Web application security
-
News
16 Apr 2024
CW Innovation Awards: Balancing security and user experience
The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access Continue Reading
-
News
15 Apr 2024
More social engineering attacks on open source projects observed
In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks Continue Reading
-
News
04 Jun 2019
Beware of security blind spots in encrypted traffic
The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption Continue Reading
-
News
23 May 2019
Lapse in LinkedIn security certificate update
A lapse in the update of LinkedIn’s security certificate has once again underlined the importance of keeping track to avoid disruptions and phishing attacks, and how even big players are failing to get it right Continue Reading
-
News
01 Apr 2019
Black Hat Asia 2019: Get ready for the cyber arms race
The arms race is now squarely in the cyber realm as defence teams and threat actors arm themselves with AI tools Continue Reading
-
News
29 Mar 2019
Magento e-commerce sites urged to apply security update
Security experts are urging companies using the Magento e-commerce site to apply security updates without delay to avoid a disastrous hacking campaign Continue Reading
-
News
26 Mar 2019
Firms urged to gear up for new malware and tactics as threats proliferate
The volume of malware attacks reached a record level in 2018, with UK and India bucking global trend of increased ransomware attacks, a study shows Continue Reading
-
Blog Post
21 Mar 2019
Remainers accidentally DDoS the British government
With eight days until the UK's scheduled exit from the European Union, a prime minister who has lost control, a paralysed political system, and Britain reduced to a laughing stock on the world ... Continue Reading
-
News
18 Mar 2019
CyLon announces latest cyber security accelerator cohort
Swiss and Israeli cyber security startups join teams from the UK for CyLon’s ninth London accelerator cohort Continue Reading
-
News
01 Mar 2019
Facebook facing 10 GDPR investigations in Ireland
Ireland’s Data Protection Commission has revealed it has 10 active probes into Facebook, Instagram and WhatsApp, as well as Apple, LinkedIn and Twitter, on its books Continue Reading
-
Feature
01 Mar 2019
What are the CDN options for enterprises?
We look at how content delivery networks can give your organisation’s web presence a literal edge Continue Reading
-
News
22 Feb 2019
Facebook planned to spy on Android phone users, internal emails reveal
Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to ‘single’ people, confidential documents show Continue Reading
-
Blog Post
12 Feb 2019
Scoop! Symantec Acquisition Makes Sense Of Software Defined Perimeter Security...
OK - so that's probably not the perfect headline to be announced by anyone who whistles through their teeth... Been having some interesting conversations recently around the idea of zero trust ... Continue Reading
-
News
12 Feb 2019
Telegram bot gets users hooked
Popular social media service provides a rich set of features for cyber criminals, RSA warns Continue Reading
-
News
11 Feb 2019
Lauri Love takes legal action against NCA for return of seized computers
Lauri Love, a former engineering student who won a battle with the US Department of Justice against extradition to the US to face hacking charges, is suing the UK's intelligence agency, the NCA, for the return of his seized computers Continue Reading
-
Feature
08 Feb 2019
A guide to choosing cloud-based security services
Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading
-
News
30 Jan 2019
How traffic scrubbing can guard against DDoS attacks
Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed Continue Reading
-
Feature
15 Jan 2019
The rise of DevSecOps
The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading
-
News
10 Jan 2019
UK firms say £6.6bn annual security testing cost too high
Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading
-
Opinion
31 Dec 2018
Can we live without passwords?
Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading
-
News
23 Dec 2018
'Serious' Twitter flaw allows hackers to post on other people's accounts
A vulnerability in Twitter allows hackers to send tweets, private messages, post images or videos, and turn off security features, says British security researcher Continue Reading
-
News
18 Dec 2018
APAC cyber security landscape to be more tumultuous in 2019
Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading
-
Blog Post
13 Dec 2018
Shock Headline: IT Saves $$$$ (again)!
