News

Application security and coding requirements

• July 07, 2023 07 Jul'23

  JumpCloud issues notice to customers to refresh API keys

  JumpCloud has asked its customers to update their API cryptographic keys following a security incident

• June 27, 2023 27 Jun'23

  WithSecure forges ahead with green coding initiative

  WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow

• June 23, 2023 23 Jun'23

  Phishing and ransomware dominate Singapore’s cyber threat landscape

  Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene

• June 14, 2023 14 Jun'23

  No zero-days for June Patch Tuesday, but plenty to chew over

  On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention

• June 14, 2023 14 Jun'23

  Cyber attacks against APAC commerce sector surpass 1.1 billion

  Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings

• June 12, 2023 12 Jun'23

  Ofcom data stolen in MOVEit cyber attack

  Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang

• June 12, 2023 12 Jun'23

  Progress Software releases patch for second MOVEit Transfer vulnerability

  Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning

• June 08, 2023 08 Jun'23

  Vulnerability exploitation volumes up over 50% in 2022

  Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild

• June 08, 2023 08 Jun'23

  Clop may have been sitting on MOVEit vulnerability for two years

  The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years

• May 17, 2023 17 May'23

  Pentera ups ante in penetration testing

  The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform

• May 15, 2023 15 May'23

  MS macro-blocking has forced cyber criminals to innovate

  One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate

• May 10, 2023 10 May'23

  Secure Boot vulnerability causes Patch Tuesday headache for admins

  Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft

• May 04, 2023 04 May'23

  Inside BlackBerry’s cyber security playbook

  BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises

• May 03, 2023 03 May'23

  Cyber Action Plan for Wales launched

  The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country

• May 03, 2023 03 May'23

  TikTok fixes vulnerability that could have exposed user activity data

  A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed

• May 03, 2023 03 May'23

  Mystery Apple security update sparks speculation

  Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed

• April 27, 2023 27 Apr'23

  Tenable opens playground for generative AI cyber tools

  A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with

• April 21, 2023 21 Apr'23

  Prototype cyber tech has revolutionary potential

  The so-called CHERI protection model developed at the University of Cambridge is showing great promise for future cyber security technologies

• April 20, 2023 20 Apr'23

  3CX incident may be world’s first double supply chain attack

  It’s supply chain attacks all the way down as Mandiant publishes information suggesting that the 3CX software supply chain compromise was initiated via a prior software supply chain compromise

• April 19, 2023 19 Apr'23

  Global finance firms take part in NATO cyber attack simulation

  Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure

• April 19, 2023 19 Apr'23

  How organisations can succeed with zero trust

  By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm

• April 18, 2023 18 Apr'23

  Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms

  The Online Safety Bill faces amendments in the House of Lords amid concerns that it could weaken the security of end-to-end encrypted communications for UK citizens

• April 18, 2023 18 Apr'23

  Focus on these three risky behaviours to boost cloud security

  Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report

• April 13, 2023 13 Apr'23

  Thousands at risk from critical RCE bug in legacy MS service

  Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running

• April 12, 2023 12 Apr'23

  April Patch Tuesday fixes zero-day used to deliver ransomware

  A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update

• April 03, 2023 03 Apr'23

  CIO interview: Carter Busse, CIO, Workato

  Workato CIO Carter Busse talks up the company’s approach towards automation and its efforts to drive the technology across its business

• March 30, 2023 30 Mar'23

  OSC&R supply chain security framework goes live on Github

  The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework

• March 30, 2023 30 Mar'23

  3CX unified comms users hit by supply chain attacks

  Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors

• March 28, 2023 28 Mar'23

  Apple security updates fix 33 iPhone vulnerabilities

  A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels

• March 27, 2023 27 Mar'23

  France latest to ban TikTok on government devices

  Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices

• March 21, 2023 21 Mar'23

  Nordics move towards common cyber defence strategy

  Nordic countries agree to work together to improve their cyber defences amid increasing threat

• March 21, 2023 21 Mar'23

  How Mimecast thinks differently about email security

  Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades

• March 16, 2023 16 Mar'23

  Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

  A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly

• March 15, 2023 15 Mar'23

  Microsoft patches Outlook zero-day for March Patch Tuesday

  A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update

• March 14, 2023 14 Mar'23

  NCSC warns over AI language models but rejects cyber alarmism

  The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic

• March 07, 2023 07 Mar'23

  Dutch hospitals underestimate impact of cyber attack

  IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals

• February 27, 2023 27 Feb'23

  Advanced digital resiliency can save organisations millions

  Businesses that build out their digital resiliency are not only more secure, they also have more opportunities to innovate with IT

• February 22, 2023 22 Feb'23

  Researchers find new bug ‘class’ in Apple devices

  A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix

• February 15, 2023 15 Feb'23

  Microsoft fixes three zero-days in February update

  February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver

• February 14, 2023 14 Feb'23

  OSC&R framework to stop supply chain attacks in the wild

  The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains

• February 05, 2023 05 Feb'23

  Australian organisations underinvesting in cyber security

  Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches

• February 03, 2023 03 Feb'23

  LockBit gang confirms Ion cyber attack as disruption continues

  The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February

• February 01, 2023 01 Feb'23

  Cisco fixes two bugs that could have led to supply chain attacks on users

  Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them

• January 31, 2023 31 Jan'23

  GitHub warns Desktop, Atom users after code-signing certificates pinched

  Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users

• January 26, 2023 26 Jan'23

  Zero-trust implementations remain work in progress

  Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds

• January 23, 2023 23 Jan'23

  Trellix automates patching for 62,000 vulnerable open source projects

  Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months

• January 12, 2023 12 Jan'23

  Chrome vulnerability could have led to widespread data theft

  A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen

• January 11, 2023 11 Jan'23

  Microsoft fixes EoP zero-day on January Patch Tuesday

  On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns

• January 05, 2023 05 Jan'23

  Cashless Denmark has no bank robberies in a year for first time

  Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase

• January 02, 2023 02 Jan'23

  China and India governments among top targets for cyber attackers

  Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures