Defence News, Articles and Updates

Study finds nearly half of web applications put user data at risk

Despite the increased awareness of cyber-security and high profile data breaches, a recent study revealed nearly half of web applications place users' personal data at risk of theft and all of them contained at least one vulnerability.

Israel cyber week: Netanyahu -"Unbelieveable opportunities and challenges"

Israeli Prime Minister Benjamin Netanyahu, addressed the Israel Cyber Week plenary audience at Tel Aviv University today explaining his conversion to the importance of cyber-security.

Chinese hackers infiltrated satellite, telecom and defence companies in US

A Chinese cyber-hacking group is thought to have hacked a number of companies in the satellite, telecom and defence industries in the US and Southeast Asia, it has emerged.

Reset 2018: How cyber-immune systems compare to biological immune systems

In the opening presentation of Reset 2018, Mary Haigh, product director BAE Systems dissected the analogy of cyber-immune systems and biological immune systems, concluding there were indeed parallels - but its not an exact fit.

Embrace chaos: different cyber-security narrative needed to inspire action

As an industry we need to change the hunter-hunted narrative altogether if we're to inspire the kind of proactive approach to cyber-security which organisations desperately need. We must run with the bulls, not wait to react.

InfoSecurity 2018: Deterring CNI cyber-attacks without escalating conflict

Because cyber-attacks are mostly not considered article 5, able to trigger a military response, the issue is how to respond to them in a way that de-escalates rather than escalates the conflict - both for attacks on military and on CNI.

Facebook defends sharing user data with mobile OEMs

Facebook is defending its privacy and data management practices again after the New York Times on Sunday reported that the social media giant has entered into agreements over the last decade to share user data.

Security basics for the small business owner to defeat cyber-terrorists

For a small business owner, the idea of attack by cyber-terrorists can seem overwhelming, but most attacks - 80% - rely on poor security - so by doing the basics, you drastically reduce the likelihood of such attacks being successful.

Four DDoS myths exposed as false

Four prevalent myths about DDoS are that: DDoS only hits big brands; every DDoS attack is the same; protection is too expensive; all solutions are the same - but each of these beliefs is false.

Rapid detection and response to replace emphasis on perimeter

You won't become a great defender without attack capability. As a goalkeeper you need to play against the best to improve." Red teaming simulations part of AI tool learning process to identify truly malicious events.

Defending against cross-site scripting vulnerabilities

Cross site scripting vulnerabilities are easy to exploit. The best way to prevent exploitation is by applying input and output sanitation as well as ensuring the security basics are carried out.

Protecting against ransomware using PCI DSS and other hardening standards

Ensuring compliance with PCI DSS is a good place to start in defending against threats like ransomware. Doing so can help organisations identify and strengthen weakened controls and reduce their attack surface.

Planes, trains and automobiles: the importance of privacy and data security

The fact is that 'shoulder-surfing' or 'visual hacking' is a threat to organisational data that is just as serious as any other, and not one to be ignored.

Security without borders: how to keep information flowing after Brexit

Organisations that operate across the UK and Europe need to make sure they have a strong information-sharing framework in place ahead of March 2019 so that joint operations can withstand any change in national relationships.

Newsbite: New Defence Cyber School opens at the Defence Academy, Shrivenham

Defence Cyber School at the Defence Academy, Shrivenham opens as part of government moves to increase the country's cyber-defence capability - while government restates willingness to use offensive cyber-weapons.

Ransomware has been added to the Oxford English Dictionary -

- but rising awareness is not enough to address the cyber-threat. Robust procedures must be put in place to protect data and fulfil organisations' responsibility to customers and staff.

The data protection goalposts have shifted: has your security strategy moved with them?

It quickly becomes obvious that traditional methods of data security on their own aren't sufficient to provide complete data visibility, but an effective defence strategy must adequately cover all zones in which data can be accessed.

Making sense of indicators in security

An Indicator of Compromise is typically observed after an initial attack or compromise, whereas Indicators of attack (IOAs) are events that may reveal an active attack before IOCs become visible.

Fancy Bear targets defence contractors email to steal tech secrets

Russian hacking group Fancy Bear, have exploited weakspots in the email systems of defence contract workers to access top secret information on US defence technology, including drones.

Global tech firms let Russian defence agency peek at source code for flaws

A handful of tech companies have given a Russian defence agency the opportunity to sort the source code of their software, to uncover vulnerabilities that the Russians say could be exploited by bad actors.

Why 2018 could be the year cyber-security finally comes of age

Change is afoot in the cyber-security industry - from the shift in reporting styles and measures of success, to the evolving role and responsibilities of the CISO. Here's how this development could transpire in the year ahead.

Interview. Airbus defends physical assets from fileless attacks & AI

In a wide ranging interview, Lloyd Rush, UK Cyber Defence Centre manager, Airbus Defence and Space provides SC with insight into the latest attack trends, including fileless, plus the threat of criminal AI use and SOC responses.

Trump signs bill banning Kaspersky products into law

US President Donald Trump signed into law the US National Defence Authorisation Act for Fiscal Year 2018, which prohibits US federal use of products and services from Russian-based cyber-security firm Kaspersky Lab.

NATO drawing up cyber counterattack contingency plans

Several NATO members are contemplating a change in the alliance's doctrine regarding how it might react to future cyber-attacks, possibly enabling a more robust response.

What the UK needs from its new Defence Secretary in the cybersphere

The most fundamental thing new Defence Secretary Gavin Williamson can do is to lead from the front and foster a nationwide culture of resilience, publicly champion government initiatives and share the lessons of best practice.

Fighting cyberthreats through automation

A manual approach to cyber-defence is no longer sufficient. When technology controls work together and can communicate, IT can let the technology start to make some automated decisions for you explains Steve Mulhearn.

2,837 flaws found under US Defence Dept vulnerability disclosure programme

The US Defence Department's vulnerability disclosure programme (VDP) has yielded 2,837 security flaws in the nearly one year since its inception.

4 reasons why behaviour-based indicators of compromise enhance security

IOCs look for specific artifacts that indicate an intrusion whereas Gil Barak explains BIOCs look for specific behaviours that indicate malicious activity, such as the injection of code into memory or a script running within an application.

How CISO teams can 'see the things they shouldn't miss'

It's rare that CISOs have a horizontal view across their controls to know where to focus their resources for best overall effect which is why Nik Whitfield says agile analytics is a core capability that security teams already require today.

How secure are you? And are your current tools up to the job?

Con Mallon advises, conduct a compromise assessment based on the assumption that you've already been compromised, then pick the right tools, processes, technology and intelligence to combat that threat.