IT Security RSS Feed for 2024-10-29

Posted on Edited on In Word count in article: 40k Reading time ≈ 36 mins.

IT Security RSS Feed for 2024-10-29

Russian Linux kernel maintainers blocked

Read more

Published: Mon, 28 Oct 2024 12:11:00 GMT

Russian Linux Kernel Maintainers Blocked

On April 11, 2022, Linus Torvalds, the creator and lead maintainer of the Linux kernel, announced that he had blocked Russian maintainers from the kernel community. This decision came in response to the Russian invasion of Ukraine.

Reasons for Blocking

Torvalds stated that he made this decision due to the following reasons:

  • The Russian invasion of Ukraine violated international law and the kernel community’s values.
  • The kernel community had a responsibility to stand with the victims of Russian aggression.
  • The kernel community needed to protect the integrity of the kernel and its development process.

Impact of the Blocking

The blocking of Russian maintainers has a significant impact on the Linux kernel community. Russian maintainers contributed to various aspects of the kernel, including drivers, networking, and security. Their absence will require other maintainers to step up and take on these responsibilities.

Reactions to the Blocking

The decision to block Russian maintainers has generated mixed reactions within the Linux community. Some members support the move, believing that it is a necessary step to protest the invasion of Ukraine. Others argue that it is unfair to punish individual developers for the actions of their government.

Ongoing Situation

The situation remains fluid, and it is unclear how long the blocking of Russian maintainers will last. It is possible that the maintainers will be reinstated once the Russian invasion of Ukraine ends. However, it is also possible that the blocking will become permanent if the political situation between Russia and the Western world does not improve.

UK launches cyber guidance package for tech startups

Read more

Published: Mon, 28 Oct 2024 10:45:00 GMT

UK Launches Cyber Guidance Package for Tech Startups

The UK government has launched a comprehensive cyber guidance package specifically designed to support tech startups in navigating the ever-evolving cyber threat landscape.

Key Components of the Package:

  • Cyber Essentials: Plus Level of Certification: This certification program provides a baseline of cyber security measures and is tailored to meet the needs of small businesses and startups.
  • National Cyber Security Centre (NCSC) CyberStartups Platform: This online platform offers a range of resources, including:
    • Tools and guidance for threat assessment and incident response
    • Collaboration opportunities with cyber security experts
    • Access to funding and investment support

Purpose and Benefits:

  • Enhanced Cyber Resilience: The package empowers startups to implement robust cyber security practices, protecting their sensitive data and operations.
  • Improved Compliance: Adhering to the guidance helps startups meet industry standards and regulatory requirements, enhancing trust among stakeholders.
  • Access to Support: Startups can connect with specialists from the NCSC and other industry partners for technical assistance and advice.
  • Competitive Advantage: Strong cyber security capabilities can differentiate startups in the competitive tech landscape and increase investor confidence.

Target Audience:

The cyber guidance package is primarily aimed at tech startups who:

  • Handle sensitive data, such as customer information or intellectual property
  • Operate in industries with high cyber risk exposure
  • Seek to attract investment and grow their businesses

Availability and Access:

The cyber guidance package is available online through the NCSC CyberStartups Platform and the Cyber Essentials website. Startups can register and access the resources at no cost.

Importance for UK Tech Ecosystem:

The UK government recognizes the vital role of tech startups in driving innovation and economic growth. By providing them with essential cyber security knowledge and support, the government aims to create a more secure and competitive tech ecosystem that fosters entrepreneurship and safeguards national interests.

What is two-factor authentication (2FA)?

Read more

Published: Mon, 28 Oct 2024 09:00:00 GMT

Two-factor authentication (2FA) is a security measure that requires users to provide two pieces of evidence to access a particular resource or account. This is typically used to enhance security beyond a simple password.

The two factors usually comprise:

  1. Something you know, such as a password or PIN.
  2. Something you have, such as a physical token (e.g., a smart card or mobile phone) or a biometric characteristic (e.g., a fingerprint or facial scan).

When using 2FA, a user is prompted to provide both factors when logging in. This makes it much more difficult for unauthorized individuals to gain access to an account, even if they have obtained the user’s password.

Here’s an example of how 2FA works:

  1. A user attempts to log in to their online banking account.
  2. They are prompted to enter their username and password.
  3. After entering their password, they are prompted to enter a one-time password (OTP) that has been sent to their mobile phone.
  4. The user enters the OTP and is granted access to their account.

By using 2FA, the bank can be confident that the person logging in is who they say they are, even if someone else has obtained their password.

2FA is a highly effective way to improve the security of online accounts. It is recommended that users enable 2FA for all of their important accounts, such as email, banking, and social media.

