Web application security
-
News
11 Jun 2025
June Patch Tuesday brings a lighter load for defenders
Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention Continue Reading
-
News
06 Jun 2025
CISOs must translate cyber threats into business risk
To manage risk effectively and secure board-level buy-in, CISOs must stop talking about technology and start speaking the language of business, according to a senior Check Point executive Continue Reading
-
E-Zine
14 Nov 2019
CW APAC: Expert advice on container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. In this handbook, Computer Weekly looks at the security challenges associated with container technology. Continue Reading
-
News
13 Nov 2019
Attack on Labour shows need for DDoS defence but should alarm few
After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t Continue Reading
-
News
12 Nov 2019
Nordic SMEs lack the money needed for cyber security
Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading
-
News
12 Nov 2019
‘Robust’ security foils cyber attack on Labour Party
Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked Continue Reading
-
News
12 Nov 2019
Shared responsibility model key to solving 5G security problem
Both buyers and sellers need to cooperate to solve the thorny issues around 5G security Continue Reading
-
News
07 Nov 2019
Saudis recruited Twitter employees to spy on critics
Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents Continue Reading
-
News
06 Nov 2019
Global security workforce must more than double to meet demand
There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading
-
News
05 Nov 2019
Ransomware authors seeking new ways to avoid being spotted
Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls Continue Reading
-
News
04 Nov 2019
EU patches 20-year-old open source vulnerability
Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability Continue Reading
-
News
01 Nov 2019
Banks let customers down with mixed approaches to security
Treasury Committee report recommends new measures to tackle financial fraud Continue Reading
-
News
23 Oct 2019
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading
-
News
22 Oct 2019
NordVPN blames datacentre provider for server breach
VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue Continue Reading
-
News
22 Oct 2019
Attacker hit VPN firm Avast through its VPN
Avast has published details of how attackers attempted to gain access to its network over a five month period Continue Reading
-
News
22 Oct 2019
Over-30s tend to do better at cyber security than younger colleagues
Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading
-
News
21 Oct 2019
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading
-
News
08 Oct 2019
IBM, McAfee among founders of open source security alliance
A group of cyber security suppliers have come together to form the Open Cybersecurity Alliance Continue Reading
-
News
04 Oct 2019
UK and US call on Facebook to walk back encryption plans
The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp Continue Reading
-
News
03 Oct 2019
LogRhythm touts unlimited data plan for SIEM systems
SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading
-
News
26 Sep 2019
Attackers breached supplier systems to steal Airbus secrets
Airbus has been the subject of at least four major cyber attacks in the past 12 months, with contractors and suppliers targeted through their VPNs Continue Reading
-
News
26 Sep 2019
Overinvestment breeds overconfidence among security pros
CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading
-
News
24 Sep 2019
Google pushes back on scale of YouTube phishing threat
Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure Continue Reading
-
News
12 Sep 2019
UN agency Unicef praised for response to accidental data leak
The UN’s children’s agency has disclosed an inadvertent leak of personal data belonging to users of its online learning platform Agora Continue Reading
-
News
05 Sep 2019
Singapore’s SecureAge eyes US market
The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading
-
Feature
30 Aug 2019
How to mitigate IoT security risks to tap business benefits
Security concerns are preventing many businesses from adopting IoT-based technologies, but with a bit of planning, the business benefits can be realised by mitigating the risk Continue Reading
-
News
26 Aug 2019
VMware’s latest acquisitions point to emerging platform war
VMware’s buyout of Carbon Black and Pivotal is a sign of an emerging platform war following the IBM-Red Hat deal Continue Reading
-
News
23 Aug 2019
Kaspersky eyes enterprise business, opens APAC transparency hub
The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials Continue Reading
-
Blog Post
22 Aug 2019
Top four considerations when securing the multi-cloud environment
This is a guest post by Stephen Dane, managing director for cyber security at Cisco Asia-Pacific, Japan and Greater China We live in a multi-cloud world. A world where a multitude of offerings from ... Continue Reading
-
News
21 Aug 2019
Silence APT group eyes APAC banks
Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks Continue Reading
-
News
20 Aug 2019
Even fintech startups battling to meet cyber security challenges
A study shows that most fintech startups, like most banks, are failing to address vulnerabilities in the web and mobile applications, underlining the scale of the challenge Continue Reading
-
News
19 Aug 2019
How EDR is moving beyond the endpoint
An emerging breed of detection and response offerings is going beyond endpoints to collect and decipher telemetry data from across the enterprise Continue Reading
-
News
15 Aug 2019
Formjacking dominates web-related data breaches
Formjacking has become one of the most popular data stealing methods, say researchers, who urge commercial websites to review all third-party coding practices without delay Continue Reading
-
News
14 Aug 2019
DCMS funding aims to increase diversity in cyber sector
A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading
-
News
14 Aug 2019
Digital domain identified as major security threat by Norway’s intelligence service
Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading
-
News
14 Aug 2019
British Airways e-ticketing system could expose passenger details
British Airways has not addressed a potential leak of passenger details despite warnings from security researchers, but says it is aware of the issue and is taking action Continue Reading
-
News
13 Aug 2019
BACnet IoT building automation devices vulnerable to attack
A security researcher has revealed that internet-connected building automating devices using the BACnet communication protocol are vulnerable to cyber attack Continue Reading
-
News
09 Aug 2019
F-Secure warns of F5 Big IP-related security issue
F-Secure has discovered security issues relating to an F5 device that it says could potentially turn hundreds of thousands of load balancers into beachheads for cyber attacks Continue Reading
-
News
09 Aug 2019
NCC Group warns of security risks of leading printers
Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems Continue Reading
-
News
31 Jul 2019
Financial services top cyber attack target
Financial services are among the most attractive targets for cyber attackers, security researchers reveal, with phishing and credential stuffing among the top threats Continue Reading
-
News
24 Jul 2019
Global malware down but ransomware up, with UK hard hit
Despite a global decrease in the volume of malware in the past year, ransomware is surging once again, and the UK is one of the worst-hit countries, a report reveals Continue Reading
-
E-Zine
18 Jul 2019
CW ASEAN: Trend Watch – Security
Artificial intelligence tools are becoming a vital part of the security arsenal for organizations and cyber criminals alike. In this handbook, Computer Weekly looks at how ASEAN firms are using AI to combat cyber threats and experts discuss the latest smart cyber security tools. Continue Reading
-
E-Zine
18 Jul 2019
CW ANZ: Trend Watch – Security
With regulations pushing data protection up the business agenda, we look at how Australia’s Notifiable Data Breaches scheme has been received and consider why a survey that found Australian firms are experiencing fewer cyber breach incidents appears to conflict with anecdotal evidence that suggests the opposite. Continue Reading
-
Feature
11 Jul 2019
Securing your mobile estate – best practice for CIOs
The prevalence of mobile devices in every part of daily life is shaping how enterprises make choices about software and network infrastructure, but how do businesses go about securing these vast new endpoint estates? Continue Reading
-
Podcast
02 Jul 2019
Podcast: The Computer Weekly Downtime Upload – Episode 22
In this week’s episode of the Computer Weekly Downtime Upload podcast, Brian McKenna, Caroline Donnelly and Clare McDonald talk about digital transformation in the NHS, Sky’s efforts to get more women working in tech and how big businesses could be risking extinction by ignoring IT Continue Reading
-
News
25 Jun 2019
APT attack on telcos highlights need for comprehensive defence
A global cyber attack against multiple telecommunications firms underlines need for comprehensive approach to cyber defence, say researchers and industry commentators Continue Reading
-
News
17 Jun 2019
DevSecOps is key to uniting opposing forces
Unifying DevOps and security teams with the aid of automation will bring harmony and added business benefits, says systems engineer Continue Reading
-
News
17 Jun 2019
Inside F5’s cyber security playbook
F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors Continue Reading
-
E-Zine
14 Jun 2019
CW Europe: Why are Dutch companies slow to take advantage of the IoT?
Many organisations in the Netherlands are missing out on the benefits of the internet of things because they lack awareness of its potential. Also read why construction of Apple's first non-US datacentre has halted in Denmark, and why some scientists have raised questions about the effects of 5G mobile phone radiation on public health. Continue Reading
-
News
04 Jun 2019
Beware of security blind spots in encrypted traffic
The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption Continue Reading
-
News
23 May 2019
Lapse in LinkedIn security certificate update
A lapse in the update of LinkedIn’s security certificate has once again underlined the importance of keeping track to avoid disruptions and phishing attacks, and how even big players are failing to get it right Continue Reading
-
News
01 Apr 2019
Black Hat Asia 2019: Get ready for the cyber arms race
The arms race is now squarely in the cyber realm as defence teams and threat actors arm themselves with AI tools Continue Reading
-
News
29 Mar 2019
Magento e-commerce sites urged to apply security update
Security experts are urging companies using the Magento e-commerce site to apply security updates without delay to avoid a disastrous hacking campaign Continue Reading
-
News
26 Mar 2019
Firms urged to gear up for new malware and tactics as threats proliferate
The volume of malware attacks reached a record level in 2018, with UK and India bucking global trend of increased ransomware attacks, a study shows Continue Reading
-
Blog Post
21 Mar 2019
Remainers accidentally DDoS the British government
With eight days until the UK's scheduled exit from the European Union, a prime minister who has lost control, a paralysed political system, and Britain reduced to a laughing stock on the world ... Continue Reading
-
News
18 Mar 2019
CyLon announces latest cyber security accelerator cohort
Swiss and Israeli cyber security startups join teams from the UK for CyLon’s ninth London accelerator cohort Continue Reading
-
News
01 Mar 2019
Facebook facing 10 GDPR investigations in Ireland
Ireland’s Data Protection Commission has revealed it has 10 active probes into Facebook, Instagram and WhatsApp, as well as Apple, LinkedIn and Twitter, on its books Continue Reading
-
Feature
01 Mar 2019
What are the CDN options for enterprises?
We look at how content delivery networks can give your organisation’s web presence a literal edge Continue Reading
-
News
22 Feb 2019
Facebook planned to spy on Android phone users, internal emails reveal
Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to ‘single’ people, confidential documents show Continue Reading
-
Blog Post
12 Feb 2019
Scoop! Symantec Acquisition Makes Sense Of Software Defined Perimeter Security...
OK - so that's probably not the perfect headline to be announced by anyone who whistles through their teeth... Been having some interesting conversations recently around the idea of zero trust ... Continue Reading
-
News
12 Feb 2019
Telegram bot gets users hooked
Popular social media service provides a rich set of features for cyber criminals, RSA warns Continue Reading
-
News
11 Feb 2019
Lauri Love takes legal action against NCA for return of seized computers
Lauri Love, a former engineering student who won a battle with the US Department of Justice against extradition to the US to face hacking charges, is suing the UK's intelligence agency, the NCA, for the return of his seized computers Continue Reading
-
Feature
08 Feb 2019
A guide to choosing cloud-based security services
Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading
-
News
30 Jan 2019
How traffic scrubbing can guard against DDoS attacks
Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed Continue Reading
-
Feature
15 Jan 2019
The rise of DevSecOps
The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading
-
News
10 Jan 2019
UK firms say £6.6bn annual security testing cost too high
Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading
-
Opinion
31 Dec 2018
Can we live without passwords?
Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading
-
News
23 Dec 2018
'Serious' Twitter flaw allows hackers to post on other people's accounts
A vulnerability in Twitter allows hackers to send tweets, private messages, post images or videos, and turn off security features, says British security researcher Continue Reading
-
News
18 Dec 2018
APAC cyber security landscape to be more tumultuous in 2019
Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading
-
Blog Post
13 Dec 2018
Shock Headline: IT Saves $$$$ (again)!
