Web application security

Black Friday On My Mind

Ah – tomorrow – the dreaded Black Friday, yet another unwanted import from Trumpland. But, JASK – already previously subjected here to the blogging treatment – has some security advice to offer as ... Continue Reading

By

• Steve Broadhead, Broadband Testing

Why entropy sources should be added to mobile application vetting

NIST's 'Vetting the Security of Mobile Applications' draft discusses four key areas of general requirements. Learn how further improvements to the vetting process could be made. Continue Reading

By

• Judith Myerson

APAC firms warm up to SD-WAN to solve networking woes

A third of enterprises in the APAC region have already deployed SD-WAN at most of their sites, while 55% are in the process of doing so, a study shows Continue Reading

By

• Aaron Tan, TechTarget

How testing perspectives helps find application security flaws

Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Think Tank: Application layer attack mitigation needs to start with risk analysis

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: Focus on security before app deployment

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Richard Absalom, Information Security Forum

Optus to acquire Hivint in cyber security deal

The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading

By

• Aaron Tan, TechTarget

How is Android Accessibility Service affected by a banking Trojan?

ThreatFabric researchers uncovered MysteryBot, Android malware that uses overlay attacks to avoid detection. Learn how this malware affects Google's Android Accessibility Service. Continue Reading

By

• Nick Lewis

Everyone, everywhere is responsible for IIoT cyber security

Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive interests Continue Reading

By

• Andrew Kling, The Open Group

Two-thirds of emails not clean, says research

Two-thirds of emails don't make it to the inbox because security systems consider them unsafe, according to research Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

British Airways data breach: Security researchers name suspects and query attack timeline

Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

Public cloud use surges among DDoS attackers, research shows

According to data accrued by DDoS mitigation firm, Link11, the number of attackers that rely on public cloud services soared during the 12 months to June 2018 Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

Cyber criminals outspend businesses in cyber security battle

Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Apache Struts users urged to update due to new security flaw

Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading

By

• Warwick Ashford, Senior analyst

Check Point warns of WhatsApp vulnerabilities

Researchers are warning of vulnerabilities in WhatsApp that allow threat actors to intercept and manipulate messages sent in a group chat Continue Reading

By

• Warwick Ashford, Senior analyst

Mobile banking Trojans reach all-time high

Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading

By

• Warwick Ashford, Senior analyst

Software development remains insecure

The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading

By

• Warwick Ashford, Senior analyst

Most firms have software security vulnerability

Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

A third of organisations do not have a security expert, survey shows

Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Cyber attackers cashing in on ‘hidden’ attack surface

Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

White-hat hackers find record number of vulnerabilities

White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Inside one of the world’s largest bug bounty programmes

Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading

By

• Aaron Tan, TechTarget

UK government cyber security standard welcomed

The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, TechTarget

Application security programs: Establishing reasonable requirements

Creating security program requirements can be a challenging task, especially with application security. In this tip, Kevin Beaver shares several ways to create an effective program. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Application security more important than ever

Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading

By

• Nicholas Fearn

Pen testers find weaknesses in banks’ cyber security

Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading

By

• Warwick Ashford, Senior analyst

European cyber attacks up nearly a third in first quarter 2018

The volume of cyber attacks hitting digital transactions in Europe was up by almost a third in the first quarter of 2018 compared with same period a year ago, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

APAC is becoming a hotspot for DDoS attacks

The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink Continue Reading

By

• Aaron Tan, TechTarget

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

CW ASEAN: Time to boost cyber defences

With a relatively young and tech-savvy population, ASEAN has been at the forefront of technology adoption. Yet, this has exposed its people and businesses to more cyber threats, including the massive data leak in Malaysia in 2017. In this month’s issue of CW ASEAN, we take a closer look at ASEAN’s patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats. Download the issue now. Continue Reading

Cryptojacking cyber criminals up their game

Cyber criminals hijacking computing resources to mine for cryptocurrencies are raising their efforts to bypass enterprise security controls, researchers have found Continue Reading

By

• Warwick Ashford, Senior analyst

Mac malware more than doubled in 2017

Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading

By

• Warwick Ashford, Senior analyst

Tech industry signs cyber security charter

Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally Continue Reading

By

• Warwick Ashford, Senior analyst

Telegram zero-day exploit is a warning

The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading

By

• Warwick Ashford, Senior analyst

CW ANZ: Prepare for EU data law

Faced with the double whammy of complying with Australia’s upcoming data breach notification requirement and Europe’s new data protection regime, Australian firms are behind where they need to be in their compliance efforts. In this month’s edition of CW ANZ, find out how Australian organisations are getting ready for the GDPR, the challenges they are facing in meeting two new laws at the same time, as well as what they need to do to achieve their compliance goals. Read the issue now. Continue Reading

FS-ISAC enables safer financial data sharing with API

The global financial industry's body for cyber and physical threat intelligence analysis and sharing has published an API to facilitate safer sharing of consumer financial information Continue Reading

By

• Warwick Ashford, Senior analyst

Criminals hijack government sites to mine cryptocurrency used to hide wealth

Europol says criminals are hiding billions in cryptocurrencies, as thousands of government and other websites have reportedly been used to hijack computers to mine more Continue Reading

By

• Warwick Ashford, Senior analyst

PyeongChang Winter Games hit by cyber attack

Although critical operations were not affected by the incident, event organisers at the PyeongChang Winter Olympics had to shut down servers and the official games website to prevent further damage Continue Reading

By

• Aaron Tan, TechTarget

Lauri Love plans to use ‘internet as a force for good’

Engineering student Lauri Love says he plans to help businesses fight cyber crime, after the court of appeal ruled that he can be tried in the UK for allegedly hacking US computer systems, rather than face extradition to the US Continue Reading

By

• Julia Gregory and Niels Ladefoged

Safer Internet Day: Building online safety practices with young people

Many organisations around the UK are contributing to the important work on making the internet a safer place for everyone Continue Reading

By

• Julian David, TechUK

Researchers discover malicious Chrome extensions

Security researchers have discovered a new botnet delivered via malicious Chrome extensions designed to hijack computers to mine cryptocurrency and record victims’ every move Continue Reading

By

• Warwick Ashford, Security Editor

ASEAN nations among worst hit by cryptocurrency-mining operation

Thailand, Vietnam and Indonesia recorded high download numbers for the XMRig software that was surreptitiously slipped into user devices to mine Monero Continue Reading

By

• Aaron Tan, TechTarget

Security Think Tank: Automating basic security tasks

How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading

By

• Petra Wenham

Many businesses still using outdated security, says Troy Hunt

Too many businesses are using out-of-date approaches to security, a world-renowned cyber security author and trainer warns Continue Reading

By

• Warwick Ashford, Security Editor

UK finance sector cyber security pros admit shocking practices

UK financial sector IT security teams face immense challenges that are undermining business opportunities and continuity in financial services, a survey reveals Continue Reading

By

• Warwick Ashford, Security Editor

Facebook offers funding to secure the internet

Facebook has announced that it is offering funding for research into ways of improving internet security Continue Reading

By

• Warwick Ashford, Security Editor

Taking complexity out of cyber security

The key to improving the cyber security posture of organisations is to keep complexity at bay, according to a senior Microsoft executive Continue Reading

By

• Aaron Tan, TechTarget

Mobile app flaws are a risk to industrial IT systems, says report

Cyber security vulnerabilities in mobile applications could be exploited to compromise industrial network infrastructure, a report warns Continue Reading

By

• Warwick Ashford, Senior analyst

UAE tech growth prompts firms to review internal IT security

As IT becomes more prominent in the UAE economy, more and more internal connections between people and systems are created, all of which need to be secured Continue Reading

By

• Alicia Buller

Cyber attacks in 2017 drive Nordic security efforts

The volume of cyber attacks last year has increased boardroom focus on security in the Nordic region Continue Reading

By

• Eeva Haaramo

Sweden steps up cyber defence measures

Sweden is tightening up its cyber security defences as part of a wider national security strategy Continue Reading

By

• Gerard O'Dwyer

Top IT priorities for Nordic CIOs in 2018

Nordic CIOs tell Computer Weekly about their intentions for the year ahead Continue Reading

By

• Eeva Haaramo

UK government blames North Korea for WannaCry cyber attack

The UK and US governments say a North Korean group was responsible for the ransomware attacks that hit the NHS and other organisations globally this year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Barclays Bank stops offering Kaspersky software to new users

Bank is no longer offering customers Kaspersky anti-virus software after UK security agency issues warning Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Lauri Love would face ‘medieval’ conditions in US prison if extradited over hacking charges

Engineering student Lauri Love should be tried in the UK, court hears, as new evidence is presented on the “medieval” conditions in US jails for people with medical problems Continue Reading

By

• Bill Goodwin & Julia Gregory

Lauri Love: how reformed hackers halted the WannaCry virus

Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT. Continue Reading

By

• Bill Goodwin, Computer Weekly

My brother Lauri Love should have the right to a trial in the UK

Lauri Love should face trial over hacking allegations in a British Court, rather than be extradited to the US, where his extraordinary skills will be lost to society, says his younger sister Continue Reading

By

• Natasha Love

CW ANZ: On cyber alert

Achieving any form of computer security is an uphill task, costing Australian companies time and money with no prospect of a reprieve any time soon. In this month’s CW ANZ, read about the state of cyber security in Australia, Telstra’s efforts to help enterprises improve their cyber security posture, and how Australian organisations can keep up with the demands of cyber security. Also, find out why unsanctioned cloud apps continue to be a major bugbear among security chiefs in Australia. Continue Reading

CW ASEAN: How managed security services help to reduce cyber risk

The growing complexity and volume of cyber threats has led to rising demand for managed security services that provide the capabilities and technological know-how to combat cyber threats. In this month’s issue of CW ASEAN, read more about the pros and cons of using managed security services and considerations you should be aware of. Also, find out what organizations can do to put the odds in their favor when combating cyber threats. Continue Reading

RSA’s Middle East cyber security conference gains its own identity

RSA Abu Dhabi conference focuses on region’s cyber security needs as digital technology deployments expand Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Singapore’s public sector finds agility and speed in AWS

City-state’s government has been able to meet peak demands and address security issues through a cloud-based web-hosting platform powered by Amazon Web Services Continue Reading

By

• Aaron Tan, TechTarget

People with non-IT backgrounds could help fill cyber security skills gap

Organisations should look to fill cyber security roles with people who are curious and have work experience rather than focusing solely on graduates Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW ANZ: Cyber security plan bears fruit

Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. In this month’s CW ANZ, we take a look at the progress of Australia’s national cyber security blueprint and what else needs to be done to better protect Australia’s interests in the global cyber security landscape. Also, read about what the Australian government is doing to better guard public sector IT systems against cyber attacks. Continue Reading

CW ASEAN: Stay alert to threats

With cyber threats intensifying in recent years, from the global outbreak of ransomware to intrusions of university networks to access government data, the role of threat intelligence in anticipating and mitigating threats has become more important than ever. In this month’s CW ASEAN, learn how organizations can make the most out of threat data feeds in an intelligence-driven security strategy. Also, find out how companies can navigate the ominous cyber threat landscape by investing in cyber security technology and processes. Continue Reading

Australia to push ahead with decryption plans

The Australian government remains undaunted in requiring tech firms to provide access to encrypted communications in law enforcement efforts Continue Reading

By

• Beverley Head

Another global ransomware attack underway as reports of Petya exploit spread

Latest cyber attack appears to be based on the same EternalBlue exploit used by the WannaCry ransomware that hit the NHS in May Continue Reading

By

• Bryan Glick, Editor in chief

Microchips implanted in hands could be in use for payments in 20 years

UK consumers are becoming more accepting that biometric authentication will become the norm for payments Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Islamic State supporters shun Tails and Tor encryption for Telegram

Confidential communications show terror group’s supporters are turning to simple mobile phone messaging apps to exchange messages and distribute propaganda Continue Reading

By

• Bill Goodwin, Computer Weekly

Global ransomware attack could be a security wake-up call

In this week’s Computer Weekly, we look at the global WannaCry ransomware attack that struck the NHS and spread across 150 countries – will it be the wake-up call that finally makes organisations take cyber security seriously? We find out how Moscow is leading the way in smart city digitisation. And our latest buyer’s guide examines customer experience management. Read the issue now. Continue Reading

Testing is key to IoT security, says researcher

Building an effective testing process across all elements associated with a product is key to securing the internet of things, according to a researcher in the field Continue Reading

By

• Warwick Ashford, Senior analyst

Security as a service on the rise in the UAE

Organisations in the United Arab Emirates are increasingly turning to security services Continue Reading

By

• Alicia Buller

Interview: F-Secure’s Mikko Hyppönen on the Nordics, Russia and the internet of insecure things

Computer Weekly sat down with Finnish cyber security expert Mikko Hyppönen to talk about security in the Nordics, Russia and the trouble with connected devices Continue Reading

By

• Eeva Haaramo

Threats grow in Saudi Arabia’s cyber sector

Saudi Arabia's wealth makes it an attractive target for cyber criminals, but what have been the recent trends in cyber crime? Continue Reading

By

• Triska Hamid

CW ASEAN: Raising national security standards

In this month’s CW ASEAN, we describe how Singapore is improving its cyber security defenses and preparations through a partnership with British security company BAE Systems. We also find out why the Thai military plans to recruit civilian cyber warriors and we take a look at evolving security approaches. Read the issue now. Continue Reading

CW Europe: Technology poses new risks to jobs, economies and society

Rapid advances in technology could have destabilising effects on employment and economic growth, and could exacerbate social unrest, the World Economic Forum (WEF) warned. Society’s failure to keep pace with technology change was a key risk under discussion at Davos in January. Continue Reading

CW Nordics: Top IT priorities for Nordic CIOs in 2017

In this first issue of CW Nordics in 2017 we take a look what CIOs in the region are expecting in the year ahead. We asked a select group of CIOs and analysts in Denmark, Finland, Norway and Sweden what IT projects are at the top their priority lists. Also read about the Nordic region as a hotspot for IT startups, with Sweden punching above its weight in financial technology. And find out how board executives at healthcare company Elekta are analysing workforce data to make better strategic decisions. Continue Reading

Flawed GoDaddy security certificates show need for control

Vulnerabilities in digital security certificates highlight the need for organisations to be able to exercise more control over those certificates Continue Reading

By

• Warwick Ashford, Senior analyst

Flight booking systems easy to hack, researchers warn

Malicious actors could infiltrate systems to alter passenger information and even cancel bookings, Chaos Communications Congress told Continue Reading

By

• Warwick Ashford, Senior analyst

Top 10 IT security stories of 2016

Here are Computer Weekly’s top 10 IT security stories of 2016: Continue Reading

By

• Warwick Ashford, Senior analyst

Top 10 ANZ enterprise IT stories of 2016

Here is a rundown of Computer Weekly’s most popular ANZ enterprise IT articles for 2016 Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

IBM blamed for Australian census website crash

Computer giant reportedly pays $30m to Australian government as reports are released from two inquiries into DDoS attacks on census website Continue Reading