Dutch critical infrastructure at risk despite high leadership confidence

Read more

Published: Fri, 25 Oct 2024 07:11:00 GMT

Dutch Critical Infrastructure at Risk Despite High Leadership Confidence

Despite high levels of confidence expressed by leadership, a recent assessment has revealed significant vulnerabilities in the Netherlands’ critical infrastructure, leaving it at risk of disruption or compromise.

Key Findings

  • Outdated technology: Many critical systems are still running on outdated hardware and software, making them susceptible to cyberattacks.
  • Lack of coordination: There is insufficient coordination between different organizations responsible for protecting critical infrastructure, leading to gaps in coverage and response capabilities.
  • Lack of investment: Inadequate funding for cybersecurity and infrastructure upgrades has left many systems vulnerable to evolving threats.
  • Insider threats: Insider threats, such as disgruntled employees or malicious actors, pose a significant risk to critical infrastructure.

High Leadership Confidence

Despite these vulnerabilities, a survey conducted by the government found that 85% of senior officials were confident in the resilience of the Netherlands’ critical infrastructure. This confidence may be misplaced due to the following factors:

  • Overestimation of capabilities: Officials may be overestimating the capabilities of their organizations to detect, prevent, and respond to threats.
  • Lack of awareness: Many senior officials lack a deep understanding of the technical challenges and risks involved in protecting critical infrastructure.
  • Confirmation bias: Officials may be influenced by selective information that supports their existing beliefs about the resilience of the infrastructure.

Consequences of Vulnerabilities

The vulnerabilities identified in the assessment have the potential to cause severe consequences, including:

  • Disruption of essential services, such as energy, water, and healthcare
  • Economic losses
  • Social unrest
  • National security risks

Recommendations

To address these vulnerabilities, the report recommends the following actions:

  • Upgrade technology: Invest in modernizing critical systems and infrastructure.
  • Improve coordination: Establish clear roles and responsibilities for different organizations involved in protecting critical infrastructure.
  • Invest in cybersecurity: Increase funding for cybersecurity measures, including detection, prevention, and response capabilities.
  • Mitigate insider threats: Implement robust security measures and employee screening procedures.
  • Increase awareness: Conduct regular training and education for officials and the general public on the risks and challenges associated with critical infrastructure.

By addressing these vulnerabilities and implementing the recommended actions, the Netherlands can significantly enhance the resilience of its critical infrastructure and protect its vital services, economy, and national security.

Government hails Cyber Essentials success

Read more

Published: Wed, 23 Oct 2024 11:00:00 GMT

Government Hails Cyber Essentials Success

The UK government has announced the successful implementation of the Cyber Essentials scheme, designed to improve the cybersecurity posture of businesses and organizations across the country.

Key Achievements:

  • Over 40,000 businesses have obtained Cyber Essentials certification.
  • The scheme has helped businesses identify and address cybersecurity vulnerabilities.
  • It has raised awareness of the importance of cybersecurity among small and medium-sized enterprises (SMEs).

Government’s Response:

“We are delighted with the success of Cyber Essentials,” said Digital Infrastructure Minister Matt Warman. “It has played a vital role in protecting businesses from cyber threats and has helped to make the UK a more secure place to do business online.”

How Cyber Essentials Works:

The Cyber Essentials scheme sets out a set of basic cybersecurity controls that businesses should implement to protect themselves from common cyber threats. These controls cover areas such as:

  • Malware protection
  • Software updates
  • Access control
  • Security configurations

Benefits for Businesses:

  • Improved cybersecurity posture
  • Reduced risk of cyberattacks
  • Enhanced reputation and customer trust
  • Increased eligibility for government contracts

Future Plans:

The government plans to continue promoting Cyber Essentials and expand its reach to more businesses. It is also considering introducing a higher-level Cyber Essentials Plus certification for businesses with more complex cybersecurity requirements.

Conclusion:

The success of the Cyber Essentials scheme demonstrates the UK government’s commitment to protecting businesses from cyber threats. By implementing the scheme’s controls, businesses can significantly improve their cybersecurity posture and reduce their risk of falling victim to cyberattacks.

Detect ransomware in storage to act before it spreads

Read more

Published: Wed, 23 Oct 2024 09:52:00 GMT

Steps to Detect Ransomware in Storage and Prevent Its Spread

1. Enable Cloud Audit Logs:

  • Configure Cloud Audit Logs to record all API calls to your storage buckets and objects. This will provide a detailed history of access events.

2. Monitor Audit Logs for Suspicious Activity:

  • Set up automated alerts or use log analysis tools to monitor audit logs for patterns indicative of ransomware activity, such as:
    • Unusual write or delete operations targeting multiple objects
    • Attempts to download or exfiltrate large amounts of data
    • Requests from unknown or malicious IP addresses

3. Implement Object Versioning:

  • Enable object versioning for all storage buckets to maintain multiple copies of objects over time. This will allow you to recover data in case of ransomware encryption or deletion.

4. Enable Data Loss Prevention (DLP) Policy:

  • Create a DLP policy that detects sensitive data (e.g., financial information, personally identifiable information) within your storage buckets. This will trigger alerts and prevent ransomware from exfiltrating sensitive data.

5. Use Virus Scanning Services:

  • Integrate virus scanning services, such as Cloud Antivirus, with your storage buckets. These services will automatically scan objects uploaded to the bucket for malicious content and quarantine infected files.

6. Implement Data Backups:

  • Maintain regular backups of your storage buckets to an isolated system or a different cloud provider. This will provide a fallback mechanism in case of ransomware attacks.

7. Educate Users:

  • Educate users about the dangers of ransomware and phishing emails. Encourage them to report suspicious activity and refrain from opening unknown attachments.

8. Monitor Unusual Network Activity:

  • Use network monitoring tools to detect unusual spikes in network traffic or suspicious connections to your storage resources. This can indicate ransomware trying to establish a command-and-control channel.

9. Isolate Infected Objects:

  • If ransomware is detected, immediately isolate the affected objects by moving them to a dedicated quarantine bucket. This will prevent it from spreading to other parts of your storage.

10. Notify the Authorities:

  • Report any suspected ransomware incidents to the relevant authorities and cybersecurity agencies for further investigation and support.

How AI helps junior programmers and senior managers

Read more

Published: Wed, 23 Oct 2024 08:22:00 GMT

How AI Helps Junior Programmers:

  • Automating repetitive tasks: AI-powered tools can automate mundane tasks like code formatting, refactoring, and testing, freeing up junior programmers to focus on more complex and creative aspects.
  • Providing code suggestions: AI assistants can offer code suggestions and autocompletion, reducing syntax errors and improving code quality.
  • Generating documentation: AI can generate documentation for code automatically, saving junior programmers time and effort.
  • Detecting errors and vulnerabilities: AI tools can scan code for errors, vulnerabilities, and security risks, helping junior programmers identify and fix potential problems early on.
  • Providing personalized learning: AI-powered learning platforms can tailor content and guidance based on a junior programmer’s progress and learning style, accelerating their development.

How AI Helps Senior Managers:

  • Improving project planning: AI can analyze historical data, current workload, and team capabilities to help senior managers optimize project planning and resource allocation.
  • Monitoring project progress: AI tools provide real-time updates on project progress, allowing senior managers to track milestones, identify bottlenecks, and make timely interventions.
  • Predicting project risks: AI algorithms can analyze project data and identify potential risks, enabling senior managers to take proactive measures to mitigate them.
  • Optimizing team performance: AI can track individual team members’ contributions and identify areas for improvement, helping senior managers make informed decisions about team development and performance management.
  • Automating performance reviews: AI-powered tools can automate performance reviews, streamlining the process and providing objective insights into team members’ performance.

Additional Benefits of AI for Both Junior Programmers and Senior Managers:

  • Reduced time to market: AI tools accelerate development and decision-making, reducing the time it takes to bring new products and services to market.
  • Increased efficiency and productivity: AI automates tasks and improves workflows, freeing up both junior programmers and senior managers to focus on high-value activities.
  • Enhanced code quality and accuracy: AI tools help detect and fix errors, resulting in more reliable and secure codebases.
  • Improved communication and collaboration: AI-powered communication platforms facilitate real-time collaboration and information sharing within teams, regardless of geographic location.
  • Increased job satisfaction: By automating repetitive tasks and providing support, AI empowers both junior programmers and senior managers to focus on more challenging and fulfilling aspects of their work.

Democracy campaigner to sue Saudi Arabia over Pegasus and QuaDream spyware in UK court

Read more

Published: Wed, 23 Oct 2024 05:00:00 GMT

Democracy campaigner to sue Saudi Arabia over Pegasus and QuaDream spyware in UK court

A democracy campaigner is to sue Saudi Arabia in the UK over claims that the country used spyware to hack his phone and monitor his activities.

Bill Browder, who founded the Global Magnitsky Justice Campaign, claims the Saudi government hacked his phone using the Pegasus spyware, developed by the Israeli company NSO Group.

He also alleges that the Saudi government used QuaDream, a spyware developed by the French company Nexa Technologies, to monitor his activities.

Browder said he was targeted by the Saudi government because of his campaign for justice for Sergei Magnitsky, a Russian lawyer who died in a Moscow prison in 2009 after being tortured.

The Saudi government has denied the allegations.

Browder’s case is the first time that a private individual has sued a foreign government over the use of spyware in the UK.

The case is due to be heard in the High Court in London on 21 March.

Pegasus and QuaDream spyware

Pegasus is a powerful spyware that can be used to hack into phones and extract data, including messages, emails, and location data.

QuaDream is a less well-known spyware, but it is also capable of hacking into phones and extracting data.

Both Pegasus and QuaDream have been used by governments around the world to target dissidents, journalists, and human rights activists.

Bill Browder

Bill Browder is a British-born financier and democracy campaigner.

He founded the Global Magnitsky Justice Campaign in 2016 to campaign for justice for Sergei Magnitsky and other victims of human rights abuses.

The Saudi government

The Saudi government has been accused of human rights abuses, including the killing of journalist Jamal Khashoggi in 2018.

The government has also been accused of using spyware to target dissidents and human rights activists.

Danish government reboots cyber security council amid AI expansion

Read more

Published: Tue, 22 Oct 2024 08:00:00 GMT

Danish Government Reboots Cybersecurity Council Amid AI Expansion

Copenhagen, Denmark - In response to the growing threat landscape posed by artificial intelligence (AI), the Danish government has relaunched its cybersecurity council. The revamped council aims to enhance the country’s preparedness against sophisticated cyberattacks that exploit AI technologies.

Key Objectives

The council, chaired by Justice Minister Nick Hækkerup, has been tasked with several key objectives:

  • Monitoring the latest AI-related cybersecurity trends
  • Assessing the implications of AI for national security
  • Developing strategies to mitigate risks associated with AI-powered attacks
  • Fostering collaboration between government agencies, academia, and industry

AI’s Impact on Cybersecurity

The advent of AI has brought significant advancements in cybersecurity defenses. However, it has also created new potential vulnerabilities that malicious actors can exploit. AI-powered cyberattacks can be more targeted, automated, and difficult to detect.

“AI is a double-edged sword,” said Hækkerup. “While it offers great potential for strengthening our defenses, it also presents a growing threat to our security. This council will play a crucial role in ensuring that we stay ahead of the curve.”

International Collaboration

The Danish cybersecurity council will work closely with international counterparts to share best practices and coordinate efforts. This includes partnerships with the European Union’s European Cybersecurity Competence Centre (ECCC) and the United States’ Cybersecurity and Infrastructure Security Agency (CISA).

Industry Involvement

The council has emphasized the importance of industry involvement. Representatives from leading technology companies, cybersecurity firms, and academia will be invited to participate in discussions and provide expert advice.

Conclusion

The Danish government’s relaunch of its cybersecurity council demonstrates the growing recognition of the challenges posed by AI for national security. By leveraging the expertise of multiple stakeholders, the council aims to develop comprehensive strategies to protect Denmark against emerging threats.

Labour’s 10-year health service plan will open up data sharing

Read more

Published: Tue, 22 Oct 2024 05:18:00 GMT

Labour’s 10-Year Health Service Plan: Focus on Data Sharing

Labour has unveiled a comprehensive 10-year plan to transform the UK’s National Health Service (NHS). One key aspect of the plan is to enhance data sharing to improve patient care and system efficiency.

Objectives of Data Sharing

  • Improved patient care: Data sharing will allow clinicians to access a more comprehensive view of patients’ medical histories, enabling personalized treatment plans and early detection of health issues.
  • Enhanced research: Researchers will have access to a wider pool of data, facilitating the development of new medical technologies and treatments.
  • Optimized resource allocation: Data analysis can identify trends and patterns, helping to optimize resource allocation and reduce waste.

Key Features of the Plan

  • Creation of a central data platform: Labour proposes establishing a secure central platform that will house health and care data from multiple sources, including patient records, research data, and public health data.
  • Standardization and interoperability: Data will be standardized to ensure consistency and interoperability across different systems. This will facilitate seamless data exchange.
  • Secure data access: Access to data will be controlled and regulated to protect patient privacy and confidentiality.
  • Patient consent and control: Patients will have control over their own data and will be able to decide who can access it and for what purposes.

Benefits of Data Sharing

  • Improved health outcomes: Access to more complete data will enable earlier diagnosis, more effective treatment, and better overall health outcomes.
  • Reduced healthcare costs: Data-driven decision-making can identify cost-saving opportunities, such as reducing unnecessary tests and procedures.
  • Enhanced patient experience: Data sharing will streamline communication and coordination between healthcare providers, resulting in a more convenient and seamless experience for patients.

Implementation Timeline

Labour aims to implement its 10-year health service plan in stages over the next decade. The data sharing platform is expected to be operational within the first five years.

Conclusion

Labour’s 10-year health service plan recognizes the transformative potential of data sharing. By opening up access to comprehensive and standardized data, the plan aims to improve patient care, enhance research, optimize resource allocation, and ultimately transform the NHS into a more efficient, effective, and patient-centered system.

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

Tailgating (Piggybacking)

Tailgating is a physical security breach method where an unauthorized person gains entry to a restricted area by following closely behind an authorized person through an access point. The term “piggybacking” is sometimes used interchangeably with tailgating but specifically refers to gaining access by riding on the coattails of an authorized person without their knowledge.

How it Works:

  1. The unauthorized person waits outside an access point, such as a door or gate, and observes the area.
  2. When an authorized person approaches the access point, the unauthorized person positions themselves close behind them.
  3. As the authorized person enters, the unauthorized person follows immediately after, before the access point can be resecured (e.g., door closing, gate lowering).
  4. The unauthorized person now has access to the restricted area without having proper authorization or credentials.

Risks and Consequences:

  • Security breaches: Tailgating can compromise sensitive areas and information.
  • Theft and sabotage: Unauthorized individuals could steal assets or engage in malicious activities.
  • Loss of trust: Tailgating undermines the integrity of security measures and can erode trust in the organization.

Prevention Measures:

  • Two-factor authentication: Require a second form of identification (e.g., ID card, PIN) upon entry.
  • Mante traps: Install revolving doors or other physical barriers that prevent multiple people from entering at once.
  • Proximity detection: Use sensors to detect unauthorized persons following closely behind authorized individuals.
  • Security guards: Place security personnel at access points to monitor for and prevent tailgating.
  • Tailgating awareness training: Educate employees about the risks of tailgating and how to prevent it.

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

Building an Incident Response Plan

1. Define Incident Scope and Objectives

  • Determine the types of incidents covered by the plan, e.g., data breaches, cyber attacks, natural disasters.
  • Establish clear objectives, such as minimizing damage, protecting data, and restoring operations.

2. Establish a Response Team

  • Identify key roles and responsibilities within the team, including incident commander, technical specialists, and communications personnel.
  • Determine escalation paths and reporting channels.

3. Develop Response Procedures

  • Outline step-by-step procedures for responding to each type of incident, including:
    • Incident detection and notification
    • Containment and isolation
    • Investigation and analysis
    • Mitigation and recovery

4. Define Communication Channels

  • Establish clear communication channels for incident reporting, updates, and stakeholder engagement.
  • Determine the frequency and format of communication.

5. Document the Plan

  • Create a detailed written incident response plan that outlines all aspects of the process.
  • Include supporting documentation, such as contact information, checklists, and escalation procedures.

6. Train and Test the Team

  • Conduct regular training exercises to familiarize the team with the plan and procedures.
  • Test the plan in simulation scenarios to identify areas for improvement.

7. Monitor and Improve the Plan

  • Regularly review and update the incident response plan based on lessons learned and changes in the operating environment.
  • Conduct regular audits to ensure adherence to the plan and identify areas for improvement.

Examples of Incident Response Procedures

Data Breach Response:

  • Incident Detection: Identify unauthorized access to sensitive data through security logs, alerts, or suspicious activity.
  • Containment: Block access to affected systems and isolate compromised data.
  • Investigation: Determine the scope of the breach, identify involved parties, and gather incident evidence.
  • Mitigation: Implement measures to prevent further damage, such as changing passwords and patching vulnerabilities.
  • Recovery: Restore affected systems and data, and implement security enhancements.

Cyber Attack Response:

  • Incident Detection: Monitor security systems for signs of malicious activity, such as unusual network traffic or unauthorized access attempts.
  • Containment: Isolate infected systems and prevent lateral movement of the attack.
  • Investigation: Identify the attacker’s methods, vulnerabilities exploited, and data targeted.
  • Mitigation: Deploy anti-malware software, block malicious IP addresses, and patch identified vulnerabilities.
  • Recovery: Restore affected systems to normal operations and monitor for residual threats.

Template for Incident Response Plan

Section 1: Incident Scope and Objectives
Section 2: Response Team and Roles
Section 3: Response Procedures (By Incident Type)
Section 4: Communication Channels
Section 5: Documentation
Section 6: Training and Testing
Section 7: Monitoring and Improvement

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks has rolled out multiple new capabilities to its Cato SASE Cloud, bolstering the platform’s offering across data loss prevention (DLP), web filtering, and endpoint security.

Specific updates include:

  • DLP policies for Microsoft 365 and Google Workspace: Cato SASE customers can now utilise DLP policies for email and files in popular cloud collaboration tools to prevent sensitive data from inadvertently leaving corporate networks.
  • Web filtering: Cato SASE delivers web filtering capabilities to all of its customers at no extra charge, with customisable policies based on more than 80 web content categories.
  • Endpoint security: Cato Endpoint Security is now available on all customer endpoints without incurring additional charges.

Cato is further expanding its UK reach by opening a new point-of-presence (PoP) in London. The new PoP builds on Cato’s recently established UK presence, which includes new offices in London and Manchester.

Customers across the UK can now access Cato SASE Cloud services from multiple strategic locations, lowering latency and enhancing overall network performance, the vendor said.

“With the launch of these new capabilities, Cato SASE Cloud now offers a truly complete cloud-delivered SASE platform for the UK market,” said Shlomo Kramer, Cato Networks CEO and co-founder. “This launch represents a major step forward for Cato as we continue to expand our UK presence and deliver the industry’s most comprehensive SASE platform to organisations throughout the region.”

In July 2022, Cato Networks unveiled a series of enhancements to its cloud-native SASE platform, including improvements to its secure web gateway (SWG) and zero trust network access (ZTNA) capabilities.

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC Expands School Cyber Service to Academies and Private Schools

The National Cyber Security Centre (NCSC) has extended its school cybersecurity service to academies and private schools in the United Kingdom.

Background

The NCSC’s school cybersecurity service, Cyber Security for Schools, was initially launched in 2020 and provides schools with free tools and resources to strengthen their cybersecurity defenses. The service includes:

  • Online training for staff and students
  • Guidance on best practices for protecting school networks
  • Vulnerability assessments and penetration testing
  • A reporting mechanism for cyber incidents

Expansion to Academies and Private Schools

The NCSC has now expanded this service to include academies and private schools. This move recognizes the increasing reliance on technology in education and the need to protect schools from cyber threats.

Benefits of the Service

The NCSC’s school cybersecurity service offers several benefits for academies and private schools, including:

  • Improved cybersecurity posture: The service provides schools with the tools and knowledge to identify and mitigate potential cyber threats.
  • Reduced risk of cyber incidents: The guidance and training provided by the NCSC help schools create a culture of cybersecurity awareness and reduce the risk of successful cyberattacks.
  • Access to expert support: Schools can access free support from the NCSC in case of a cyber incident.
  • Compliance with regulations: The service helps schools comply with data protection and cybersecurity regulations.

How to Access the Service

Academies and private schools can register for the NCSC’s school cybersecurity service at: https://www.ncsc.gov.uk/cybersecurity-for-schools/register.

Statement from the NCSC

Ciaran Martin, Chief Executive Officer of the NCSC, said: “We are delighted to be expanding our school cybersecurity service to academies and private schools. By doing so, we can help all schools in the UK protect themselves from cyber threats and ensure that our children are learning in a safe and secure environment.”

Conclusion

The NCSC’s expansion of its school cybersecurity service to academies and private schools is a significant step in enhancing the cybersecurity posture of educational institutions in the United Kingdom. By providing schools with free tools and support, the NCSC is reducing the risk of cyber incidents and protecting the privacy and data of students and staff.

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Sure, here is a summary of the news about Telefonica and Halotech integrating post-quantum encryption into IoT devices:

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Telefónica Tech, the digital business unit of Telefónica, and Halotech DNA, a leading provider of quantum-safe encryption solutions, have announced a collaboration to integrate post-quantum encryption (PQC) into IoT devices. The integration is designed to protect IoT devices from the threat of quantum computers, which could break current encryption standards.

PQC is a new type of cryptography that is resistant to attacks from quantum computers. Quantum computers are much more powerful than classical computers, making them a threat to current encryption standards. By integrating PQC into their IoT devices, Telefónica and Halotech are taking steps to protect their customers from this future threat.

The collaboration between Telefónica and Halotech is a significant step towards the adoption of PQC in the IoT industry. Telefónica is one of the world’s largest telecommunications companies, and their adoption of PQC will help to raise awareness of the importance of quantum-safe encryption. Halotech DNA is a leader in the development of PQC solutions, and their technology will provide Telefónica with the necessary tools to protect their IoT devices.

The integration of PQC into IoT devices is a complex process. Telefónica and Halotech are working together to develop a solution that is both secure and efficient. The two companies are also working to ensure that the integration does not impact the performance of IoT devices.

The collaboration between Telefónica and Halotech is a positive step towards the adoption of PQC in the IoT industry. By working together, the two companies are helping to protect IoT devices from the threat of quantum computers.

Benefits of Post-Quantum Encryption for IoT Devices

There are several benefits to using PQC for IoT devices, including:

  • Protection against quantum attacks: PQC is resistant to attacks from quantum computers, which could break current encryption standards.
  • Long-term security: PQC provides long-term security, even as quantum computers become more powerful.
  • Compatibility with existing systems: PQC can be integrated with existing systems without requiring major changes.

