Web application security
-
News
15 May 2025
NHS asks suppliers to sign up to cyber covenant
NHS digital and security leaders call on their suppliers to commit to a cyber security charter as the health service works to improve its resilience in the face of growing threat levels Continue Reading
-
Feature
15 May 2025
Is IPSIE the game changer that SaaS security demands?
It started with an announcement in October 2024, and now it seems the vision of secure identity in the enterprise is becoming a reality. We look at the prospects for IPSIE Continue Reading
-
Feature
27 Nov 2020
This Christmas, Covid-19 heightens retail security risks for everyone
Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works Continue Reading
-
News
24 Nov 2020
Nominet introduces new resources for cyber scam victims
Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams Continue Reading
-
News
23 Nov 2020
NCSC issues retail security alert ahead of Black Friday sales
National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season Continue Reading
-
E-Zine
19 Nov 2020
CW APAC: Expert advice on zero-trust security
Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading
-
News
16 Nov 2020
Human error blamed in Welsh Covid-19 patient data leak
Public Health Wales accepts recommendations of independent probe into data breach that saw PII on 18,105 coronavirus patients leaked Continue Reading
-
Feature
12 Nov 2020
DDoS mitigation strategies needed to maintain availability during pandemic
The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions of the risks and best practice for mitigation Continue Reading
-
News
11 Nov 2020
Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates
November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of Continue Reading
-
News
10 Nov 2020
Zoom rapped over historic security practices
The US Federal Trade Commission rules that Zoom’s practices undermined the security of its users Continue Reading
-
News
10 Nov 2020
IT Priorities 2020: After Covid-19, security goes back to basics
This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals Continue Reading
-
News
09 Nov 2020
EU moves closer to encryption ban after Austria, France attacks
Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week Continue Reading
-
News
06 Nov 2020
ICO sued over ‘failure’ to address ad industry practices
Privacy campaigner the Open Rights Group claims the advertising technology industry is systematically breaching the GDPR, and the ICO is doing nothing about it Continue Reading
-
News
05 Nov 2020
Microsoft to support next generation of security startups
Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups Continue Reading
-
News
28 Oct 2020
Trump supporters targeted by cryptocurrency scammers
The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime Continue Reading
-
News
28 Oct 2020
Barracuda eyes Indochina markets
Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos Continue Reading
-
News
22 Oct 2020
Protecting remote workers an opportunity to do security better
Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading
-
News
21 Oct 2020
NSA’s top CVE list a timely reminder to patch
Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading
-
News
21 Oct 2020
Trump and Biden campaign apps easy targets for cyber criminals
You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it Continue Reading
-
News
21 Oct 2020
Customer loyalty accounts in danger from cyber criminals
Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy Continue Reading
-
News
20 Oct 2020
Police given access to self-isolation data
NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules Continue Reading
-
News
14 Oct 2020
Microsoft fixes 87 bugs in October 2020 Patch Tuesday
Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019 Continue Reading
-
News
13 Oct 2020
Suppliers neglecting virtual appliance security, putting users at risk
Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report Continue Reading
-
News
12 Oct 2020
Five Eyes spy group again demands access to private messages
Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading
-
News
12 Oct 2020
Cyber security skills ad branded ‘crass’ by minister
Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading
-
News
09 Oct 2020
Magecart strikes website of school payments service Wisepay
Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period Continue Reading
-
News
08 Oct 2020
NCSC relaunches SME security guide with home working focus
The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading
-
News
05 Oct 2020
Fake news tops list of online concerns worldwide
Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation Continue Reading
-
Blog Post
02 Oct 2020
Picking Your Way Through The SASE Minefield
After the best part of two decades of gradual change in the world of the networking infrastructure, WiFi and mobile notwithstanding, the past few years have seen more upheaval than at any time ... Continue Reading
-
News
02 Oct 2020
Find and fix your Adobe Flash dependencies, says NCSC
As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies Continue Reading
-
News
30 Sep 2020
GitHub makes code vulnerability scanning feature public
Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage Continue Reading
-
News
29 Sep 2020
NCSC expands schools programme to north-east England and Northern Ireland
Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading
-
News
29 Sep 2020
NatWest offers online banking customers free security services
Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading
-
News
29 Sep 2020
Remote working world reveals cloud/SaaS security concerns
Research reveals pivotal moment when the cloud is playing a more important role than ever to support mass remote working, with CISO concerns over cloud security remaining stubbornly high Continue Reading
-
News
28 Sep 2020
TikTok ban stayed after last-minute court case
TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading
-
News
28 Sep 2020
Security now main driving force behind digital transformation
Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading
-
Opinion
25 Sep 2020
Covid-19 has changed how we think about cyber security forever
Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading
-
News
24 Sep 2020
Third-party code bug left Instagram users at risk of account takeover
A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading
-
News
24 Sep 2020
Government blasted over ‘reckless’ contact-tracing security
The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading
-
News
24 Sep 2020
Race to patch as Microsoft confirms Zerologon attacks in the wild
Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading
-
News
23 Sep 2020
Video gamers barraged with cyber attacks
From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading
-
News
22 Sep 2020
Scam mobile apps spreading via rogue TikTok accounts
Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading
-
News
21 Sep 2020
Big questions to be answered over TikTok and WeChat reprieve
TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading
-
Blog Post
21 Sep 2020
SASE Is Not Just A Sassy Fashion – It’s Here To Stay So Convert That Attic Now
Earlier in the year, in this space I talked about SASE – Secure Access Service Edge – pronounced “sassy” as being one of the most relevant new Gartner definitions to explore and understand. And I ... Continue Reading
-
News
18 Sep 2020
Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump
Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump Continue Reading
-
News
18 Sep 2020
US government deplatforms TikTok and WeChat
The Commerce Department of the US government has banned new downloads of TikTok and WeChat in the US, and announced new prohibitions on doing business with them Continue Reading
-
News
18 Sep 2020
Rampant Kitten spent six years hacking Iranian dissidents
Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists Continue Reading
-
News
17 Sep 2020
Saudi Arabia sees cyber security boom as coronavirus bites
Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading
-
News
17 Sep 2020
Assange revelations among most important in US history, says Daniel Ellsberg
Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes Continue Reading
-
News
16 Sep 2020
Retailers urged to get to grips with Magento as attacks spike
A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento Continue Reading
-
News
16 Sep 2020
Lorca security scaleups to get Splunk data expertise
Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading
-
News
15 Sep 2020
Risky development practice leaves company access keys exposed
Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading
-
News
15 Sep 2020
TikTok-Oracle partnership moves forward for consideration
Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China Continue Reading
-
News
15 Sep 2020
Data of every Welsh Covid-19 patient leaked online
Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading
-
News
14 Sep 2020
Microsoft drops out of TikTok talks, paves way for Oracle partnership
Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle Continue Reading
-
News
11 Sep 2020
Travel industry websites are laughably insecure, claims Which?
The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading
-
News
10 Sep 2020
Lorca security scaleups hit funding milestone
£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target Continue Reading
-
News
10 Sep 2020
Government launches £500k healthcare security plan
A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic Continue Reading
-
News
10 Sep 2020
Assange prosecution would put journalists around the world at risk
Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes WikiLeaks founder Julian Assange, every reporter who receives a secret document will be criminalised Continue Reading
-
News
09 Sep 2020
September’s Patch Tuesday heavy on RCE vulnerabilities
Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues Continue Reading
-
News
06 Sep 2020
Why predictive threat intelligence is key
Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading
-
News
02 Sep 2020
Northumbria University suffers major disruption after cyber attack
Some exams cancelled as university appoints external specialists to investigate incident Continue Reading
-
News
28 Aug 2020
Machine learning wards off threats at TV studio Bunim Murray
TV studio behind reality hits including The Real World and Keeping Up With The Kardashians turned to Darktrace’s Antigena email protection service to keep its people safe from Covid-19 threats Continue Reading
-
News
28 Aug 2020
Benefit fraud: Underground trade in stolen identities revealed
A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading
-
News
27 Aug 2020
TikTok CEO clocks off
TikTok CEO Kevin Mayer has resigned from the firm after just three months Continue Reading
-
News
25 Aug 2020
TikTok takes Trump to court
Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US Continue Reading
-
E-Zine
25 Aug 2020
When algorithms don’t play fair
In this week’s Computer Weekly, we report on the auditing of algorithms to countervail bias. We examine what CISOs can learn from Covid-19. And in our buyer’s guide to modern software development, we assess how competent artificial intelligence is at building applications that deliver the best possible customer experience. Read the issue now. Continue Reading
-
News
21 Aug 2020
TikTok’s GDPR compliance probed amid accusations of data misuse
Dutch privacy organisation SOMI claims TikTok falls short in protecting young users, and that it is likely violating GDPR Continue Reading
-
News
20 Aug 2020
Social media data leak highlights murky world of data scraping
A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading
-
News
18 Aug 2020
Reports Oracle to enter TikTok bidding war
Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT Continue Reading
-
News
14 Aug 2020
Oracle and Salesforce sued over online ad tracking
Class action lawsuits filed in Amsterdam and London will accuse Oracle and Salesforce of breaching GDPR in their processing and sharing of personal data to sell online advertising Continue Reading
-
News
12 Aug 2020
Microsoft patches two zero-days with active exploits
Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals Continue Reading
-
News
12 Aug 2020
Security training body Sans Institute hit by data breach
Around 28,000 items of personally identifiable data were lost in a phishing attack on Sans, proving that even the professionals can be caught out Continue Reading
-
News
11 Aug 2020
Citrix users urged to patch five XenMobile CVEs
Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible Continue Reading
-
News
11 Aug 2020
French data protection authorities to probe TikTok as suitors circle
France’s CNIL has confirmed a new investigation into TikTok’s data protection practices Continue Reading
-
News
11 Aug 2020
Hospitality sector is failing on contact-tracing obligations
Cyber security experts urge the government to do more to help small hospitality businesses improve their contact-tracing data-handling practices Continue Reading
-
News
10 Aug 2020
Retailer Monsoon allegedly exposing data via Pulse Connect server
A researcher has found a critically insecure Pulse Connect Secure VPN version belonging to UK retailer Monsoon Accessorize, but claims the firm is ignoring his disclosures Continue Reading
-
News
07 Aug 2020
Virgin Media customers targeted in Twitter phish
Customers seeking help from the ISP are being targeted by a scam Twitter account Continue Reading
-
News
07 Aug 2020
TikTok to be banned in US in 45 days
Trump says his Executive Orders against Chinese mobile apps are in the interests of dealing with a national emergency Continue Reading
-
Opinion
07 Aug 2020
Don’t believe the hype: AI is no silver bullet
We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check Continue Reading
-
News
04 Aug 2020
New foundation to bolster security of open source software
The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading
-
News
03 Aug 2020
Microsoft offers way out of TikTok impasse
Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US Continue Reading
-
News
31 Jul 2020
Labour Party is latest victim of Blackbaud ransomware attack
Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading
-
News
29 Jul 2020
Majority of organisations at risk of cloud data exposure
Report casts doubt on the effectiveness of the shared responsibility model of cloud security Continue Reading
-
News
29 Jul 2020
Cosmetics firm Avon faces new cyber security incident
Technical information relating to Avon’s web and mobile sites was inadvertently left exposed on an unsecured Microsoft Azure server Continue Reading
-
News
28 Jul 2020
Garmin may have paid hackers ransom, reports suggest
Garmin’s services are coming back online, but the company remains tight-lipped about what exactly happened to it Continue Reading
-
News
28 Jul 2020
NCSC inducts six security startups to Cyber Accelerator
10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth Continue Reading
-
News
22 Jul 2020
No let-up in cyber attacks as lockdown eases
Cyber attacks are up by one-third as the coalescence of cyber activity and nation state-linked threats around the pandemic bears fruit for bad actors Continue Reading
-
News
20 Jul 2020
Businesses underestimate negative impact of bot traffic
Research from Netacea finds that although awareness of malicious bot activity is high, many are underestimating its true impact Continue Reading
-
News
17 Jul 2020
Twitter hack fallout: Investigators on trail of cyber criminals
Investigators are hunting the cyber criminals who broke into Twitter’s systems to hijack prominent accounts, amid concerns that more attacks may come Continue Reading
-
E-Zine
17 Jul 2020
CW APAC: Trend Watch – security
It wasn’t that long ago when DevSecOps was little more than a mispronunciation of DevOps. Fast forward to today, the notion of embedding security into the development process is not only accepted, but increasingly championed. In this handbook, Computer Weekly looks at what organisations in the Asia-Pacific region are doing to secure their systems, from adopting a DevSecOps approach, to preparing for cyber attacks and ensuring the privacy of Covid-19 contact-tracing app users. Continue Reading
-
E-Zine
17 Jul 2020
CW ANZ: Expert advice on security
Supply chain risks are invisible to many organisations, which means they are often not prioritised from an IT security perspective, partly because supply chain risk management is often seen as a procurement issue. In this handbook, Computer Weekly looks at how organisations in Australia and New Zealand can better protect themselves against supply chain attacks and other evolving cyber threats. Continue Reading
-
News
16 Jul 2020
Cryptocurrency scammers attack Twitter in insider breach
Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam Continue Reading
-
News
16 Jul 2020
Coronavirus shines spotlight on cyber security
Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading
-
News
15 Jul 2020
Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update
The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update Continue Reading
-
News
14 Jul 2020
Recon vulnerability puts thousands of SAP customers at risk
Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems Continue Reading
-
News
14 Jul 2020
Australian enterprises facing more cyber attacks
The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading
-
News
13 Jul 2020
Zoom zero-day a reminder to stop using Windows 7
Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems Continue Reading
-
News
09 Jul 2020
HSBC customers targeted in new smishing scam
SMS phishing scam is targeting HSBC customers in the UK to trick them into handing over their bank account details Continue Reading
-
News
09 Jul 2020
More Joker malware apps chucked off Google Play Store
Infamous Joker billing fraud malware continues to sneak past Google’s security controls Continue Reading
-
News
09 Jul 2020
Pubs and restaurants failing on cyber fraud protection
Virtually all of the UK’s most popular restaurant and pub brands are failing to proactively block fraudulent emails from reaching their targets Continue Reading
-
News
08 Jul 2020
Over 15 billion credentials for sale on dark web
Research by Digital Shadows reveals the scale of the security threat facing consumers as it uncovers 15 billion usernames and passwords stolen in more than 100,000 different data breaches Continue Reading