Web application security
-
News
16 Apr 2024
CW Innovation Awards: Balancing security and user experience
The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access Continue Reading
-
News
15 Apr 2024
More social engineering attacks on open source projects observed
In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks Continue Reading
-
Opinion
05 Oct 2021
ICO cookie consent: How will the plan affect businesses?
A data privacy and compliance expert considers what the ICO’s proposals for an overhaul of cookie consent procedures could mean for businesses Continue Reading
-
News
01 Oct 2021
Amnesty International exploited in malware campaign
According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app Continue Reading
-
News
23 Sep 2021
MoD in second leak of Afghan citizens’ data
A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence Continue Reading
-
News
23 Sep 2021
Threat actors target VMware vCenter Server users
Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste Continue Reading
-
News
16 Sep 2021
Dutch education administrators underestimate threat of cyber crime
Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks Continue Reading
-
News
15 Sep 2021
Microsoft patches 66 vulnerabilities in September update
Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga Continue Reading
-
News
15 Sep 2021
Australia and Singapore have higher incidences of insecure databases
Five-year longitudinal study by Imperva shows the proportion of databases with at least one known vulnerability in Australia and Singapore are among the world’s highest Continue Reading
-
News
14 Sep 2021
Mass health tracker data breach has UK impact
The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK Continue Reading
-
News
09 Sep 2021
Latest Microsoft zero-day being actively exploited
New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks Continue Reading
-
Blog Post
08 Sep 2021
Marriages Are Back On The Agenda – Even In IT
Ah – the return of “normality” in the UK – i.e., people are still getting ill but the government admits it doesn’t care any longer, other than by increasing taxes… But enough of the ... Continue Reading
-
News
01 Sep 2021
Experts warn on Office 365 phishing attacks
Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques Continue Reading
-
Opinion
27 Aug 2021
How the cyber security market is evolving
The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
-
News
24 Aug 2021
13 million malware attacks on Linux seen in wild
Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services Continue Reading
-
News
24 Aug 2021
Half of MS Exchange servers at risk in ProxyShell debacle
Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited Continue Reading
-
News
19 Aug 2021
Pub apps harvesting swathes of customer data unnecessarily
Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners Continue Reading
-
News
18 Aug 2021
MoD seeks security tech to harden military systems
The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks Continue Reading
-
News
18 Aug 2021
Global VPN downloads soar in first half of 2021
Song remains the same with VPNs as repressive regimes’ continued regulatory demands and remote working see virtual private network usage rocket over the first six months of the year Continue Reading
-
News
17 Aug 2021
Security Think Tank: Building privacy-preserving apps and platforms
ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading
-
Feature
16 Aug 2021
When is SIEM the right choice over SOAR?
Better instrumentation leads to better IT security but monitoring can quickly overload IT teams. Automation can help, but it may not always be needed Continue Reading
-
News
13 Aug 2021
Cyber Runway programme supports new security businesses
The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading
-
Blog Post
13 Aug 2021
The DDoS Battle
In the many years I’ve been testing and analysing the security side of IT, one evident point is that the classic forms of attack: identifying common vulnerabilities and Distributed Denial of ... Continue Reading
-
News
11 Aug 2021
The Netherlands still lacks digital resilience, says report
Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient Continue Reading
-
News
10 Aug 2021
How Grab is using Kafka in fraud detection
Grab is using Apache Kafka in its fraud detection and prevention platform to ingest event streams from its mobile software development kits and client backends to pick up fraudulent activities Continue Reading
-
News
04 Aug 2021
Initial access brokers unaffected by ransomware content bans
Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021 Continue Reading
-
News
27 Jul 2021
US lawmakers call for probe into ‘arrogant’ spyware firm
US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal Continue Reading
-
News
27 Jul 2021
TikTok sets up cyber security hub in Dublin
Dublin-based cyber centre will oversee the security of TikTok’s users across Europe Continue Reading
-
News
26 Jul 2021
Malicious actors turn to obscure programming languages
Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences Continue Reading
-
Opinion
26 Jul 2021
Government-led innovation can help cyber startups find a market
There are many reasons why early-stage cyber startups often struggle to get off the ground, but government-backed programmes can help them find a path Continue Reading
-
Feature
21 Jul 2021
Five ways to ensure remote working security and compliance
A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading
-
E-Zine
20 Jul 2021
Ripe for change – mixing digital innovation with traditional winemaking
In this week’s Computer Weekly, we find out how global winemaker Concha y Toro uses the latest tech to enhance 150-year old traditional processes. Pharma giant GSK explains how an API strategy is changing its business model. And we talk to retailers using video technology to bridge the gap between in-store and online selling. Read the issue now. Continue Reading
-
News
19 Jul 2021
Pegasus mobile RAT abused to monitor journalists and activists
Israel-based surveillance specialist NSO Group is facing renewed pressure after it emerged its Pegasus mobile surveillance tool may be being widely abused by repressive regimes Continue Reading
-
Feature
19 Jul 2021
Tips to minimise vulnerabilities in web and mobile apps
Agile software development can sometimes be at odds with secure by design principles. We look at how organisations are balancing security with coding Continue Reading
-
News
14 Jul 2021
Multiple Microsoft bugs being actively exploited
Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited Continue Reading
-
Opinion
14 Jul 2021
Can a web app ever be truly secure?
