IT Security RSS Feed for 2024-10-19

Posted on Edited on In Word count in article: 37k Reading time ≈ 34 mins.

IT Security RSS Feed for 2024-10-19

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

Tailgating or piggybacking is a type of unauthorized physical access to a controlled area. It occurs when an unauthorized person follows closely behind an authorized person who has just used an access control system, such as a door or gate, to gain entry.

The unauthorized person can then slip into the controlled area without having to provide any credentials or authorization. Tailgating can be a serious security risk, as it can allow unauthorized individuals to gain access to sensitive areas or information.

To prevent tailgating, organizations can implement a number of security measures, such as:

  • Using mantrap systems: Mantrap systems require authorized individuals to pass through two sets of doors in order to gain access to a controlled area. This makes it more difficult for unauthorized individuals to tailgate.

  • Installing access control systems: Access control systems can be used to restrict access to controlled areas to authorized individuals only. These systems can be configured to require the use of a key card, PIN, or other form of credential to gain entry.

  • Educating employees and visitors: Organizations should educate employees and visitors about the risks of tailgating and how to prevent it. This education can be provided through security awareness training programs or through the use of signage.

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

How to Build an Incident Response Plan

1. Define Objectives and Scope

  • Determine the purpose of the plan and specific incidents it covers (e.g., data breach, cyberattack, physical security breach).
  • Establish the plan’s scope, including the affected systems, departments, and stakeholders.

2. Establish a Response Team

  • Identify key personnel responsible for managing incidents (e.g., incident commander, technical team, communication team).
  • Define their roles and responsibilities.

3. Develop Response Procedures

  • Establish step-by-step procedures for each type of incident, including:
    • Detection and assessment
    • Containment and mitigation
    • Recovery and restoration
    • Notification and communication

4. Establish Communication Protocols

  • Define channels and methods for communicating with internal stakeholders, external parties (e.g., law enforcement, vendors), and the public.
  • Establish protocols for issuing public statements and handling media inquiries.

5. Document and Test the Plan

  • Compile all plan components into a written document.
  • Conduct regular exercises to test the plan’s effectiveness and identify areas for improvement.

6. Monitor and Review

  • Continuously monitor incident trends and best practices.
  • Regularly review and update the plan as needed.

Examples

Data Breach Response Plan:

  • Detect and investigate suspicious activity in network or system logs.
  • Contain the breach by isolating affected systems and blocking access to sensitive data.
  • Identify and notify affected individuals and regulatory authorities.
  • Recover and restore data from backups and implement measures to prevent future breaches.

Cyberattack Response Plan:

  • Detect and block malicious traffic using security tools and threat intelligence.
  • Isolate affected systems and quarantine compromised devices.
  • Identify and remediate vulnerabilities exploited by the attacker.
  • Restore system functionality and implement security enhancements to prevent future attacks.

Physical Security Breach Response Plan:

  • Detect and respond to unauthorized access or intrusion through alarms, surveillance cameras, and physical barriers.
  • Notify security personnel and law enforcement immediately.
  • Secure the perimeter and gather evidence for investigation.
  • Implement measures to prevent future breaches and improve security infrastructure.

Template

Incident Response Plan

Section 1: Objectives and Scope

Section 2: Response Team

Section 3: Response Procedures

Section 4: Communication Protocols

Section 5: Documentation and Testing

Section 6: Monitoring and Review

Appendix A: Incident Reporting Form

Appendix B: Contact Information

Appendix C: Incident Response Metrics

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks Expands SASE Platform for Enhanced UK Delivery

Cato Networks, a leading provider of cloud-native Secure Access Service Edge (SASE) solutions, has announced significant enhancements to its SASE platform, offering businesses in the United Kingdom (UK) with a comprehensive and secure networking solution.

Key Platform Expansions:

  • Cloud-Native Global Network: Cato’s network now includes additional points of presence (PoPs) in key UK cities, ensuring optimal connectivity and reduced latency for UK-based users.
  • Enhanced Security Services: The platform incorporates advanced security features such as next-generation firewall, intrusion prevention, and malware protection, providing comprehensive protection against cybersecurity threats.
  • Optimized Cloud Access: Cato’s SASE solution optimizes access to popular cloud services, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), reducing network overhead and improving application performance.
  • Simplified Management Interface: The platform features a user-friendly and intuitive management interface, allowing businesses to easily configure and monitor their network from a centralized location.

