The software that could be putting your cyber-security at risk

Payara is a Business Reporter client
As organisations rely more and more on IT ecosystems to support their digital transformation, middleware components have become crucial to effectively support applications, data sharing and transactions.
Yet middleware security is often overlooked, leaving many digital ecosystems exposed to multiple threats that could hinder key business operations. How can chief information and technology officers (CIOs and CTOs) identify and address middleware vulnerabilities?
Middleware plays a central role in connecting IT systems and applications. Considered 'software glue', it facilitates communications and data exchange between them. It is precisely these key activities performed by middleware that lead it to carry underappreciated cyber-security risks. To minimise these issues and their impact, it is essential for organisations to be aware of the most common vulnerabilities and how they can be addressed.
Middleware components are often used without fully considering their lifecycle. One widespread practice is the use of unsupported and/or outdated open-source middleware to support data management and transfer across various applications, including mission-critical software. As a result, crucial applications and business operations may be relying on versions that lack updates, patches or commercial support. Over time, these neglected components accumulate exploitable vulnerabilities.
Unsupported and/or legacy middleware software also undermines compliance efforts. Typically, regulatory frameworks not only mandate timely vulnerability remediation but also the use of supported, up-to-date components. This can create a paradox: organisations adopt unsupported open-source solutions to reduce costs, only to risk facing steep penalties and reputational damage when audits reveal non-compliance.
Compounding these challenges is the rise of supply chain attacks, which target an organisation through vulnerabilities in its supply chain. These vulnerable areas are usually linked to vendors with poor security practices. Middleware built on unsupported or poorly vetted components can therefore become a conduit for these threats and propagate them across integrated systems within one or multiple organisations.
Enterprise-grade solutions: a path forward for middleware security
Addressing these risks demands a shift in mindset. CIOs and CTOs must first map their middleware landscape, identifying any outdated or unsupported components, such as application servers, to reveal hidden weak points where vulnerabilities fester. Following this, technical teams can plan suitable strategies to secure their middleware and IT ecosystems.
These will typically involve migrations from unsecure unsupported or legacy application servers to a more reliable alternative. While this transition can be more challenging than a generic 'lift-and-shift', it offers long-term benefits in terms of performance, resilience, regulatory compliance and security. This is where a reliable technology partner, such as Payara Services, fills a critical gap.
Payara provides a platform of open-source yet stable, supported, up-to-date and production-ready middleware solutions that are built with security and stability in mind. Payara Platform Enterprise combines the flexibility of open-source with advanced security features, such as centralised management and fault tolerance, that mitigate risks inherent in fragmented middleware environments. Crucially, it aligns with regulatory standards, reducing the compliance burden and shielding organisations from the financial and legal fallout of breaches.
In addition, unlike unsupported open-source alternatives, Payara Platform Enterprise provides extensive technical assistance as well as long-term software support. These result in the timely, regular delivery of security patches and performance updates as well as round-the-clock expertise if any issue arises. Even more, the middleware technology comes with enhanced monitoring, logging and access control features that help detect anomalies and proactively enforce security policies.
Beyond providing secure alternatives, a technology partner such as Payara Services can play a key role in streamlining migration efforts through consulting, tooling, documentation and best practices. This helps make the transition from legacy systems or community solutions smooth while optimising the setup for long-term scalability, compliance and modernisation efforts.
Driving robust middleware security strategies
Middleware may often operate behind the scenes, but its security implications are front and centre in ensuring enterprise resilience. Unsupported or community-driven open-source middleware, while financially appealing, introduces risks and operational burdens that escalate over time, transforming short-term savings into long-term liabilities.
By replacing these software components with an up-to-date alternative such as Payara Platform Enterprise that enforces governance while offering enterprise-grade support, organisations can reduce their exposure and better defend against the evolving threat landscape. Ultimately, it is possible to move beyond reactive firefighting and embrace a proactive security posture that protects data and systems, as well as the trust of customers and partners, while optimising costs.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Telegraph

39 minutes ago

• Telegraph

A surge in oil prices risks havoc for the global economy

It always seems inappropriate for writers to be focusing on the economic and financial impact of conflicts such as the current one between Israel and Iran while there are people losing life and limb. Nevertheless, such assessments have to be made. So should we be seriously worried? In general, non-economic factors, including those which damage life and limb, do not have much economic and financial impact on the world. There are exceptions, of course. A really big non-economic event, such as a shooting war between the superpowers, undoubtedly would have an enormous economic impact. And when an apparently localised conflict starts, we don't know how serious it might ultimately become. This alludes to a second reason for being coy about making an assessment. There are two interlocking types of uncertainty here. There is the usual uncertainty concerning economic relationships, but there is also the fundamental uncertainty about things completely outside the economist's conceptual toolkit, namely how serious the conflict will be, how long it will drag on for and what the ultimate outcome will be. The only viable approach is to think through various scenarios. So here goes. First, even after America's attack on Iran over the weekend, it is possible that the conflict dies down very quickly in which case no major economic damage will have been done globally. Alternatively, it may carry on for some weeks, but in a relatively contained way, not impinging on countries outside the area and not having a dramatic impact on oil prices. A third scenario involves Iran trying to strike back at the West by closing the Strait of Hormuz, which has just recently been approved by Iran. This is the narrow point of the Persian Gulf and some 20pc of the world's oil consumption must pass through it.

The Guardian

7 hours ago

• The Guardian

Trump's plan to ban US states from AI regulation will ‘hold us back', says Microsoft science chief

Microsoft's chief scientist has warned that Donald Trump's proposed ban on state-level guardrails on artificial intelligence will slow the development of the frontier technology rather than accelerate it. Dr Eric Horvitz, a former technology adviser to Joe Biden, said bans on regulation will 'hold us back' and 'could be at odds with making good progress on not just advancing the science, but in translating it into practice'. The Trump administration has proposed a 10-year ban on US states creating 'any law or regulation limiting, restricting, or otherwise regulating artificial intelligence models, artificial intelligence systems, or automated decision systems'. It is driven in part by White House fears China could otherwise win the race to human-level AI, but also pressure from tech investors, such as Andreessen Horowitz, an early investor in Facebook, which argues consumer uses should be regulated rather than research efforts. Its co-founder, the Trump donor Marc Andreessen, said earlier this month that the US was in a two horse race for AI supremacy with China. The US vice-president, JD Vance, recently said: 'If we take a pause, does [China] not take a pause? Then we find ourselves … enslaved to [China]-mediated AI.' Horvitz said he was already concerned about 'AI being leveraged for misinformation and inappropriate persuasion' and for its use 'for malevolent activities, for example, in the biology biological hazard space'. Horvitz's pro-regulation comments came despite reports that Microsoft is part of a Silicon Valley lobbying push with Google, Meta and Amazon, to support the ban on individual US states regulating AI for the next decade which is included in Trump's budget bill which is passing through Congress. Microsoft is part of a lobbying drive to urge the US Senate to enact a decade-long moratorium on individual states introducing their own efforts to legislate, the Financial Times reported last week. The ban has been written into Trump's 'big beautiful bill' that he wants passed by Independence Day on 4 July. Horvitz was speaking at a meeting of the the Association for the Advancement of Artificial Intelligence on Monday when he said: 'It's up to us as scientists to communicate to government agencies, especially those right now who might be making statements about no regulation, [that] this is going to hold us back. 'Guidance, regulation … reliability controls are part of advancing the field, making the field go faster in many ways.' Speaking at the same seminar, Stuart Russell, the professor of computer science at the University of California, Berkeley, said: 'Why would we deliberately allow the release of a technology which even its creators say has a 10% to 30% chance … of causing human extinction? We would never accept anything close to that level of risk for any other technology.' Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion The apparent contradiction between Microsoft's chief scientist and reports of the company's lobbying effort comes amid rising fears that unregulated AI development could pose catastrophic risks to humanity and is being driven by companies prioritising short-term profit. Microsoft has invested $14bn (£10bn) in OpenAI, the developer of ChatGPT, whose chief executive Sam Altman who this week predicted that: 'In five or 10 years we will have great human robots and they will just walk down the street doing stuff … I think that would be one of the moments that … will feel the strangest.' Predictions of when human-level artificial general intelligence (AGI) will be reached vary from a couple of years to decades. The Meta chief scientist, Yann LeCun, has said AGI could be decades away, while last week his boss, Mark Zuckerberg, announced a $15bn investment in a bid to achieve 'superintelligence'. Microsoft declined to comment.