Two and a bit years ago – I should remember, it was on my birthday! – I was presenting a panel debate on the latest Cybersecurity deterrents. With four vendors and two consultants on the panel, it ... Continue Reading
-
News
11 Dec 2018
Mac malware makes debut in top 10 list
Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report Continue Reading
-
News
04 Dec 2018
‘Open-minded’ DVSA cuts cost of MOT testing
Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests Continue Reading
-
News
30 Nov 2018
Marriott data breach highlights basic failings
A breach of a guest reservation database of the Starwood division of the Marriott International hotel group highlights basic personal data protection failures Continue Reading
-
Blog Post
22 Nov 2018
Black Friday On My Mind
Ah – tomorrow – the dreaded Black Friday, yet another unwanted import from Trumpland. But, JASK – already previously subjected here to the blogging treatment – has some security advice to offer as ... Continue Reading
-
Tip
08 Nov 2018
Why entropy sources should be added to mobile application vetting
NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made. Continue Reading
-
News
06 Nov 2018
APAC firms warm up to SD-WAN to solve networking woes
A third of enterprises in the APAC region have already deployed SD-WAN at most of their sites, while 55% are in the process of doing so, a study shows Continue Reading
-
Tip
06 Nov 2018
How testing perspectives helps find application security flaws
Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver. Continue Reading
-
Opinion
31 Oct 2018
Think Tank: Application layer attack mitigation needs to start with risk analysis
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
26 Oct 2018
Security Think Tank: Focus on security before app deployment
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
11 Oct 2018
Optus to acquire Hivint in cyber security deal
The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading
-
Tip
04 Oct 2018
How is Android Accessibility Service affected by a banking Trojan?
ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service. Continue Reading
-
Opinion
02 Oct 2018
Everyone, everywhere is responsible for IIoT cyber security
Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading
-
News
12 Sep 2018
Two-thirds of emails not clean, says research
Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading
-
News
11 Sep 2018
British Airways data breach: Security researchers name suspects and query attack timeline
Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading
-
News
11 Sep 2018
Public cloud use surges among DDoS attackers, research shows
According to data accrued by DDoS mitigation firm, Link11, the number of attackers that rely on public cloud services soared during the 12 months to June 2018 Continue Reading
-
News
10 Sep 2018
Cyber criminals outspend businesses in cyber security battle
Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading
-
News
23 Aug 2018
Apache Struts users urged to update due to new security flaw
Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading
-
News
08 Aug 2018
Check Point warns of WhatsApp vulnerabilities
Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat Continue Reading
-
News
06 Aug 2018
Mobile banking Trojans reach all-time high
Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading
-
News
26 Jul 2018
Software development remains insecure
The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading
-
News
24 Jul 2018
Most firms have software security vulnerability
Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading
-
News
17 Jul 2018
A third of organisations do not have a security expert, survey shows
Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading
-
News
12 Jul 2018
Cyber attackers cashing in on ‘hidden’ attack surface
Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading
-
News
11 Jul 2018
White-hat hackers find record number of vulnerabilities
White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading
-
News
09 Jul 2018
Inside one of the world’s largest bug bounty programmes
Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading
-
News
29 Jun 2018
UK government cyber security standard welcomed
The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading
-
News
19 Jun 2018
Singapore remains hotbed for cyber threats
Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading
-
Tip
12 Jun 2018
Application security programs: Establishing reasonable requirements
Creating security program requirements can be a challenging task, especially with application security. In this tip, Kevin Beaver shares several ways to create an effective program. Continue Reading
-
Feature
05 Jun 2018
Application security more important than ever
Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading
-
News
21 May 2018
Pen testers find weaknesses in banks’ cyber security
Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading
-
News
17 May 2018
European cyber attacks up nearly a third in first quarter 2018
The volume of cyber attacks hitting digital transactions in Europe was up by almost a third in the first quarter of 2018 compared with same period a year ago, a report reveals Continue Reading
-
News
18 Apr 2018
APAC is becoming a hotspot for DDoS attacks
The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink Continue Reading
-
News
11 Apr 2018
Government to set up £13.5m cyber security centre
Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading
-
News
28 Mar 2018
Facebook announces more privacy control updates
Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading
-
News
26 Mar 2018
Dutch SMEs’ cyber security is insufficient
Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading
-
E-Zine
15 Mar 2018
CW ASEAN: Time to boost cyber defences