Despite the wealth of vulnerability detection tools and practices, there remains a vast array of web application security breaches Continue Reading
-
E-Zine
13 Jul 2021
Driving intelligence – behind the scenes of Volkswagen’s in-car software
In this week’s Computer Weekly, we go behind the scenes of Volkswagen’s in-car software R&D centre. The UK’s largest supercomputer has gone live in Cambridge – we find out how it will transform healthcare research. And we talk to DWP’s digital chief about the restructuring of its IT capabilities. Read the issue now. Continue Reading
-
News
12 Jul 2021
Kaseya VSA services coming online after week-long outage
Kaseya has successfully deployed a patch to its ransomware-hit VSA product as per a revised schedule, and customers are beginning to come back online Continue Reading
-
Feature
12 Jul 2021
How software developers can create mobile apps securely and quickly
The mobile app market is booming, but to achieve success, organisations must develop mobile apps securely and rapidly Continue Reading
-
Opinion
08 Jul 2021
Why identity is the central problem for the future of the internet
As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day? Continue Reading
-
News
08 Jul 2021
PrintNightmare haunts Microsoft as patch may miss mark
Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading
-
News
07 Jul 2021
ICO to probe Hancock over private email use
Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business Continue Reading
-
News
07 Jul 2021
Opportunists seen targeting Kaseya REvil victims
Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident Continue Reading
-
Opinion
07 Jul 2021
Security Think Tank: As offices reopen, address patching and ‘build drift’
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
06 Jul 2021
About 60 Kaseya customers hit by REvil
Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend Continue Reading
-
News
02 Jul 2021
Should I be worried about PrintNightmare?
The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading
-
News
02 Jul 2021
Cyber attackers up the ante on embattled IT teams
Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading
-
Blog Post
01 Jul 2021
Do video games breed hackers?
The aim on Monday is to explore how the online wild west of gaming seemingly escalates young gamers from downloading simple cheat codes to launching full-scale DDoS attacks and even being involved ... Continue Reading
-
News
01 Jul 2021
Cyber espionage campaign targeted central Asian states
The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT Continue Reading
-
News
01 Jul 2021
Nominations open for 2021 Security Serious Unsung Heroes Awards
Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators Continue Reading
-
News
30 Jun 2021
LinkedIn denies exposure of 700 million user records is a data breach
Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach Continue Reading
-
News
30 Jun 2021
Cops seize criminal VPN used by ransomware gangs
A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity Continue Reading
-
News
29 Jun 2021
Video game industry under relentless cyber attacks
Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns Continue Reading
-
News
28 Jun 2021
Lazada rolls out public bug bounty programme
Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty Continue Reading
-
News
25 Jun 2021
AWS launches bug-busting programme for developers
Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console Continue Reading
-
News
18 Jun 2021
NHS App reaches six million users, thanks to Covid vaccine feature
More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status Continue Reading
-
News
18 Jun 2021
Lorca Ignite programme targets breakout cyber talent
Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme Continue Reading
-
News
09 Jun 2021
Microsoft fixes seven zero-days on its Patch Tuesday rounds
Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update Continue Reading
-
Feature
08 Jun 2021
The rise and rise of supply chain attacks
Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading
-
News
07 Jun 2021
Siloscape malware a risk to Windows containers, Kubernetes
Palo Alto’s Unit 42 reports on what appears to be the first-recorded malware targeting Kubernetes clusters through Windows containers Continue Reading
-
News
07 Jun 2021
DNS attacks on the rise in APAC
Attacks on the domain name system in Asia-Pacific grew by 15% last year, with Malaysian organisations seeing the sharpest rise in damages among countries in the region Continue Reading
-
News
03 Jun 2021
Norway’s auditor general lifts lid on energy industry’s cyber security risks
Auditor General’s Office questions the security posture of Norway’s energy industry Continue Reading
-
News
03 Jun 2021
Pandemic a ‘once-in-a-lifetime’ chance to reshape security
The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up Continue Reading
-
Feature
02 Jun 2021
Buying a VPN? Here’s what you need to know
VPNs are an effective cyber security tool for businesses and remote workers, but there are many things to consider before purchasing and implementing one. We explore some of these Continue Reading
-
News
26 May 2021
More data stolen in January 2021 than in all of 2017, says report
The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva Continue Reading
-
News
25 May 2021
Legacy vulnerabilities may be biggest enterprise cyber risk
While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats Continue Reading
-
News
24 May 2021
Dutch researchers build security software to mimic human immune system
Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading
-
News
