulting

APAC cyber security landscape to be more tumultuous in 2019

Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading

By

• Aaron Tan, TechTarget

Raising security awareness through phishing simulation – how to get it right

Testing employees’ security practices by sending fake phishing emails has become commonplace, but few organisations are conducting such exercises effectively Continue Reading

By

• Ed Tucker, Human Firewall

Testing applications in production vs. non-production benefits

To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Take the pain out of software patching

In this week’s Computer Weekly, we look at one of the oldest pain points for IT departments – software patching – and ask how to make it less complex across the enterprise. We examine the rise of Kubernetes, the open source container orchestration system that’s gathering popularity for cloud-native applications. And we look at the issues around storage strategy to support a multicloud environment. Read the issue now. Continue Reading

Inside one of the world’s largest bug bounty programmes

Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug. Continue Reading

Security Think Tank: Top considerations to reduce application layer attacks

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Tim Holman, 2-sec

Security Think Tank: Gap, risk and business impact analysis key to application security

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Ramsés Gallego, Isaca

Security Think Tank: Three ways to safeguard against application layer vulnerabilities

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Bruce Beam , (ISC)²

DevSecOps not limited to coding, says analyst

DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Deploy multiple defence layers to protect data-rich applications

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: A three-pronged approach to application security

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Petra Wenham

Think Tank: Application layer attack mitigation needs to start with risk analysis

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: Defend application layer with good security hygiene

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Mike Gillespie

Security Think Tank: Counter application layer attacks with automation

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Paddy Francis

Security Think Tank: Focus on security before app deployment

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Richard Absalom, Information Security Forum

UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC

The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading

By

• Bill Goodwin, Computer Weekly