Link: The Communications Act 2003 and the Digital Economy Act 2017 (Consequential Amendments to Secondary Legislation) Regulations 2017
Source: Legislation .gov.uk
Press release: Government celebrates cyber security successes in Manchester
The First Secretary of State, Damian Green, spoke at the landmark opening of the new global headquarters of the NCC Group in Manchester, marking the first anniversary of the creation of the National Cyber Security Strategy (NCSS).
The NCSS was launched a year ago in response to the growing cyber security challenges and threats faced by the UK and to define the Government’s ambitions for the future.
As a part of this world-leading strategy the government invested £1.9 billion in establishing the innovative National Cyber Security Centre (NCSC), demonstrating a long-term commitment to keeping the UK safe. Since its launch the NCSC has responded to over 590 significant cyber incidents: providing support to victims, sharing information with intelligence and law enforcement, and setting up incident management structures to ensure essential services are up and running once incidents have occurred.
The First Secretary spoke at the headquarters of the NCC Group – a global expert in cyber security and risk mitigation. The newly built headquarters in Manchester equipped with state of the art technology will employ more than 500 cyber security experts providing Britain’s and Europe’s largest companies with cyber security consultancy and cyber incident response.
Damian Green, First Secretary of State and Minister for the Cabinet Office said:
This Government is committed to tackling the growing threat of cyber security and will continue to invest in the future of our defence programme.
The Government’s Cyber Schools programme aims to provide skills to nearly 6,000 young people in order to secure the UK’s position as a world leader in cyber security for generations to come.
I am delighted that a global cyber security expert has chosen to open their headquarters in Manchester – fuelling the success of the Northern Powerhouse.
Brian Tenner, Interim CEO at NCC Group said:
NCC Group continues to play a pivotal role in advising government and helping to implement national initiatives which are strengthening the UK’s cyber security posture and helping to improve the country’s technical capabilities in this area. The First Secretary’s visit is recognition of this continuing support and we were delighted to welcome him to our company headquarters today.
The threat of cyber crime is an ever-evolving issue that is increasing in severity every day. It is encouraging that the UK Government is treating this as a priority and putting concrete strategies in place to address this. We will continue to offer our assistance and work closely with the UK Government on these new initiatives in order to improve the UK’s ability to defend against modern cyber threats.
Link: Press release: Government celebrates cyber security successes in Manchester
Source: Gov Press Releases
ISO/IEC 27007:2017 Information technology. Security techniques. Guidelines for information security management systems auditing
ISO/IEC 27034-5:2017 Information technology. Security techniques. Application security Protocols and application security controls data structure
Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Executive summary
Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.
These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.
The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…
Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts
Weekly Threat Report 25th August 2017
Data breach affects NHS administrative information
An individual affiliating themselves with the hacktivist collective Anonymous claims to have stolen UK NHS patient data. The attacker claims to have exploited unpatched vulnerabilities in software provided by SwiftQueue, a vendor responsible for managing a number of hospital appointment booking systems.
SwiftQueue have confirmed an unauthorised party accessed 32,501 lines of administrative data. This is likely to include personally…
Link: Weekly Threat Report 25th August 2017
Source: NCSC Reports
Weekly Threat Report 5th May 2017
Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’
Google and Facebook have been identified as the victims of an email phishing attack for which a Lithuanian man was charged in March 2017.
The attack relied upon social engineering methods rather than technical intrusion techniques. However, the individual was still able to trick the organisations into transferring over $100 million between 2013-2015, highlighting how cyber-enabled social…
Link: Weekly Threat Report 5th May 2017
Source: NCSC Reports
Weekly Threat Report 13th January 2017
The year of ransomware…
…is how 2016 has been widely described in the cyber security media.
There has been numerous UK incidents targeting academia, Government departments, industry, CNI sectors and individual users. Using ransomware as an attack technique has become popular because it is easy to carry out and can be financially lucrative.
Ransomware can infect a system via unpatched software vulnerabilities or duping unsuspecting users into installing the ransomware…
Link: Weekly Threat Report 13th January 2017
Source: NCSC Reports
Turla group malware
Introduction
The NCSC has produced technical analysis on the Turla group, a prevalent cyber threat group targeting the UK. The report contains indicators of compromise for tools used by the group, and signatures that will enable the information security community to search for the intrusions on their networks.
Background
The NCSC has observed the Turla group using the Neuron and Nautilus malicious tools designed to operate on Microsoft Windows platforms, primarily targeting mail…
Link: Turla group malware
Source: NCSC Alerts
Weekly Threat Report 9th March 2018
Largest reported DDoS attacks mitigated
The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.
The method used for these attacks is…
Link: Weekly Threat Report 9th March 2018
Source: NCSC Reports