News

Application security and coding requirements

• September 09, 2021 09 Sep'21

  Latest Microsoft zero-day being actively exploited

  New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks

• September 07, 2021 07 Sep'21

  OT security in APAC remains work in progress

  Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges

• August 31, 2021 31 Aug'21

  GovTech launches vulnerability rewards programme

  Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems

• August 24, 2021 24 Aug'21

  13 million malware attacks on Linux seen in wild

  Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services

• August 24, 2021 24 Aug'21

  Half of MS Exchange servers at risk in ProxyShell debacle

  Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited

• August 18, 2021 18 Aug'21

  How Australia’s Octopus Deploy is simplifying DevOps

  Brisbane-based startup Octopus Deploy recently secured $172.5m in venture funding to advance its goal of simplifying software deployments for DevOps teams

• August 18, 2021 18 Aug'21

  MoD seeks security tech to harden military systems

  The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks

• August 17, 2021 17 Aug'21

  Security Think Tank: Building privacy-preserving apps and platforms

  ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture

• August 13, 2021 13 Aug'21

  Cyber Runway programme supports new security businesses

  The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses

• August 13, 2021 13 Aug'21

  Hospitals see cyber security investment as a low priority

  Almost half of hospitals have experienced an IT shutdown as a result of a cyber attack in the past six months, but just over one in 10 hospital executives see cyber security investment as a high priority

• August 11, 2021 11 Aug'21

  The Netherlands still lacks digital resilience, says report

  Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient

• August 05, 2021 05 Aug'21

  SAP customers more alert to internal than external threats

  SAP customers are more concerned by insider threats than by external attacks, according to a report. And yet the average SAP customer has around 2,500 vulnerabilities within their customised SAP code

• August 05, 2021 05 Aug'21

  Cloud misconfiguration a growing cause of security incidents

  Rapid cloud adoption during the pandemic has increased the attack surface and heightened the risk of misconfiguring services, leaving organisations more vulnerable to cyber attacks

• August 04, 2021 04 Aug'21

  Initial access brokers unaffected by ransomware content bans

  Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021

• August 03, 2021 03 Aug'21

  UK MoD turns to hackers to help secure digital assets

  Hackers given direct access to internal Ministry of Defence systems to identify and report security vulnerabilities

• July 29, 2021 29 Jul'21

  Technical hiccups force Babuk ransomware gang to change tactics

  The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee

• July 27, 2021 27 Jul'21

  TikTok sets up cyber security hub in Dublin

  Dublin-based cyber centre will oversee the security of TikTok’s users across Europe

• July 27, 2021 27 Jul'21

  How IBM is solving the data privacy problem

  IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy

• July 26, 2021 26 Jul'21

  Malicious actors turn to obscure programming languages

  Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences

• July 16, 2021 16 Jul'21

  Legacy SonicWall kit exploited in ransom campaign

  Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign

• July 14, 2021 14 Jul'21

  Multiple Microsoft bugs being actively exploited

  Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited

• July 13, 2021 13 Jul'21

  Modipwn vulnerability puts millions of building systems at risk

  Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover

• July 08, 2021 08 Jul'21

  PrintNightmare haunts Microsoft as patch may miss mark

  Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied

• July 07, 2021 07 Jul'21

  Opportunists seen targeting Kaseya REvil victims

  Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident

• July 02, 2021 02 Jul'21

  Should I be worried about PrintNightmare?

  The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?

• July 02, 2021 02 Jul'21

  Cyber attackers up the ante on embattled IT teams

  Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 25, 2021 25 Jun'21

  AWS launches bug-busting programme for developers

  Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console

• June 23, 2021 23 Jun'21

  How containerisation helps VW develop car software

  Volkswagen’s R&D centre is working with Red Hat to use containerisation to improve how it develops and tests software for the control systems in cars

• June 18, 2021 18 Jun'21

  NHS App reaches six million users, thanks to Covid vaccine feature

  More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 09, 2021 09 Jun'21

  Microsoft fixes seven zero-days on its Patch Tuesday rounds

  Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update

• June 03, 2021 03 Jun'21

  Norway’s auditor general lifts lid on energy industry’s cyber security risks

  Auditor General’s Office questions the security posture of Norway’s energy industry

• June 03, 2021 03 Jun'21

  Pandemic a ‘once-in-a-lifetime’ chance to reshape security

  The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 21, 2021 21 May'21

  Lack of developer attention to cloud security prompts alerts

  The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations

• May 14, 2021 14 May'21

  Okta and Auth0 to expand APAC coverage

  Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic

• May 13, 2021 13 May'21

  Publishing exploit code does more harm than good, says report

  Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security

• May 12, 2021 12 May'21

  Microsoft fixes four critical bugs on lighter Patch Tuesday

  Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away

• May 11, 2021 11 May'21

  Collaboration key to success of UK’s Cyber Security Council

  The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 07, 2021 07 May'21

  Ransomware, supply chain attacks show no sign of abating

  Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 27, 2021 27 Apr'21

  Apple OS updates patch multiple security holes

  The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible

• April 27, 2021 27 Apr'21

  North London school wins NCSC girls’ cyber challenge

  Highgate School in North London is the winner of this year’s CyberFirst Girls security competition

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  UK’s proposed IoT cyber security law gathers momentum

  New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM