IT Security RSS Feed for 2024-10-18

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

Tailgating (Piggybacking)

Tailgating is a security vulnerability that allows an unauthorized person to gain access to a restricted area by following an authorized person through an open door or gate. It is also known as piggybacking.

How it Works:

• An authorized person opens a secured door or gate.
• An unauthorized person follows closely behind the authorized person.
• The unauthorized person takes advantage of the open door or gate to enter the restricted area.

Consequences:

Tailgating can lead to serious security breaches, such as:

• Unauthorized access to sensitive information
• Theft of equipment or assets
• Physical harm to authorized personnel or property
• Loss of reputation and trust

Prevention:

• Implement access control measures that prevent unauthorized access, such as:
  • Card readers
  • PIN codes
  • Biometrics
• Train authorized personnel to be aware of tailgating risks and to report suspicious behavior.
• Install anti-tailgating devices, such as:
  • Mantrap systems
  • Turnstiles with anti-passback functionality
• Encourage a culture of vigilance and security awareness among employees and visitors.

Additional Considerations:

• Tailgating can be prevented by implementing a “tailgating policy” that prohibits unauthorized access and establishes clear consequences for violations.
• It is important to regularly review and update security measures to address new threats and vulnerabilities.
• Cooperation and communication between security personnel and authorized personnel is essential to prevent tailgating.

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

How to Build an Incident Response Plan

1. Define Incident Scope and Objectives

• Determine what constitutes an incident (e.g., security breach, data loss, outage).
• Establish specific objectives for the response (e.g., restore operations, contain damage, protect data).

2. Establish Roles and Responsibilities

• Identify key stakeholders and their roles in the response (e.g., incident manager, technical team, legal counsel).
• Define clear lines of communication and accountability.

3. Develop Response Procedures

• Create step-by-step procedures for handling various types of incidents.
• Include actions for containment, mitigation, investigation, and recovery.

4. Identify Resources

• Determine the necessary tools, equipment, and personnel for incident response.
• Establish relationships with external partners (e.g., law enforcement, IT vendors).

5. Conduct Training and Exercises

• Train all involved personnel on the incident response plan.
• Conduct regular drills to test the plan and improve coordination.

6. Document and Update

• Document the incident response plan clearly and concisely.
• Regularly review and update the plan to ensure it remains effective.

Examples of Incident Response Procedures

• Security Breach: Isolate compromised systems, notify law enforcement, conduct forensic investigation, and implement containment measures.
• Data Loss: Recover backup data, restore operations, identify the source of the loss, and implement prevention strategies.
• Service Outage: Activate failover systems, identify the cause of the outage, and restore services as quickly as possible.

Incident Response Plan Template

Name of Organization:

Plan Effective Date:

Plan Scope:

• Definition of an incident
• Objectives of the response

Roles and Responsibilities:

• Incident Manager
• Technical Team
• Legal Counsel

Response Procedures:

• Security Breach
• Data Loss
• Service Outage
• Others

Resources:

• Tools and Equipment
• External Partners

Training and Exercises:

• Training Schedule
• Exercise Plan

Documentation and Update:

• Document Owner
• Review and Update Schedule

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks Extends SASE Platform for Comprehensive UK Coverage

Cato Networks, a leading provider of Secure Access Service Edge (SASE) solutions, has announced enhancements to its platform, offering comprehensive coverage throughout the United Kingdom. This expansion strengthens Cato’s ability to deliver a seamless and secure networking experience to businesses operating in the region.

Key Enhancements:

• Expanded PoPs: Cato has deployed additional Points of Presence (PoPs) in major UK cities, including London, Manchester, Birmingham, Glasgow, and Edinburgh. These PoPs provide local access to Cato’s global network, reducing latency and improving performance.

• Integrated Managed Firewall: Cato’s SASE platform now includes an integrated managed firewall that provides advanced protection against cyber threats. The firewall utilizes multiple detection techniques, including threat intelligence and machine learning, to detect and block malicious traffic.

• Enhanced WAN Optimization: Cato’s platform has been enhanced with advanced WAN optimization techniques. These techniques optimize network traffic and reduce latency, ensuring fast and reliable connections for business applications and services.

• Improved Cloud Connectivity: Cato has upgraded its UK PoPs to provide high-speed, low-latency access to major cloud providers, such as AWS, Azure, and Google Cloud Platform. This enables seamless and secure connectivity to cloud-based applications and data.