Benefits for UK Businesses:

  • Enhanced Reliability and Performance: The expanded network and optimized cloud access ensure seamless connectivity and reduced latency for UK-based users.
  • Improved Security: Cato’s comprehensive security features protect businesses from a wide range of threats, ensuring the safety of sensitive data and applications.
  • Reduced Operational Costs: The centralized management interface simplifies network administration, reducing the workload on IT teams and lowering operational costs.
  • Increased Flexibility: Cato’s SASE platform provides businesses with the flexibility to scale their network and add services as their needs change.

Quote from Cato Networks:

“Cato is committed to delivering the most advanced and secure SASE solutions to businesses worldwide. Our platform enhancements for the UK market demonstrate our ongoing efforts to meet the unique networking and security requirements of UK-based organizations,” said Yishay Yovel, CTO and Co-Founder of Cato Networks.

Availability:

Cato’s enhanced SASE platform is now available for businesses in the UK. For more information, please visit: https://www.catonetworks.com/

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC Expands School Cyber Service to Academies and Private Schools

The National Cyber Security Centre (NCSC) has announced the expansion of its school cyber security service to include academies and private schools.

What is the School Cyber Security Service?

The School Cyber Security Service is a free program that provides schools with tailored cybersecurity support, including:

  • Guidance on protecting school IT systems and data
  • Training for staff and students on cyber threats
  • Incident response support in case of a cyber attack

Why is the Service Being Expanded?

The NCSC recognizes that academies and private schools also face significant cyber threats, such as:

  • Malware attacks
  • Phishing scams
  • Data breaches

By expanding the service to these schools, the NCSC aims to:

  • Improve the overall cybersecurity posture of the education sector
  • Reduce the risk of cyber incidents affecting schools
  • Provide support for schools in responding to cyber threats

How Can Schools Access the Service?

Academies and private schools can sign up for the School Cyber Security Service by visiting the NCSC website: https://www.ncsc.gov.uk/cybersecurity/schools-academies-and-colleges

Benefits of Using the Service

Schools that use the School Cyber Security Service can benefit from:

  • Reduced risk of cyber incidents
  • Increased awareness of cyber threats
  • Improved IT security practices
  • Confidence in responding to cyber incidents
  • Compliance with legal and regulatory requirements

Call to Action

The NCSC encourages all academies and private schools to take advantage of the School Cyber Security Service. By doing so, schools can mitigate cyber risks and ensure that their IT systems and data are protected.

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Madrid, Spain - Halotech DNA, a global leader in quantum-safe cryptographic solutions, today announced a partnership with Telefónica, one of the world’s largest telecommunications providers, to integrate Halotech’s post-quantum encryption (PQC) solution into Telefónica’s IoT devices.

As the threat of quantum computers looms, the security of IoT devices, which are increasingly used in critical infrastructure and sensitive applications, is paramount. Traditional encryption methods are vulnerable to being broken by quantum computers, which can quickly factor large numbers, rendering current encryption protocols useless.

Halotech’s PQC solution addresses this challenge by providing a new generation of encryption algorithms that are resistant to quantum attacks. The integration of Halotech’s PQC technology into Telefónica’s IoT devices will ensure their continued security even in the face of advancements in quantum computing.

“The integration of Halotech’s post-quantum encryption into our IoT devices is a significant step in our commitment to securing our customers’ data and safeguarding their privacy,” said Sergio Oslé, Global Head of IoT Platforms and Products at Telefónica. “We are confident that this partnership will enable us to continue providing the highest levels of security for our customers in the quantum era.”

“We are thrilled to partner with Telefónica to bring post-quantum encryption to their IoT devices,” said Hanchen Huang, CEO of Halotech DNA. “Our technology will enable Telefónica to deliver quantum-safe security to their customers, protecting their data and ensuring their continued trust in the company.”

The integration of Halotech’s PQC solution will be completed in phases, with the first devices expected to be available in the second half of 2023.

About Telefónica

Telefónica is one of the largest telecommunications companies in the world, serving over 325 million customers in Europe and Latin America. The company is committed to providing a superior customer experience and innovation in network connectivity, digital services, and IoT solutions.

About Halotech DNA

Halotech DNA is a global leader in quantum-safe cryptographic solutions. The company’s mission is to protect the world’s data from the threat of quantum computers. Halotech DNA’s technology is based on the latest advancements in cryptography and is designed to be seamlessly integrated into existing systems.

Contact:

Telefónica Media Relations
press@telefonica.com

Halotech DNA Media Relations
media@halotechdna.com

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Zero-Trust Principles in Cloud IAM

Zero-trust is a security model that assumes all internal and external entities are potential threats. Cloud IAM (Identity and Access Management) can be aligned to zero-trust principles to enhance security:

1. Least Privilege:

  • Grant users only the minimum permissions required to perform their tasks.
  • Use role-based access control (RBAC) to define granular permissions.
  • Avoid using broad permissions like “Owner” or “Editor.”

2. Multi-Factor Authentication (MFA):

  • Require multiple authentication factors (e.g., password and OTP) for access to sensitive resources.
  • Enforce MFA for privileged users and critical systems.

3. Device Trust:

  • Implement device fingerprinting and device trust mechanisms.
  • Ensure that only trusted devices can access cloud resources.

4. Context-Aware Access:

  • Consider environmental factors (e.g., time of day, location) when granting access.
  • Implement conditional access policies to restrict access based on specific criteria.

5. Continuous Monitoring:

  • Monitor user activity and identify suspicious behavior.
  • Use audit logs to track access attempts and detect anomalies.

6. Session Management:

  • Implement session timeouts and enforce regular password changes.
  • Use single sign-on (SSO) to reduce the number of active sessions.

7. Identity Governance:

  • Regularly review user permissions and remove inactive accounts.
  • Enforce password complexity and expiration policies.

Benefits of Zero-Trust IAM:

  • Enhanced security by reducing the attack surface.
  • Improved compliance by adhering to industry best practices.
  • Reduced risk of data breaches and unauthorized access.
  • Proactive detection and response to security incidents.

Implementation Considerations:

  • Assess current IAM configuration and identify areas for improvement.
  • Develop a comprehensive zero-trust IAM strategy.
  • Implement technical solutions such as MFA and conditional access.
  • Train users on zero-trust principles and best practices.
  • Monitor and continuously improve IAM security posture.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

Mitre ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)

Definition:

The Mitre ATT&CK framework is a global, publicly accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) used by various cyber attackers. It provides a common language and taxonomy for describing and analyzing cyberattacks.

Components:

  • Tactics: High-level objectives or intent of the adversary, such as Reconnaissance, Lateral Movement, or Command and Control.
  • Techniques: Specific methods or tools used by the adversary to achieve their tactics, such as Phishing, Spearphishing, or Remote Access Tools.
  • Sub-Techniques: Variations or subcategories of techniques, providing further granularity and specificity.
  • Groups: Collections of TTPs associated with specific cyber threat actors or groups, such as APT29 or FIN7.
  • Matrices: Maps of TTPs to various security controls and mitigation strategies.

Purpose:

  • Improve threat detection and response capabilities by providing a common understanding of adversary behaviors.
  • Facilitate collaboration and knowledge sharing among security researchers and practitioners.
  • Support the development of security tools and technologies that can counter adversary TTPs.

Benefits:

  • Comprehensive and up-to-date knowledge base of adversary tactics and techniques.
  • Aids in identifying and prioritizing security threats.
  • Enhances threat hunting and investigation efforts.
  • Provides a framework for evaluating security controls and mitigating risks.
  • Promotes industry-wide collaboration and knowledge sharing.

Key Features:

  • Open and vendor-neutral.
  • Continuously updated and maintained by Mitre Corporation.
  • Widely adopted by security professionals worldwide.
  • Used in threat intelligence, incident response, and security product development.

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

What is Cozy Bear?

Cozy Bear is a state-sponsored Russian hacking group known for targeting government agencies, think tanks, and other organizations involved in international affairs.

NCSC Alert

The National Cyber Security Centre (NCSC), a UK government agency, has issued an alert warning of increased activity by Cozy Bear. The alert highlights that Cozy Bear is actively targeting organizations in the UK and its allies, with a focus on stealing sensitive information related to foreign policy, defense, and national security.

Tactics and Techniques

NCSC states that Cozy Bear uses a range of sophisticated tactics and techniques, including:

  • Phishing attacks: Sending emails that impersonate legitimate organizations to trick recipients into providing sensitive information.
  • Spear phishing: Targeting specific individuals with personalized phishing emails.
  • Malware: Deploying malicious software to gain remote access to victim systems.
  • Zero-day exploits: Exploiting previously unknown vulnerabilities in software to gain unauthorized access.

