Volume 2022, Issue 7

Contents
Pen testing vs red teaming
GEMMA MOORE


Zero-trust architecture is creating a passwordless society
JONAS IGGBOM


Privacy-enhancing technologies in the design of digital twins for smart cities
GABRIELA AHMADI-ASSALEMI, HAIDER AL-KHATEEB, AMAR AGGOUN


The biggest challenges of manually managing PKI certificates
ANTHONY RICCI

Volume 2022, Issue 6

Contents
The case for threat modelling
COLIN TANKARD


Security service edge: choosing the right solution
NATHAN HOWE


DGAs die hard: detecting malicious domains using AI
BHARATHASIMHA REDDY D, SRILEKHA TALLURI, RUTHVIK REDDY SL, AMIT NAGAL, ADITYA K SOOD


The great security convergence: joining physical devices and cyber security
SCOT STURGES

Volume 2022, Issue 5

Contents
Salvaging security for speedy single-page applications
GARY ARCHER


Securing industrial environments
YOANN DELOMIER


Virtualised network security is not a one-size-fits-all approach
MICHAEL ECKEL


Safeguard the future of your network
MICHAEL WOOD


Incident response: test, don't improvise
ANDREW COOKE


The challenges of Log4j – and how to solve them
TOM MCVEY

Volume 2022, Issue 4

Contents
The state of cyber resilience
GIO COZZOLINO


Continuous authentication for IoT smart home environments
MAX SMITH-CREASEY, STEVEN FURNELL, MUTTUKRISHNAN RAJARAJAN


The importance of cyber security in journalism
ELAD SHERF


Dealing with highly evasive adaptive threats
TOM MCVEY


 

Volume 2022, Issue 3

Contents
D-F of cyber security
KAREN RENAUD


How to plan for a post-quantum security ecosystem
NILS GERHARDT


Revisiting man-in-the-middle attacks against HTTPS
VYRON KAMPOURAKIS, GEORGIOS KAMBOURAKIS, EFSTRATIOS CHATZOGLOU, CHRISTOS ZAROLIAGIS


Ransomware – one of the biggest threats facing enterprises today
GUIDO GRILLENMEIER


The ‘need to know’ of highly evasive adaptive threats
TOM MCVEY


The Art of Attack
Maxie Reynolds. Wiley

Volume 2022, Issue 2

Contents
Strength through simulation
COLIN TANKARD


The security implications of working-from-anywhere
PHIL CHAPMAN


The evolving threat from China
MARC BURNARD


Is energy the weak link in the UK’s critical national infrastructure?
SCOTT DAVIDSON


Air-gapped networks: the myth and the reality
MILAD ASLANER


Ransomware recap: Learning from 2021
TOM MCVEY

Volume 2022, Issue 1

Contents
Deceptive security to protect your business
ERIC CHAMBAREAU


How AI will transform the cyber security industry
ANURAG GURTU


Bulletproof hosting and the Magecart threat
FABIAN LIBEAU


Using open source software securely
JAVIER PEREZ


Agricultural robot wars
CHARLES MARROW


Staying safe during holiday seasons
TOM MCVEY

Volume 2021, Issue 12

Contents
NEWS
Critical Java flaw puts millions of organisations at risk .....1
Ransomware most serious threat, says NCSC .....2
Iran attack warning .....3


FEATURES
Opening the network to DevOps without letting threats inside .....7
Adopting a robust domain name security strategy .....10
Understanding the evolving threat landscape – APT techniques in a container environment .....13
The hefty price you pay for manual triage .....18


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 11

Contents
NEWS
Unicode flaw leaves most software open to malicious code injection .....1
Computer crimes soar .....2
US bans spyware .....3


FEATURES
After the pandemic: securing smart cities .....7
Smart plugs invite cyber criminals into the home .....9
Coming off the tracks: the cyberthreats facing rail operators .....12
Protecting Active Directory against modern threats .....15
Layering identity and access management to disrupt attacks .....17


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 10

Contents
NEWS
Iran-based hackers target defence, aerospace and telco firms, but Russia still biggest threat .....1
Major telecoms firm hacked for five years .....3


FEATURES
A network with nowhere to hide .....7
CISOs should work closely with their ITAM colleagues .....9
How financial services firms can mitigate the next wave of attacks .....12
The future of security in a remote-work environment .....15
Shining a light on organisational risk .....18


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 6

Contents
NEWS
US authorities recover most of Colonial Pipeline ransom .....1
Phishers impersonate USAID .....2


FEATURES
Applying the principles of zero-trust architecture to protect sensitive and critical data .....7
Grid cyber security: secure by design, continuous threat monitoring, effective incident response and board oversight .....9
Attack graph reachability: concept, analysis, challenges and issues .....13


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 5

Contents
NEWS
Supply chain attack puts thousands of firms at risk .....1
Pulse zero-day exploited by APT groups .....2
Bolstering IoT security .....3


FEATURES
Facing up to security and privacy in online meetings .....7
Security misconfigurations and how to prevent them .....13
When is the right time to outsource your security function? .....16


REGULARS
ThreatWatch .....3
Reviews .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 4

Contents
NEWS
More than a billion Facebook and LinkedIn records leaked .....1
Exchange woes continue .....2


FEATURES
A threshold-based, real-time analysis in early detection of endpoint anomalies using SIEM expertise .....7
Gamification – can it be applied to security awareness training? .....16
Securing connectivity for remote workforces .....18


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
Threat Intelligence .....6
The Firewall .....20
Events .....20

Volume 2021, Issue 3

Contents
NEWS
Accellion vulnerabilities lead to breaches of major organisations .....1
North Korea targets defence firms and Pfizer .....2


FEATURES
Investigating cyber attacks using domain and DNS data .....6
Looking to the future of the cyber security landscape .....8
Locking the door: tackling credential abuse .....11


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
The Firewall .....20
Events .....20

Volume 2021, Issue 2

Contents
NEWS
Florida facility hacked in attempt to poison water .....1
More fallout from SolarWinds hack .....2


FEATURES
Who’s that knocking at the door? The problem of credential abuse .....6
The state of zero trust in the age of fluid working .....15
Avoiding costly downtime – how MSPs can manage their networks .....17


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
The Firewall .....20
Events .....20

Volume 2021, Issue 1

Contents
NEWS
SolarWinds supply chain breach threatens government agencies and enterprises worldwide .....1


FEATURES
How can mobile networks protect critical infrastructure? .....6
Relying on firewalls? Here’s why you’ll be hacked .....9
The event data management problem: getting the most from network detection and response .....12
Shining a light on UEFI – the hidden memory space being exploited in attacks .....14
Now is the time to move past traditional 3-2-1 back-ups .....18


REGULAR
ThreatWatch .....3
Book Reviews .....4
News in brief .....5
The Firewall .....20
Events .....20

Volume 2020, Issue 12

Contents
NEWS
UK reveals existence of its military cyber operations unit .....1
Security firms breached .....3


FEATURES
How SASE is defining the future of network security .....6
When it comes to cyber security, ignorance isn’t bliss – it’s negligence .....8
Nation-state attacks: the escalating menace .....12
Where conventional security control validation falls short when evaluating organisational threats .....18


REGULARS
ThreatWatch .....3
Report Analysis .....4
News in brief .....5
The Firewall .....20
Events .....20

Volume 2020, Issue 11

Contents
Governments implement sanctions against nation-state attackers


Can graphs mitigate against coronavirus-related cybercrime?


Bot mitigation – how gaps in understanding and ownership are exposing businesses to greater threats


The future of 5G smart home network security is micro-semicro-segmentation

Volume 2020, Issue 10

Contents
Zerologon flaw exploited in the wild


Exploitable hosts used in cloud native cyber attacks


How threat actors abuse ICS-specific file types


How organisations can ethically negotiate ransomware payments

Volume 2020, Issue 9

Contents
US presidential election already under attack


The problem with (most) network detection and response


The security implications of quantum cryptography and quantum computing


Critical infrastructure under attack: lessons from a honeypot

Volume 2020, Issue 8

Contents
Intel and other major firms suffer source code leaks


Why organisational readiness is vital in the fight against insider threats


Managing endpoints, the weakest link in the security chain


Zoombombing – the end-to-end fallacy

Volume 2020, Issue 7

Contents
Australian Government claims ‘sophisticated’ attack by nation-state actors


Strong security starts with software development


The 2020 Data Breach Investigations Report – a CSO’s perspective


Avoiding the most common vulnerability- management pitfalls

Volume 2020, Issue 6

Contents
Russian nation-state attackers target Exim mail servers


How data can be the lingua franca for security and IT


Keeping a secure hold on data through modern electronic content management


Keeping critical assets safe when teleworking is the new norm

Volume 2020, Issue 5

Contents
Chinese hackers attacking Covid-19 researchers, US warns


Optimising storage processes to reduce the risk of ransomware
lorian Malecki, StorageCraft


Hybrid intrusion detection system using machine learning
Amar Meryem and Bouabid EL Ouahidi, Mohammed V University, Rabat

Volume 2020, Issue 4

Contents


DDoS defence: new tactics for a rising shadow industry
Terry Ray


Are your IT staff ready for thepandemic-driven insider threat?
Phil Chapman


Essentials for selecting a network-monitoring tool
Cary Wright


The security risks created by cloud migration and how to overcome them
Simon Kelf


Innovation and risk walk hand-in-hand with 5G and IoT
David Higgins


Uncovering the cyber security challenges in healthcare
Alyn Hockey