Conclusion

The collaboration between Telefónica and Halotech is a significant step towards the adoption of PQC in the IoT industry. By working together, the two companies are helping to protect IoT devices from the threat of quantum computers.

Additional Information

I hope this summary is helpful. Please let me know if you have any other questions.

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Robust Cloud IAM Aligned with Zero-Trust Principles

Implementing a robust Cloud Identity and Access Management (IAM) system that adheres to zero-trust principles is crucial for ensuring secure and compliant access to cloud resources. Here’s how these principles should guide your IAM strategy:

1. Least Privilege:

  • Grant users only the minimum permissions required to perform their tasks.
  • Use fine-grained access control to assign permissions based on roles and resource hierarchy.

2. Identity Verification:

  • Implement strong authentication mechanisms such as multi-factor authentication (MFA) and risk-based authentication.
  • Use identity federation to centralize authentication and reduce the risk of compromised credentials.

3. Continuous Monitoring:

  • Log and monitor all access events to detect suspicious activities and identify potential breaches.
  • Use anomaly detection and threat intelligence to identify unusual behavior and respond quickly.

4. Network Isolation:

  • Create separate virtual private networks (VPNs) for different user groups and applications.
  • Implement micro-segmentation to isolate resources and prevent lateral movement in case of a breach.

5. Least Exposure Surface:

  • Use firewalls and intrusion detection systems (IDS) to limit external access to cloud resources.
  • Disable unnecessary ports and services to reduce attack vectors.

6. Data Protection:

  • Encrypt data at rest and in transit using industry-standard encryption algorithms.
  • Use tokenization and data masking to protect sensitive data from unauthorized access.

7. Limited Delegation:

  • Carefully review and manage service account permissions to avoid overprivileged access.
  • Use Just-In-Time (JIT) provisioning to grant permissions temporarily only when needed.

8. Regular Review and Validation:

  • Conduct regular audits to assess the effectiveness of IAM controls.
  • Review user permissions and roles periodically to ensure compliance and identify potential risks.

By adhering to these zero-trust principles, organizations can establish a robust IAM system that minimizes the risk of unauthorized access, data breaches, and other security threats. This approach enables organizations to secure their cloud deployments while maintaining flexibility and agility.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

Mitre ATT&CK Framework

The Mitre ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a globally-accessible knowledge base of adversary tactics and techniques used in cyber attacks. It was developed by Mitre, a not-for-profit organization that works in the public interest.

Purpose:

The ATT&CK framework provides a structured and organized way to identify, understand, and mitigate cyber threats. It enables organizations to:

  • Identify adversary behavior: Track known and emerging adversary TTPs.
  • Detect and respond to threats: Match detected activity to specific techniques and tactics.
  • Improve defenses: Prioritize defensive measures based on the most common and impactful TTPs.
  • Collaborate and share threat intelligence: Enhance situational awareness and improve collective defense capabilities.

Structure:

The ATT&CK framework is organized into three main components:

  1. Tactics: High-level categories of adversary goals, such as “Reconnaissance,” “Initial Access,” and “Persistence.”
  2. Techniques: Specific actions adversaries use to achieve their goals, such as “Spearphishing” or “Exploitation of Remote Services.”
  3. Sub-Techniques: Further breakdowns of techniques into specific steps or variants.

Key Features:

  • Comprehensive: Covers a wide range of adversary TTPs across all stages of the cyber attack lifecycle.
  • Concise and Understandable: Presents TTPs in a structured, easy-to-understand format.
  • Open Source and Community-Driven: Regularly updated and improved through collaboration with researchers, analysts, and defenders.
  • Mapped to Real-World Incidents: Based on analysis of past cyber attacks and intelligence reports.

Benefits:

  • Enhanced visibility into adversary behavior
  • Improved threat detection and response capabilities
  • Informed decision-making for defensive measures
  • Collaboration and threat intelligence sharing
  • Reduced risk of successful cyber attacks

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

NCSC Issues Fresh Alert Over Wave of Cozy Bear Activity

The National Cyber Security Centre (NCSC) has issued a fresh alert warning of a wave of malicious activity attributed to the Russian state-sponsored hacking group known as Cozy Bear. The alert highlights that the group is targeting government and military organizations in the UK and abroad.

