software News, Articles and Updates

From cyber-crime to human error: The rise of software failures

Phil Codd says software failures caused US$ 1.1 tn losses to businesses in 2016, demonstrating that it is time to pay attention to the main causes of IT system failures or risk financial loss and reputational damage.

Microsoft adds ransomware defence with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Kaspersky transparency initiative to share code, updates to build trust

Following the US Federal ban on Kaspersky Lab products the company has launched a Global Transparency Initiative, providing its source code for third-party review and opening three transparency centres internationally.

Elmedia unknowingly distributed OSX/Proton malware

A trojanised version of Elmita's Elmedia Player software was seen being distributed via the company's own official site in the late hours of 20 October 2017.

Oracle patches 252 bugs, increase in E-Business Suite and PeopleSoft flaws

Oracle Corp's quarterly Critical Patch Update (CPU) has fixes for 252 vulnerabilities, including extremely severe bugs found in the company's Hospitality Applications, Siebel CRM solution, and PeopleSoft HR software.

OpenText Document Sciences full of holes - multiple vulnerabilities found

SQL injections and cross-site scripting vulnerabilities are among the flaws found in OpenText Document Sciences xPression.

Cisco patches remote code execution flaws in IOS and IOS XE

Cisco released a series of updates to address vulnerabilities affecting its IOS and IOS XE products one of which could have allowed remote code execution in both products.

How to avert overlay attacks - deploy built-in app security

Applications themselves should have security built in that detects that the application is being pushed to the background says Giovanni Verhaeghe. Then any user input should be blocked and the placing overlay eliminated

31 bugs across Safari, Edge, Internet Explorer, Firefox & Chrome browsers

Google project zero team researcher Ivan Fratric discovered 31 bugs in the DOM engines of Safari, Edge, Internet Explorer, Firefoxand Chrome browsers.

US bans use of Kaspersky Labs software on government systems

Acting on concerns that Russian company Kaspersky Lab has connections to cyber-espionage activities, the US government has banned the use of Kaspersky Lab security software.

Flaw in Windows kernel hinders identification of potentially dangerous files

A programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime.

Developers - getting away with it - and Googling it when advice needed

81 percent of software developers avoiding asking their manager for advice. For 41 percent, YouTube is the first go-to place for developers to learn new programming tricks.

Fuze fixes portal security lapses that could expose sensitive data

Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in a customer web portal.

No mistake - New CryptoMix ransomware variant spotted called ERROR

A new CryptoMix ransomware variant called ERROR has been released that includes a new extension added to the encrypted files, ransom note and new encryption keys.

'ShadowPad' attack sabotaged NetSarang software with backdoor

Attackers secretly modified at least five software packages distributed by network connectivity and server management solutions provider NetSarang in order to infect its business users with modular backdoor spyware.

Spyware found in more than 1,000 apps in Google Play store

Android Apps on the Google Play Store have been discovered to harbour spyware originally created by an Iraqi developer. Surveillance malware records audio and steals data from users.

Patched bug in software configuration management tools still dangerous

A vulnerability discovered in a series of revision control tools for software developers, including GitLab, Mercurial, and Apache Subversion (SVN), can be exploited to launch malicious command executions,

Updated: Guidelines to ensure vehicle design includes cyber-security

The UK government has issued a range of guidelines designed to ensure vehicle design includes cyber-security at all stages of development.

npm removes malicious JavaScript packages caught stealing data

Malware-spiked packages designed to steal environment variables upon installation found and removed by the developers of the JavaScript programming language package manager "npm"

Shift Left - how to improve security in your developers' code - do it earlier

The simple premise behind last week's Shift Left conference, organised by CheckMarx, was to do security early and throughout code development, and empower developers.

Russian officials face sack for using Western mobile apps

As new laws limiting Russian officials from using non-approved software come into force next month, those contravening the regulations are warned they face being fired.

IP Expo: Is the software supply chain putting us at risk?

Josh Corman, founder of I Am the Cavalry, spoke at IP EXPO Europe 2016 and pointed the finger at the software supply chain to tackle cyber-threats, arguing that we need fewer and better suppliers.

Half of UK students want data security training

Half of all students in the UK have no security software installed on any of their devices, even though a quarter of teenagers are 'almost constantly' connected.

UK orgs must adopt higher security requirements to pay staff

If UK businesses don't accommodate higher security requirements by 19 September, they could miss salary payments.

Sage suffers data breach from insider

Software company Sage has reportedly suffered a data breach orchestrated by an insider of the company. The police are investigating and the ICO has been informed.

Viruses and malware detected in German nuclear power plant computers

The Gundremmingen nuclear power plant located 120 km northwest of Munich has been infected with computer viruses and malware.

Hacking Team looks to hire hacker

Following the compromising of nearly all its databases and emails, and then the subsequent release of those company details, Hacking Team posted a job listing for a "hacker/developer."

Is the Internet of Things opening the door to a new generation of hitman?

As software becomes increasingly complex, we must start addressing security as a key component at an early stage to prevent long-term costs from spiralling up, says Lev Lesokhin.

Mozilla tests pre-beta Firefox 'deeper than local' privacy

Experimental Firefox functionality release to web developers intended to block Internet tracking elements