Web application security
-
Opinion
23 Oct 2025
The US government shutdown is a wake-up call for cyber self-reliance
As the US government shutdown heads towards a second month, could the disruption to cyber security programmes be the impetus end-users need to pull themselves up by their own bootstraps? Continue Reading
-
E-Zine
07 Oct 2025
Is the UK’s digital ID scheme doomed to fail?
In this week’s edition of Computer Weekly, we take a look at the government’s somewhat controversial plan to introduce a national, compulsory digital ID scheme. Ranil Boteju, chief data and analytics officer at Lloyds Banking Group, also runs us through how the financial services giant is planning to use agentic AI to improve the customer experience. In the third part of our buyer’s guide on cloud management and security, details about the plethora of security tools that exist for enterprises looking to manage their Amazon Web Services stacks gets the deep-dive treatment. And, in our final feature in the issue, we look at the evolution in mobile app technology within the retail space. Read the issue now. Continue Reading
-
News
16 Sep 2020
Retailers urged to get to grips with Magento as attacks spike
A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento Continue Reading
-
News
16 Sep 2020
Lorca security scaleups to get Splunk data expertise
Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading
-
News
15 Sep 2020
Risky development practice leaves company access keys exposed
Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading
-
News
15 Sep 2020
TikTok-Oracle partnership moves forward for consideration
Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China Continue Reading
-
News
15 Sep 2020
Data of every Welsh Covid-19 patient leaked online
Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading
-
News
14 Sep 2020
Microsoft drops out of TikTok talks, paves way for Oracle partnership
Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle Continue Reading
-
News
11 Sep 2020
Travel industry websites are laughably insecure, claims Which?
The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading
-
News
10 Sep 2020
Lorca security scaleups hit funding milestone
£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target Continue Reading
-
News
10 Sep 2020
Government launches £500k healthcare security plan
A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic Continue Reading
-
News
10 Sep 2020
Assange prosecution would put journalists around the world at risk
Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes WikiLeaks founder Julian Assange, every reporter who receives a secret document will be criminalised Continue Reading
-
News
09 Sep 2020
September’s Patch Tuesday heavy on RCE vulnerabilities
Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues Continue Reading
-
News
06 Sep 2020
Why predictive threat intelligence is key
Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading
-
News
02 Sep 2020
Northumbria University suffers major disruption after cyber attack
Some exams cancelled as university appoints external specialists to investigate incident Continue Reading
-
News
28 Aug 2020
Machine learning wards off threats at TV studio Bunim Murray
TV studio behind reality hits including The Real World and Keeping Up With The Kardashians turned to Darktrace’s Antigena email protection service to keep its people safe from Covid-19 threats Continue Reading
-
News
28 Aug 2020
Benefit fraud: Underground trade in stolen identities revealed
A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading
-
News
27 Aug 2020
TikTok CEO clocks off
TikTok CEO Kevin Mayer has resigned from the firm after just three months Continue Reading
-
News
25 Aug 2020
TikTok takes Trump to court
Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US Continue Reading
-
E-Zine
25 Aug 2020
When algorithms don’t play fair
In this week’s Computer Weekly, we report on the auditing of algorithms to countervail bias. We examine what CISOs can learn from Covid-19. And in our buyer’s guide to modern software development, we assess how competent artificial intelligence is at building applications that deliver the best possible customer experience. Read the issue now. Continue Reading
-
News
21 Aug 2020
TikTok’s GDPR compliance probed amid accusations of data misuse
Dutch privacy organisation SOMI claims TikTok falls short in protecting young users, and that it is likely violating GDPR Continue Reading
-
News
20 Aug 2020
Social media data leak highlights murky world of data scraping
A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading
-
News
18 Aug 2020
Reports Oracle to enter TikTok bidding war
Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT Continue Reading
-
News
14 Aug 2020
Oracle and Salesforce sued over online ad tracking
Class action lawsuits filed in Amsterdam and London will accuse Oracle and Salesforce of breaching GDPR in their processing and sharing of personal data to sell online advertising Continue Reading
-
News
12 Aug 2020
Microsoft patches two zero-days with active exploits
Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals Continue Reading
-
News
12 Aug 2020
Security training body Sans Institute hit by data breach
Around 28,000 items of personally identifiable data were lost in a phishing attack on Sans, proving that even the professionals can be caught out Continue Reading
-
News
11 Aug 2020
Citrix users urged to patch five XenMobile CVEs
Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible Continue Reading
-
News
11 Aug 2020
French data protection authorities to probe TikTok as suitors circle
France’s CNIL has confirmed a new investigation into TikTok’s data protection practices Continue Reading
-
News
11 Aug 2020
Hospitality sector is failing on contact-tracing obligations
Cyber security experts urge the government to do more to help small hospitality businesses improve their contact-tracing data-handling practices Continue Reading
-
News
10 Aug 2020
Retailer Monsoon allegedly exposing data via Pulse Connect server
A researcher has found a critically insecure Pulse Connect Secure VPN version belonging to UK retailer Monsoon Accessorize, but claims the firm is ignoring his disclosures Continue Reading
-
News
07 Aug 2020
Virgin Media customers targeted in Twitter phish
Customers seeking help from the ISP are being targeted by a scam Twitter account Continue Reading
-
News
07 Aug 2020
TikTok to be banned in US in 45 days
Trump says his Executive Orders against Chinese mobile apps are in the interests of dealing with a national emergency Continue Reading
-
Opinion
07 Aug 2020
Don’t believe the hype: AI is no silver bullet
We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check Continue Reading
-
News
04 Aug 2020
New foundation to bolster security of open source software
The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading
-
News
03 Aug 2020
Microsoft offers way out of TikTok impasse
Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US Continue Reading
-
News
31 Jul 2020
Labour Party is latest victim of Blackbaud ransomware attack
Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading
-
News
29 Jul 2020
Majority of organisations at risk of cloud data exposure
Report casts doubt on the effectiveness of the shared responsibility model of cloud security Continue Reading
-
News
29 Jul 2020
Cosmetics firm Avon faces new cyber security incident
Technical information relating to Avon’s web and mobile sites was inadvertently left exposed on an unsecured Microsoft Azure server Continue Reading
-
News
28 Jul 2020
Garmin may have paid hackers ransom, reports suggest
Garmin’s services are coming back online, but the company remains tight-lipped about what exactly happened to it Continue Reading
-
News
28 Jul 2020
NCSC inducts six security startups to Cyber Accelerator
10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth Continue Reading
-
News
22 Jul 2020
No let-up in cyber attacks as lockdown eases
Cyber attacks are up by one-third as the coalescence of cyber activity and nation state-linked threats around the pandemic bears fruit for bad actors Continue Reading
-
News
20 Jul 2020
Businesses underestimate negative impact of bot traffic
Research from Netacea finds that although awareness of malicious bot activity is high, many are underestimating its true impact Continue Reading
-
News
17 Jul 2020
Twitter hack fallout: Investigators on trail of cyber criminals
Investigators are hunting the cyber criminals who broke into Twitter’s systems to hijack prominent accounts, amid concerns that more attacks may come Continue Reading
-
E-Zine
17 Jul 2020
CW APAC: Trend Watch – security
It wasn’t that long ago when DevSecOps was little more than a mispronunciation of DevOps. Fast forward to today, the notion of embedding security into the development process is not only accepted, but increasingly championed. In this handbook, Computer Weekly looks at what organisations in the Asia-Pacific region are doing to secure their systems, from adopting a DevSecOps approach, to preparing for cyber attacks and ensuring the privacy of Covid-19 contact-tracing app users. Continue Reading
-
E-Zine
17 Jul 2020
CW ANZ: Expert advice on security
Supply chain risks are invisible to many organisations, which means they are often not prioritised from an IT security perspective, partly because supply chain risk management is often seen as a procurement issue. In this handbook, Computer Weekly looks at how organisations in Australia and New Zealand can better protect themselves against supply chain attacks and other evolving cyber threats. Continue Reading
-
News
16 Jul 2020
Cryptocurrency scammers attack Twitter in insider breach
Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam Continue Reading
-
News
16 Jul 2020
Coronavirus shines spotlight on cyber security
Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading
-
News
15 Jul 2020
Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update
The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update Continue Reading
-
News
14 Jul 2020
Recon vulnerability puts thousands of SAP customers at risk
Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems Continue Reading
-
News
14 Jul 2020
Australian enterprises facing more cyber attacks
The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading
-
News
13 Jul 2020
Zoom zero-day a reminder to stop using Windows 7
Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems Continue Reading
-
News
09 Jul 2020
HSBC customers targeted in new smishing scam
SMS phishing scam is targeting HSBC customers in the UK to trick them into handing over their bank account details Continue Reading
-
News
09 Jul 2020
More Joker malware apps chucked off Google Play Store
Infamous Joker billing fraud malware continues to sneak past Google’s security controls Continue Reading
-
News
09 Jul 2020
Pubs and restaurants failing on cyber fraud protection
Virtually all of the UK’s most popular restaurant and pub brands are failing to proactively block fraudulent emails from reaching their targets Continue Reading
-
News
08 Jul 2020
Over 15 billion credentials for sale on dark web
Research by Digital Shadows reveals the scale of the security threat facing consumers as it uncovers 15 billion usernames and passwords stolen in more than 100,000 different data breaches Continue Reading
-
Opinion
08 Jul 2020
Security Think Tank: The past and future of security automation
Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading
-
News
08 Jul 2020
Security funding soars despite Covid-19 slump, but problems lie ahead
The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going Continue Reading
-
News
07 Jul 2020
Cyber4Summer scheme to divert young people from cyber crime
Cyber4Summer platform will offer 100 different tracks covering a range of security skills to divert them from falling into a life of cyber crime Continue Reading
-
Opinion
07 Jul 2020
Security Think Tank: Balancing human oversight with AI autonomy
Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading
-
News
06 Jul 2020
Lorca scale-ups bring diverse security to the fore
London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort Continue Reading
-
News
06 Jul 2020
North Korea behind spate of Magecart attacks
The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec Continue Reading
-
News
02 Jul 2020
Locked-down teens flock to NCSC CyberFirst training scheme
A record number of 14 to 17-year-olds have signed up to the National Cyber Security Centre’s CyberFirst summer school Continue Reading
-
News
01 Jul 2020
UK’s unsung cyber security heroes sought
Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards Continue Reading
-
News
01 Jul 2020
Zoom making progress on cyber security and privacy, says CEO
Three months after being hit by a spate of security incidents, Zoom’s CEO, Eric Yuan, has been discussing progress towards a more secure product Continue Reading
-
News
01 Jul 2020
Remote workers more aware of security, but still flout the rules
Almost three-quarters of remote workers reckon they have gained in cyber security awareness during lockdown, but don’t seem to be especially bothered about keeping themselves safe Continue Reading
-
News
01 Jul 2020
Mysterious EvilQuest macOS ransomware spreads through torrents
A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly Continue Reading
-
Feature
01 Jul 2020
Black Lives Matter, but do bots know that?
The volume of content generated each day necessitates automated moderation to curate everything as it is published, ensuring offensive and objectionable material is blocked. But this only works if systems are adequately configured and reviewed Continue Reading
-
Opinion
01 Jul 2020
Security Think Tank: Get your house in order before deploying AI
AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading
-
News
01 Jul 2020
FakeSpy Android malware targets Royal Mail app users
The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous Continue Reading
-
Opinion
30 Jun 2020
Security Think Tank: ‘Shift left’ to secure containers
Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading
-
News
25 Jun 2020
Pub ‘check-in’ apps provoke fresh privacy concerns
With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened Continue Reading
-
Opinion
24 Jun 2020
Security Think Tank: Securing containers needn’t be taxing
Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading
-
Feature
23 Jun 2020
How to apply zero-trust models to container security
Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them? Continue Reading
-
News
23 Jun 2020
Neurodiversity on the rise among career hackers
More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd Continue Reading
-
News
23 Jun 2020
Flash-based MacOS malware hides in plain sight
By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences Continue Reading
-
News
19 Jun 2020
Australian prime minister confirms country is suffering repeated nation-state cyber attacks
Concern over critical national infrastructure as cyber attackers repeatedly try to gain access to network of organisations operating in multiple sectors Continue Reading
-
E-Zine
18 Jun 2020
CW APAC: Trend Watch – data protection