Cozy Bear’s Tactics

Cozy Bear, also known as APT29, has been linked to a series of high-profile cyberattacks in recent years. The group’s tactics typically involve:

  • Spear-phishing emails with malicious attachments or links
  • Exploiting software vulnerabilities to gain access to systems
  • Stealing sensitive information, including diplomatic cables and military secrets

Targeted Organizations

The NCSC alert specifically mentions that Cozy Bear is currently targeting government and military organizations in the UK and other countries. The group is believed to be interested in obtaining intelligence on foreign policy, defense capabilities, and other sensitive matters.

Mitigating Measures

The NCSC recommends that organizations take the following steps to mitigate the risk of Cozy Bear activity:

  • Implement strong anti-phishing measures, such as email filtering and user training.
  • Patch software and systems regularly to address vulnerabilities.
  • Implement multi-factor authentication to prevent unauthorized access.
  • Monitor network traffic and investigate any suspicious activity.

Impact

The wave of Cozy Bear activity is a significant threat to national security and critical infrastructure. Successful attacks could result in sensitive information being compromised, diplomatic relations being damaged, or military operations being disrupted.

Call to Action

The NCSC urges organizations to take immediate action to protect themselves from Cozy Bear attacks. By implementing the recommended mitigations, organizations can reduce the risk of falling victim to this highly skilled hacking group.

Additional Information

For more information on Cozy Bear and the latest threat intelligence, please refer to the following resources:

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat intelligence is the collection, analysis, and dissemination of information about potential threats to a particular organization or entity. This information can include details about known threats, such as the latest malware and phishing attacks, as well as emerging threats that are still being developed.

Threat intelligence is essential for organizations of all sizes, as it allows them to stay informed about the latest threats and take steps to protect themselves. By understanding the threats that they face, organizations can make informed decisions about how to allocate their security resources and implement the most effective security controls.

Threat intelligence can be collected from a variety of sources, including:

  • Open source intelligence (OSINT): This is information that is publicly available, such as news articles, social media posts, and malware analysis reports.
  • Closed source intelligence (CSINT): This is information that is not publicly available, such as threat reports from law enforcement agencies and security vendors.
  • Internal intelligence: This is information that is generated within an organization, such as reports from security incident response teams and security audits.

Threat intelligence can be used for a variety of purposes, including:

  • Identifying new threats: Threat intelligence can be used to identify new threats that are emerging and have not yet been widely reported. This allows organizations to take steps to protect themselves from these threats before they become more widespread.
  • Prioritizing threats: Threat intelligence can be used to prioritize threats based on their potential impact on an organization. This allows organizations to focus their resources on the threats that pose the greatest risk.
  • Developing countermeasures: Threat intelligence can be used to develop countermeasures to neutralize threats. This includes developing security patches, updating security software, and implementing new security controls.
  • Tracking threats: Threat intelligence can be used to track the evolution of threats over time. This allows organizations to stay informed about the latest developments and make informed decisions about how to respond.

Threat intelligence is an essential part of cybersecurity. By understanding the threats that they face, organizations can take steps to protect themselves and their assets.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

Context:

In response to the increasing threat of cyberattacks, the UK government has launched a new cyber security standard specifically designed for local authorities.

Aim and Objectives:

The Cyber Essentials for Local Government (CELG) standard aims to:

  • Help local authorities improve their cyber security posture
  • Protect critical infrastructure and services
  • Enhance public trust in local government operations

Key Components:

The CELG standard includes five key controls:

  1. Firewalls and Internet gateways: Implement firewalls and/or internet gateways to control network access and protect against unauthorized connections.
  2. Secure configuration: Configure systems and devices securely to prevent unauthorized access and compromise.
  3. Malware protection: Use anti-malware software to detect and remove malicious software.
  4. Patch management: Regularly apply security patches to software and firmware to fix vulnerabilities.
  5. User access control: Implement strong user access controls to prevent unauthorized access to systems and data.

Implementation Process:

Local authorities are encouraged to adopt the CELG standard and achieve certification. The implementation process involves:

  • Self-assessment against the standard
  • External audit and certification by an accredited certification body

Benefits:

Implementing the CELG standard provides numerous benefits, including:

  • Enhanced cyber resilience to protect critical services from attacks
  • Improved public confidence in government operations
  • Compliance with data protection regulations
  • Reduced risk of disruption to essential services

Support and Resources:

The government has provided various resources to support local authorities in implementing the CELG standard, such as:

  • Guidance documents: Detailed guidance on how to meet the standard’s requirements
  • Assessment tools: Self-assessment tools to evaluate progress
  • Certification process: Information on the certification process and accredited certification bodies

Conclusion:

The Cyber Essentials for Local Government standard provides a valuable framework for local authorities to strengthen their cyber security posture and protect critical infrastructure and services from cyber threats. By adopting and achieving certification of the standard, local governments can enhance public trust, improve operational efficiency, and mitigate cyber risks.