In several of my most recent IT and Cyber Security Audits I have encountered problems similar to those in this report from the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) – misconfigurations. NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations | CISA …
The National Cyber Security Centre releases the “most exploited” of 2022
The NCSC in collaboration with allies from around the world have released a list of those cyber vulnerabilities that were the most exploited by threat actors last year. NCSC and allies reveal most common cyber vulnerabilities exploited in 2022 – NCSC There are two main trends in the report: Defend …
Continue reading “The National Cyber Security Centre releases the “most exploited” of 2022”
CISA security advisories
The UK’s National Cyber Security Centre has joined with the US government Cybersecurity and Infrastructure Security Agency (CISA), FBI and US National Security Agency (NSA) to issue a security advisory about vulnerabilities in Cisco devices: APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers | …
Three US Agencies issue an advisory about Chinese threat actors
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued a joint advisory about Chinese state sponsored threats. People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA Chinese threat actors have been detected actively …
Continue reading “Three US Agencies issue an advisory about Chinese threat actors”
Chinese security company “Equation Group” report – a hacking group widely believed to be the NSA
National Security Agency – Wikipedia Here is a report from Pangu Lab, a Chinese cyber security company, about possible state sponsored hacking by the US, through the NSA. Details of an NSA Hacking Operation – Schneier on Security Chinese Cybersecurity Company Doxes Apparent NSA Hacking Operation (vice.com)
Breaking encryption
Encryption is essential for privacy when using the internet – hence the opposition to the UK Government’s Draft Online Safety Bill, that wants to put controls on the way you and I use encryption to protect the privacy of our private communications and transactions over the web. It is interesting …
VPN advice
Bruce Schneier’s blog today is pointing at a useful reference document about VPNs. It is produced the The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) both United States agencies and it is targeted at a US audience but it still contains a useful set of …