The Sun

10 hours ago

• The Sun

Sneaky WhatsApp tricks cheating partners use – from secret codes to hide ‘invisible messages' to fake app covers

CHEATERS will always look for clever ways to hide their tracks - and WhatsApp has a treasure trove of features that enable them. While tools for greater privacy are a good thing, they're easily open to abuse by love rats. 3 3 Many of these features exist in plain sight, so much so any cheating partner need not worry at all that you might stumble on flirty conversations if you have access to their phone. As someone who has suffered from cyber cheating - and The Sun's Assistant Technology and Science Editor - I know the ins and outs around apps. In fact, I caught an ex using a dating app that was disguised as a calculator. While you shouldn't go snooping on someone else's phone, it's helpful to know these sorts of tools exist and just how far they can go. Secret code unlocks hidden chats WhatsApp has a way to hide sensitive conversations from the list of chats entirely. And the only way you can unlock them is with a top secret code. You can conceal them in a special folder known as locked chats. From there, you can set a secret code that's different from your phone's passcode. Only by typing the code in the search bar at the top of WhatsApp will the hidden chats magically appear before your eyes. By Jamie Harris, Assistant Technology and Science Editor After a number of suspicious incidents I did some digging on my partner's iPhone a few years ago, despite the risk. It's not something I'm proud of but sometimes you have to trust your gut. I had heard that some dating apps allow you to disguise the icon as a calculator. What a genius idea - no one would think to tap on an innocent, boring calculator icon. So, I took the plunge and sure enough there was a fake calculator which opened up a dizzying number of saucy messages and unspeakable pics. Disappearing messages Disappearing messages became a thing thanks to Snapchat but people often forget you can add them on WhatsApp as well. And what's more curious, is you can add them onto individual chats. There can be perfectly legitimate reasons why a person has them on - sometimes you don't want old chats used against you. It also helps save storage having it switched on by not saving all your lengthy chats. But disappearing messages can also serve as a red flag too. The feature is set with a timer of 24 hours, 7 days or 90 days. 3 Muted notifications Notifications are annoying at the worst of times and thankfully there is a way to mute them from certain conversations. I've found this particularly handy for pesky family group chats that seem to buzz all too often. But muted notifications can also be a sign of someone not wanting you to see chat alerts from specific people. You can actually see if a person has notifications muted for them by looking for the little bell icon on the right side of their name. Sometimes, people also go a step further and hide these muted chats in the archive folder too - this means the conversation will be hidden from the main chat list and won't cause any alerts to pop up on the phone too. Advanced chat privacy WhatsApp also has an advanced chat privacy option that goes a step further. Crucially, when switched on it won't save any pictures or videos you receive from that individual to your phone's main gallery. This stops anyone looking through your general photos app from stumbling across anything embarrassing. Hiding the WhatsApp icon It's one thing to hide individual chats but what about keeping the WhatsApp app itself out of sight? On many phones you can remove the app icon and make out you simply don't use WhatsApp. On iPhone, you can tap and hold any app, then select Require Face ID from the menu that appears - it's here when you'll find the Hide and Require Face ID option. However, there are some clues that an app or apps are being concealed. Firstly, to access them you need to go to the bottom of the app library section where there is a hidden folder listed - you can't see the contents but you know something is hiding in there. Apps will also still be listed in places like settings.