By

• Beverley Head

Alleged hacker Lauri Love’s ‘life will be destroyed’ under Trump regime

Supporters fear for activist Lauri Love if his extradition to face hacking charges to the US goes ahead Continue Reading

By

• Fiona O'Cleirigh and Bill Goodwin

Counting the cost of financial cyber crime

In this week’s Computer Weekly, the cyber security of banks is under scrutiny after an attack on Tesco Bank leads to millions lost in fraudulent transactions. Our latest buyer’s guide, on server operating systems, looks at the new features in Windows Server 2016. And Coca-Cola explains how a move to the cloud is helping motivate staff. Read the issue now. Continue Reading

Amber Rudd orders Lauri Love extradition to US to face hacking charges

Engineering student Lauri Love faces trials in three US states and a possible 99-year jail sentence for allegedly hacking into US government computer systems as part of a political protest, despite concerns over his health Continue Reading

By

• Fiona O'Cleirigh

CW ASEAN: SMEs present security weakness

In this month's CW ASEAN, we look at how the cyber security defences at small and medium-sized enterprises in Southeast Asia may have some vulnerabilities, resulting in cyber security attacks on the large corporations they work with. We also consider the need to educate users of smartphones and tablets across the region as card fraud rates rise, with high use of mobile devices considered a contributing factor. Read the issue now. Continue Reading

CW ANZ: Using gamification to build cyber security skills

In this month's CW ANZ, we look at how PwC is using an online game to give its customers first-hand experience of what it means to face a cyber attack. We also look at how identity is gaining greater prominence in the security debate in Australia as the DTO takes the wraps off plans for a national identity system. Read the issue now. Continue Reading

Saving Lauri Love: activists plan their next move

An eclectic bunch of activists, charity workers and reformed hackers spent a rainy Sunday afternoon plotting their next move in a campaign to save Lauri Love from extradition to the US on hacking charges Continue Reading

By

• Julia Gregory

Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading

By

• Gary McKinnon

Lauri Love: the student accused of hacking the US

How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love Continue Reading

By

• Bill Goodwin and Niels Ladefoged

IBM sets up security centre in Canberra

IBM leads the charge as large private businesses invest heavily in security resources across Australia in an attempt to close the security gap Continue Reading

By

• Beverley Head

CW ASEAN: July 2016

Lessons from the Philippine government hack: In this issue we ask why a hack on the Philippine Commission on the Elections (Comelec) was allowed to happen and what organisations in Southeast Asia can learn from this breach of security. Retailers in the region are concerned – read how the theft of customer data is their biggest worry. Continue Reading

CW ANZ: July 2016

Australia knows it has a cyber security problem, but not the scale. In this month’s CW ANZ we describe how Australia's $230m security strategy serves as a wake-up call to enterprises. We also reveal the techniques and technologies being used to protect one Australian school, as well as a more general look at the main cyber threats to orgainsations in Australia. Read the issue now. Continue Reading

Gov.uk Verify misses April go-live target

The Government Digital Service didn’t meet its target of taking identity assurance service Verify out of beta by the end of April, but is “nearly there”, according to programme director Janet Hughes Continue Reading

By

• Lis Evenstad

Business failing to learn lessons of past cyber attacks, report shows

Organisations are still failing to address basic security issues and well-known attack methods, Verizon’s latest Data Breach Investigations Report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Israeli volunteers ready their cyber defences as Anonymous affiliates attack

Every April, Israel braces itself for an onslaught from pro-Palestinian hackers, but the occupants of a small conference room in Tel Aviv stand in their way Continue Reading

By

• Niv Lilien

Activist Lauri Love faces order to disclose encryption keys

The UK’s National Crime Agency takes an unusual legal step to force a former university student accused of hacking to disclose encryption keys Continue Reading

By

• Bill Goodwin, Computer Weekly

The problem with passwords: how to make it easier for employees to stay secure

An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading

By

• Jeremy Bergsman, CEB