Web application security
-
Feature
08 Nov 2024
What are the security risks of bring your own AI?
The rise of generative AI has led to a plethora of publicly accessible artificial intelligence tools, but what are the risks when external AI tools are used with corporate data? Continue Reading
-
News
25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
-
Blog Post
05 May 2020
Homeworking - the new norm - is there any other option...
In the last blog, I touched on the lasting effects of the COVID-19 pandemic; the obvious fallout here is the massive increase in home/remote working, something I’ve been practicing since 1989 – ... Continue Reading
-
Blog Post
05 May 2020
SD-WAN; One Way To Partly Consolidate The Complex Puzzle That Is Contemporary IT
I was recently sent an article by my PR mate Hannah from one of their clients, Versa – a company I’ve met up with and they talk a lot of common sense, far more than their er, so-called president… ... Continue Reading
-
News
04 May 2020
Xen Orchestra latest victim of Salt cryptojackers
More victims of cyber criminals exploiting two critical Salt vulnerabilities are coming forward Continue Reading
-
News
04 May 2020
Blogging platform Ghost hacked through Salt vulnerability
Publishing service’s network was taken over by illicit cryptominers after failing to patch a critical vulnerability Continue Reading
-
News
04 May 2020
IT Priorities 2020: Compliance and risk are top security concerns
When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study Continue Reading
-
Opinion
01 May 2020
Why you should think before you Zoom
Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential Continue Reading
-
News
30 Apr 2020
Critical SaltStack vulnerability affects thousands of datacentres
Critical vulnerabilities in the Salt remote task and configuration framework enable hackers to take control of cloud servers and must be patched right away Continue Reading
-
News
30 Apr 2020
Mobile banking customers at risk from new EventBot trojan
Customers of Barclays, HSBC, Santander and many other banks should be alert to a dangerous new trojan Continue Reading
-
News
28 Apr 2020
Under the spotlight, video apps rush to strengthen security
Most popular videoconferencing applications now meet Mozilla’s minimum security standards, with fierce competition and public pressure driving rapid improvement Continue Reading
-
News
28 Apr 2020
Almost half of security pros being redeployed during pandemic
Close to half of cyber security professionals say they have been taken off some or all of their security duties to focus attention elsewhere during the Covid-19 coronavirus pandemic Continue Reading
-
News
28 Apr 2020
Black Rose Lucy ransomware now posing as FBI porn warning
A new strain of Russian-developed ransomware impersonates US federal law enforcement to force payment, says Check Point Continue Reading
-
News
27 Apr 2020
Microsoft patches .gif file vulnerability in Teams
Vulnerability could have enabled cyber criminals to use a malicious .gif file to scrape user data and take over Teams accounts Continue Reading
-
News
24 Apr 2020
The Security Interviews: Can AV go from dodgy scareware to cyber hero?
Alun Baker, CEO of Clario, is on a mission to rehabilitate the image of consumer security products and take the fear out of selling antivirus. We find out how things are changing Continue Reading
-
News
23 Apr 2020
iOS zero-day leaves iPhone users dangerously exposed
Researchers identify dangerous vulnerabilities in Apple’s iOS operating system that allow remote code execution on target devices Continue Reading
-
News
23 Apr 2020
Zoom to roll out fresh cyber security updates
New features include support for advanced AES 256-bit encryption Continue Reading
-
News
22 Apr 2020
Coronavirus: Cyber criminals may be changing tactics
Cyber criminals “may soon shift to heavier exploitation of footholds established through phishing and other scams”, warns Cyber Threat Coalition Continue Reading
-
News
20 Apr 2020
NCSC launches coronavirus cyber security campaign
The National Cyber Security Centre has launched a reporting service for scam emails as part of a campaign to help people protect themselves from cyber criminals exploiting the pandemic Continue Reading
-
News
20 Apr 2020
Zoom and WebEx users targeted by credential stealing attempts
Videoconferencing apps such as Zoom and Cisco’s WebEx are being targeted by cyber criminals trying to steal users’ personal data Continue Reading
-
News
20 Apr 2020
Dutch organisations address business email compromise fraud
Public-private partnership in the Netherlands works to break the chains used by fraudsters to carry out BEC attacks Continue Reading
-
News
17 Apr 2020
EU warns no compromise on privacy as NHS clashes with tech firms on contact tracing
EU and UK regulators express data privacy concerns days after Silicon Valley giants announce collaboration on contact-tracing apps to prevent the spread of the Covid-19 coronavirus Continue Reading
-
News
15 Apr 2020
Coronavirus: Standard Chartered bans employees from Zoom
Standard Chartered is the first bank to have instructed its staff to refrain from using Zoom Continue Reading
-
News
15 Apr 2020
Coronavirus: Researcher finds security vulnerability in Slack
Some common assumptions about the security of cloud-based messaging platform Slack may not be entirely accurate, says an Alien Labs researcher Continue Reading
-
News
15 Apr 2020
Microsoft patches 19 critical bugs in another heavy Patch Tuesday
The volume of vulnerabilities being uncovered by Microsoft remains high, with more than 100 fixes pushed out in April’s Patch Tuesday Continue Reading
-
News
14 Apr 2020
Coronavirus: Zoom user credentials for sale on dark web
IntSight researchers say they have found a database containing thousands of Zoom usernames and passwords being sold on the dark web Continue Reading
-
News
10 Apr 2020
Coronavirus: Warning over surge in Zoom security incidents
Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target popular remote working and collaboration tools Continue Reading
-
News
09 Apr 2020
Coronavirus: Zoom restricted or banned at multiple organisations
Use of videoconferencing tool has been banned at Google and in parts of the German and US governments Continue Reading
-
News
08 Apr 2020
Despite coronavirus, overall cyber crime volumes hold steady
The UK’s NCSC and the US’s CISA see little change in overall volumes of cyber crime in spite of the coronavirus crisis – for the time being Continue Reading
-
News
07 Apr 2020
Happy developers write secure code, report claims
DevOps specialist Sonatype claims to have found a direct correlation between satisfied developers and application security hygiene Continue Reading
-
News
07 Apr 2020
Coronavirus: Criminals using Zoom installer to spread cryptominer
Videoconferencing application targeted to deliver cryptomining malware to unsuspecting victims Continue Reading
-
News
05 Apr 2020
Google data shows high interest in security and remote working
An analysis of the most Googled technology terms during the Covid-19 coronavirus pandemic has highlighted the scale of the cyber security challenge presented by the crisis Continue Reading
-
Opinion
03 Apr 2020
JavaScript skimmers: An evolving and dangerous threat
Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving Continue Reading
-
News
02 Apr 2020
Coronavirus: Magecart attacks on online retailers jump 20%
RiskIQ researchers have observed a sharp uptick in Magecart credit card attacks, driven by increased traffic to online retailers during the coronavirus pandemic Continue Reading
-
News
02 Apr 2020
Coronavirus: Is Zoom safe and should security teams ban it?
Zoom’s rapid rise to prominence has highlighted a score of security problems with the service. Should CISOs try to steer their organisations away from it, or ban it outright? Continue Reading
-
News
31 Mar 2020
Too late to protect online privacy, say Brits
Most UK consumers are concerned about data privacy, but think it’s too late to do much about it, according to a report Continue Reading
-
News
31 Mar 2020
Houseparty denies hack as credential stuffing attacks spread
Social media service denies its service has been hacked, and is offering a million-dollar bounty to anybody who can prove otherwise Continue Reading
-
News
27 Mar 2020
Lorca calls on security scaleups to tackle coronavirus challenge
Lorca innovation programme has launched an open call for its next cohort of cyber security scaleups, with a timely focus on coronavirus challenges Continue Reading
-
News
26 Mar 2020
Coronavirus: What are the latest free cyber security offers?
We round up the latest free offers on cyber security products and services being made available during the Covid-19 coronavirus crisis Continue Reading
-
News
26 Mar 2020
Tupperware fixes hacked site, but questions remain over response
Kitchenware brand removes active digital credit card skimmer from its website and insists it takes security seriously despite ignoring repeated attempts to contact it Continue Reading
-
News
26 Mar 2020
Coronavirus: Be alert to rogue mobile apps exploiting outbreak
Well-meaning developers are beginning to offer medical apps to monitor coronavirus symptoms and provide information on the pandemic. Opportunists and cyber criminals are not far behind them Continue Reading
-
Opinion
24 Mar 2020
Coronavirus and privacy – finding the middle ground
Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used Continue Reading
-
News
24 Mar 2020
Tekya auto-clicker malware exploits kids’ Android apps
Google has removed multiple apps for children that were found to contain Tekya auto-clicker malware Continue Reading
-
Feature
23 Mar 2020
The AWS bucket list: Keep your cloud secure
Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputations. Paying attention to securing AWS storage buckets is a simple matter Continue Reading
-
News
23 Mar 2020
Coronavirus: Kaspersky, Bitdefender make products free to NHS
Kaspersky and Bitdefender have both made various products and services available free to healthcare customers as the Covid-19 coronavirus pandemic intensifies Continue Reading
-
News
23 Mar 2020
Thousands of Netflix, Disney+ streaming accounts being stolen
Proofpoint has urged users of streaming services to be alert to cyber criminals hijacking their accounts Continue Reading
-
News
20 Mar 2020
Coronavirus: Sans Institute issues cyber security advice for parents
With schools now shut across the UK, parents will bear more responsibility for keeping children safe online and educating them about online harms Continue Reading
-
News
19 Mar 2020
Volume of computer misuse incidents falling, says ONS
Downward trend comes despite an overall increase in fraud, according to new statistics Continue Reading
-
Feature
19 Mar 2020
Coronavirus: How to implement safe and secure remote working
Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves Continue Reading
-
Opinion
18 Mar 2020
Security Think Tank: Amid panic, how to find a sound level of security
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
News
17 Mar 2020
Covid-19: NCSC issues secure remote working guidance
With hundreds of thousands likely to be working remotely for some time, the UK’s NCSC has issued best practice guidance to enable security teams to support them Continue Reading
-
News
13 Mar 2020
Coronavirus-linked hacks likely as Czech hospital comes under attack
The world of cyber security is on high alert to heightened vulnerabilities as the spread of the Covid-19 coronavirus changes daily life across Europe Continue Reading
-
News
12 Mar 2020
Cookie-stealing trojans found lurking on Android phones
Kaspersky discovers two new Android malware modifications that could give hackers control of their victims’ social media accounts Continue Reading
-
News
11 Mar 2020
Microsoft locks down new vulnerability with EternalBlue echoes
Microsoft has moved to get ahead of a serious remote code execution vulnerability in Microsoft Server Message Block 3.1.1, which was accidentally disclosed then missed in its March Patch Tuesday update Continue Reading
-
News
11 Mar 2020
Microsoft fixes 26 critical vulnerabilities in another heavy Patch Tuesday
March’s Patch Tuesday is another big one for Microsoft, addressing 115 vulnerabilities, 26 of them critical Continue Reading
-
News
10 Mar 2020
Schoolgirl security experts prepare to do battle
The finals of the CyberFirst Girls contest will take place on 16 March as the culmination of the NCSC’s annual competition to unearth future security talent Continue Reading
-
News
10 Mar 2020
VAT software supplier exposed data of millions
Eight million sales records belonging to UK and EU consumers left exposed due to misconfigured server Continue Reading
-
News
03 Mar 2020
Singapore among world’s top sources of online threats
Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state Continue Reading
-
News
02 Mar 2020
The Security Interviews: Inside the world of bug bounties
You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow Continue Reading
-
News
26 Feb 2020
Fake CDNs obscuring credit card fraudsters
Fake content delivery networks and ngrok servers are being pressed into service to obscure credit card skimming activities Continue Reading
-
News
26 Feb 2020
Cloud Snooper firewall bypass may be work of nation state
Cloud Snooper deploys a combination of specialised techniques to sneak past enterprise firewalls, warns Sophos Continue Reading
-
News
25 Feb 2020
The Security Interviews: Gil Shwed’s 10-year vision for security
Check Point founder Gil Shwed discusses his new Infinity Next concept and how he plans to remodel the world of cyber security in the next 10 years Continue Reading
-
News
24 Feb 2020
McAfee buys Light Point to enhance web browser protection
Acquisition of Light Point Security will extend the capabilities of multiple McAfee products Continue Reading
-
News
24 Feb 2020
Open security group unveils common OpenDXL language
Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework Continue Reading
-
News
21 Feb 2020
Labour condemns Google data plans
Shadow digital minister Chi Onwurah challenges the government to stop Google’s plans to move UK user data out of the EU Continue Reading
-
News
21 Feb 2020
Malicious apps still getting past Google controls
Check Point researchers have found multiple malware-infected apps in the Google Play store, including a clicker called Haken, which has been downloaded more than 50,000 times Continue Reading
-
News
21 Feb 2020
F-Secure’s AI reads mean tweets to fight abuse and trolls
Researchers working on F-Secure’s Project Blackfin have developed a model for clustering tweets to help pinpoint abuse and harassment Continue Reading
-
Opinion
21 Feb 2020
Addressing the IoT security challenge
We consider how best to address some of the critical security challenges around the internet of things Continue Reading
-
News
19 Feb 2020
Cost of cloud misconfigurations set at $5tn
Cloud security outfit DivvyCloud says more than 33 billion records have been exposed in cloud misconfiguration incidents in the past 24 months Continue Reading
-
News
18 Feb 2020
Girlguiding hosts interactive cyber security workshop
100 Guides from South West England took part in an NCSC event to learn more about security fundamentals Continue Reading
-
News
17 Feb 2020
Ex-soldiers to become ethical hackers
A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking Continue Reading
-
Opinion
13 Feb 2020
Security Think Tank: Practical steps to achieve zero trust
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
12 Feb 2020
Internet Explorer zero day among 99 Patch Tuesday problems
After an eventful January Patch Tuesday that marked the end of support for Windows 7, the February 2020 update is another whopper, fixing close to 100 vulnerabilities Continue Reading
-
News
11 Feb 2020
Mac-based security threats outpacing Windows