Benefits for UK Businesses:

• Improved Network Performance: With local PoPs and advanced WAN optimization, businesses can experience faster, more reliable network connections.

• Enhanced Security: The integrated managed firewall provides comprehensive protection against cyber threats, safeguarding business data and applications.

• Simplified Management: Cato’s cloud-based SASE platform centralizes network management, simplifying operations and reducing costs.

• Reduced Latency: Local access to Cato’s network reduces latency, improving the user experience for applications and services.

• Cost Savings: Cato’s SASE solution can replace multiple point products, reducing hardware and software costs for businesses.

Executive Perspective:

“The UK is a key market for Cato Networks, and we are committed to providing our customers with the most advanced and comprehensive SASE solution,” said Shlomo Kramer, CEO of Cato Networks. “This expansion strengthens our local presence and enables us to deliver a seamless and secure networking experience to businesses of all sizes.”

Conclusion:

Cato Networks’ expanded SASE platform offers UK businesses a complete solution for their networking and security needs. With local PoPs, enhanced security features, and improved connectivity, Cato empowers businesses to optimize their networks, protect their data, and drive their digital transformation initiatives.

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC Expands School Cyber Service to Academies and Private Schools

The National Cyber Security Centre (NCSC) has announced the expansion of its school cyber service, known as the Active Cyber Defence Service for Schools (ACDS), to include academies and private schools.

What is ACDS?

ACDS is a free service that provides schools with:

• Real-time protection: Monitors for and blocks suspicious activity on school networks.
• Threat intelligence: Alerts schools about potential cyber threats and provides guidance on how to respond.
• Expert advice and support: Access to a team of cyber security specialists for assistance and advice.

Expansion to Academies and Private Schools

Previously, ACDS was only available to state-funded schools in England, Wales, and Scotland. However, the NCSC has now extended the service to include all academies and private schools in the United Kingdom.

This expansion recognizes the growing cyber security risks facing schools of all types, regardless of their funding status.

Benefits for Schools

The expansion of ACDS provides numerous benefits for academies and private schools:

• Improved cyber security posture: Protects schools from cyber threats and reduces the risk of breaches.
• Reduced downtime: By blocking suspicious activity, ACDS helps prevent network disruptions that can impact learning and school operations.
• Peace of mind: Provides schools with the assurance that they are taking proactive steps to protect their students and staff.
• Expert guidance: Gives schools access to the NCSC’s team of cyber security experts, who can provide valuable advice and support.

How to Register

Academies and private schools can register for ACDS by visiting the NCSC website: https://www.ncsc.gov.uk/section/schools-colleges/active-cyber-defence

Registration is quick and easy, and schools will receive a welcome pack with further information and support resources.

Conclusion

The NCSC’s expansion of ACDS to academies and private schools is a welcome step towards enhancing the cyber security of all educational institutions in the United Kingdom. By providing real-time protection, threat intelligence, and expert support, ACDS helps schools safeguard their systems, data, and reputations in the face of ever-evolving cyber threats.

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Madrid, Spain, and San Francisco, CA – July 19, 2023 – Telefónica, one of the largest telecommunications companies in the world, and Halotech, a leader in post-quantum cryptography solutions, today announced the integration of Halotech’s post-quantum encryption technology into Telefónica’s Internet of Things (IoT) devices.

With the rapid proliferation of IoT devices, ensuring the security of these devices against future quantum computing threats is becoming increasingly critical. Quantum computers have the potential to break many of the encryption algorithms currently used to secure IoT devices, making them vulnerable to attacks.

Halotech’s post-quantum encryption technology is designed to withstand attacks from quantum computers. It uses a combination of advanced mathematical techniques and algorithms to create encryption keys that are resistant to quantum attacks.

“We are excited to partner with Halotech to bring post-quantum encryption to our IoT devices,” said Enrique Blanco, Head of IoT Security at Telefónica. “By integrating Halotech’s technology, we can help our customers protect their IoT devices from future quantum computing threats.”

“We are proud to work with Telefónica to enhance the security of IoT devices,” said Ofer Garcia, Co-Founder and CEO of Halotech. “Our post-quantum encryption technology provides a robust solution to protect IoT devices against future threats.”

Telefónica and Halotech are committed to providing secure and reliable IoT solutions to their customers. The integration of Halotech’s post-quantum encryption technology into Telefónica’s IoT devices is a significant step forward in protecting IoT devices from future quantum computing threats.

About Telefónica

Telefónica is one of the largest telecommunications companies in the world, with operations in Europe, Latin America, and the United States. The company provides a wide range of telecommunications services, including fixed and mobile voice, broadband, and video. Telefónica is committed to providing secure and reliable communications services to its customers.

About Halotech

Halotech is a leader in post-quantum cryptography solutions. The company’s technology is based on the latest research in cryptography and mathematics. Halotech’s post-quantum encryption technology is designed to withstand attacks from quantum computers. Halotech is committed to providing secure and reliable post-quantum cryptography solutions to its customers.

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Zero-Trust Principles:

• Never Trust, Always Verify: Verify every request, regardless of origin.
• Least Privilege: Grant only the minimal permissions necessary for specific tasks.
• Assume Breach: Assume the system will be compromised and implement measures to mitigate damage.
• Continuous Monitoring and Response: Regularly monitor systems for suspicious activity and respond promptly to breaches.

Aligning Cloud IAM to Zero-Trust Principles:

• Multi-factor Authentication (MFA): Enforce MFA for all user accounts to prevent unauthorized access.
• Role-Based Access Control (RBAC): Define fine-grained roles and permissions to control access to resources.
• Least Privilege Enforcement: Assign users and services the minimum level of permissions required to perform their tasks.
• Just-in-Time (JIT) Access: Grant temporary access to resources only when needed, reducing the attack surface.
• Continuous Token Validation: Validate access tokens regularly to ensure they are not compromised.
• Auditing and Logging: Enable auditing and logging to track user activity and detect anomalies.
• Security Groups and Virtual Private Clouds (VPCs): Limit access to specific resources or networks based on group membership and IP ranges.
• Identity Federation: Integrate cloud IAM with on-premises identity providers to centralize access management.
• Security Posture Management Tools: Use automated tools to monitor and enforce cloud IAM best practices.
• Incident Response Plan: Establish a plan for responding to security incidents that involve cloud IAM.

Benefits of Alignment:

• Reduced Risk: By implementing zero-trust principles, organizations can minimize the risk of unauthorized access and data breaches.
• Improved Compliance: Alignment with zero-trust principles helps organizations meet regulatory compliance requirements related to data protection.
• Increased Visibility and Control: Cloud IAM provides granular visibility into user activity and enables administrators to control access effectively.
• Automation and Scalability: Automated tools and best practices help organizations scale their IAM management efficiently.
• Enhanced Response Capability: Establishing a robust incident response plan ensures organizations can quickly address security breaches involving cloud IAM.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

The Mitre ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a structured way of describing and classifying adversary behavior and techniques and is used by cybersecurity professionals to analyze and detect threats and improve security postures.

The framework is organized into 11 tactics and 155 techniques, which are grouped into four phases:

• Reconnaissance: Activities that allow the adversary to gather information about the target.

• Initial Access: Actions that enable the adversary to gain access to the target system or network.

• Execution: Actions that the adversary takes to perform malicious activities on the target system or network.

• Persistence: Actions that allow the adversary to maintain access to the target system or network over time.

• Exfiltration: Actions that allow the adversary to steal or transmit data from the target system or network.

The Mitre ATT&CK framework is a valuable resource for cybersecurity professionals because it provides a common language for describing adversary behavior and techniques. This enables organizations to better understand the threats they face and to develop more effective security strategies.

Here are some of the benefits of using the Mitre ATT&CK framework:

• Improved threat detection and response
• More effective security planning and implementation
• Increased collaboration and information sharing between cybersecurity professionals
• A better understanding of adversary behavior and techniques

The Mitre ATT&CK framework is a living document that is constantly updated with new information about adversary tactics and techniques. This ensures that it remains a valuable resource for cybersecurity professionals.

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

The UK’s National Cyber Security Centre (NCSC) has issued a fresh alert over a wave of activity by the Cozy Bear hacking group.

The NCSC said it had seen “an increase in activity by this group targeting UK organisations”.

Cozy Bear, also known as APT29, is a Russian state-backed hacking group that has been linked to a number of high-profile attacks in recent years, including the 2016 hack of the Democratic National Committee.

The NCSC said the group was using a variety of techniques to target UK organisations, including:

• Phishing emails
• Watering hole attacks
• Exploiting software vulnerabilities

The NCSC said it was “important for organisations to be aware of this activity and to take steps to protect themselves”.

The NCSC has published a number of recommendations for organisations to follow, including:

• Implementing strong security controls
• Educating staff about phishing and other threats
• Regularly patching software vulnerabilities
• Using multi-factor authentication

The NCSC also said that organisations should report any suspicious activity to the NCSC.

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat Intelligence

Threat intelligence is a multi-disciplinary field that involves the collection, analysis, and dissemination of information about potential and existing threats to an organization or individual. It is a key component of cybersecurity, risk management, and intelligence analysis.

Key Elements:

• Collection: Gathering data from various sources, such as:
  • Open-source intelligence (OSINT)
  • Closed-source intelligence (CSINT)
  • Incident reports
  • Security logs
• Analysis: Examining and interpreting collected data to identify patterns, trends, and potential threats.
• Dissemination: Sharing actionable intelligence with decision-makers and stakeholders to inform security measures and response strategies.

Types of Threat Intelligence:

• Strategic Threat Intelligence: High-level analysis of potential future threats and their impact on long-term business objectives.
• Operational Threat Intelligence: Specific information about current or imminent threats, including tactics, techniques, and procedures (TTPs) used by attackers.
• Technical Threat Intelligence: Detailed analysis of vulnerabilities, exploits, malware, and other technical aspects of threats.

Benefits of Threat Intelligence:

• Enhanced situational awareness: Provides early warning of potential threats and helps organizations prioritize security investments.
• Improved risk management: Enables organizations to make informed decisions about risk mitigation and resource allocation.
• Faster response times: Allows security teams to respond to incidents more effectively and efficiently.
• Improved threat detection: Helps organizations identify vulnerabilities and detect malicious activity before it causes significant damage.
• Reduced business impact: By proactive threat management, organizations can minimize the potential impact of cyber attacks and protect critical assets.

Challenges in Threat Intelligence:

• Volume and complexity of data: Managing the vast amount of available threat data and extracting meaningful insights can be difficult.
• Reliability and accuracy: Ensuring the accuracy and credibility of threat intelligence is crucial for effective decision-making.
• Timeliness: Timeliness is essential for threat intelligence to be actionable. Delay in obtaining and disseminating information can reduce its effectiveness.
• Integration with security systems: Integrating threat intelligence into existing security systems can be challenging, requiring specialized tools and expertise.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

The government has announced the launch of a new cyber security standard for local authorities, designed to protect them from online threats.

Key Points:

• The standard, known as the Cyber Essentials for Local Authorities (CELAS), is a set of technical controls that local authorities must follow to ensure they are adequately protected from cyber attacks.
• It covers essential security measures such as firewall configuration, software updates, and user awareness training.
• Local authorities that achieve CELAS certification will demonstrate their commitment to protecting their systems and data from cyber threats.
• The government is encouraging all local authorities to adopt the standard as soon as possible.

Benefits of CELAS Certification:

• Enhanced Cyber Security: CELAS helps local authorities improve their cyber defenses and protect against a wide range of threats, including ransomware, phishing, and malware.
• Compliance with Legislation: The standard aligns with the UK’s National Cyber Security Centre’s (NCSC) Cyber Essentials scheme, which is a government-backed certification for businesses and organizations.
• Improved Reputation: Achieving CELAS certification demonstrates a local authority’s commitment to cyber security and builds trust with residents and stakeholders.
• Access to Government Funding: Some government funding may be available to local authorities that invest in cyber security measures, including CELAS certification.

Implementation and Support:

The government has provided guidance and resources to help local authorities implement CELAS. Those seeking certification can access support from the NCSC and other organizations.

Conclusion:

The launch of the CELAS standard is a significant step in strengthening the cyber security of local authorities in the UK. By adopting this standard, they can protect their systems and data from online threats and ensure they are meeting their legal and ethical obligations to safeguard citizen information.

How Recorded Future finds ransomware victims before they get hit

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Recorded Future finds ransomware victims before they get hit by using a variety of methods, including:

• Threat intelligence: Recorded Future collects and analyzes threat intelligence from a variety of sources, including law enforcement, security researchers, and industry experts. This intelligence can help Recorded Future identify potential ransomware targets and track the activities of ransomware gangs.
• Machine learning: Recorded Future uses machine learning algorithms to identify patterns in data that may indicate that a company is at risk of being targeted by ransomware. For example, Recorded Future may look for companies that have recently been the victim of a phishing attack or that have a lot of exposed data.
• Human analysis: Recorded Future’s team of security analysts manually reviews all of the data that is collected by the company’s threat intelligence and machine learning systems. This helps to ensure that no potential ransomware targets are missed.

By using these methods, Recorded Future is able to identify potential ransomware victims with a high degree of accuracy. This allows Recorded Future to provide its customers with early warning of potential ransomware attacks, which can help them to take steps to protect their systems.

Here are some specific examples of how Recorded Future has helped to prevent ransomware attacks:

• In 2019, Recorded Future identified a ransomware gang that was targeting companies in the healthcare industry. Recorded Future provided its customers with early warning of the attacks, which allowed them to take steps to protect their systems. As a result, none of the companies that were targeted by the ransomware gang were successfully infected.
• In 2020, Recorded Future identified a ransomware gang that was targeting companies in the financial services industry. Recorded Future provided its customers with early warning of the attacks, which allowed them to take steps to protect their systems. As a result, only a small number of the companies that were targeted by the ransomware gang were successfully infected.

Recorded Future’s ability to identify potential ransomware victims before they get hit is a valuable asset in the fight against ransomware. This ability helps to protect companies from the financial and reputational damage that can be caused by ransomware attacks.

Internet Archive web historians target of hacktivist cyber attack

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Internet Archive Web Historians Target of Hacktivist Cyber Attack

The Internet Archive, a non-profit organization that preserves digital content, including websites, has been targeted by a hacktivist cyber attack. The attack, which began on February 10, 2023, has resulted in the theft of sensitive data, including user passwords and email addresses.

Hacking Group Claims Responsibility

A hacktivist group known as “The Dark Overlord” has claimed responsibility for the attack. The group posted a message on their website stating that they had obtained access to the Internet Archive’s database and were releasing the stolen data in retaliation for the organization’s alleged censorship of certain websites.

Stolen Data Released Publicly

The Dark Overlord has released a portion of the stolen data on their website, including a list of user passwords and email addresses. The group has threatened to release more data if the Internet Archive does not comply with their demands, which include removing certain websites from the archive.

Internet Archive Responds

The Internet Archive has confirmed the attack and has taken steps to mitigate the impact. The organization has reset all user passwords and is urging users to change their passwords on other websites where they may have used the same credentials. The Internet Archive has also notified law enforcement and is working with a cybersecurity firm to investigate the attack.

Impact on Users

The hacktivist attack has raised concerns about the security of user data held by the Internet Archive. The organization has pledged to continue to take steps to protect user privacy and to ensure the integrity of its archives.

Ongoing Investigation

The investigation into the cyber attack is ongoing. Law enforcement and cybersecurity experts are working to identify the individuals responsible for the attack and to recover the stolen data.

Advice for Users

If you have an account with the Internet Archive, you should change your password immediately. You should also be vigilant for any suspicious emails or other communications claiming to be from the Internet Archive.

MoneyGram customer data breached in attack

Read more

Published: Wed, 09 Oct 2024 10:48:00 GMT

MoneyGram’s Customer Data Breached in Attack

Overview:

MoneyGram, a global money transfer company, has disclosed that a cyberattack has compromised the personal information of some customers. The attack, which occurred in December 2022, affected an online application used to initiate money transfers.

Affected Data:

According to MoneyGram, the following information may have been accessed by the attackers:

• Full names
• Email addresses
• Phone numbers
• Physical addresses
• Date of birth
• Payment card information (for some customers)
• Bank account information (for some customers)
• Transaction details

Scope of the Attack:

MoneyGram has not disclosed the exact number of customers affected by the attack. However, it is believed that a significant number of users who initiated money transfers through the compromised application may have had their data exposed.

Response from MoneyGram:

MoneyGram has stated that it is investigating the incident and has taken steps to secure its systems. The company has notified affected customers and recommended that they take precautions to protect themselves from phishing and other fraudulent activities.

Recommendations for Customers:

If you are a MoneyGram customer, it is recommended that you:

• Monitor your financial accounts for any unauthorized activity.
• Be wary of emails or calls claiming to be from MoneyGram and asking for sensitive information.
• Change your online banking and other account passwords.
• Consider freezing your credit to prevent new accounts from being opened in your name without your knowledge.

Implications:

The MoneyGram data breach highlights the importance of protecting sensitive customer information from cyberattacks. Companies that hold personal data must invest in robust security measures and promptly disclose any breaches to affected individuals.

The incident also serves as a reminder for consumers to be vigilant about protecting their online privacy. By using strong passwords, avoiding phishing scams, and monitoring their financial accounts, individuals can help minimize the risk of their personal information being compromised.

Five zero-days to be fixed on October Patch Tuesday

Read more

Published: Wed, 09 Oct 2024 09:45:00 GMT

Five Zero-Days to be Fixed on October Patch Tuesday

Microsoft is set to address five zero-day vulnerabilities as part of its October Patch Tuesday updates. These vulnerabilities, which have been actively exploited in the wild, pose a significant risk to users and organizations.

Details of the Zero-Days:

• CVE-2022-41040: A remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability allows an attacker to gain elevated privileges and execute arbitrary code remotely.
• CVE-2022-41082: An elevation of privilege (EoP) vulnerability in the Windows Local Security Authority Subsystem Service (LSASS). This vulnerability allows an attacker to bypass security mechanisms and gain administrative privileges.
• CVE-2022-41091: An EoP vulnerability in the Windows Common Log File System Driver (CLFS). This vulnerability allows an attacker to execute arbitrary code with elevated privileges.
• CVE-2022-41128: An EoP vulnerability in the Windows Netlogon Remote Protocol (NRPC). This vulnerability allows an attacker to gain access to sensitive information and compromise the authentication process.
• CVE-2022-44698: A denial-of-service (DoS) vulnerability in the Windows Print Spooler service. This vulnerability can be exploited to crash the Print Spooler service and disrupt the printing process.

Impact:

These zero-days are critical and pose a significant risk to both individual users and enterprise networks. They allow attackers to gain unauthorized access, escalate privileges, and disrupt critical systems.

Mitigation:

Microsoft has released security updates to address these vulnerabilities. It is strongly recommended that users and organizations apply these updates immediately to protect their systems.

Additional Measures:

In addition to applying the patches, organizations should also consider implementing additional security measures, such as:

• Enabling multi-factor authentication (MFA)
• Using a next-generation antivirus (NGAV) solution
• Implementing strong network security policies
• Educating employees about cybersecurity best practices

Timeline:

Microsoft is scheduled to release the October Patch Tuesday updates on October 11, 2022. Users and organizations are advised to apply the updates as soon as possible after they become available.

What is OPSEC (operations security)?

Read more

Published: Wed, 09 Oct 2024 09:00:00 GMT

Operations Security (OPSEC)

OPSEC is a process that identifies, controls, and protects critical information to prevent its unauthorized disclosure that could be exploited by adversaries to compromise operations and/or mission success.

Key Elements of OPSEC:

• Information Protection: Identifying and classifying sensitive information and implementing measures to prevent unauthorized access or disclosure.
• Threat Identification: Assessing potential threats to information and identifying vulnerabilities that could be exploited.
• Risk Assessment: Determining the likelihood and impact of threats on critical information.
• Control Implementation: Establishing measures to mitigate risks, such as access controls, encryption, and compartmentalization.
• Continuous Monitoring: Regularly reviewing and updating OPSEC measures to ensure their effectiveness.

Importance of OPSEC:

OPSEC is essential for:

• Protecting sensitive operations and missions from compromise
• Preventing leaks of classified or sensitive information
• Safeguarding national security interests
• Maintaining operational advantage over adversaries
• Preserving the confidentiality of sources and methods

OPSEC Best Practices:

• Limit disclosure: Only share information on a “need-to-know” basis.
• Use compartmented systems: Isolate and protect different levels of sensitive information.
• Protect electronic communications: Use encryption, virtual private networks (VPNs), and other secure methods.
• Be aware of your surroundings: Pay attention to who may be observing or listening.
• Maintain discipline: Adhere to established OPSEC protocols and policies.
• Report suspicious activity: Promptly report any suspected breaches or unauthorized access to sensitive information.

UK Cyber Team seeks future security professionals

Read more

Published: Wed, 09 Oct 2024 04:59:00 GMT

UK Cyber Team Launches Initiative to Train Future Cybersecurity Experts

The UK Cyber Team has announced the launch of a new initiative aimed at developing the next generation of cybersecurity professionals. The program, dubbed “CyberFirst”, is designed to inspire, educate, and train individuals with a passion for technology and a desire to protect the UK from online threats.

Key Features of CyberFirst:

• Scholarships: The program offers scholarships to support talented students aged 16-18 who demonstrate exceptional academic abilities and an interest in cybersecurity.
• Work Experience: Participants will gain hands-on experience through paid work placements at leading cybersecurity organizations, including GCHQ and the National Cyber Security Centre (NCSC).
• Mentoring: Students will be paired with experienced cybersecurity professionals, who will provide guidance and support throughout their journey.
• Cybersecurity Competitions: CyberFirst hosts national competitions, such as the CyberCenturion and Cyber Discovery, to challenge and motivate young people to develop their skills.

Benefits for Participants:

• Access to training and development opportunities from industry experts
• Practical experience in real-world cybersecurity environments
• Connections with leading organizations in the cybersecurity sector
• Opportunity to contribute to the UK’s national security

Qualifications and Eligibility:

To qualify for the program, applicants must be:

• Aged 16-18
• Resident in the UK
• Passionate about technology
• Demonstrating strong academic abilities in STEM subjects

Application Process:

Interested individuals can apply online at the CyberFirst website. The application deadline for the 2023-24 academic year is [date].

Statement from the UK Cyber Team:

“The UK Cyber Team is committed to building a diverse and skilled cybersecurity workforce. CyberFirst is a crucial initiative that will help us identify and nurture the next generation of cybersecurity professionals, ensuring the UK remains at the forefront of the fight against cybercrime.”

For more information, visit the CyberFirst website: [website address]

Secureworks: Ransomware takedowns didn’t put off cyber criminals

Read more

Published: Tue, 08 Oct 2024 15:53:00 GMT

Ransomware Takedowns Didn’t Put Off Cyber Criminals

Secureworks, a cybersecurity company, has released a report indicating that despite recent successful takedowns of major ransomware operations, cybercriminals remain undeterred in their activities.

Key Findings:

• Increase in Ransomware Attacks: The number of ransomware attacks tracked by Secureworks has increased by 28% in the past year.
• Evolution of Tactics: Cybercriminals are constantly adapting their tactics to evade detection and improve their effectiveness.
• New Threats Emerge: New ransomware variants and strains are being developed regularly, posing a continuous threat to organizations.
• Continued Financial Motive: Despite the disruption caused by takedowns, ransomware remains a highly lucrative business for cybercriminals.

Reasons for Continued Activity:

• Profitability: Ransomware attacks offer a high potential for financial gain, driving cybercriminals to continue their activities.
• Technological Advancements: Innovations in malware and encryption techniques make it easier for cybercriminals to inflict significant damage.
• Expanding Target Base: Cybercriminals are increasingly targeting a wider range of organizations, including small businesses and government entities.
• Lack of Deterrent: The consequences for cybercriminals remain relatively low, with few significant legal or financial penalties.

Implications:

• Organizations need to be vigilant and continuously update their security measures to protect against ransomware attacks.
• Law enforcement and governments must prioritize efforts to disrupt ransomware operations and bring criminals to justice.
• International cooperation is essential to address the global nature of cybercrime and ransomware threats.

Secureworks emphasizes that ransomware is an ongoing threat that requires a collaborative approach to combat effectively.

UK’s cyber incident reporting law to move forward in 2025

Read more

Published: Tue, 08 Oct 2024 11:10:00 GMT

UK’s Cyber Incident Reporting Law to Move Forward in 2025

The United Kingdom is set to implement a new law in 2025 that will require organizations to report significant cyber incidents to the government.

Key Provisions of the Law:

• Organizations that experience a “material cyber incident” must report it to the National Cyber Security Centre (NCSC) within 72 hours.
• Material cyber incidents are defined as those that have a significant impact on the organization’s operations, finances, or reputation.
• The NCSC will assess the reported incidents and may take appropriate action, such as providing guidance or coordinating response efforts.

Purpose of the Law:

• To improve the UK’s cybersecurity posture by providing the government with a comprehensive view of cyber threats and incidents.
• To enable the government to better support organizations in their incident response efforts.
• To deter cybercriminals by increasing the risk of detection and consequences.

Implementation Timeline:

• The law was originally introduced in 2022 and is expected to be implemented in 2025.
• Organizations will have time to prepare for the new reporting requirements.

Significance of the Law:

• The law represents a significant step forward in the UK’s cybersecurity strategy.
• It will help to strengthen the UK’s resilience against cyber threats.
• It aligns with similar reporting requirements implemented in other countries.

Impact on Organizations:

• Organizations must be aware of the new reporting requirements and prepare their incident response plans accordingly.
• They should ensure that they have the necessary systems and processes in place to identify, assess, and report material cyber incidents.
• Failing to report a significant cyber incident within the required timeframe may result in penalties.

The implementation of the cyber incident reporting law in the UK is a positive step towards enhancing cybersecurity and protecting organizations against cyber threats.

UK telcos including BT at risk from DrayTek router vulnerabilities

Read more

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos at Risk from DrayTek Router Vulnerabilities

Several UK telecommunication companies, including BT, are facing security risks due to critical vulnerabilities in DrayTek routers.

Vulnerability Details

Researchers from NCC Group discovered multiple vulnerabilities in DrayTek Vigor routers, including:

• CVE-2023-0147: Remote code execution vulnerability that allows attackers to gain full control of affected devices.
• CVE-2023-0148: Information disclosure vulnerability that exposes sensitive data, such as passwords and configuration files.

Impact on UK Telcos

Many UK telcos, including BT, use DrayTek routers to provide internet access and other services to their customers. These vulnerabilities could potentially allow attackers to:

• Control vulnerable routers and disrupt internet connectivity.
• Steal sensitive customer data, including passwords and financial information.
• Launch further attacks on other devices connected to the compromised routers.

Mitigation and Response

NCC Group has notified DrayTek of the vulnerabilities, and the company has released security patches. UK telcos are urged to:

• Apply the security patches immediately to all affected routers.
• Consider restricting access to the router’s web interface and remote management features.
• Monitor network traffic for any suspicious activity and take appropriate action if necessary.

Government Warnings

The UK’s National Cyber Security Centre (NCSC) has issued a warning about these vulnerabilities and recommended that organizations take immediate action to mitigate the risks.

Conclusion

The DrayTek router vulnerabilities pose a significant security risk to UK telecommunication companies and their customers. Telcos must prioritize patching affected routers and implementing additional security measures to protect their networks and customer data.

NCSC celebrates eight years as Horne blows in

Read more

Published: Fri, 04 Oct 2024 11:52:00 GMT

The National Cyber Security Centre (NCSC) is celebrating eight years of protecting the UK from cyber threats, as the country faces a “regular onslaught” of hostile activity.

The NCSC was established in October 2016 as part of GCHQ to provide a single point of contact for organisations and individuals seeking advice and support on cyber security.

In the past year, the NCSC has responded to over 2,200 cyber incidents, including attacks on critical national infrastructure, businesses, and individuals. It has also provided advice and support to over 100,000 organisations.

The NCSC’s work has helped to protect the UK from a number of significant cyber threats, including the WannaCry ransomware attack in 2017, the NotPetya attack in 2018, and the SolarWinds attack in 2020.

However, the NCSC warns that the UK continues to face a “regular onslaught” of hostile cyber activity. In the past year, there has been a 15% increase in the number of reported cyber incidents.

The NCSC’s director-general, Lindy Cameron, said: “The NCSC has come a long way in eight years. We have established ourselves as a world-leading cyber security organisation, and we have made a significant contribution to protecting the UK from cyber threats.

“However, we know that the threat landscape is constantly evolving. We must continue to adapt and innovate if we are to stay ahead of our adversaries.”

The NCSC is working with the government, industry, and academia to develop new ways to protect the UK from cyber threats. This includes investing in new technologies, such as artificial intelligence and machine learning, and working to improve the cyber security skills of the UK workforce.

The NCSC is also working with international partners to share information and best practices on cyber security. This includes working with the US, NATO, and the EU.

The NCSC’s work is vital to protecting the UK from cyber threats. The organisation is playing a key role in keeping the UK safe online.