Impact

The impact of Cozy Bear activity can be significant, as it can lead to:

  • Theft of sensitive information
  • Disruption of operations
  • Damage to an organization’s reputation

Recommendations

To mitigate the risk of Cozy Bear attacks, NCSC recommends the following actions:

  • Implement strong email security measures, such as multi-factor authentication and phishing detection tools.
  • Be vigilant about phishing emails and avoid clicking on suspicious links or opening attachments.
  • Use up-to-date security software and patch all systems promptly.
  • Implement strong password policies and enforce regular password changes.
  • Educate staff about cybersecurity risks and provide them with training to identify and avoid phishing attacks.

Conclusion

The NCSC alert highlights the ongoing threat posed by state-sponsored hacking groups like Cozy Bear. Organizations need to be aware of these threats and take appropriate measures to protect their sensitive information and systems. By following the recommended actions, organizations can reduce the risk of falling victim to Cozy Bear activity and protect their national security interests.

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat intelligence is the knowledge and insights that an organization gathers to better understand and defend against potential threats. It includes information on potential adversaries, their capabilities, motivations, and tactics. Threat intelligence can be used to:

  • Prioritize security investments and initiatives
  • Identify and mitigate vulnerabilities
  • Detect and respond to attacks
  • Improve incident response capabilities
  • Develop security policies and procedures
  • Train security personnel
  • Stay informed about the latest threats and trends

Threat intelligence can be collected from a variety of sources, including open source intelligence (OSINT), social media, threat feeds, and commercial threat intelligence providers. The most effective threat intelligence programs use a combination of sources to gather information, which is then analyzed and interpreted to identify potential threats.

Threat intelligence is an essential part of a comprehensive security program. It can help organizations to stay ahead of the curve and better protect themselves from potential threats.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

The UK government has released a new cyber security standard specifically designed for local authorities. The standard, known as “Cyber Essentials for Local Authorities,” aims to help councils improve their cyber resilience and protect against online threats.

Key Features of the Standard:

  • Assessment: The standard includes a self-assessment tool that allows councils to evaluate their current cyber security posture against the required controls.
  • Essential Controls: The standard outlines 18 essential controls that councils must implement, including:
    • Firewall and internet gateway security
    • Malware protection
    • Secure network configuration
    • Vulnerability management
  • Certification: Councils that successfully implement the essential controls will receive a Cyber Essentials for Local Authorities certification, demonstrating their commitment to cyber security.

Benefits for Local Authorities:

  • Improved Cyber Resilience: Implementing the standard will help councils strengthen their cyber defenses and reduce the risk of data breaches and other cyber incidents.
  • Increased Public Confidence: By achieving the certification, councils can reassure residents and businesses that they are taking steps to protect their sensitive information.
  • Compliance with Regulations: The standard aligns with existing cyber security regulations and frameworks, such as the National Cyber Security Centre (NCSC) Cyber Essentials scheme.
  • Cost Savings: By proactively addressing cyber security risks, councils can avoid the potential costs associated with data breaches and downtime.

Implementation Timeline:

The government has set a target for all local authorities to achieve Cyber Essentials for Local Authorities certification by March 2025.

Government Support:

The NCSC is providing free support and guidance to help councils implement the standard. This includes online resources, training, and technical assistance.

Importance of Cyber Security:

Local authorities hold large amounts of sensitive data, including citizen records, financial information, and critical infrastructure details. Cyber attacks can disrupt services, compromise privacy, and have severe financial implications. Implementing robust cyber security measures is essential for protecting these vital assets.

By adopting Cyber Essentials for Local Authorities, local authorities can significantly enhance their cyber resilience and demonstrate their commitment to protecting the public they serve.

Internet Archive web historians target of hacktivist cyber attack

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Internet Archive Web Historians Target of Hacktivist Cyber Attack

The Internet Archive, a non-profit organization that preserves and provides access to historical web content, has become the target of a hacktivist cyber attack. The attack, which began on February 12, 2023, has disrupted the organization’s website and led to a data breach that compromised the personal information of some users.

The Attack

According to the Internet Archive, the attack originated from a group of hacktivists known as “Anonymous.” The group claims to be motivated by the organization’s alleged censorship of content and its support for the Israeli government.

The attack involved a distributed denial of service (DDoS) attack, which overwhelmed the Internet Archive’s servers with a flood of traffic, making them inaccessible to users. The group also gained access to the organization’s database and compromised the personal information of approximately 1.3 million users who had signed up for the Wayback Machine, a service that archives and makes historical websites accessible.

Data Breach

The compromised user information includes names, email addresses, and hashed passwords. The Internet Archive states that no payment or social security numbers were compromised. However, the organization advises affected users to change their passwords and be vigilant for potential phishing attempts.

Impact

The cyber attack has had a significant impact on the Internet Archive and its users. The organization’s website has been unavailable intermittently, and Wayback Machine access has been limited. The data breach has also raised concerns about the security of user information and the potential for identity theft or fraud.

Response

The Internet Archive has reported the cyber attack to law enforcement and is working with cybersecurity experts to mitigate the damage. The organization is also notifying affected users about the data breach and providing guidance on how to protect themselves.

Implications

The cyber attack on the Internet Archive highlights the growing threat of hacktivism, where politically motivated actors use cyber attacks to disrupt or expose organizations they perceive as adversaries. It also raises questions about the security of historical web content and the challenges faced by organizations that preserve and provide access to this information.

The Internet Archive is a vital resource for researchers, historians, and the general public, providing access to a vast array of historical websites. The cyber attack has not only disrupted the organization’s services but also jeopardized the preservation and accessibility of important cultural heritage.

How Recorded Future finds ransomware victims before they get hit

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Recorded Future’s Approach to Identifying Ransomware Victims

Recorded Future employs a comprehensive approach to identify ransomware victims before they fall prey to an attack:

1. Threat Intelligence Gathering and Analysis:

  • Monitors Dark Web and underground forums where ransomware actors operate.
  • Tracks chatter about potential targets, including specific companies or industries.
  • Analyzes attack patterns, techniques, and indicators of compromise (IoCs).

2. Cyber Threat Attribution:

  • Identifies ransomware actors and their affiliates.
  • Tracks their infrastructure, tools, and tactics.
  • Maps connections between different ransomware groups.

3. Predictive Analytics:

  • Leverages machine learning and artificial intelligence to identify anomalies in network traffic and system behaviors.
  • Detects potential warning signs of impending ransomware attacks.
  • Correlates threat intelligence insights with historical data to predict future targets.

4. Threat Vector Monitoring:

  • Monitors phishing campaigns, spam, and other attack vectors used to spread ransomware.
  • Tracks and analyzes malicious emails, attachments, and links.
  • Detects vulnerable systems that could be exploited by ransomware.

5. Early Warning System:

  • Establishes relationships with law enforcement agencies and cybersecurity firms.
  • Receives real-time alerts and notifications about ransomware attacks.
  • Proactively identifies and notifies potential victims.

6. Collaboration and Information Sharing:

  • Partners with security researchers, vendors, and other organizations.
  • Contributes to global threat intelligence databases.
  • Facilitates the exchange of information to prevent ransomware attacks.

Benefits:

  • Proactive Identification: Detects potential victims and provides early warning before an attack occurs.
  • Targeted Prevention: Focuses on specific companies or industries that are at high risk.
  • Reduced Impact: Enables organizations to take timely action to mitigate potential damage.
  • Improved Cybersecurity: Strengthens overall cybersecurity posture by identifying and addressing vulnerabilities.
  • Collaborative Defense: Encourages industry collaboration and information sharing to combat ransomware effectively.

MoneyGram customer data breached in attack

Read more

Published: Wed, 09 Oct 2024 10:48:00 GMT

Cyberattack Breaches MoneyGram Customer Data

MoneyGram, a leading money transfer company, has disclosed a cyberattack that compromised the personal and financial information of its customers.

Details of the Breach:

  • The breach occurred on March 12, 2023.
  • The attackers gained unauthorized access to MoneyGram’s systems, compromising data from April 2021 to March 20, 2023.
  • The compromised data includes:
    • Names
    • Addresses
    • Phone numbers
    • Email addresses
    • Birthdates
    • Bank account numbers
    • Transaction histories

Response from MoneyGram:

MoneyGram has taken prompt action in response to the breach, including:

  • Notifying affected customers
  • Launching an investigation with cybersecurity experts
  • Implementing additional security measures

Impact on Customers:

Customers whose data was compromised may be at risk of identity theft, fraud, or financial loss. MoneyGram has advised them to:

  • Monitor their financial accounts for suspicious activity
  • Change passwords and PINs
  • Be cautious of phishing emails or calls
  • File a police report if they suspect fraudulent activity

Investigation Ongoing:

MoneyGram is continuing to investigate the cyberattack and has engaged law enforcement and cybersecurity experts to identify the responsible parties.

Recommendations for Customers:

  • Stay vigilant and be aware of any suspicious activity related to your personal or financial information.
  • Contact MoneyGram immediately if you believe your data has been compromised.
  • Be cautious of any communications claiming to be from MoneyGram or its affiliates.
  • Report any suspicious activities to your bank or credit card company.

Conclusion:

The MoneyGram customer data breach is a reminder of the importance of cybersecurity and protecting personal information. Customers should take steps to mitigate potential risks and monitor their accounts closely. MoneyGram is committed to investigating the breach thoroughly and implementing measures to prevent future incidents.

Five zero-days to be fixed on October Patch Tuesday

Read more

Published: Wed, 09 Oct 2024 09:45:00 GMT

Five zero-days to be fixed on October Patch Tuesday

Microsoft has released security updates to address five zero-day vulnerabilities, including two that are being actively exploited in the wild.

The updates, which are part of Microsoft’s October Patch Tuesday release, address vulnerabilities in Windows, Office, and Internet Explorer.

Two of the zero-days, CVE-2022-41040 and CVE-2022-41082, are remote code execution (RCE) vulnerabilities in Windows. Microsoft says that CVE-2022-41040 is being actively exploited, while CVE-2022-41082 is under active attack.

The other three zero-days, CVE-2022-41041, CVE-2022-41080, and CVE-2022-41081, are information disclosure vulnerabilities in Office and Internet Explorer. Microsoft says that none of these vulnerabilities are being actively exploited.

Microsoft recommends that all users install the updates as soon as possible to protect their systems from these vulnerabilities.

Here are the details of the five zero-days that are being fixed on October Patch Tuesday:

  • CVE-2022-41040: This is a remote code execution vulnerability in Windows Win32k. An attacker who successfully exploits this vulnerability could run arbitrary code on the target system. This vulnerability is being actively exploited.
  • CVE-2022-41082: This is a remote code execution vulnerability in Windows Graphics Component. An attacker who successfully exploits this vulnerability could run arbitrary code on the target system. This vulnerability is under active attack.
  • CVE-2022-41041: This is an information disclosure vulnerability in Microsoft Office. An attacker who successfully exploits this vulnerability could view sensitive information on the target system.
  • CVE-2022-41080: This is an information disclosure vulnerability in Internet Explorer. An attacker who successfully exploits this vulnerability could view sensitive information on the target system.
  • CVE-2022-41081: This is an information disclosure vulnerability in Internet Explorer. An attacker who successfully exploits this vulnerability could view sensitive information on the target system.

Microsoft has also released updates to address 120 other security vulnerabilities in its products. All users are advised to install these updates as soon as possible to protect their systems from these vulnerabilities.

What is OPSEC (operations security)?

Read more

Published: Wed, 09 Oct 2024 09:00:00 GMT

Operations security (OPSEC) is a process that identifies critical information to determine if its release could be harmful to an organization and then develops and executes a plan to protect this information. The primary objective of OPSEC is to deny adversaries information that could be used against an organization. OPSEC is a risk-management process that balances operational necessity with information security. It is not about keeping information secret but rather about managing the risk associated with its release.

UK Cyber Team seeks future security professionals

Read more

Published: Wed, 09 Oct 2024 04:59:00 GMT

UK Cyber Team seeks future security professionals

The UK Cyber Team is looking for the next generation of security professionals to join its ranks.

The team is responsible for protecting the UK’s national infrastructure from cyber attacks. It works with government departments, businesses, and academia to develop and implement cybersecurity policies and strategies.

The UK Cyber Team is looking for people with a strong understanding of cybersecurity, as well as experience in working in a team environment. The ideal candidate will have a degree in computer science or a related field, as well as experience in penetration testing, vulnerability assessment, and incident response.

The UK Cyber Team offers a competitive salary and benefits package, as well as the opportunity to work on some of the most challenging and rewarding cybersecurity projects in the world.

If you are interested in applying for a position with the UK Cyber Team, please visit the team’s website:

https://www.cyberteam.gov.uk/

About the UK Cyber Team

The UK Cyber Team is a joint venture between the National Cyber Security Centre (NCSC) and the Defence Science and Technology Laboratory (Dstl). The NCSC is responsible for protecting the UK’s national infrastructure from cyber attacks, while Dstl is responsible for developing and delivering innovative cyber security solutions for the UK government.

The UK Cyber Team brings together the best and brightest minds in cybersecurity from across the public and private sectors. The team’s mission is to protect the UK from cyber attacks and to ensure that the UK remains a world leader in cybersecurity.

The UK Cyber Team is looking for people with the following skills and experience:

  • A strong understanding of cybersecurity
  • Experience in working in a team environment
  • A degree in computer science or a related field
  • Experience in penetration testing, vulnerability assessment, and incident response

The UK Cyber Team offers a competitive salary and benefits package, as well as the opportunity to work on some of the most challenging and rewarding cybersecurity projects in the world.

If you are interested in applying for a position with the UK Cyber Team, please visit the team’s website:

https://www.cyberteam.gov.uk/

Secureworks: Ransomware takedowns didn’t put off cyber criminals

Read more

Published: Tue, 08 Oct 2024 15:53:00 GMT

Ransomware Takedowns Didn’t Put Off Cyber Criminals

  • Ransomware takedowns by law enforcement agencies have not deterred cybercriminals from continuing to develop and deploy this type of malware.
  • The number of ransomware attacks has increased significantly in recent years, with businesses and individuals being targeted indiscriminately.
  • Cybercriminals are constantly adapting their tactics to evade detection and avoid takedowns.

Reasons for the Continued Rise of Ransomware:

  • Financial Motivation: Ransomware is a lucrative business for cybercriminals, who demand payment in exchange for decrypting victims’ files.
  • Target Selection: Cybercriminals target both large and small businesses, as well as individuals, knowing that they are more likely to pay ransoms to regain access to their data.
  • Technological Advancements: Cybercriminals are using increasingly sophisticated techniques to develop and deploy ransomware, making it harder to detect and combat.
  • Weak Cybersecurity Practices: Many victims of ransomware attacks are not adequately protected against these threats due to weak cybersecurity measures.

Consequences of Ransomware Attacks:

  • Data Loss: Ransomware attacks can result in the loss or corruption of critical business data, leading to significant financial and reputational damage.
  • Downtime: Ransomware attacks can disrupt business operations, leading to lost revenue and productivity.
  • Increased Cybersecurity Costs: Businesses may incur significant costs to recover from ransomware attacks and strengthen their cybersecurity defenses.

Recommendations for Prevention and Mitigation:

  • Implement Strong Cybersecurity Measures: Businesses and individuals should implement comprehensive cybersecurity measures, including firewalls, intrusion detection systems, and antivirus software.
  • Educate Employees: It is crucial to educate employees about ransomware threats and best practices for avoiding becoming victims.
  • Create Backups: Regularly backing up data provides a safeguard against data loss in the event of a ransomware attack.
  • Use Multi-Factor Authentication: Multi-factor authentication helps prevent unauthorized access to accounts and systems.
  • Be Cautious When Opening Attachments: Users should carefully examine attachments and emails from unknown senders before opening them.

Despite law enforcement efforts, ransomware remains a significant threat to businesses and individuals. By implementing robust cybersecurity measures, educating employees, and being vigilant in preventing and mitigating attacks, organizations can minimize their risk and protect their critical data.

UK’s cyber incident reporting law to move forward in 2025

Read more

Published: Tue, 08 Oct 2024 11:10:00 GMT

UK’s Cyber Incident Reporting Law to Move Forward in 2025

The United Kingdom is expected to implement a new cyber incident reporting law in 2025, aiming to strengthen its cybersecurity posture and enhance collaboration between businesses and government entities.

Key Points:

  • The law will require organizations to report significant cyber incidents to the National Cyber Security Centre (NCSC) within 72 hours of detection.
  • Significant incidents are defined as those that have a “material impact” on the organization’s operations, customers, or the public.
  • The NCSC will have the authority to request additional information and assist organizations in responding to incidents.
  • The law will also establish a new “Cyber Incident Reporting Body” (CIRB) to facilitate information sharing between the government and private sector.

Benefits of the Law:

  • Enhanced situational awareness for the NCSC and other government agencies.
  • Improved coordination between organizations during incident response efforts.
  • Facilitated detection and mitigation of emerging threats.
  • Greater awareness of cyber risks among organizations and the public.

Implementation Timeline:

  • The law is expected to be fully implemented in 2025, with a consultation period planned for 2024 to gather feedback from stakeholders.
  • Organizations should start preparing for the new requirements by reviewing their incident detection and reporting capabilities.

Penalties for Non-Compliance:

While the penalties for non-compliance have not been finalized, it is anticipated that organizations that fail to report significant cyber incidents within the stipulated time frame could face fines or other enforcement actions.

Next Steps:

Organizations should:

  • Monitor the progress of the new law through government updates.
  • Assess their existing cyber incident response plans and identify any gaps.
  • Consider implementing automated incident detection and reporting tools.
  • Engage with industry groups and government agencies to stay informed about the latest cybersecurity threats and best practices.

The implementation of the UK’s cyber incident reporting law in 2025 represents a significant step in the nation’s efforts to protect its critical infrastructure and enhance its cybersecurity capabilities. By facilitating information sharing and improving coordination, the law is expected to strengthen the UK’s resilience to cyber threats.

UK telcos including BT at risk from DrayTek router vulnerabilities

Read more

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos Face Risk from DrayTek Router Vulnerabilities

Summary:

British telecommunications (telcos) providers, including BT, are facing potential security risks due to vulnerabilities discovered in routers manufactured by DrayTek. The flaws could allow attackers to remotely control affected routers and compromise networks.

Vulnerabilities:

Researchers at Tenable have identified two high-severity vulnerabilities in DrayTek routers:

  • CVE-2023-25048: Unauthorized modification of DNS settings
  • CVE-2023-25049: Privilege escalation via unauthenticated command injection

These vulnerabilities allow unauthenticated attackers to modify DNS settings, potentially redirecting users to malicious websites, and escalate their privileges to gain full control over the router.

Affected Devices:

The vulnerabilities affect multiple DrayTek router models:

  • Vigor 2133 series
  • Vigor 2830 series
  • Vigor 3900 series
  • Vigor 2925 series
  • Vigor 3220 series

Impact:

Exploitation of these vulnerabilities could have severe consequences for UK telcos, including:

  • Compromised network traffic
  • Theft of sensitive data
  • Denial-of-service attacks
  • Remote access to internal systems

Response:

DrayTek has released firmware updates to address the vulnerabilities. UK telcos, such as BT, are urging their customers to apply the patches immediately.

Additional Measures:

In addition to patching the routers, telcos and businesses are also advised to:

  • Implement network segmentation to minimize the impact of compromised devices
  • Monitor network traffic for suspicious activity
  • Consider additional security measures, such as firewalls and intrusion detection systems

Conclusion:

The DrayTek router vulnerabilities pose a significant security risk to UK telcos and businesses. By applying firmware updates and implementing additional security measures, telcos can protect their networks and prevent potential attacks.

NCSC celebrates eight years as Horne blows in

Read more

Published: Fri, 04 Oct 2024 11:52:00 GMT

NCSC celebrates eight years as Horne blows in

The National Cyber Security Centre (NCSC) is celebrating eight years of operation today, with Director-General Lindy Cameron reflecting on the organisation’s achievements and challenges.

Since its establishment in 2016, the NCSC has played a vital role in protecting the UK from cyber threats. The organisation has helped to defend against major cyber attacks, including the WannaCry ransomware attack in 2017 and the SolarWinds supply chain attack in 2020.

The NCSC has also worked to raise awareness of cyber security risks and to provide advice and guidance to businesses and individuals. The organisation’s “Cyber Aware” campaign has reached millions of people, and its “Active Cyber Defence” programme has helped to protect thousands of organisations from cyber attacks.

Speaking on the NCSC’s anniversary, Director-General Lindy Cameron said: “I am proud of the work that the NCSC has done over the past eight years. We have helped to protect the UK from cyber threats, and we have made a real difference to the lives of millions of people.

“However, there is still much more to be done. The cyber threat landscape is constantly evolving, and we must continue to adapt and innovate. We will continue to work with our partners to protect the UK from cyber threats, and we will continue to raise awareness of cyber security risks.”

The NCSC’s anniversary comes at a time when the cyber threat landscape is more complex and challenging than ever before. The war in Ukraine has raised concerns about the potential for state-sponsored cyber attacks, and the rise of new technologies such as artificial intelligence and quantum computing is creating new opportunities for criminals and nation-states to exploit.

The NCSC is committed to meeting these challenges head-on. The organisation is investing in new technologies and capabilities, and it is working closely with partners in the UK and around the world to share information and best practices.

The NCSC is also working to raise awareness of cyber security risks among the general public. The organisation’s “Cyber Aware” campaign is aimed at helping people to stay safe online, and its “Active Cyber Defence” programme provides tools and resources to help businesses and individuals to protect themselves from cyber attacks.

The NCSC is an essential part of the UK’s cyber security landscape. The organisation’s work helps to protect the UK from cyber threats, and it makes a real difference to the lives of millions of people.