24 May 2021
Why the security stack needs to move to the edge
Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge Continue Reading
-
News
21 May 2021
Lack of developer attention to cloud security prompts alerts
The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations Continue Reading
-
News
20 May 2021
Malicious scans for at-risk systems start minutes after disclosure
Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes Continue Reading
-
News
14 May 2021
Okta and Auth0 to expand APAC coverage
Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic Continue Reading
-
News
13 May 2021
Publishing exploit code does more harm than good, says report
Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading
-
News
13 May 2021
Refuge launches tech safety site for domestic abuse victims
Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse Continue Reading
-
News
12 May 2021
UK to fund national cyber teams in Global South
Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity Continue Reading
-
News
11 May 2021
Collaboration key to success of UK’s Cyber Security Council
The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading
-
News
10 May 2021
NCSC Active Cyber Defence blocks surge of pandemic scams
The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic Continue Reading
-
Blog Post
07 May 2021
One size does not fit all - current cyber security practice as revealed by the DCMS Breaches Survey
The report is an excellent snapshot but it also illustrates why most business leaders (large or small) find it so hard to take cyber security seriously until it is put into the context of their own ... Continue Reading
-
News
07 May 2021
Reddit enlists HackerOne to run public bug bounty programme
Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading
-
News
30 Apr 2021
EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful
Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat Continue Reading
-
News
28 Apr 2021
Recruiters can’t afford to hold out for cyber ‘unicorns’
The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading
-
Feature
27 Apr 2021
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Opinion
27 Apr 2021
Why we need to reset the debate on end-to-end encryption to protect children
Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent Continue Reading
-
News
27 Apr 2021
Apple OS updates patch multiple security holes
The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible Continue Reading
-
News
27 Apr 2021
The Security Interviews: Making sense of outbound email security
Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this Continue Reading
-
E-Zine
27 Apr 2021
Justice at last in Post Office IT scandal
In this week’s Computer Weekly, 12 years after we broke the story, victims of the Post Office IT scandal finally have their criminal convictions overturned. We take a virtual tour of a Microsoft datacentre and meet a server called ‘Mega-Godzilla Beast’. And we find out how technology is transforming Nationwide Building Society. Read the issue now. Continue Reading
-
News
22 Apr 2021
ToxicEye malware exploits Telegram messaging service
The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye Continue Reading
-
Opinion
22 Apr 2021
Security Think Tank: Security culture must underpin vaccine passports
What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
News
20 Apr 2021
Health app myGP adds Covid-19 vaccine passport function
The new feature is described as the UK’s first NHS-assured Covid-19 certification feature Continue Reading
-
News
20 Apr 2021
Codecov supply chain attack has echoes of SolarWinds
Supply chain attack on code auditing service may have compromised the likes of HPE and IBM Continue Reading
-
E-Zine
20 Apr 2021
Shop and go – will Amazon’s cashless ‘just walk out’ store work?
In this week’s Computer Weekly, Amazon has opened its first ‘just walk out’ grocery store in the UK, but is it the right time to hit the high street? We examine the human and technical issues around email security. And we analyse Microsoft’s $19bn purchase of voice recognition supplier Nuance. Read the issue now. Continue Reading
-
News
20 Apr 2021
Singapore’s ViewQwest debuts security service
ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats Continue Reading
-
News
16 Apr 2021
Finnish government strengthens country’s IT network security
Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading
-
News
15 Apr 2021
Microsoft is most impersonated brand in phishing attempts
Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts Continue Reading
-
News
14 Apr 2021
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency Continue Reading
-
Opinion
14 Apr 2021
Security Think Tank: Vaccine passports must be secure by design
What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
News
13 Apr 2021
MP told to ditch official email over hacking fears
MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked Continue Reading
-
News
09 Apr 2021
Egypt, Italy and US most affected in Facebook leak
Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading
-
News
09 Apr 2021
NCSC: Using your pet’s name as a password is very stupid
If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading
-
News
07 Apr 2021
Facebook ducks calls to apologise over huge data leak
Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading
-
News
31 Mar 2021
Cyber Security Council to champion UK security pros
A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading
-
News
26 Mar 2021
Remote working burn-out a factor in security risk
After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected Continue Reading