Application security and coding requirements

Opinion 29 May 2024
How to avoid joining the Dead Java Code Society

Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading
News 15 May 2024
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday

A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention Continue Reading

News 15 May 2024

Government focuses on improving AI security

Two codes of practice are now available to help developers boost the security of their AI applications Continue Reading
News 06 May 2024

Microsoft beefs up cyber initiative after hard-hitting US report

Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems Continue Reading
News 03 May 2024

Adobe expands bug bounty programme to account for GenAI

Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence Continue Reading
News 03 May 2024

Patch GitLab vuln without delay, users warned

The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
News 02 May 2024

How Okta is fending off identity-based attacks

Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks Continue Reading
News 01 May 2024

Australia’s Qantas apologises for mobile app data breach

Australian flag carrier Qantas has apologised after a glitch in its mobile application temporarily enabled some customers to view the flights and booking details of other frequent fliers on two separate occasions Continue Reading
News 01 May 2024

Secure coding benchmark to increase standards among developers

Developer security advocate Secure Code Warrior has launched what it claims is the industry’s first benchmark designed to quantify the security competence of its customers’ software developer teams Continue Reading
News 25 Apr 2024

Zero trust is a strategy, not a technology

Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag Continue Reading
News 24 Apr 2024

Mandatory MFA pays off for GitHub and OSS community

Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further Continue Reading
News 18 Apr 2024

CSA warns of emerging security risks with cloud and AI

Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh Continue Reading
News 16 Apr 2024

CW Innovation Awards: Balancing security and user experience

The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access Continue Reading
News 15 Apr 2024

More social engineering attacks on open source projects observed

In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks Continue Reading
News 10 Apr 2024

Cyber crooks poison GitHub search to fool developers

Researchers share data on new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to distribute malware Continue Reading
News 10 Apr 2024

Salesforce helps customers establish bug bounty programmes

Salesforce has added new learning content to its Trailhead platform designed to help customers develop their own bug bounty programmes Continue Reading
Opinion 08 Apr 2024

How Prospect Theory helps us understand software disasters

By understanding the human psychology behind IT system failures that directly impact people, we can better protect ourselves Continue Reading
News 05 Apr 2024

How Oracle Red Bull Racing guards against cyber threats

The F1 team is tapping managed security services, conducting penetration tests and improving security awareness among employees to fend off cyber threats such as phishing and ransomware Continue Reading
News 01 Apr 2024

Open source alert over intentionally placed backdoor

A backdoor in the open source XZ Utils data compression library could have led to widespread compromise across the Linux ecosystem - and the community is on the trail of a developer who seems to be behind it Continue Reading
News 27 Mar 2024

Cyber spies, not cyber criminals, behind most zero-day exploitation

Analysis from Google has found that zero-day vulnerabilities are much more heavily exploited for espionage purposes than for financially motivated cyber crime Continue Reading
News 26 Mar 2024

Apple, Meta and Alphabet under EU scrutiny

Under the new Digital Markets Act, European commissioners are looking at potential issues with the way Apple, Alphabet and Meta operate their platforms Continue Reading
News 21 Mar 2024

US sues Apple, alleging smartphone monopoly

A major legal action against Apple over its dominance of the smartphone market has kicked off in the US, alleging anticompetitive practices on Apple’s part that have damaged the sector and restricted consumer choice Continue Reading
News 19 Mar 2024

EMEA security spend will have another boom year in 2024

Cyber security services and technology will once again be the focus of major investment across EMEA during 2024, according to the latest Technology Spending Intentions study from TechTarget and ESG Continue Reading
News 19 Mar 2024

Australia’s cyber security spending to grow 11.5% this year

Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner Continue Reading
News 12 Mar 2024

March Patch Tuesday throws up two critical Hyper-V flaws

Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday Continue Reading
News 08 Mar 2024

OSS leaders detail commitments to bolster software security

CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives Continue Reading
News 05 Mar 2024

Rapid7 hits out over botched vulnerability disclosure

Software development firm JetBrains and security specialist Rapid7 fall out over the handling of a critical vulnerability disclosure, while customers are left rushing to patch Continue Reading
News 05 Mar 2024

IT chiefs fear Kubernetes data log overload

IT architectures are set to grow in complexity, and more mission-critical systems are being deployed on Kubernetes, meaning log files are becoming unmanageable Continue Reading
News 27 Feb 2024

VulnCheck bug listing to help track new threats quicker

Exploit intelligence firm VulnCheck launches a proprietary Known Exploited Vulnerabilities catalogue in hopes of improving end-user access to intel on emerging threats and reaching those that the likes of CISA do not Continue Reading
News 22 Feb 2024

Cyber experts alarmed by ‘trivial’ ConnectWise vulns

The disclosure of two dangerous vulnerabilities in the popular ConnectWise ScreenConnect product is drawing comparisons with major cyber incidents, including the 2021 Kaseya attack Continue Reading
News 22 Feb 2024

Inside LockBit: A ransomware gang in decline?

The LockBit ransomware gang was already on the ropes prior to the NCA-led takedown, according to security researchers Continue Reading
News 21 Feb 2024

CVE volumes set to increase 25% this year

The number of reported Common Vulnerabilities and Exposures is likely to grow significantly in 2024, hitting a new high of almost 35,000, according to Coalition, a cyber insurance specialist Continue Reading
News 15 Feb 2024

Security-by-design push prompts new ISC2 accreditations

Security-by-design has become a hot-button regulatory issue. ISC2 has decided now is the time to upskill cyber pros around these vital software and hardware development principles Continue Reading
News 14 Feb 2024

Microsoft: Nation-state hackers are exploiting ChatGPT

Threat actors from China, Iran, North Korea and Russia have all been probing use cases for generative AI service ChatGPT, but have yet to use such tools in a full-blown cyber attack Continue Reading
News 14 Feb 2024

Microsoft patches two zero-days for Valentine’s Day

Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among more than 70 issues Continue Reading
News 13 Feb 2024

New variants of Qakbot malware under development

Despite its infrastructure having been taken down by the FBI last year, someone appears to be actively working on a new and improved version of the infamous Qakbot malware Continue Reading
News 13 Feb 2024

Hunter-killer malware volumes seen surging

Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences Continue Reading
News 09 Feb 2024

MoD ethical hacking programme expands after initial success

The Ministry of Defence has expanded the scope of its defensive security partnership with HackerOne Continue Reading
News 01 Feb 2024

Defra legacy IT: 180 applications refreshed, over 1,500 remain

The Department for Environment, Food and Rural Affairs has a 10-year plan to update technology. So far, 180 have been replaced or updated Continue Reading
Blog Post 31 Jan 2024

Low Code Hits New High - Results Of A New Survey

Had a really interesting conversation the other day with Adrian Bignall, he who is in charge of International Sales at Evoke Technologies. Evoke is a rather large tech consultancy that only ... Continue Reading
News 25 Jan 2024

Bugcrowd sees surge in vulnerability submissions, led by public sector

Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023 Continue Reading
News 24 Jan 2024

WebKit vulnerability sparks Apple’s first major security update of 2024

A zero-day in the open source WebKit browser engine that powers Safari has sparked Apple’s first major patch roll-out of the new year Continue Reading
News 24 Jan 2024

Inside Cisco’s security platform strategy

Raj Chopra, senior vice-president of Cisco’s security business, outlines the company’s security platform strategy and how it brought different products together into a single platform Continue Reading
News 24 Jan 2024

Critical vulnerability exposes Fortra GoAnywhere users

Fortra GoAnywhere MFT users must take steps to address a newly disclosed zero-day vulnerability without delay Continue Reading
News 24 Jan 2024

Salesforce’s bug bounty programme paid out $3m in 2023

Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards Continue Reading
Opinion 18 Jan 2024

Powering up cyber security defences with AI

AI holds great promise when it comes to securing valuable, and vulnerable, data, but security teams face some challenges if they are to get the best out of it, writes IBM’s Christopher Meenan Continue Reading
News 17 Jan 2024

Singapore proposes governance framework for generative AI

AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology Continue Reading
News 16 Jan 2024

Kaspersky shares Pegasus spyware-hunting tool

Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware Continue Reading
News 11 Jan 2024

Cisco fixes high-impact flaw in unified comms platform

Cisco unified comms customers are urged to patch a critical vulnerability in Unity Connection, a messaging and voicemail product Continue Reading
News 10 Jan 2024

Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs

Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors Continue Reading
News 02 Jan 2024

China’s UNC4841 pivots to new Barracuda ESG zero-day

The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas Continue Reading
News 21 Dec 2023

Top 10 cyber crime stories of 2023

Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics Continue Reading
Opinion 20 Dec 2023

Zero-trust principles: Your gateway to securing remote workers

Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
Opinion 20 Dec 2023

What we learned in cyber in 2023, and what to look out for

PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading
News 19 Dec 2023

Top 10 cyber security stories of 2023

The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact Continue Reading
E-Zine 19 Dec 2023

The ransomware threat to UK critical infrastructure

In this week’s Computer Weekly, a parliamentary report warns that a lack of ransomware preparedness at the highest levels of government is leaving UK critical national infrastructure dangerously exposed – we analyse the risks. We examine how AI tools are helping to enhance cloud security. And the CTO at jewellery retailer Pandora discusses organisational change in IT. Read the issue now. Continue Reading
News 13 Dec 2023

Microsoft’s Christmas present for cyber teams: no zero-days

Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023 Continue Reading
E-Zine 07 Dec 2023

CW EMEA: Prepare for cyber war

When the war between Hamas and Israel began in October, cyber security professionals and major government and private organisations braced for an inevitable accompanying online war. In this issue of CW EMEA, we outline cyber war, patterns of threat activity, and find out what security teams can do to protect their organisations. We also look at Finland’s advances in quantum computing, how Belgian researchers have developed technology to help datacentres process data faster, and the secrets of KPN’s successful business transformation. Read the issue now. Continue Reading
News 06 Dec 2023

Government launches UK-wide Cyber Explorers Cup

Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition Continue Reading
E-Zine 05 Dec 2023

Technologies to support hybrid working

In this week’s Computer Weekly, our latest buyer’s guide looks at technologies to support hybrid working – even when your business is as unique as farming. We examine the new guidelines on AI cyber security published by G7 government security chiefs. And we find out how the Jaguar Formula E racing team is using digital twins to improve electric vehicle performance. Read the issue now. Continue Reading
News 28 Nov 2023

Volume of unique malware samples threatens to overwhelm defenders

A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them Continue Reading
News 23 Nov 2023

North Korean APTs go all in on supply chain attacks, warns NCSC

Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading
News 23 Nov 2023

Australia ups ante on cyber security

Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading
News 21 Nov 2023

The ‘application generation’ demands more from developers

The latest Cisco AppDynamics poll of consumers has identified a new breed of app user that has emerged post-pandemic Continue Reading
News 15 Nov 2023

November Patch Tuesday heralds five new MS zero-days

Microsoft pushes fixes for five new zero-days in its latest monthly update Continue Reading
News 15 Nov 2023

How Gigamon is making its mark in deep observability

Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth Continue Reading
News 07 Nov 2023

Researchers ‘break’ rule designed to guard against Barracuda vulnerability

Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective Continue Reading
News 02 Nov 2023

Admins told to take action over F5 Big-IP platform flaws

Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading
News 01 Nov 2023

Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading
News 27 Oct 2023

Google launches bug bounties for generative AI attack scenarios

Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology Continue Reading
News 24 Oct 2023

Cisco hackers likely taking steps to avoid identification

Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery Continue Reading
News 24 Oct 2023

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
News 24 Oct 2023

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading
News 23 Oct 2023

Cisco pushes update to stop exploitation of two IOS XE zero-days

Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software Continue Reading
News 20 Oct 2023

Computer Weekly contributor named Godfather of UK Security

Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading
News 19 Oct 2023

Fears grow over extent of Cisco IOS XE zero-day

Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures Continue Reading
News 19 Oct 2023

Loughborough Uni to create five cyber AI research posts

Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security Continue Reading
News 17 Oct 2023

Alert sounded over dangerous Cisco IOS XE zero-day

Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems Continue Reading
News 03 Oct 2023

CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading
E-Zine 03 Oct 2023

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading
News 28 Sep 2023

Businesses disconnected from realities of API security

Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report Continue Reading
News 28 Sep 2023

Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading
Opinion 25 Sep 2023

Security Think Tank: Three ways to identify the best encryption use cases

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
E-Zine 19 Sep 2023

Securing Eurovision’s online voting system against cyber attacks

In this week’s Computer Weekly, we discover how Once.net and Cloudfare defended the 2023 Eurovision Song Contest against cyber attacks. Our buyer’s guide continues to look at integrating software-as-a-service applications, with the governance of SaaS connectivity to the fore. Also, HCLTech’s Ashish Gupta relates how the company has embraced a new, pandemic-influenced, remote working model. And we find out how retail tech leaders influence their boards on transformation projects. Read the issue now. Continue Reading
Opinion 18 Sep 2023

Security Think Tank: A user’s guide to encryption

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
Feature 18 Sep 2023

Simplifying cloud integrations with legacy IT

Subscription-based software is easier to integrate than traditional enterprise software, but the challenge for IT leaders is governance for SaaS connectivity Continue Reading
News 14 Sep 2023

As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading
News 13 Sep 2023

GitHub fixes race condition that could have led to ‘repojacking’

A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading
News 13 Sep 2023

Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release Continue Reading
News 13 Sep 2023

Cisco tightens link between observability and security

The company's observability platform now offers a way for IT decision-makers to understand the impact of security issues Continue Reading
Podcast 12 Sep 2023

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading
E-Zine 12 Sep 2023

The dangers of breaking encryption

In this week’s Computer Weekly, we detail the concerns of the BCS and other IT experts about the UK’s Online Safety Bill’s proposals to weaken end-to-end message encryption. Our buyer’s guide continues to look at the issues around integrating software-as-a-service applications, with a particular eye to the proliferation of SaaS during the Covid pandemic. Red Hat’s CEO Matt Hicks retails the company’s efforts to support generative AI. And we discover how immersive technologies can shape a brave new world of training and design. Read the issue now. Continue Reading
News 11 Sep 2023

Salesforce and Zoom embrace ethical hackers. You should, too

Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers Continue Reading
News 05 Sep 2023

Researchers find flaw in Mend.io security platform

WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading
News 01 Sep 2023

Threat actors exploiting unpatched Juniper Networks devices

A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed Continue Reading
News 30 Aug 2023

NCSC warns over possible AI prompt injection attacks

The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots Continue Reading
Opinion 25 Aug 2023

AI and supply chain visibility key to mitigating OT security threats

Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading
News 22 Aug 2023

Singapore to bolster OT security capabilities

Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading
News 17 Aug 2023

Researchers demo fake airplane mode exploit that tricks iPhone users

Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading
News 16 Aug 2023

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading
News 12 Aug 2023

Datacentre management vulnerabilities leave public clouds at risk

At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure Continue Reading
Blog Post 12 Aug 2023

Whose needs are UK Cyber Skills policies intended to meet?

Among those businesses that do not outsource incident management, 4 in 10 (41%) are not very or not at all confidence that they would be able to deal with a cyber security breach or attack compared ... Continue Reading