Web application security
-
Feature
08 Nov 2024
What are the security risks of bring your own AI?
The rise of generative AI has led to a plethora of publicly accessible artificial intelligence tools, but what are the risks when external AI tools are used with corporate data? Continue Reading
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
Feature
12 Jul 2021
How software developers can create mobile apps securely and quickly
The mobile app market is booming, but to achieve success, organisations must develop mobile apps securely and rapidly Continue Reading
-
Opinion
08 Jul 2021
Why identity is the central problem for the future of the internet
As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day? Continue Reading
-
News
08 Jul 2021
PrintNightmare haunts Microsoft as patch may miss mark
Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading
-
News
07 Jul 2021
ICO to probe Hancock over private email use
Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business Continue Reading
-
News
07 Jul 2021
Opportunists seen targeting Kaseya REvil victims
Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident Continue Reading
-
Opinion
07 Jul 2021
Security Think Tank: As offices reopen, address patching and ‘build drift’
With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading
-
News
06 Jul 2021
About 60 Kaseya customers hit by REvil
Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend Continue Reading
-
News
02 Jul 2021
Should I be worried about PrintNightmare?
The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading
-
News
02 Jul 2021
Cyber attackers up the ante on embattled IT teams
Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading
-
Blog Post
01 Jul 2021
Do video games breed hackers?
The aim on Monday is to explore how the online wild west of gaming seemingly escalates young gamers from downloading simple cheat codes to launching full-scale DDoS attacks and even being involved ... Continue Reading
-
News
01 Jul 2021
Cyber espionage campaign targeted central Asian states
The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT Continue Reading
-
News
01 Jul 2021
Nominations open for 2021 Security Serious Unsung Heroes Awards
Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators Continue Reading
-
News
30 Jun 2021
LinkedIn denies exposure of 700 million user records is a data breach
Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach Continue Reading
-
News
30 Jun 2021
Cops seize criminal VPN used by ransomware gangs
A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity Continue Reading
-
News
29 Jun 2021
Video game industry under relentless cyber attacks
Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns Continue Reading
-
News
28 Jun 2021
Lazada rolls out public bug bounty programme
Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty Continue Reading
-
News
25 Jun 2021
AWS launches bug-busting programme for developers
Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console Continue Reading
-
News
18 Jun 2021
NHS App reaches six million users, thanks to Covid vaccine feature
More than two million new users have downloaded the NHS App since it was updated in May to include Covid-19 vaccination status Continue Reading
-
News
18 Jun 2021
Lorca Ignite programme targets breakout cyber talent
Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme Continue Reading
-
News
09 Jun 2021
Microsoft fixes seven zero-days on its Patch Tuesday rounds
Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update Continue Reading
-
Feature
08 Jun 2021
The rise and rise of supply chain attacks
Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading
-
News
07 Jun 2021
Siloscape malware a risk to Windows containers, Kubernetes
Palo Alto’s Unit 42 reports on what appears to be the first-recorded malware targeting Kubernetes clusters through Windows containers Continue Reading
-
News
07 Jun 2021
DNS attacks on the rise in APAC
Attacks on the domain name system in Asia-Pacific grew by 15% last year, with Malaysian organisations seeing the sharpest rise in damages among countries in the region Continue Reading
-
News
03 Jun 2021
Norway’s auditor general lifts lid on energy industry’s cyber security risks
Auditor General’s Office questions the security posture of Norway’s energy industry Continue Reading
-
News
03 Jun 2021
Pandemic a ‘once-in-a-lifetime’ chance to reshape security
The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up Continue Reading
-
Feature
02 Jun 2021
Buying a VPN? Here’s what you need to know
VPNs are an effective cyber security tool for businesses and remote workers, but there are many things to consider before purchasing and implementing one. We explore some of these Continue Reading
-
News
26 May 2021
More data stolen in January 2021 than in all of 2017, says report
The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva Continue Reading
-
News
25 May 2021
Legacy vulnerabilities may be biggest enterprise cyber risk
While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats Continue Reading
-
News
24 May 2021
Dutch researchers build security software to mimic human immune system
Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading
-
News
24 May 2021
Why the security stack needs to move to the edge
Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge Continue Reading
-
News
21 May 2021
Lack of developer attention to cloud security prompts alerts
The personal data of over 100 million Android users may have been put at risk through a variety of cloud service misconfigurations Continue Reading
-
News
20 May 2021
Malicious scans for at-risk systems start minutes after disclosure
Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes Continue Reading
-
News
14 May 2021
Okta and Auth0 to expand APAC coverage
Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic Continue Reading
-
News
13 May 2021
Publishing exploit code does more harm than good, says report
Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading
-
News
13 May 2021