Security threats targeting Apple endpoints are growing more quickly than those targeting Windows machines, according to Malwarebytes Continue Reading
-
Opinion
10 Feb 2020
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
07 Feb 2020
Joaquin Phoenix’s Joker is ‘most dangerous’ movie
Ahead of the 2020 Oscars, Kaspersky researchers say they found more than 300 files masquerading as the Joker movie Continue Reading
-
Opinion
07 Feb 2020
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading
-
News
05 Feb 2020
Darktrace signs to McLaren for 2020 F1 season
McLaren Racing has enlisted Darktrace to become its official artificial intelligence cyber security partner Continue Reading
-
News
05 Feb 2020
Scammers using fake PayPal emails stole over £1m in the UK in last quarter
Fraudsters tricked Brits into sending over £1m worth of goods to them that they hadn't paid for Continue Reading
-
News
05 Feb 2020
Web app ubiquity gives cyber criminals new opportunities
The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading
-
News
05 Feb 2020
Check Point pledges end to security updates
Check Point’s Gil Shwed expands on a vision for the next 10 years of cyber security, which he calls Infinity Next Continue Reading
-
News
31 Jan 2020
Davos: The clock is ticking on climate change but cyber crime and emerging technologies add to risks
Climate change, natural disasters, extreme weather and loss of biodiversity are the greatest risks we face. With cyber conflicts, state-sponsored hacking and internet fragmentation, doing nothing is not an option, says the World Economic Forum Continue Reading
-
News
30 Jan 2020
NCSC launches study on cyber security diversity
The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading
-
News
29 Jan 2020
UK cyber security sector worth more than £8bn
The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading
-
News
27 Jan 2020
SANS Institute calls on Manchester security pros
Manchester will play host to a week-long cyber security training event during February Continue Reading
-
News
24 Jan 2020
Milan hosts Cisco’s first European security innovation unit
Cisco has cut the ribbon on its first Cyber Security Co-Innovation Centre in Europe, at Milan’s Leonardo da Vinci Science and Technology Museum Continue Reading
-
News
22 Jan 2020
Citrix releases IoC scanner for ADC and Gateway vulnerabilities
As patches for its compromised NetScaler ADC and Gateway products begin to roll out, Citrix enlists FireEye Mandiant to develop an indicator of compromise scanner for end-users Continue Reading
-
News
22 Jan 2020
Internal error left Microsoft customer service data exposed
Customer service and support records of nearly 250 million Microsoft customers left exposed after database misconfiguration Continue Reading
-
News
22 Jan 2020
ICO code sets out digital privacy standards for children
The Information Commissioner’s Office has published its Age Appropriate Design Code, a set of 15 standards that online platforms must meet to protect the privacy of younger users Continue Reading
-
News
21 Jan 2020
5G builders test vulnerabilities in Finnish hackathon
University hackathon puts 5G security to the test as new wireless technology’s roll-out nears Continue Reading
-
20 Jan 2020
Don’t become the next Travelex: Get ready for ransomware
With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident. Continue Reading
-
News
20 Jan 2020
Exposed AWS buckets again implicated in multiple data leaks
A series of data leaks in the past week have once again implicated poorly secured Amazon S3 buckets, which are supposed to be private by default Continue Reading
-
News
16 Jan 2020
A quarter of users will fall for basic phishing attacks
Phishing emails that appear to be security alerts are the most effective method of compromise, says KnowBe4 Continue Reading
-
News
15 Jan 2020
Lorca announces new cohort of 20 security scaleups
20 scaleups will focus their attention on automation, zero trust and supply chain security Continue Reading
-
News
15 Jan 2020
LGBTQ+ social app Grindr accused of breaching GDPR
Norwegian Consumer Council files complaints about LGBTQ+ social networking app, alleging it is in breach of the General Data Protection Regulation Continue Reading
-
News
15 Jan 2020
NSA Windows 10 security disclosure raises questions
In an unprecedented move, the NSA has got out in front of a critical cryptographic flaw in Windows 10, but in doing so has raised multiple questions Continue Reading
-
News
15 Jan 2020
Threat landscape grew in complexity in 2019, no respite in sight
Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading
-
News
14 Jan 2020
Two-thirds of UK healthcare organisations breached last year
The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices Continue Reading
-
News
14 Jan 2020
Turn the end of Windows 7 support into a security advantage
CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading
-
News
10 Jan 2020
National Lottery hacker jailed for nine months
Small-time cyber criminal jailed for his role in a cyber attack on lottery operator Camelot that netted him just £5 Continue Reading
-
News
08 Jan 2020
TikTok video-sharing app left user data exposed
Check Point uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed Continue Reading
-
News
24 Dec 2019
Top 10 cyber crime stories of 2019
Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading