News

Application security and coding requirements

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 20, 2022 20 Dec'22

  Top 10 software development stories of 2022

  We look at how software development has adapted to the changing economic climate over the past 12 months

• December 15, 2022 15 Dec'22

  Lego fixes dangerous API vulnerability in BrickLink service

  The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas

• December 14, 2022 14 Dec'22

  Ethical hackers flex their muscles in 2022

  Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021

• December 14, 2022 14 Dec'22

  Microsoft fixes two zero-days in final Patch Tuesday of 2022

  December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 13, 2022 13 Dec'22

  More Uber data exposed in possible supply chain attack

  A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack

• December 09, 2022 09 Dec'22

  CIISec, DCMS to fund vocational cyber courses for A-level students

  The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers

• December 08, 2022 08 Dec'22

  Consumers to get new protections against dodgy apps

  Government’s new code of practice will impose new privacy and security measures on app store operators and developers

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• December 07, 2022 07 Dec'22

  Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

  Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 21, 2022 21 Nov'22

  Bug Bounty Calculator helps organisations fine-tune their payouts

  Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention

• November 09, 2022 09 Nov'22

  Microsoft serves smorgasbord of six zero-days

  November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity

• November 03, 2022 03 Nov'22

  The Security Interviews: Building trust online

  Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities

• November 02, 2022 02 Nov'22

  OpenSSL vulnerabilities ‘not as bad as feared’

  As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared

• October 31, 2022 31 Oct'22

  Prepare today for potentially high-impact OpenSSL bug

  OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed

• October 25, 2022 25 Oct'22

  Apple patches new iPhone zero-day

  Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products

• October 18, 2022 18 Oct'22

  Apache vulnerability a risk, but not as widespread as Log4Shell

  A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell

• October 18, 2022 18 Oct'22

  Virtually all vulnerable open source downloads are avoidable

  Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report

• October 14, 2022 14 Oct'22

  Australia becoming hotbed for cyber attacks

  Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency

• October 13, 2022 13 Oct'22

  Gartner: Remote work, zero trust, cloud still driving cyber spend

  Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud

• October 12, 2022 12 Oct'22

  Microsoft fixes lone zero-day on October Patch Tuesday

  Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen

• October 11, 2022 11 Oct'22

  Contractor left Toyota source code exposed for five years

  Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor

• October 05, 2022 05 Oct'22

  Forrester: US set to dominate AI enterprise software market

  Artificial intelligence is the fastest growth area in software. This is driving adoption, which will make AI mainstream technology in business software

• September 29, 2022 29 Sep'22

  Optus breach casts spotlight on cyber resilience

  The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia

• September 26, 2022 26 Sep'22

  How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

  Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials

• September 22, 2022 22 Sep'22

  Nordic private equity firms pursue cyber security acquisitions

  Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets

• September 21, 2022 21 Sep'22

  15-year-old Python bug present in 350,000 open source projects

  A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix

• September 20, 2022 20 Sep'22

  Thousands of customers affected in Revolut data breach

  Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack

• September 16, 2022 16 Sep'22

  Six new vulnerabilities added to CISA catalogue

  CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010

• September 14, 2022 14 Sep'22

  Microsoft patches 64 vulnerabilities on September Patch Tuesday

  Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  Dutch cyber security organisations to join forces

  Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

• September 07, 2022 07 Sep'22

  August ’22 a bumper month for high-impact vulnerabilities

  Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future

• September 07, 2022 07 Sep'22

  Prince’s Trust teams with threat management specialist in skills push

  Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry

• September 06, 2022 06 Sep'22

  Saudi Arabian organisations choose to outsource to improve cyber security posture

  Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security

• August 31, 2022 31 Aug'22

  Google debuts open source bug bounty programme

  Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme

• August 31, 2022 31 Aug'22

  Norway has NOK200m plan to bolster cyber defences

  Norway is investing heavily in its cyber defences amid heightened threat from Russia

• August 23, 2022 23 Aug'22

  DevSecOps: Software developers lack sufficient security focus

  GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve

• August 19, 2022 19 Aug'22

  Cozy Bear targets MS 365 environments with new tactics

  Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments

• August 19, 2022 19 Aug'22

  Apple patches two zero-days in macOs, iOS

  Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems

• August 19, 2022 19 Aug'22

  Inside Singapore’s national digital identity journey

  Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years

• August 12, 2022 12 Aug'22

  Microsoft doles out $13.7m in bug bounties

  Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries

• August 10, 2022 10 Aug'22

  GitHub targets vulnerable open source components

  There are thousands of vulnerabilities in open source code – GitHub aims to help developers see if their projects are impacted

• August 10, 2022 10 Aug'22

  Microsoft fixes two-year-old MSDT vulnerability in August update

  August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.

• August 04, 2022 04 Aug'22

  Spyware activity particularly impactful in July

  After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 27, 2022 27 Jul'22

  Retail software firm PrestaShop warns users about SQL injection attacks

  Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise