IT

Apache vulnerability a risk, but not as widespread as Log4Shell

October 18, 2022 add comment
Security teams should be alert to the possibility of compromise arising from a vulnerability in Apache Commons Text that may put many organisations at risk, but is unlikely to be as impactful as... Read more »

Virtually all vulnerable open source downloads are avoidable

October 18, 2022 add comment
Open source consumers are downloading about 1.2 billion known vulnerable Java dependencies every month, and whether out of lack of attention, ignorance, stress and overwork or something else, 96% of these at-risk... Read more »

Diffie-Hellman key exchange (exponential key exchange)

October 18, 2022 add comment
What is Diffie-Hellman key exchange (exponential key exchange)? Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation... Read more »

API management: Assessing reliability and security

October 17, 2022 add comment
Application programming interfaces (APIs) have had their status upgraded from the domain of programming tool to the proverbial icing on the cake to top a digitisation business plan. APIs allow business leaders... Read more »

Malicious WhatsApp add-on highlights risks of third-party mods

October 14, 2022 add comment
Threat researchers at Kaspersky have warned of the risks associated with downloading third-party add-ons for other services, after uncovering a malicious version of a popular WhatsApp messenger mod known as YoWhatsApp. YoWhatsApp... Read more »

Annual costs of Hackney ransomware attack exceed £12m

October 14, 2022 add comment
The cost of the October 2020 Pysa ransomware attack on the systems of Hackney Council in London continues to mount, with the local authority spending £12.2m during the past financial year (2021-22).... Read more »

Office 365 email encryption flaw could pose risk to user privacy

October 14, 2022 add comment
Security researchers at WithSecure, the company formerly known as F-Secure, have published details of a potentially dangerous vulnerability in Microsoft Office 365 Message Encryption (OME) that could expose the contents of users’... Read more »

Advanced: Healthcare data was stolen in LockBit 3.0 attack

October 14, 2022 add comment
Business management software supplier Advanced has revealed that a total of 16 customers in the health and social care sector had their data compromised in a ransomware attack on its systems that... Read more »

Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

October 14, 2022 add comment
Governments are in danger of turning to “magical software solutions” to fight child abuse and terrorism, rather than investing in police, social workers and teachers who can deal with the underlying causes,... Read more »

Cyber training firm KnowBe4 bought by private equity firm

October 13, 2022 add comment
Barely 18 months after an initial public offering (IPO) valued it at $3.5bn (£3.13bn), cyber security training, phishing simulation and awareness specialist KnowBe4 is to be taken private after being acquired by... Read more »