Refuge launches tech safety site for domestic abuse victims
Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse Continue Reading
-
News
12 May 2021
UK to fund national cyber teams in Global South
Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity Continue Reading
-
News
11 May 2021
Collaboration key to success of UK’s Cyber Security Council
The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading
-
News
10 May 2021
NCSC Active Cyber Defence blocks surge of pandemic scams
The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic Continue Reading
-
Blog Post
07 May 2021
One size does not fit all - current cyber security practice as revealed by the DCMS Breaches Survey
The report is an excellent snapshot but it also illustrates why most business leaders (large or small) find it so hard to take cyber security seriously until it is put into the context of their own ... Continue Reading
-
News
07 May 2021
Reddit enlists HackerOne to run public bug bounty programme
Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading
-
News
30 Apr 2021
EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful
Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat Continue Reading
-
News
28 Apr 2021
Recruiters can’t afford to hold out for cyber ‘unicorns’
The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading
-
Feature
27 Apr 2021
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Opinion
27 Apr 2021
Why we need to reset the debate on end-to-end encryption to protect children
Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent Continue Reading
-
News
27 Apr 2021
Apple OS updates patch multiple security holes
The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible Continue Reading
-
News
27 Apr 2021
The Security Interviews: Making sense of outbound email security
Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this Continue Reading
-
E-Zine
27 Apr 2021
Justice at last in Post Office IT scandal
In this week’s Computer Weekly, 12 years after we broke the story, victims of the Post Office IT scandal finally have their criminal convictions overturned. We take a virtual tour of a Microsoft datacentre and meet a server called ‘Mega-Godzilla Beast’. And we find out how technology is transforming Nationwide Building Society. Read the issue now. Continue Reading
-
News
22 Apr 2021
ToxicEye malware exploits Telegram messaging service
The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye Continue Reading
-
Opinion
22 Apr 2021
Security Think Tank: Security culture must underpin vaccine passports
What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
News
20 Apr 2021
Health app myGP adds Covid-19 vaccine passport function
The new feature is described as the UK’s first NHS-assured Covid-19 certification feature Continue Reading
-
News
20 Apr 2021
Codecov supply chain attack has echoes of SolarWinds
Supply chain attack on code auditing service may have compromised the likes of HPE and IBM Continue Reading
-
E-Zine
20 Apr 2021
Shop and go – will Amazon’s cashless ‘just walk out’ store work?
In this week’s Computer Weekly, Amazon has opened its first ‘just walk out’ grocery store in the UK, but is it the right time to hit the high street? We examine the human and technical issues around email security. And we analyse Microsoft’s $19bn purchase of voice recognition supplier Nuance. Read the issue now. Continue Reading
-
News
20 Apr 2021
Singapore’s ViewQwest debuts security service
ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats Continue Reading
-
News
16 Apr 2021
Finnish government strengthens country’s IT network security
Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading
-
News
15 Apr 2021
Microsoft is most impersonated brand in phishing attempts
Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts Continue Reading
-
News
14 Apr 2021
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency Continue Reading
-
Opinion
14 Apr 2021
Security Think Tank: Vaccine passports must be secure by design
What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
News
13 Apr 2021
MP told to ditch official email over hacking fears
MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked Continue Reading
-
News
09 Apr 2021
Egypt, Italy and US most affected in Facebook leak
Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading
-
News
09 Apr 2021
NCSC: Using your pet’s name as a password is very stupid
If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading
-
News
07 Apr 2021
Facebook ducks calls to apologise over huge data leak
Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading
-
News
31 Mar 2021
Cyber Security Council to champion UK security pros
A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading
-
News
26 Mar 2021
Remote working burn-out a factor in security risk
After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected Continue Reading
-
News
25 Mar 2021
Four in five UK businesses seek new security suppliers
Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves Continue Reading
-
News
25 Mar 2021
Facebook disrupts Chinese espionage operation
Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority Continue Reading
-
Feature
24 Mar 2021
How to choose the right email security service for your organisation
With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider Continue Reading
-
News
18 Mar 2021
Vaccine passports cannot put basic rights at risk, warns BCS
BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports Continue Reading
-
News
17 Mar 2021
Digital Green Certificate proposed for travel in Europe
Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union Continue Reading
-
News
16 Mar 2021
Government calls for input into Covid-19 vaccine passports
Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme Continue Reading
-
News
12 Mar 2021
NCSC issues emergency alert on Microsoft Exchange patch
UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately Continue Reading
-
Feature
12 Mar 2021
Does email security need a human solution or a tech solution?