Two and a bit years ago – I should remember, it was on my birthday! – I was presenting a panel debate on the latest Cybersecurity deterrents. With four vendors and two consultants on the panel, it ... Continue Reading
-
News
11 Dec 2018
Mac malware makes debut in top 10 list
Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report Continue Reading
-
News
04 Dec 2018
‘Open-minded’ DVSA cuts cost of MOT testing
Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests Continue Reading
-
News
30 Nov 2018
Marriott data breach highlights basic failings
A breach of a guest reservation database of the Starwood division of the Marriott International hotel group highlights basic personal data protection failures Continue Reading
-
Blog Post
22 Nov 2018
Black Friday On My Mind
Ah – tomorrow – the dreaded Black Friday, yet another unwanted import from Trumpland. But, JASK – already previously subjected here to the blogging treatment – has some security advice to offer as ... Continue Reading
-
Tip
08 Nov 2018
Why entropy sources should be added to mobile application vetting
NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made. Continue Reading
-
News
06 Nov 2018
APAC firms warm up to SD-WAN to solve networking woes
A third of enterprises in the APAC region have already deployed SD-WAN at most of their sites, while 55% are in the process of doing so, a study shows Continue Reading
-
Tip
06 Nov 2018
How testing perspectives helps find application security flaws
Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver. Continue Reading
-
Opinion
31 Oct 2018
Think Tank: Application layer attack mitigation needs to start with risk analysis
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Opinion
26 Oct 2018
Security Think Tank: Focus on security before app deployment
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
News
11 Oct 2018
Optus to acquire Hivint in cyber security deal
The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading
-
Tip
04 Oct 2018
How is Android Accessibility Service affected by a banking Trojan?
ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service. Continue Reading
-
Opinion
02 Oct 2018
Everyone, everywhere is responsible for IIoT cyber security
Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading
-
News
12 Sep 2018
Two-thirds of emails not clean, says research
Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading
-
News
11 Sep 2018
British Airways data breach: Security researchers name suspects and query attack timeline
Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading
-
News
11 Sep 2018
Public cloud use surges among DDoS attackers, research shows
According to data accrued by DDoS mitigation firm, Link11, the number of attackers that rely on public cloud services soared during the 12 months to June 2018 Continue Reading
-
News
10 Sep 2018
Cyber criminals outspend businesses in cyber security battle
Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading
-
News
23 Aug 2018
Apache Struts users urged to update due to new security flaw
Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading
-
News
08 Aug 2018
Check Point warns of WhatsApp vulnerabilities
Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat Continue Reading
-
News
06 Aug 2018
Mobile banking Trojans reach all-time high
Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading
-
News
26 Jul 2018
Software development remains insecure
The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading
-
News
24 Jul 2018
Most firms have software security vulnerability
Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading
-
News
17 Jul 2018
A third of organisations do not have a security expert, survey shows
Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading
-
News
12 Jul 2018
Cyber attackers cashing in on ‘hidden’ attack surface
Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading
-
News
11 Jul 2018
White-hat hackers find record number of vulnerabilities
White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading
-
News
09 Jul 2018
Inside one of the world’s largest bug bounty programmes
Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading
-
News
29 Jun 2018
UK government cyber security standard welcomed
The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading
-
News
19 Jun 2018
Singapore remains hotbed for cyber threats
Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading
-
Feature
05 Jun 2018
Application security more important than ever
Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading
-
News
21 May 2018
Pen testers find weaknesses in banks’ cyber security
Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading
-
News
17 May 2018
European cyber attacks up nearly a third in first quarter 2018
The volume of cyber attacks hitting digital transactions in Europe was up by almost a third in the first quarter of 2018 compared with same period a year ago, a report reveals Continue Reading
-
News
18 Apr 2018
APAC is becoming a hotspot for DDoS attacks
The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink Continue Reading
-
News
11 Apr 2018
Government to set up £13.5m cyber security centre
Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading