Application security and coding requirements
-
News
20 Nov 2024
Apple addresses two iPhone, Mac zero-days
Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading
-
E-Zine
14 Nov 2024
CW APAC – Trend Watch: Modernising security operations
Organisations everywhere know the risks of cyber security complacency. In this handbook, focused on modernising security operations in the Asia-Pacific region, Computer Weekly looks at how Australia is bolstering its defences, Splunk and Cisco’s integration, and Palo Alto Networks’ ‘precision AI’. Continue Reading
-
News
23 Apr 2020
iOS zero-day leaves iPhone users dangerously exposed
Researchers identify dangerous vulnerabilities in Apple’s iOS operating system that allow remote code execution on target devices Continue Reading
-
News
23 Apr 2020
Zoom to roll out fresh cyber security updates
New features include support for advanced AES 256-bit encryption Continue Reading
-
News
20 Apr 2020
Dutch organisations address business email compromise fraud
Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks Continue Reading
-
News
15 Apr 2020
Coronavirus: Standard Chartered bans employees from Zoom
Standard Chartered is the first bank to have instructed its staff to refrain from using Zoom Continue Reading
-
News
15 Apr 2020
Coronavirus: Researcher finds security vulnerability in Slack
Some common assumptions about the security of cloud-based messaging platform Slack may not be entirely accurate, says an Alien Labs researcher Continue Reading
-
News
15 Apr 2020
Microsoft patches 19 critical bugs in another heavy Patch Tuesday
The volume of vulnerabilities being uncovered by Microsoft remains high, with more than 100 fixes pushed out in April’s Patch Tuesday Continue Reading
-
News
10 Apr 2020
Coronavirus: Warning over surge in Zoom security incidents
Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target popular remote working and collaboration tools Continue Reading
-
News
07 Apr 2020
Happy developers write secure code, report claims
DevOps specialist Sonatype claims to have found a direct correlation between satisfied developers and application security hygiene Continue Reading
-
News
03 Apr 2020
Covid-19 apps pose threat to digital privacy on a global scale
Digital security firm Surfshark has reviewed a number of apps aimed at tackling the spread of coronavirus, and found that many pose a threat to people’s digital privacy Continue Reading
-
Opinion
03 Apr 2020
JavaScript skimmers: An evolving and dangerous threat
Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving Continue Reading
-
News
02 Apr 2020
Coronavirus: Magecart attacks on online retailers jump 20%
RiskIQ researchers have observed a sharp uptick in Magecart credit card attacks, driven by increased traffic to online retailers during the coronavirus pandemic Continue Reading
-
News
02 Apr 2020
Coronavirus: Is Zoom safe and should security teams ban it?
Zoom’s rapid rise to prominence has highlighted a score of security problems with the service. Should CISOs try to steer their organisations away from it, or ban it outright? Continue Reading
-
News
31 Mar 2020
Marriott International hotel chain in second data breach
Marriott International notifies customers of a major data breach that unfolded earlier in 2020 – the second it has experienced in the past two years Continue Reading
-
News
31 Mar 2020
Houseparty denies hack as credential stuffing attacks spread
Social media service denies its service has been hacked, and is offering a million-dollar bounty to anybody who can prove otherwise Continue Reading
-
News
31 Mar 2020
Hackathon launched to help fight coronavirus pandemic
Virtual hackathon seeks to develop a suite of applications to help people during the Covid-19 coronavirus outbreak through ethically built technology Continue Reading
-
News
27 Mar 2020
Lorca calls on security scaleups to tackle coronavirus challenge
Lorca innovation programme has launched an open call for its next cohort of cyber security scaleups, with a timely focus on coronavirus challenges Continue Reading
-
News
26 Mar 2020
Coronavirus: What are the latest free cyber security offers?
We round up the latest free offers on cyber security products and services being made available during the Covid-19 coronavirus crisis Continue Reading
-
News
26 Mar 2020
Coronavirus: Be alert to rogue mobile apps exploiting outbreak
Well-meaning developers are beginning to offer medical apps to monitor coronavirus symptoms and provide information on the pandemic. Opportunists and cyber criminals are not far behind them Continue Reading
-
News
24 Mar 2020
Tekya auto-clicker malware exploits kids’ Android apps
Google has removed multiple apps for children that were found to contain Tekya auto-clicker malware Continue Reading
-
News
23 Mar 2020
Coronavirus: Kaspersky, Bitdefender make products free to NHS
Kaspersky and Bitdefender have both made various products and services available free to healthcare customers as the Covid-19 coronavirus pandemic intensifies Continue Reading
-
News
20 Mar 2020
Unpatched Zyxel storage devices co-opted into IoT botnet
Owners of Zyxel network-attached storage devices are in danger of being hijacked by Mukashi, a descendant of the infamous Mirai botnet, if they don’t patch a critical vulnerability Continue Reading
-
Feature
19 Mar 2020
Coronavirus: How to implement safe and secure remote working
Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves Continue Reading
-
News
13 Mar 2020
Coronavirus-linked hacks likely as Czech hospital comes under attack
The world of cyber security is on high alert to heightened vulnerabilities as the spread of the Covid-19 coronavirus changes daily life across Europe Continue Reading
-
News
12 Mar 2020
Failings in open source disclosure put users at risk
As more projects rely on open source components, IT departments need to keep on top of critical vulnerabilities to ensure they are secure Continue Reading
-
News
12 Mar 2020
Cookie-stealing trojans found lurking on Android phones
Kaspersky discovers two new Android malware modifications that could give hackers control of their victims’ social media accounts Continue Reading
-
News
11 Mar 2020
Microsoft locks down new vulnerability with EternalBlue echoes
Microsoft has moved to get ahead of a serious remote code execution vulnerability in Microsoft Server Message Block 3.1.1, which was accidentally disclosed then missed in its March Patch Tuesday update Continue Reading
-
News
11 Mar 2020
Microsoft fixes 26 critical vulnerabilities in another heavy Patch Tuesday
March’s Patch Tuesday is another big one for Microsoft, addressing 115 vulnerabilities, 26 of them critical Continue Reading
-
News
10 Mar 2020
Schoolgirl security experts prepare to do battle
The finals of the CyberFirst Girls contest will take place on 16 March as the culmination of the NCSC’s annual competition to unearth future security talent Continue Reading
-
News
10 Mar 2020
VAT software supplier exposed data of millions
Eight million sales records belonging to UK and EU consumers left exposed due to misconfigured server Continue Reading
-
News
10 Mar 2020
Inside Oracle’s cloud strategy
Oracle may be late to the cloud infrastructure and platform game, but it believes it has what it takes to carve out a bigger slice of the Asia-Pacific’s cloud market Continue Reading
-
News
06 Mar 2020
Virgin Media confirms 'misconfigured database' left personal data of 900,000 people exposed
Telco provider Virgin Media confirms 'data incident' that left personal details of 900,000 people exposed, but denies its systems were hacked or that it suffered a data breach Continue Reading
-
News
03 Mar 2020
Singapore among world’s top sources of online threats
Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state Continue Reading
-
News
02 Mar 2020
The Security Interviews: Inside the world of bug bounties
You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow Continue Reading
-
News
26 Feb 2020
Fake CDNs obscuring credit card fraudsters
Fake content delivery networks and ngrok servers are being pressed into service to obscure credit card skimming activities Continue Reading
-
News
25 Feb 2020
The Security Interviews: Gil Shwed’s 10-year vision for security
Check Point founder Gil Shwed discusses his new Infinity Next concept and how he plans to remodel the world of cyber security in the next 10 years Continue Reading
-
News
24 Feb 2020
WikiLeaks founder Assange ‘put lives at risk’ by disclosing names in leaked documents, court hears
WikiLeaks founder Julian Assange ‘put lives of US informants at risk’ by publishing unredacted documents, lawyers for the US argued at the first day of a week-long extradition hearing Continue Reading
-
News
24 Feb 2020
Open security group unveils common OpenDXL language
Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework Continue Reading
-
News
24 Feb 2020
Cisco goes all-in on security integration with SecureX platform
CISOs are struggling to stitch together disparate cyber security products and services – Cisco believes its cloud-native SecureX platform will change their working lives for the better Continue Reading
-
News
21 Feb 2020
Malicious apps still getting past Google controls
Check Point researchers have found multiple malware-infected apps in the Google Play store, including a clicker called Haken, which has been downloaded more than 50,000 times Continue Reading
-
News
19 Feb 2020
Cost of cloud misconfigurations set at $5tn
Cloud security outfit DivvyCloud says more than 33 billion records have been exposed in cloud misconfiguration incidents in the past 24 months Continue Reading
-
News
18 Feb 2020
Girlguiding hosts interactive cyber security workshop
100 Guides from South West England took part in an NCSC event to learn more about security fundamentals Continue Reading
-
Opinion
18 Feb 2020
Security Think Tank: Zero trust strategies must start small, then grow
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
17 Feb 2020
Ex-soldiers to become ethical hackers
A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking Continue Reading
-
Opinion
17 Feb 2020
Security Think Tank: Ask yourself if zero trust is right for you
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
Opinion
14 Feb 2020
Security Think Tank: How zero trust lets you take back control
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust architecture? Continue Reading
-
News
12 Feb 2020
Internet Explorer zero day among 99 Patch Tuesday problems
After an eventful January Patch Tuesday that marked the end of support for Windows 7, the February 2020 update is another whopper, fixing close to 100 vulnerabilities Continue Reading
-
Feature
12 Feb 2020
Inside the SOC: the nerve centre of security operations
Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel Continue Reading
-
News
11 Feb 2020
Mac-based security threats outpacing Windows
Security threats targeting Apple endpoints are growing more quickly than those targeting Windows machines, according to Malwarebytes Continue Reading
-
Opinion
10 Feb 2020
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
07 Feb 2020
RobbinHood ransomware tricks Windows into deleting defences
By subverting kernel memory settings in Windows 7, Windows 8 and Windows 10, the RobbinHood ransomware can now delete cyber security defences from target systems Continue Reading
-
Opinion
07 Feb 2020
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
05 Feb 2020
Web app ubiquity gives cyber criminals new opportunities
The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading
-
News
30 Jan 2020
NCSC launches study on cyber security diversity
The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading
-
News
29 Jan 2020
UK cyber security sector worth more than £8bn
The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading
-
News
27 Jan 2020
Government tightens law around IoT cyber security
New legislation developed by DCMS and the NCSC may help guarantee the security and privacy of users of consumer IoT devices Continue Reading
-
News
27 Jan 2020
SANS Institute calls on Manchester security pros
Manchester will play host to a week-long cyber security training event during February Continue Reading
-
News
24 Jan 2020
Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia
Sodinokibi hacking group steps up pressure on German automotive manufacturer by publishing information, including the CEO’s computer password and sensitive details of its IT systems, on the internet Continue Reading
-
News
22 Jan 2020
ICO code sets out digital privacy standards for children
The Information Commissioner’s Office has published its Age Appropriate Design Code, a set of 15 standards that online platforms must meet to protect the privacy of younger users Continue Reading
-
News
21 Jan 2020
5G builders test vulnerabilities in Finnish hackathon
University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading
-
News
15 Jan 2020
Lorca announces new cohort of 20 security scaleups
20 scaleups will focus their attention on automation, zero trust and supply chain security Continue Reading
-
News
15 Jan 2020
NSA Windows 10 security disclosure raises questions
In an unprecedented move, the NSA has got out in front of a critical cryptographic flaw in Windows 10, but in doing so has raised multiple questions Continue Reading
-
News
15 Jan 2020
Threat landscape grew in complexity in 2019, no respite in sight
Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading
-
News
14 Jan 2020
Researchers find cryptojacker hiding in Wav audio file
Victim network was compromised by obfuscated malware hiding a Monero cryptominer, lurking inside a Wav audio file Continue Reading
-
News
14 Jan 2020
Turn the end of Windows 7 support into a security advantage
CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading
-
News
08 Jan 2020
TikTok video-sharing app left user data exposed
Check Point uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed Continue Reading
-
News
24 Dec 2019
Top 10 cyber crime stories of 2019
Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading
-
News
23 Dec 2019
Top 10 cyber security stories of 2019
Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading
-
News
20 Dec 2019
Finnish government supports local authorities in cyber security initiative
The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading
-
News
17 Dec 2019
Group-IB CEO talks up global threat landscape
Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading
-
News
16 Dec 2019
Barco fixes ClickShare wireless flaw, but users still at risk
Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet Continue Reading
-
News
13 Dec 2019
Alarm bells ring, the IoT is listening
With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts Continue Reading
-
News
05 Dec 2019
Aviatrix VPN vulnerability left user endpoints wide open
Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets Continue Reading
-
Opinion
03 Dec 2019
Security Think Tank: In-depth protection is a matter of basic hygiene
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but what does this mean for security professionals? Continue Reading
-
News
02 Dec 2019
Top Android apps at risk from StrandHogg vulnerability
Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability Continue Reading
-
Video
26 Nov 2019
CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com
In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies. Continue Reading
-
News
25 Nov 2019
Uber app exploit posed safety risk to passengers
A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel Continue Reading
-
News
19 Nov 2019
Macy’s Magecart breach presages Christmas fraud spike
US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack Continue Reading
-
18 Nov 2019
The Security Interviews: Applying AI to Lego, and security
Ann Johnson, Microsoft corporate vice-president of cyber security, is on a mission to prove that artificial intelligence holds great promise for the security sector, and she has the analogies to back it up. Continue Reading
-
News
14 Nov 2019
Home Office Brexit app contains multiple security flaws
The Home Office’s Brexit app may be putting EU citizens’ personal data at risk Continue Reading
-
14 Nov 2019
How APAC enterprises can keep pace with container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. Continue Reading
-
E-Zine
14 Nov 2019
CW APAC: Expert advice on container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities. In this handbook, Computer Weekly looks at the security challenges associated with container technology. Continue Reading
-
News
12 Nov 2019
Nordic SMEs lack the money needed for cyber security
Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country Continue Reading
-
News
12 Nov 2019
Shared responsibility model key to solving 5G security problem
Both buyers and sellers need to cooperate to solve the thorny issues around 5G security Continue Reading
-
News
06 Nov 2019
Global security workforce must more than double to meet demand
There are about 2.8 million cyber security professionals working today, and the world needs four million more Continue Reading
-
News
04 Nov 2019
EU patches 20-year-old open source vulnerability
Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability Continue Reading
-
News
23 Oct 2019
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading
-
News
21 Oct 2019
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots Continue Reading
-
News
18 Oct 2019
Huge rise in rogue banking apps driving fraud attacks
Fraud perpetrated through fake mobile apps purporting to be from legitimate banks has seen a statistically significant spike, says RSA Continue Reading
-
News
14 Oct 2019
The Security Interviews: Applying AI to Lego, and security
Ann Johnson, Microsoft corporate vice-president of cyber security, is on a mission to prove that artificial intelligence holds great promise for the security sector, and she has the analogies to back it up Continue Reading
-
News
08 Oct 2019
How APAC enterprises can keep pace with container security
For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities Continue Reading
-
News
08 Oct 2019
IBM, McAfee among founders of open source security alliance
A group of cyber security suppliers have come together to form the Open Cybersecurity Alliance Continue Reading
-
News
03 Oct 2019
LogRhythm touts unlimited data plan for SIEM systems
SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading
-
News
26 Sep 2019
Overinvestment breeds overconfidence among security pros
CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading
-
News
24 Sep 2019
Latest Lorca cyber security challenge has IoT focus
Government-backed cyber security innovation centre Lorca has issued new challenges around connectivity for its next intake of scaleups Continue Reading
-
News
11 Sep 2019
Nordic countries deepen collaboration with Estonia-based cyber security operation
Nordic countries are now working closer with Nato’s Estonia-based centre of excellence in cyber security Continue Reading
-
News
05 Sep 2019
Singapore’s SecureAge eyes US market
The Singapore-based supplier of encryption and anti-malware tools has set up a new office in Greater Washington, DC as the next logical step in its global expansion plan Continue Reading
-
News
30 Aug 2019
Social media and enterprise apps pose big security risks
The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals Continue Reading
-
News
29 Aug 2019
Dutch regulator reveals potential Microsoft privacy breach
Netherlands privacy watchdog has revealed potential breaches while testing Microsoft software changes Continue Reading
-
News
26 Aug 2019
VMware’s latest acquisitions point to emerging platform war
VMware’s buyout of Carbon Black and Pivotal is a sign of an emerging platform war following the IBM-Red Hat deal Continue Reading
-
News
21 Aug 2019
Silence APT group eyes APAC banks
Russian-speaking advanced persistent threat group has set its sights on banks in the region, customising its arsenal for targeted attacks Continue Reading