People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on Continue Reading
-
News
12 Mar 2021
DearCry ransomware targets vulnerable Exchange servers
As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority Continue Reading
-
News
11 Mar 2021
After Emotet takedown, Trickbot roars up threat charts
Malicious actors are turning to new tricks as Emotet fades away Continue Reading
-
News
11 Mar 2021
Norwegian government falls victim to Microsoft attacks
Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers Continue Reading
-
Blog Post
10 Mar 2021
The New Norm Still Means The Old Norm When It Comes To Exchange Vulnerabilities
Some things in IT never change and one is exposing vulnerabilities in Microsoft’s armoury, not least as has recently been reported, Microsoft Exchange. Oh, how the hackers love Exchange… So, at the ... Continue Reading
-
News
10 Mar 2021
Patch Tuesday overshadowed by Microsoft Exchange attacks
Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks Continue Reading
-
News
09 Mar 2021
Significant jump in number of hackers reporting vulnerabilities to companies
Since the onset of the Covid-19 pandemic, the number of hackers reporting security vulnerabilities and bugs to enterprises has increased by nearly two-thirds Continue Reading
-
09 Mar 2021
Is Clubhouse safe, and should CISOs stop its use?
With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading
-
News
05 Mar 2021
Williams F1 car launch disrupted by data leak
Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack Continue Reading
-
Blog Post
04 Mar 2021
Making sense of the changing UK Cyber Policing and Skills Scene
There is an urgent need to make rapid use of the trusted partner programmes of the new Cyber Resilience Centres to help business of all sizes (and charities, schools, reputable training providers ... Continue Reading
-
News
04 Mar 2021
Okta picks up Auth0 for $6.5bn
Multibillion-dollar acquisition a vote of confidence in future of identity and access management services Continue Reading
-
Feature
01 Mar 2021
3 ransomware distribution methods popular with attackers
To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.' Continue Reading
-
News
24 Feb 2021
Vaccine passports prove an ethical minefield
Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading
-
News
24 Feb 2021
Is Clubhouse safe, and should CISOs stop its use?
With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading
-
News
24 Feb 2021
Warning on security risk from virtual events platforms
Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack Continue Reading
-
News
18 Feb 2021
2020 a record year for cyber, thanks to Covid
The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy Continue Reading
-
News
16 Feb 2021
RDP, SSH exposures off the charts thanks to remote working
The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report Continue Reading
-
News
11 Feb 2021
Low-complexity CVEs a growing concern
Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments Continue Reading
-
News
10 Feb 2021
Dating app users warned to watch out for scammers
A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report Continue Reading
-
News
10 Feb 2021
Windows 10, Server 2019 users must patch serious zero-day
Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update Continue Reading
-
News
09 Feb 2021
Data breaches are a ticking timebomb for consumers
Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure Continue Reading
-
News
09 Feb 2021
NHS reports fewer phishing emails in 2020
The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020 Continue Reading
-
News
05 Feb 2021
Google Chrome update to patch serious zero-day
A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible Continue Reading
-
News
04 Feb 2021
SolarWinds chases multiple leads in breach investigation
Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised Continue Reading
-
News
03 Feb 2021
SolarWinds patches two critical CVEs in Orion platform
New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet Continue Reading
-
News
27 Jan 2021
Grindr complaint results in €9.6m GDPR fine
Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices Continue Reading
-
News
27 Jan 2021
Emergency Apple updates patch exploited zero-days
Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately Continue Reading
-
Opinion
25 Jan 2021
Security Think Tank: Time to rethink stopgap solutions
After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading
-
Feature
21 Jan 2021
How can healthcare organisations fight increased cyber crime in 2021?
As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care Continue Reading