Defence News, Articles and Updates

Trump signs bill banning Kaspersky products into law

US President Donald Trump signed into law the US National Defence Authorisation Act for Fiscal Year 2018, which prohibits US federal use of products and services from Russian-based cyber-security firm Kaspersky Lab.

NATO drawing up cyber counterattack contingency plans

Several NATO members are contemplating a change in the alliance's doctrine regarding how it might react to future cyber-attacks, possibly enabling a more robust response.

What the UK needs from its new Defence Secretary in the cybersphere

The most fundamental thing new Defence Secretary Gavin Williamson can do is to lead from the front and foster a nationwide culture of resilience, publicly champion government initiatives and share the lessons of best practice.

Fighting cyberthreats through automation

A manual approach to cyber-defence is no longer sufficient. When technology controls work together and can communicate, IT can let the technology start to make some automated decisions for you explains Steve Mulhearn.

2,837 flaws found under US Defence Dept vulnerability disclosure programme

The US Defence Department's vulnerability disclosure programme (VDP) has yielded 2,837 security flaws in the nearly one year since its inception.

4 reasons why behaviour-based indicators of compromise enhance security

IOCs look for specific artifacts that indicate an intrusion whereas Gil Barak explains BIOCs look for specific behaviours that indicate malicious activity, such as the injection of code into memory or a script running within an application.

How CISO teams can 'see the things they shouldn't miss'

It's rare that CISOs have a horizontal view across their controls to know where to focus their resources for best overall effect which is why Nik Whitfield says agile analytics is a core capability that security teams already require today.

How secure are you? And are your current tools up to the job?

Con Mallon advises, conduct a compromise assessment based on the assumption that you've already been compromised, then pick the right tools, processes, technology and intelligence to combat that threat.

Fear of system compromise up some 50% among IT pros as perimeter dissolves

Concerns around compromise increase among IT pros in the face of major breaches at even the most security aware organisations, highlighting muddled responses to softening perimeter.

Shooting phish in a barrel - as malicious URL emails surge 600%

Phishing is on an upward trajectory, with a 600% surge in the number of malicious URL emails in Q3 2017. But there are policies and procedures which can be implemented to help prevent users from falling victim to a phishing attack.

Attack is imminent - get "back to basics" - not just during CyberSec month

Patching and application control should be first on the list to strengthen your organisation against attack, but take a strategic approach, and don't just patch for the latest WannaCry, but for the next big attack too says Amber Boehm.

Despite increased spend, why doesn't DDoS mitigation always work?

Newly published research suggests that while there has been a marked increase in spending to mitigate against Distributed Denial of Service (DDoS) attacks, organisations are still falling victim.

Contractor's only IT technician steals 30GB of Australian defence secrets

30GB of data stolen from a small Australian military defence contractor which included technical information on jet fighters, transport aircraft, 'smart bomb kits.' Culprit, the lone IT technician.

US Kasperky ban draws Kremlin rebuke, raises concerns among users

The US government's decision to ban Kaspersky Lab security software raised concerns from users over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin about anti-competitive practices

The metropolis and security: Should the UK look to Israel's experience?

In addition to intrusion detection and surveillance hardware, technology decision-makers within major cities must consider additional technologies to ensure the hardware and tools themselves are protected says Maya Canetti.

Singapore armed forces lose servicemen's personal data

On Tuesday Singapore's armed forces were hit by revelations that the personal data belonging to some 850 servicemen was stolen.

Biology and computers: drawing parallels between immunology and cyber-security

Stephanie Forrest discusses the parallels between computer viruses and biology and how our understanding of them is informing cyber-security.

State-sponsored hackers turn to Android malware to spy on Israeli soldiers

ViperRat discovered by researchers, designed to exfiltrate data from Israeli Defence Force via Android phones using honey traps.

NATO CNI accepting entries to its Defence Innovation Challenge

Submissions are now being accepted for the second annual Defence Innovation Challenge by the NATO Communications and Information (NCI) Agency.

Understanding the social engineer

Social engineering was the most popular attack technique last year, and James Maude believes this may continue if businesses don't get the basics of prevention and education right.

Russia's increasing cyber-capabilities underestimated?

As Russia increases its military and civilian cyber-security capabilities, is the West under-estimating these developments?

Cyber-defence spending increased

UK Defence Secretary Michael Fallon announced that the UK will invest up to £265 million to boost the defence of military cyber-systems

The right connections - how graph analytics beats fraudsters and cyber-crime

Phil Filleul discusses how banks can beat off cyber-criminals using a range of methods and explores how graph analytics can improve their defence and protection

Why ransomware is a paper tiger

Nic Scott discusses what IT decision makers can do to make their organisation immune from ransomware so they too can laugh at the scammers trying to take company files for a ride

MoD goes Splunk to advance information as a 'force multiplier'

Operational intelligence firm Splunk describes 'full lifecycle' of attacks and advocates analytics-driven security

Swiss defence contractor hacked, details released

The details of a years long campaign against a Swiss defence contractor have been released in partnership with Swiss CERT.

A synchronised approach to security

Without synchronised security, information system controls don't talk to each other, so can't work together to react to threats says John Shaw, advocating a more joined-up approach to security to defend against attacks.

Singtel opens unique cyber-security institute in Asia-Pacific

Singapore Telecommunications (Singtel) has opened a new facility to help enterprises enhance cyber-security skills and test their networks in dealing with cyber-threats.

IT pros lack key info to defend against cyber-attacks

To quickly detect an occurring cyber-attack on endpoints, there are seven important security controls required to be put in place by a wide variety of security regulations.