Asia-Pacific organisations see the importance of having good data protection practices, even as they are still grappling with organisational and operational challenges. In this handbook, Computer Weekly looks at the different levels of preparedness across the region and what firms can do to plug any gaps. Continue Reading
-
News
18 Jun 2020
Cisco patches dangerous Webex vulnerability
CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service Continue Reading
-
News
18 Jun 2020
Check Point uncovers targeted Microsoft Office 365 phishing campaign
Organised criminal campaign exploited Adobe, Oxford University and Samsung web domains to trick users into giving up their passwords Continue Reading
-
News
18 Jun 2020
Zoom U-turns on end-to-end encryption
Embattled video-conferencing provider Zoom backtracks on previous refusals to provide end-to-end encryption to free users Continue Reading
-
News
17 Jun 2020
Coronavirus: 50% of security pros had no pandemic contingency plan
A survey of security professionals conducted on behalf of Bitdefender reveals the lack of forward planning for events such as the Covid-19 coronavirus pandemic Continue Reading
-
News
16 Jun 2020
Activists call on Zoom to implement encryption for all
A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users Continue Reading
-
News
15 Jun 2020
Accessories store Claire’s hit by Magecart credit card fraudsters
Attackers gained access to retailer’s website as long ago as March Continue Reading
-
News
14 Jun 2020
Coronavirus: Enterprise VPN adoption in India set to rise
Advancement in cloud technologies and secured remote access to applications will significantly contribute to the overall growth of India’s VPN market, says GlobalData Continue Reading
-
News
12 Jun 2020
NHS email service users ensnared in phishing attack
More than 100 accounts on the NHSmail service were affected by attack, but health service says no patient data was accessed Continue Reading
-
News
12 Jun 2020
Fake contact-tracing apps delivering banking trojans
Spoof government coronavirus apps are popping up all over the world, says the Anomali Threat Research team Continue Reading
-
News
12 Jun 2020
100,000 cheap wireless cameras vulnerable to hacking
Active devices built by Chinese firm HiChip have been sold in the UK as webcams and connected baby monitors Continue Reading
-
News
12 Jun 2020
Twitter kills thousands of misinformation accounts
The accounts were linked to the governments of China, Russia and Turkey, and engaged in systematic operations against pro-democracy activists, political opponents and dissidents Continue Reading
-
Opinion
11 Jun 2020
Security Think Tank: Container security starts with good DevOps practice
Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers? Continue Reading
-
News
10 Jun 2020
Government to fund nine advanced security projects
Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets Continue Reading
-
News
10 Jun 2020
Decade-old vulnerability among 129 Patch Tuesday fixes
A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks Continue Reading
-
News
10 Jun 2020
Unsecured Elasticsearch server breached in eight hours flat
Comparitech’s Bob Diachenko wanted to find out how long it would take for hackers to find and attack an unsecured, public internet-facing database, so he set up a honeypot Continue Reading
-
News
10 Jun 2020
Virtual GP practice accidentally exposes patient video calls
A small number of users of Babylon’s GP at Hand service were briefly able to view other patients’ video GP consultations thanks to a bug in a new software feature Continue Reading
-
Feature
10 Jun 2020
Coronavirus: How to go back to the office safely and securely
Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them. Continue Reading
-
News
09 Jun 2020
Poorly-secured AWS buckets used to launch Magecart attacks
Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data Continue Reading
-
News
08 Jun 2020
What it takes to get DevSecOps right
DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools Continue Reading
-
News
05 Jun 2020
Police chiefs working with Public Health England on contact-tracing security
Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme Continue Reading
-
News
04 Jun 2020
Small businesses failing on remote worker protection
Only one-third of people working for small businesses have received any guidance from their employers on how to secure their remote working set-up Continue Reading
-
News
04 Jun 2020
Black Lives Matter activists targeted by cyber attacks
Civil liberties organisations are being targeted by far-right trolls as protests over the murder of George Floyd spread worldwide Continue Reading
-
News
04 Jun 2020
The Security Interviews: How the BSI protects the IoT from itself
David Mudd of the BSI reveals how a pragmatic and realistic approach to security vulnerabilities underpins its internet of things kitemark, helping give users the confidence to buy smart devices safely Continue Reading
-
News
04 Jun 2020
Coronavirus: Cyber criminals target laid-off workers
Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic Continue Reading
-
News
01 Jun 2020
Privacy campaigners call for radical changes to contact-tracing app
Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether Continue Reading