With a relatively young and tech-savvy population, ASEAN has been at the forefront of technology adoption. Yet, this has exposed its people and businesses to more cyber threats, including the massive data leak in Malaysia in 2017. In this month’s issue of CW ASEAN, we take a closer look at ASEAN’s patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats. Download the issue now. Continue Reading
-
News
09 Mar 2018
Cryptojacking cyber criminals up their game
Cyber criminals hijacking computing resources to mine for cryptocurrencies are raising their efforts to bypass enterprise security controls, researchers have found Continue Reading
-
News
08 Mar 2018
Mac malware more than doubled in 2017
Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading
-
News
16 Feb 2018
Tech industry signs cyber security charter
Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally Continue Reading
-
News
14 Feb 2018
Telegram zero-day exploit is a warning
The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading
-
E-Zine
13 Feb 2018
CW ANZ: Prepare for EU data law
Faced with the double whammy of complying with Australia’s upcoming data breach notification requirement and Europe’s new data protection regime, Australian firms are behind where they need to be in their compliance efforts. In this month’s edition of CW ANZ, find out how Australian organisations are getting ready for the GDPR, the challenges they are facing in meeting two new laws at the same time, as well as what they need to do to achieve their compliance goals. Read the issue now. Continue Reading
-
News
12 Feb 2018
FS-ISAC enables safer financial data sharing with API
The global financial industry's body for cyber and physical threat intelligence analysis and sharing has published an API to facilitate safer sharing of consumer financial information Continue Reading
-
News
12 Feb 2018
Criminals hijack government sites to mine cryptocurrency used to hide wealth
Europol says criminals are hiding billions in cryptocurrencies, as thousands of government and other websites have reportedly been used to hijack computers to mine more Continue Reading
-
News
12 Feb 2018
PyeongChang Winter Games hit by cyber attack
Although critical operations were not affected by the incident, event organisers at the PyeongChang Winter Olympics had to shut down servers and the official games website to prevent further damage Continue Reading
-
News
05 Feb 2018
Lauri Love plans to use ‘internet as a force for good’
Engineering student Lauri Love says he plans to help businesses fight cyber crime, after the court of appeal ruled that he can be tried in the UK for allegedly hacking US computer systems, rather than face extradition to the US Continue Reading
-
Opinion
05 Feb 2018
Safer Internet Day: Building online safety practices with young people
Many organisations around the UK are contributing to the important work on making the internet a safer place for everyone Continue Reading
-
News
05 Feb 2018
Researchers discover malicious Chrome extensions
Security researchers have discovered a new botnet delivered via malicious Chrome extensions designed to hijack computers to mine cryptocurrency and record victims’ every move Continue Reading
-
News
02 Feb 2018
ASEAN nations among worst hit by cryptocurrency-mining operation
Thailand, Vietnam and Indonesia recorded high download numbers for the XMRig software that was surreptitiously slipped into user devices to mine Monero Continue Reading
-
Opinion
01 Feb 2018
Security Think Tank: Automating basic security tasks
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
News
31 Jan 2018
Many businesses still using outdated security, says Troy Hunt
Too many businesses are using out-of-date approaches to security, a world-renowned cyber security author and trainer warns Continue Reading
-
News
31 Jan 2018
UK finance sector cyber security pros admit shocking practices
UK financial sector IT security teams face immense challenges that are undermining business opportunities and continuity in financial services, a survey reveals Continue Reading
-
News
23 Jan 2018
Facebook offers funding to secure the internet
Facebook has announced that it is offering funding for research into ways of improving internet security Continue Reading
-
News
22 Jan 2018
Taking complexity out of cyber security
The key to improving the cyber security posture of organisations is to keep complexity at bay, according to a senior Microsoft executive Continue Reading
-
News
11 Jan 2018
Mobile app flaws are a risk to industrial IT systems, says report
Cyber security vulnerabilities in mobile applications could be exploited to compromise industrial network infrastructure, a report warns Continue Reading
-
News
10 Jan 2018
UAE tech growth prompts firms to review internal IT security
As IT becomes more prominent in the UAE economy, more and more internal connections between people and systems are created, all of which need to be secured Continue Reading
-
News
09 Jan 2018
Cyber attacks in 2017 drive Nordic security efforts
The volume of cyber attacks last year has increased boardroom focus on security in the Nordic region Continue Reading
-
News
08 Jan 2018
Sweden steps up cyber defence measures
Sweden is tightening up its cyber security defences as part of a wider national security strategy Continue Reading
-
News
03 Jan 2018
Top IT priorities for Nordic CIOs in 2018
Nordic CIOs tell Computer Weekly about their intentions for the year ahead Continue Reading
-
News
20 Dec 2017
UK government blames North Korea for WannaCry cyber attack
The UK and US governments say a North Korean group was responsible for the ransomware attacks that hit the NHS and other organisations globally this year Continue Reading
-
News
04 Dec 2017
Barclays Bank stops offering Kaspersky software to new users
Bank is no longer offering customers Kaspersky anti-virus software after UK security agency issues warning Continue Reading
-
News
29 Nov 2017
Lauri Love would face ‘medieval’ conditions in US prison if extradited over hacking charges
Engineering student Lauri Love should be tried in the UK, court hears, as new evidence is presented on the “medieval” conditions in US jails for people with medical problems Continue Reading
-
Video
28 Nov 2017
Lauri Love: how reformed hackers halted the WannaCry virus
Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT. Continue Reading
-
Opinion
27 Nov 2017
My brother Lauri Love should have the right to a trial in the UK
Lauri Love should face trial over hacking allegations in a British Court, rather than be extradited to the US, where his extraordinary skills will be lost to society, says his younger sister Continue Reading
-
E-Zine
15 Nov 2017
CW ANZ: On cyber alert
Achieving any form of computer security is an uphill task, costing Australian companies time and money with no prospect of a reprieve any time soon. In this month’s CW ANZ, read about the state of cyber security in Australia, Telstra’s efforts to help enterprises improve their cyber security posture, and how Australian organisations can keep up with the demands of cyber security. Also, find out why unsanctioned cloud apps continue to be a major bugbear among security chiefs in Australia. Continue Reading
-
E-Zine
15 Nov 2017
CW ASEAN: How managed security services help to reduce cyber risk
The growing complexity and volume of cyber threats has led to rising demand for managed security services that provide the capabilities and technological know-how to combat cyber threats. In this month’s issue of CW ASEAN, read more about the pros and cons of using managed security services and considerations you should be aware of. Also, find out what organizations can do to put the odds in their favor when combating cyber threats. Continue Reading
-
News
17 Oct 2017
RSA’s Middle East cyber security conference gains its own identity
RSA Abu Dhabi conference focuses on region’s cyber security needs as digital technology deployments expand Continue Reading
-
News
05 Oct 2017
Singapore’s public sector finds agility and speed in AWS
City-state’s government has been able to meet peak demands and address security issues through a cloud-based web-hosting platform powered by Amazon Web Services Continue Reading
-
News
05 Sep 2017
People with non-IT backgrounds could help fill cyber security skills gap
Organisations should look to fill cyber security roles with people who are curious and have work experience rather than focusing solely on graduates Continue Reading
-
E-Zine
19 Jul 2017
CW ANZ: Cyber security plan bears fruit
Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. In this month’s CW ANZ, we take a look at the progress of Australia’s national cyber security blueprint and what else needs to be done to better protect Australia’s interests in the global cyber security landscape. Also, read about what the Australian government is doing to better guard public sector IT systems against cyber attacks. Continue Reading
-
E-Zine
19 Jul 2017
CW ASEAN: Stay alert to threats
With cyber threats intensifying in recent years, from the global outbreak of ransomware to intrusions of university networks to access government data, the role of threat intelligence in anticipating and mitigating threats has become more important than ever. In this month’s CW ASEAN, learn how organizations can make the most out of threat data feeds in an intelligence-driven security strategy. Also, find out how companies can navigate the ominous cyber threat landscape by investing in cyber security technology and processes. Continue Reading
-
News
14 Jul 2017
Australia to push ahead with decryption plans
The Australian government remains undaunted in requiring tech firms to provide access to encrypted communications in law enforcement efforts Continue Reading
-
News
27 Jun 2017
Another global ransomware attack underway as reports of Petya exploit spread
Latest cyber attack appears to be based on the same EternalBlue exploit used by the WannaCry ransomware that hit the NHS in May Continue Reading
-
News
14 Jun 2017
Microchips implanted in hands could be in use for payments in 20 years
UK consumers are becoming more accepting that biometric authentication will become the norm for payments Continue Reading
-
News
08 Jun 2017
Islamic State supporters shun Tails and Tor encryption for Telegram
Confidential communications show terror group’s supporters are turning to simple mobile phone messaging apps to exchange messages and distribute propaganda Continue Reading
-
E-Zine
23 May 2017
Global ransomware attack could be a security wake-up call
In this week’s Computer Weekly, we look at the global WannaCry ransomware attack that struck the NHS and spread across 150 countries – will it be the wake-up call that finally makes organisations take cyber security seriously? We find out how Moscow is leading the way in smart city digitisation. And our latest buyer’s guide examines customer experience management. Read the issue now. Continue Reading
-
News
04 May 2017
Testing is key to IoT security, says researcher
Building an effective testing process across all elements associated with a product is key to securing the internet of things, according to a researcher in the field Continue Reading
-
News
11 Apr 2017
Security as a service on the rise in the UAE
Organisations in the United Arab Emirates are increasingly turning to security services Continue Reading
-
News
06 Apr 2017
Interview: F-Secure’s Mikko Hyppönen on the Nordics, Russia and the internet of insecure things
Computer Weekly sat down with Finnish cyber security expert Mikko Hyppönen to talk about security in the Nordics, Russia and the trouble with connected devices Continue Reading
-
News
28 Mar 2017
Threats grow in Saudi Arabia’s cyber sector
Saudi Arabia's wealth makes it an attractive target for cyber criminals, but what have been the recent trends in cyber crime? Continue Reading