advisories.ncsc.nl
Fri, 03 May 2024 15:47:52 +0200Apache Software Foundation heeft een kwetsbaarheid verholpen in Apache ActiveMQ. Een kwaadwillende kan de kwetsbaarheid misbruiken om zonder voorafgaande authenticatie toegang te krijgen tot de API-laag en daarmee toegang tot gevoelige gegevens in de applicatie die van MQ gebruik maakt, of mogelijk willekeurige code uit te voeren met rechten van de applicatie.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0202
Er zijn kwetsbaarheden verholpen in pgAdmin. Een kwaadwillende kan de kwetsbaarheden misbruiken om eventueel ingestelde tweefactor-authenticatie te omzeilen en zo eenvoudiger toegang te krijgen tot het systeem, of om een Cross-Site-Scripting-aanval (XSS) uit te voeren. Een dergelijke aanval kan leiden tot uitvoer van willekeurige code in de browser van het slachtoffer, of toegang tot gevoelige gegevens in de context van de browser van het slachtoffer.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0201
Cisco heeft kwetsbaarheden verholpen in de firmware van diverse IP Phone systemen. Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of toegang te krijgen tot gevoelige gegevens op het kwetsbare toestel en daarmee mogelijk telefoongesprekken te manipuleren.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0200
Aruba Networks heeft kwetsbaarheden verholpen in ArubaOS. Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of willekeurige code uit te voeren op het kwetsbare systeem.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0199
Aruba Networks heeft kwetsbaarheden verholpen in ArubaOS en SD-WAN zoals gebruikt door onder andere Aruba Mobility Conductor (voormalig Mobility Master), Mobility Controllers, WLAN Gateways en SD-WAN Gateways. Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-service (DoS) te veroorzaken, toegang te krijgen tot gevoelige gegevens of om willekeurige code uit te voeren met verhoogde rechten. Succesvol misbruik vereist dat de kwaadwillende toegang heeft tot de management-interface van het kwetsbare systeem. Het is goed gebruik een dergelijke interface niet publiek toegankelijk te hebben.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0198
IBM heeft kwetsbaarheden verholpen in MQ. Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of mogelijk willekeurige code uit te voeren op het kwetsbare systeem.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0197
QNAP heeft kwetsbaarheden verholpen in QTS en QTS Hero. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Omzeilen van authenticatie Omzeilen van beveiligingsmaatregel (Remote) code execution (Administrator/Root rechten) (Remote) code execution (Gebruikersrechten) Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0196
Progress Kemp heeft een kwetsbaarheid verholpen in LoadMaster. De kwetsbaarheid stelt een kwaadwillende in staat om middels speciaal geprepareerde API-calls systeemcommando's te kunnen geven zonder daarvoor geautoriseerd te zijn.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0087
Honeywell heeft kwetsbaarheden verholpen in Experion, Experion Plantcruise en Safety Manager. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Denial-of-Service (DoS) Manipulatie van gegevens (Remote) code execution (Administrator/Root rechten) Toegang tot systeemgegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0195
Rockwell Automation heeft een kwetsbaarheid verholpen in 5015-AENFTXT IP devices. Een kwaadwillende kan de kwetsbaarheid misbruiken om een Denial-of-Service te veroorzaken.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0194
GitLab heeft kwetsbaarheden verholpen in GitLab Enterprise Edition (EE) en Community Edition (CE). Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of om beveiligingsmaatregelen te omzeilen en zo toegang te krijgen tot gevoelige gegevens of, om onder specifieke omstandigheden, een account over te nemen.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0193
Oracle heeft kwetsbaarheden verholpen in VirtualBox. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Denial-of-Service (DoS) (Remote) code execution (Administrator/Root rechten) Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0187
De ontwikkelaars van MongoDB hebben een kwetsbaarheid verholpen in MongoDB Compass. Een kwaadwillende kan de kwetsbaarheid misbruiken om middels een Man-in-the-Middle-aanval toegang te krijgen tot gevoelige gegevens, of zich voor te doen als andere gebruiker.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0192
QlikTech heeft kwetsbaarheden verholpen in Qlik Sense Enterprise. Een ongeauthenticeerde kwaadwillende kan de kwetsbaarheden misbruiken om willekeurige code uit te voeren op het systeem waar Qlik Sense is geïnstalleerd en zo mogelijk dat systeem over te nemen.
https://advisories.ncsc.nl/advisory?id=NCSC-2023-0621
Cisco heeft actief misbruikte kwetsbaarheden verholpen in Adaptive Security Appliance en Firepower Threat defense (FTD).
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0191
Mozilla heeft kwetsbaarheden verholpen in Firefox, Firefox ESR en Thunderbird.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0173
Solarwinds heeft kwetsbaarheden verholpen in Solarwinds Platform. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Cross-Site Scripting (XSS) Manipulatie van gegevens Omzeilen van beveiligingsmaatregel (Remote) code execution (Gebruikersrechten) SQL Injection Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0190
Er zijn kwetsbaarheden verholpen in Owncloud. Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of om authenticatie te omzeilen en toegang te krijgen tot de gegevens van het slachtoffer.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0189
Veritas heeft kwetsbaarheden verholpen in BackupExec. Een lokale kwaadwillende kan de kwetsbaarheden misbruiken om middels een DLL-injectie willekeurige code uit te voeren, of om willekeurige bestanden te kunnen verwijderen van het systeem en zo mogelijk een Denial-of-Service te veroorzaken.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0188
Oracle heeft kwetsbaarheden verholpen in componenten van Systeemsoftware. Een kwaadwillende met fysieke toegang tot de hardware, of lokale toegang tot de infrastructuur, kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Cross-Site Scripting (XSS) Denial-of-Service (DoS) (Remote) code execution (Administrator/Root rechten) (Remote) code execution (Gebruikersrechten) Toegang tot gevoelige gegevens Toegang tot systeemgegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0186
Oracle heeft kwetsbaarheden verholpen in diverse Supply Chain producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Cross-Site Scripting (XSS) Denial-of-Service (DoS) Manipulatie van gegevens (Remote) code execution (Gebruikersrechten) Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0185
Oracle heeft kwetsbaarheden verholpen in diverse PeopleSoft producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Cross-Site Scripting (XSS) Manipulatie van gegevens (Remote) code execution (Gebruikersrechten) Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0184
Oracle heeft kwetsbaarheden verholpen in diverse MySQL producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Denial-of-Service (DoS) Manipulatie van gegevens Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0183
Oracle heeft kwetsbaarheden verholpen in E-Business suite en componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om Cross-Site-Scripting-aanvallen (XSS) uit te voeren. Dergelijke aanvallen kunnen leiden tot uitvoer van willekeurige code in de browser van het slachtoffer, of toegang tot gevoelige gegevens in de context van de browser van het slachtoffer.
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0182
Oracle heeft kwetsbaarheden verholpen in Enterprise Manager componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: Cross-Site Scripting (XSS) Denial-of-Service (DoS) Manipulatie van gegevens (Remote) code execution (Administrator/Root rechten) (Remote) code execution (Gebruikersrechten) Toegang tot gevoelige gegevens
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0181
NIST Cybersecurity
Thu, 25 Apr 2024 12:00:00 +0000On April 24, 2024, NIST was awarded the 'Ecosystem Champion Award' at the inaugural edition of the Cyber Policy Awards in Washington, DC. This award recognizes an individual, small group, or organization whose efforts have led to broad structural and
https://www.nist.gov/news-events/news/2024/04/nist-awarded-cyber-policy-award-csf-20-efforts
Speakers: To be announced. Synopsis: Join us for an insightful webinar exploring refugees' invaluable contributions to the cybersecurity landscape. The demand for skilled cybersecurity professionals continues to grow in today's rapidly evolving
https://www.nist.gov/news-events/events/nice-webinar-empowering-refugee-communities-cybersecurity-roles
Speakers: Rachel Hemond Vice President - Administration Acorn Technology Services Johanna Caplan Education Manager Say Yes Buffalo Megan Brown Training & Technical Assistance Specialist ICF Michael Prebil Cybersecurity Workforce Analyst NICE
https://www.nist.gov/news-events/events/nice-webinar-equity-strategies-youth-apprenticeship-programs-and-partnerships
The Iris Experts Group (IEG) will hold their annual meeting on Thursday June 13, 2024. The meeting will be virtual using the Zoom Meeting platform. The meeting is a full day meeting with breaks scattered through the day. The IEG is a forum for the
https://www.nist.gov/news-events/events/2024-iris-experts-group-ieg-meeting
The grants of roughly $200,000 each will go to 18 education and community organizations that are working to address the nation’s shortage of skilled cybersecurity employees.
https://www.nist.gov/news-events/news/2024/04/nist-awards-36-million-community-based-cybersecurity-workforce-development
The presentations slides are available here. Speakers: Rodney Petersen Director NICE Danielle Santos Manager of Communications and Operations and Lead for International Engagement NICE Susana Barraza Program Manager NICE Nuria Martinez Team B Leader
https://www.nist.gov/news-events/events/applicants-webinar-2024-nice-ramps-funding-opportunity
The presentation slides and recording of the event will be available soon. Download the Continuing Education Units form . Provide event feedback here. Speakers: Archana Bharathan Executive Coach & Director of Outcomes Columbia Business School Teresa
https://www.nist.gov/news-events/events/nice-webinar-reintegrating-justice-involved-individuals-cybersecurity-careers
FULL WORKSHOP DETAILS NIST will host a workshop on the development of a new block cipher mode of operation on June 20-21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. Workshop Announcement/Call for Abstracts (PDF)
https://www.nist.gov/news-events/events/nist-workshop-requirements-accordion-cipher-mode-2024
The agency has finalized the framework’s first major update since its creation in 2014.
https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework
Digital Twins represent a growing global marketplace valued at over $8.6 billion in 2022 and forecasted to reach $138 billion by 2030. The NIST internal Strategic and Emerging Research Initiative (SERI) program has provided Fiscal Year 2024 (FY24)
https://www.nist.gov/news-events/news/2024/01/nist-launches-exploratory-digital-twins-study
FULL WORKSHOP DETAILS NIST is hosting an in-person all-day workshop on February 27, 2024 to bring together industry, academia, and government to discuss the existing and emerging cybersecurity threats and mitigation techniques for semiconductors
https://www.nist.gov/news-events/events/enhancing-security-devices-and-components-across-supply-chain
Draft publication can help with evaluating information security efforts.
https://www.nist.gov/news-events/news/2024/01/nist-offers-guidance-measuring-and-improving-your-companys-cybersecurity
The presentation slides are available here. Download the Continuing Education Units form . Speakers: Ann Manby Chief Workforce Development Officer Center for Workforce Inclusion Dr. Mark R. Hagerott Chancellor North Dakota University System Dr. Chris
https://www.nist.gov/news-events/events/nice-webinar-expanding-cybersecurity-learning-and-workforce-opportunities-rural
On November 28, 2023, the NIST Global Community Technology Challenge ( GCTC) presented three smart city projects on a panel at the Smart Cities Connect conference in Washington, D.C. The cities’ projects were representative of city efforts to enhance
https://www.nist.gov/news-events/news/2023/12/gctc-smart-city-projects-presented-smart-cities-conference-and-workshop
NIST is hosting a workshop on Wednesday, January 17, 2024, from 9:00 AM - 1:00 PM EST to bring together industry, academia, and government to discuss secure software development practices for AI models. Attendees will gain insight into major
https://www.nist.gov/news-events/events/nist-secure-software-development-framework-generative-ai-and-dual-use-foundation
Responses will be accepted until Feb. 2, 2024.
https://www.nist.gov/news-events/news/2023/12/nist-calls-information-support-safe-secure-and-trustworthy-development-and
The grants will go to 15 small businesses in nine states under NIST's Small Business Innovation Research (SBIR) Program.
https://www.nist.gov/news-events/news/2023/12/nist-awards-nearly-3-million-small-businesses-advance-semiconductor
NIST and CHIPS request comments on the draft of Special Publication 1000-2 ipd, Building a Metrology Exchange to Innovate in Semiconductors (METIS). This publication presents the vision for ensuring that the direct results of federally funded
https://www.nist.gov/news-events/news/2023/12/metis-data-exchange-ecosystem-seeks-your-input
The agency has made progress on one of its tasks delineated in the recent Executive Order on AI.
https://www.nist.gov/news-events/news/2023/12/nist-offers-draft-guidance-evaluating-privacy-protection-technique-ai-era
We’re ringing in the New Year by giving you a sneak peek into what the NIST Small Business Cybersecurity Program has planned for 2024. During this webinar, we’ll: Introduce you to the new NIST Lead for Small Business Engagement. Provide an overview
https://www.nist.gov/news-events/events/whats-store-nists-small-business-program-2024
The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide. The Phish Scale is a method designed to rate an email’s human phishing detection difficulty
https://www.nist.gov/news-events/news/2023/11/nist-phish-scale-user-guide-now-available
On October 20, 2023, NIST’s David Wollman, Deputy Chief of the Smart Connected Systems Division, presented on smart connected systems and standards to federal agency participants at the NIST Standards Coordination Office (SCO) Standards Boot Camp
https://www.nist.gov/news-events/news/2023/11/nist-leader-presents-smart-connected-systems-research-and-standards
NIST released an updated version of its Interagency Report on Advanced Communication Technologies Standards which is a guide for Federal agencies on standards priorities and activities related to communications technologies. The report, NISTIR 8483
https://www.nist.gov/news-events/news/2023/11/nist-updates-guide-communications-standards-federal-agencies
MxD, the digital manufacturing and cybersecurity institute, announced a new partnership with the National Institute of Standards and Technology’s (NIST) Hollings Manufacturing Extension Partnership (MEP) to advance digital adoption by small and
https://www.nist.gov/news-events/news/2023/10/mxd-collaboration-nist-manufacturing-extension-partnership-aims-address
The delegation included 13 U.S. cybersecurity companies.
https://www.nist.gov/news-events/news/2023/10/nist-director-locascio-led-successful-cybersecurity-business-development
The NIST National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST SP 1800-22 Mobile Device Security: Bring Your Own Device (BYOD). This guidance aims to help organizations address security and privacy concerns with
https://www.nist.gov/news-events/news/2023/09/nist-nccoe-publishes-guidance-address-mobile-device-security-concerns-byod
April 7–10, 2024 Gaylord National Harbor | #BaldrigeQuest COME. LEARN. NETWORK. ENGAGE Join us at the Quest for Excellence 2024! The conference will feature some new and exciting opportunities to learn role model best practices from nationally
https://www.nist.gov/news-events/events/35th-quest-excellencer-conference
The impact of cybersecurity breaches on infrastructure control system owners/operators is more significant and visible than ever before. Whether you work for an infrastructure owner/operator or are a consumer of an infrastructure service, the events
https://www.nist.gov/news-events/news/2023/09/nist-publishes-guide-operational-technology-ot-security
Two NIST evaluation studies will help software better detect photo spoofs and image quality issues.
https://www.nist.gov/news-events/news/2023/09/whats-wrong-picture-nist-face-analysis-program-helps-find-answers
The presentation slides are available here. Download the Continuing Education Units form. Provide event feedback here. Speakers: Jasmine M. Jackson Application Security Engineer Founder and Executive Director The Accelerated Training Program (T-ATP)
https://www.nist.gov/news-events/events/nice-webinar-cultivating-cybersecurity-leaders-new-cybersecurity-career
Between Sept. 18-20, Laurie E. Locascio, director of the Department of Commerce’s National Institute of Standards and Technology (NIST), will lead a cybersecurity business development mission to Taiwan. As the mission lead, Locascio will serve as the
https://www.nist.gov/news-events/news/2023/09/nist-director-laurie-e-locascio-lead-cybersecurity-business-development
The presentation slides are available here. Provide event feedback here. Speakers: Danielle Santos Manager of Communications and Operations and Lead for International Engagement NICE (Moderator) Jonathan Joynt Cybersecurity Instructor Learning Hub
https://www.nist.gov/news-events/events/2023/10/international-tour-cybersecurity-careers-stories-told-current
The NIST workshop on Multi-Party Threshold Schemes (MPTS) 2023 will gather diverse public feedback about the process envisioned in the NIST First Call for Multi-Party Threshold Schemes [NISTIR 8214C ipd (2023)]. The process includes an exploration of
https://www.nist.gov/news-events/events/2023/09/mpts2023
In a June 2023 presentation, NIST Networked Control Systems Group Leader, Keith Stouffer, described resources that could aid the Cybersecurity Workgroup supporting the Manufacturing Extension Partnership (MEP), which serves small and medium-sized
https://www.nist.gov/news-events/news/2023/08/nist-leader-describes-cybersecurity-resources-small-manufacturers
Three new algorithms are expected to be ready for use in 2024. Others will follow.
https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-attack-quantum-computers
The presentation slides are available here. Speaker: Davina Pruitt-Mentle Lead for Academic Engagement NICE Susana Barraza Program Manager NICE Synopsis: Cybersecurity Career Week will take place on October 16-21, 2023, and you’re invited to
https://www.nist.gov/news-events/events/2023/09/webinar-choosecyber-insider-tips-cybersecurity-career-week-2023
NIST has revised the framework to help benefit all sectors, not just critical infrastructure.
https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework
The collaborative process to update the NIST Cybersecurity Framework (CSF), toward CSF 2.0 , continues! This final two-day NIST Journey to CSF 2.0 Workshop will be an opportunity to discuss the newly released Draft CSF 2.0 . This event will build on
https://www.nist.gov/news-events/events/2023/09/journey-nist-cybersecurity-framework-csf-20-workshop-3
Recent research by scientists at NIST suggests that a good strategy is to talk to your kids directly.
https://www.nist.gov/news-events/news/2023/08/nist-researchers-explore-best-practices-talking-kids-about-online-privacy
As NCCoE director, Cherilyn will provide strategic direction and technical leadership for the NCCoE, continue to align the NCCoE's work with the industry, government, and NIST priorities, and strengthen and grow relationships with key stakeholders
https://www.nist.gov/news-events/news/2023/08/nist-appoints-cherilyn-pascoe-new-director-nccoe
Rijksinspectie Digitale Infrastructuur (RDI)
Tue, 30 Apr 2024 06:59:00 GMTOp 23 en 24 april organiseerden de Rijksinspectie Digitale Infrastructuur (RDI) en het Nationaal Cyber Security Centrum (NCSC) de NISDUC 2024, een internationaal congres dat geheel in het teken stond van de nieuwe Europese cyberrichtlijn NIS2. Deelnemers werden opgeroepen hun risicomanagement serieus te nemen en daarbij ook van elkaar te leren. Dat is essentieel om Nederland veilig verbonden te houden.
https://www.rdi.nl/actueel/nieuws/2024/04/30/ga-nu-aan-de-slag-met-voorbereidingen-op-de-nis2
Op 23 en 24 april vindt in het The Hague Conference Center de NISDUC 2024 plaats. Tijdens dit congres, dat tot op de laatste stoel bezet is, gaan ruim 600 deelnemers van publieke en private partijen uit Nederland, België en Luxemburg met elkaar in gesprek over de nieuwe Europese cyberrichtlijn: NIS2. De NISDUC 2024 wordt georganiseerd door de Rijksinspectie Digitale Infrastructuur (RDI) en het Nationaal Cyber Security Centrum (NCSC), met medewerking van andere betrokken toezichthouders.
https://www.rdi.nl/actueel/nieuws/2024/04/18/nisduc-2024
De vergunning in de 450-470 MHz-band gaat naar Utility Connect B.V. Met deze vergunning in de zogenoemde ‘PAMR-band’ kan het bedrijf verschillende vormen van mobiele communicatie aanbieden, zoals portofonie of draadloze datacommunicatie voor besloten gebruikersgroepen. Een voorbeeld daarvan is het op afstand uitlezen van slimme meters door energiebedrijven.
https://www.rdi.nl/actueel/nieuws/2024/04/11/vergunning-450-470-mhz-band-naar-utility-connect
De RDI heeft deze maand de inventarisatiegesprekken cybersecurity afgerond in de olie- en gassector. We spraken 21 aanbieders van essentiële diensten in deze sector waaronder raffinaderijen, olieopslag en pijpleidingen. Hiermee kregen we inzicht in de bedrijfsprocessen en een eerste indruk van de invulling van de zorgplicht met betrekking tot cybersecurity.
https://www.rdi.nl/actueel/nieuws/2024/04/08/inventarisatiegesprekken-met-olie-en-gasopslagbedrijven
Op 4 februari 2024 ontving de Rijksinspectie Digitale Infrastructuur een verzoek op basis van de Wet open overheid (Woo). Ons is gevraagd om een overzicht met scheepsgegevens. De RDI is voornemens om de gegevens te verstrekken van bedrijven en rechtspersonen die via openbare bronnen al toegankelijk zijn. Deze gegevens betreffen voornamelijk de beroepsvaart. In het overzicht staan geen gegevens van particulieren of eenmanszaken. Ook worden de gegevens van het Ministerie van Defensie en de politie niet openbaar gemaakt.
https://www.rdi.nl/actueel/nieuws/2024/03/28/voornemen-openbaarmaking-scheepsgegevens
Vanaf 1 juli 2024 is het Centraal Bureau Rijvaardigheidsbewijzen (CBR) verantwoordelijk voor de uitgifte van maritieme certificaten. Deze taak draagt de Rijksinspectie Digitale Infrastructuur (RDI) over aan het CBR. Het gaat eerst om het Basiscertificaat Marifonie. In september volgen Marcom A en Marcom B. De certificaten zijn nodig voor het bedienen van radioapparatuur voor maritieme mobiele communicatie, zoals een marifoon.
https://www.rdi.nl/actueel/nieuws/2024/03/20/rdi-draagt-maritieme-certificaatverlening-over-aan-het-cbr
Uit onderzoek van de Rijksinspectie Digitale Infrastructuur (RDI) blijkt dat Odido intern verkeersgegevens heeft verwerkt ten behoeve van een samenwerkingsproject met het Centraal Bureau voor de Statistiek (CBS). Doel daarvan was een algoritme te ontwikkelen dat informatie kon opleveren over verplaatsingen van grote groepen mensen. De interne verwerking van verkeersgegevens door Odido voldeed niet aan de Telecommunicatiewet. De RDI legt Odido daarom een boete op van 175.000 euro.
https://www.rdi.nl/actueel/nieuws/2024/03/18/boete-odido
Op 23 en 24 april organiseert de Rijksinspectie Digitale Infrastructuur (RDI) in samenwerking met het Nationaal Cyber Security Centrum (NCSC) en met medewerking van andere betrokken toezichthouders de NISDUC 2024 in Den Haag. Dit internationale congres staat helemaal in het teken van de implementatie van de nieuwe Europese richtlijn NIS2. Voor publieke en private partijen is het een unieke gelegenheid om zich gezamenlijk voor te bereiden op de nieuwe wetgeving voor digitale weerbaarheid.
https://www.rdi.nl/actueel/nieuws/2024/03/05/nisduc-2024
De Autoriteit Consument & Markt (ACM) en de Rijksinspectie Digitale Infrastructuur (RDI) hebben samen onderzoek laten doen naar de werking en veiligheid van slimme apparaten. Belangrijkste resultaat is dat de informatie die consumenten ontvangen bij aankoop van hun slimme apparaat vaak te wensen over laat. Hoewel er ook zwakheden waren, bleek de technische veiligheid meestal wel in orde. Het is voor het eerst dat de ACM en RDI gezamenlijk onderzoek hebben laten doen. De uitkomsten van het onderzoek vormen voor beide toezichthouders de basis voor hun toezicht op slimme apparaten voor consumenten. Updates werden echter niet altijd geleverd.
https://www.rdi.nl/actueel/nieuws/2024/03/04/onderzoek-slimme-apparaten-van-acm-en-rdi
Op donderdag 29 februari lanceert de Rijksoverheid de NIS2-Quickscan: een hulpmiddel voor organisaties die willen weten hoe zij zich kunnen voorbereiden op de komst van de nieuwe Europese NIS2-richtlijn. Deze richtlijn is gericht op het vergroten van de digitale weerbaarheid van organisaties in de Europese Unie.
https://www.rdi.nl/actueel/nieuws/2024/02/29/nis2-quickscan-helpt-organisaties-bij-voorbereiding-op-nieuwe-cyberwet
In het jaarplan 2024 staan onze focuspunten voor dit jaar. We bespreken de thema’s netwerksamenwerking, AI, digitale weerbaarheid, de twin transition (samenhang digitale transitie en energietransitie) en een veilige en betrouwbare digitale infrastructuur. Per onderwerp schetsen we de context, omschrijven we risico’s, delen we onze focuspunten en het effect daarvan op de maatschappij.
https://www.rdi.nl/actueel/nieuws/2024/02/21/rdi-publiceert-jaarplan-2024
De Rijksinspectie Digitale Infrastructuur (RDI) heeft als Nationale Cybersecurity Certificerings Autoriteit (NCCA) de taak om toezicht te houden op de cybersecuritycertificering in Nederland, vanuit de Cybersecurity Act (CSA). De eerste Europese cyberbeveiligingscertificeringsregeling is gepubliceerd door de Europese Commissie. Deze regeling wordt ook wel een certificeringsschema genoemd en komt voort uit de CSA. Door de publicatie wordt het certificeringsschema van kracht.
https://www.rdi.nl/actueel/nieuws/2024/02/15/rdi-start-met-taak-als-nationale-cybersecurity-certificerings-autoriteit
Veiling start naar verwachting nog voor de zomer Geïnteresseerde partijen uit binnen- en buitenland kunnen vanaf donderdag 15 februari 2024 een aanvraag indienen voor deelname aan de frequentie-veiling voor 5G in de 3,5 GHz band. De veiling zelf start naar verwachting nog voor de zomer. De Rijksinspectie Digitale Infrastructuur voert de veiling uit, in opdracht van het Ministerie van Economische Zaken en Klimaat.
https://www.rdi.nl/actueel/nieuws/2024/02/14/aanvraagperiode-5g-veiling-begint-op-15-februari-2024
In 2022 en een deel van 2023 voerde de Rijksinspectie Digitale Infrastructuur (RDI) BCM-inspecties uit bij de landelijke en regionale netbeheerders van elektriciteit en gas. BCM (Business Continuity Management) is een set maatregelen die een organisatie helpt adequaat te reageren op (digitale) verstoringen. Er zijn geen structurele tekortkomingen vastgesteld. Om van elkaar te leren zijn de overkoepelende resultaten van de BCM-inspecties en de aangetroffen succesvolle werkmethodes gedeeld in een sessie met Netbeheer Nederland.
https://www.rdi.nl/actueel/nieuws/2024/02/14/resultaten-bcm-inspecties-netbeheerders
Binnenkort is voor het eerst in heel Nederland lokale digitale radio mogelijk. Ruim 200 lokale publieke omroepen ontvangen namelijk vandaag hun vergunning voor DAB+ (Digital Audio Broadcasting). Meer dan 90% van alle lokale publieke radiozenders kan vanaf september 2024 uitzenden via digitale radio. Dit geeft luisteraars meer keuze in het luisteraanbod.
https://www.rdi.nl/actueel/nieuws/2024/02/13/veel-animo-voor-lokale-digitale-radio
Op 23 januari 2024 t/m 2 februari 2024 heeft de Rijksinspectie Digitale Infrastructuur (RDI) op haar website een nieuwsbericht geplaatst over een aroma diffuser van Kapimex en op 24 januari 2024 heeft RDI meegewerkt aan een item van Editie NL. Aanleiding voor het nieuwsbericht is dat uit technisch onderzoek van de RDI is gebleken dat de aroma diffuser de wettelijke eisen voor elektromagnetische eisen overschrijdt. In het nieuwsbericht werden echter mededelingen gedaan, dan wel suggesties gewekt over storingen in de praktijk, die de RDI niet heeft vastgesteld met betrekking tot deze aroma diffuser van Kapimex en/of die tot verwarring hebben kunnen leiden. Een lezer zou bijvoorbeeld de indruk kunnen hebben gehad na onze berichtgeving dat de betreffende aroma diffuser de bereikbaarheid van 112 zou kunnen storen. Dat is echter niet het geval. Het gebruik van deze aroma diffuser heeft namelijk geen invloed op het belverkeer en ook niet op de bereikbaarheid van noodnummers. Het eerdere nieuwsbericht is daarom van de website verwijderd. In de plaats daarvan geldt enkel onderstaand bericht:
https://www.rdi.nl/actueel/nieuws/2024/02/08/rectificatie-eerdere-berichtgeving-van-rdi-over-aroma-diffuser
De Rijksinspectie Digitale Infrastructuur (RDI) heeft op 1 januari 2024 het Centraal Informatiepunt Mobiele Bereikbaarheid 112 geopend, in lijn met de aanbevelingen uit de 'Kamerbrief over Centraal Informatiepunt Mobiele Bereikbaarheid 112'. Deze stap is cruciaal voor het verkrijgen van inzicht in de mobiele bereikbaarheid van het noodnummer 112. Het informatiepunt biedt niet alleen tips om de bereikbaarheid te optimaliseren, maar nodigt burgers ook uit om situaties te melden waarin 112 met een mobiele telefoon onbereikbaar was.
https://www.rdi.nl/actueel/nieuws/2024/01/24/informatiepunt-mobiele-bereikbaarheid-112
Op 12 januari 2024 heeft de Rijksinspectie Digitale Infrastructuur een aanvraag ontvangen voor een vergunning voor het gebruik van frequentieruimte in de 450 MHz-band. Deze frequentieband is aangewezen voor ‘verdeling op afroep’.
https://www.rdi.nl/actueel/nieuws/2024/01/22/indieningstermijn-voa-450-mhz-band
De Rijksinspectie Digitale Infrastructuur geeft via het verdeelinstrument ‘verdeling op afroep’ (VOA) één vergunning af voor het aanbieden van openbare elektronische communicatiediensten. Bedrijven kunnen met deze vergunning mobiele communicatie aanbieden. Denk dan aan spraak- en dataverkeer of portofoonverkeer of om gegevens digitaal over te brengen bijvoorbeeld voor slimme energiemeters. De vergunninghouder mag zelf bepalen voor welke dienst ze de frequentie willen gebruiken zolang deze past binnen de bestemming van de frequentieband in het NFP. Partijen die een vergunning willen verwerven, kunnen vanaf 8 januari een aanvraag indienen.
https://www.rdi.nl/actueel/nieuws/2024/01/08/verdeling-op-afroep-450-tot-470-mhz
Tot nu toe zenden de meeste lokale publieke omroepen hun programma's uit via de oude vertrouwde FM-frequentie. Met de snelgroeiende populariteit en mogelijkheden van digitale radio, hebben deze omroepen vanaf september 2024 de kans om hun bereik uit te breiden door gebruik te maken van DAB+ (Digital Audio Broadcasting).
https://www.rdi.nl/actueel/nieuws/2023/12/11/landelijke-uitrol-lokale-digitale-radio
Cyber Security Raad (CSR)
Fri, 05 Apr 2024 15:43:00 GMTBestuurders worden door nieuwe Europese regels expliciet verantwoordelijk voor het cyberbeleid van hun bedrijf. Daarvoor waarschuwen raadsleden Lokke Moerel en Claudia de Andrade, en directeur cybersecurity en statelijke dreigingen bij de NCTV Hester Somsen vandaag in een artikel in Het Financieele Dagblad.
https://www.cybersecurityraad.nl/actueel/nieuws/2024/04/05/fd-artikel
Het nieuwe kabinet moet meer doen om Nederland digitaal veiliger te maken. Dit schrijft de Cyber Security Raad (hierna de raad) in een brief aan de informateur. De raad waarschuwt dat de huidige inspanningen en investeringen voor cybersecurity niet genoeg zijn om de groeiende digitale dreigingen vanuit statelijke actoren en cybercriminelen het hoofd te bieden. Dit raakt onze nationale veiligheid en zet onze vrijheid, democratie en welvaart steeds meer onder druk.
https://www.cybersecurityraad.nl/actueel/nieuws/2024/02/05/persbericht-brief-informateur
Het groeiend tekort aan cybersecurityspecialisten, en de noodzaak om cybersecuritykennis in Nederland te behouden en verder te versterken, vragen om gecoördineerde actie. Onlangs stuurde de Cyber Security Raad (hierna de raad) hierover een informerende brief naar de staatssecretaris voor Koninkrijksrelaties en Digitalisering. De brief volgt op een bezoek van de staatssecretaris aan de raad in juni 2023 waarbij deze onderwerpen ook besproken werden.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/12/22/csr-verkent-mogelijkheden-onderwijsversterking-en-kennisontwikkeling-voor-cybersecurity
De snelle opkomst en toepassing van (generatieve) artificiële intelligentie (AI) leidde tot de nodige aandacht voor de risico’s van AI in brede zin. AI-toepassingen kunnen ook het cybersecuritylandschap sterk veranderen. De Cyber Security Raad (hierna de raad) is van mening dat die implicaties nog te weinig worden onderkend en begrepen. Om meer helderheid te scheppen over de kansen en risico´s van (generatieve) AI in de context van cybersecurity, stuurde de raad onlangs een brief naar de staatssecretaris Koninkrijksrelaties en Digitalisering. Tijdens het bezoek van de staatssecretaris aan de raad in juni 2023 kwam een aantal van deze onderwerpen ook aan de orde.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/12/22/csr-brief-over-ai-en-cybersecurity
In de afgelopen maanden is de samenstelling van de Cyber Security Raad (hierna de raad) gewijzigd. Zo zullen Petra Oldengarm, directeur Cyberveilig Nederland en Ernst Noorman, ambassadeur voor cyberaangelegenheden bij het ministerie van Buitenlandse Zaken, vanaf deze maand toetreden als toehoorder in de raad. Wetenschappers Herbert Bos en Cristian Hesselman zijn per 1 september jl. benoemd tot lid van de raad en eerder dit jaar zijn ook Eva Heijblom, Directeur-Generaal Digitalisering en Overheidsorganisatie bij het Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, Joost de Bruin, CEO Ordina Nederland en Guus Schram, procureur-generaal en plaatsvervangend voorzitter van het College van procureurs-generaal, toegetreden tot de raad.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/09/07/gewijzigde-samenstelling-cyber-security-raad
De Cyber Security Raad (hierna de raad) onderschrijft dat we ‘het onverwachte moeten verwachten’, zoals beschreven in het Cybersecuritybeeld Nederland 2023 (CSBN 2023). Daarnaast concludeert de raad dat er nog veel werk te verzetten is om onze weerbaarheid te verhogen, zowel tegen te verwachten als onverwachte dreigingen. Denk hierbij aan de cyberrisico’s die nieuwe technologieën als generatieve artificiële intelligentie (AI) met zich meebrengen. Gezien de huidige snelle technologische en geopolitieke ontwikkelingen is het behoud van de authenticiteit van allerlei soorten informatie cruciaal om onze samenleving digitaal veilig te houden.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/07/19/csr-over-csbn-2023-nog-veel-werk-te-verzetten-rond-cyberweerbaarheid
De Cyber Security Raad (hierna de raad) heeft vandaag het CSR Jaaroverzicht 2022 gepubliceerd. Dit overzicht biedt een weergave van de inzet van de raad in het afgelopen jaar. Eind augustus wordt het jaaroverzicht ook schriftelijk aangeboden aan de demissionair minister van Justitie en Veiligheid.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/08/08/csr-jaaroverzicht-2022
Het afgelopen decennium hebben de activiteiten en adviezen van Cyber Security Raad (hierna de raad) als gevolg van technologische, maatschappelijke en bestuurlijke ontwikkelingen een bredere scope gekregen en zijn daarmee steeds meer strategisch van aard geworden. Om beter aan te kunnen sluiten op deze ontwikkelingen heeft de raad deze week een advies uitgebracht over het aanpassen van de governance van de raad. Het advies is gestuurd naar de ministers van Justitie en Veiligheid, Binnenlandse Zaken en Koninkrijksrelaties en Economische Zaken en Klimaat.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/05/17/advies-aanpassing-governance-csr
Op vrijdag 13 januari heeft de Cyber Security Raad (hierna de raad) een adviesbrief over de Nederlandse Cybersecuritystrategie (NLCS) aangeboden aan de minister van Justitie en Veiligheid. De raad ziet de strategie als een goede basis voor de toekomst van onze digitale samenleving. Op een drietal aandachtsgebieden beveelt de raad versterking aan om zo ook de implementatie (daad-)krachtiger te maken. Zo adviseert de raad aan het kabinet om de regie op cybersecurity op alle niveaus te verstevigen en aanvullende interventies te plegen die bijdragen aan het versterken van onze digitale autonomie. Ook vraagt de raad extra aandacht voor kennisontwikkeling, onderzoek en innovatie, met de focus op het opleiden en aantrekken van voldoende cybersecuritypersoneel en centrale overheidsinvestering in een aantal essentiële onderzoeksthema’s.
https://www.cybersecurityraad.nl/actueel/nieuws/2023/01/17/csr-doet-aanbevelingen-voor-versterking-nederlandse-cybersecuritystrategie
Eind juli heeft de Cyber Security Raad (hierna de raad) Raymond Doijen benoemd tot nieuwe secretaris van de raad. Hij volgt daarmee Elly van den Heuvel-Davies op die per 1 juli jl. is gestart als director cyber risk advisory bij Deloitte. Pieter-Jaap Aalbersberg, covoorzitter van de raad namens de publieke sector en Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV): “Met Raymond Doijen hebben we een bevlogen secretaris gevonden met een groot netwerk en een lange staat van dienst in cybersecurity. Wij hebben er alle vertrouwen in dat hij de raad in de komende jaren sterk gaat ondersteunen, van hoogwaardige adviezen zal voorzien en ons extern zal vertegenwoordigen waar nodig”. Sylvia van Es, covoorzitter van de raad namens de private sector en President Philips Nederland, sluit zich daarbij aan en voegt toe: “Zijn jarenlange ervaring op het gebied van cybersecurity in combinatie met zijn sterke relationele vaardigheden en resultaatgerichtheid zullen een belangrijke bijdrage leveren aan het helpen realiseren van de taken van de raad. Ik kijk uit naar onze verdere samenwerking.”
https://www.cybersecurityraad.nl/actueel/nieuws/2022/08/30/raymond-doijen-benoemd-tot-secretaris-van-de-cyber-security-raad
Het optimaliseren van hackactiviteiten en het intensiever gebruikmaken van bedrijfsvoeringsgegevens zijn volgens de Cyber Security Raad (hierna de raad) reële alternatieven voor rechtmatige toegang tot end-to-end versleutelde communicatie, anders dan het inperken van encryptie. Dat concludeert de raad in zijn advies dat deze week is gestuurd naar de ministers van Justitie en Veiligheid en Economische Zaken en Klimaat. Het advies vloeit voort uit een korte inventariserende technische verkenning die de raad heeft laten uitvoeren.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/08/25/cyber-security-raad-adviseert-reele-alternatieven-voor-inperken-van-encryptie
De nieuwste editie van het Cybersecuritybeeld Nederland (CSBN 2022) van de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV) schetst volgens de Cyber Security Raad (hierna de raad) een steeds alarmerender beeld. De urgentie staat ondanks alle inspanningen en stappen die in Nederland zijn gezet nog onvoldoende op het netvlies. De dreigingen nemen toe en onze cyberweerbaarheid loopt daarop achter met alle mogelijke gevolgen van dien. Een urgente en vooral integrale aanpak hierop zou volgens de raad de rode draad moeten vormen in de nieuwe Nederlandse Cyberstrategie die in wording is.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/07/06/het-cybersecuritybeeld-nederland-schetst-ieder-jaar-een-alarmerender-beeld
Op woensdag 29 juni jl. bracht Chris Inglis samen met een delegatie vanuit de Verenigde Staten en de Ambassade van de Verenigde Staten van Amerika een bezoek aan een delegatie van de Cyber Security Raad (hierna de raad). Inglis is de National Cyber Director (NCD) van Office of the National Cyber Director (ONCD). Ook is hij de cybersecurity-adviseur van president Biden van de Verenigde Staten. Doel van zijn bezoek was om meer te weten te komen over hoe een voorbeeldland als Nederland de aanpak van cybersecurity heeft vormgegeven en de rol die de raad daarin vervult. Daarnaast kregen de aanwezige raadsleden de mogelijkheid om meer inzicht te krijgen in de Amerikaanse aanpak en de rol van Inglis daarin.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/07/01/csr-in-gesprek-met-chris-inglis-national-cyber-director-en-cyberadviseur-president-biden
Op 25 mei jl. vond een commissiedebat plaats van de leden van de vaste Kamercommissie voor Digitale Zaken en de minister van Justitie en Veiligheid (JenV). Tijdens dit debat hebben de leden van de commissie ingestemd met het verzoek van de minister van JenV om vooruitlopend op de behandeling van het wijzigingsvoorstel van de Wet Beveiliging Netwerk- en Informatiesystemen (Wbni) in de Tweede Kamer dat het Nationaal Cyber Security Centrum (NCSC) al in uitzonderlijke gevallen dreigings- en incidentinformatie onder bepaalde voorwaarden mag delen met andere niet-vitale organisaties. De Cyber Security Raad (hierna de raad) juicht dit besluit toe. De raad pleit al meerdere jaren dat informatie over cybersecurity voor alle organisaties in Nederland, vitaal én niet-vitaal, op eenvoudige wijze toegankelijk moet zijn. Zo publiceerde de raad in 2017 het CSR advies 'Naar een landelijk dekkend stelsel van informatieknooppunten' en in 2021 de CSR Adviesbrief inzake het versneld delen van incidentinformatie.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/06/15/cyber-security-raad-juicht-uitspraak-van-kamercommissie-digitale-zaken-over-wbni-toe
Vandaag op Safer Internet Day lanceert de Cyber Security Raad (hierna de raad) een nieuwe editie van CSR Magazine dat geheel in het teken staat van de in 2021 uitgebrachte adviezen ‘Integrale aanpak cyberweerbaarheid’ en ‘Nederlandse Digitale Autonomie en Cybersecurity’. De raad concludeert hierin dat het nieuwe kabinet moet ingrijpen om ervoor te zorgen dat Nederland ook in de toekomst een open, vrije en welvarende samenleving te (laten) zijn. Onze digitale veiligheid en digitale autonomie staan onder druk en daarmee ons maatschappelijk en economisch welzijn. In het huidige coalitieakkoord van het kabinet is slechts op hoofdlijnen aangegeven welke plannen en prioriteiten het nieuwe kabinet heeft. In het magazine leest u op welke fronten stappen gezet moeten worden volgens verschillende topfunctionarissen en wetenschappers. Ook wordt in het magazine teruggeblikt op het tienjarig jubileum van de raad vorig jaar.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/02/08/nieuwe-editie-csr-magazine
De Cyber Security Raad (hierna de raad) waardeert het onderzoeksrapport 'Kwetsbaar door software' dat de Onderzoeksraad voor Veiligheid (OVV) onlangs heeft gepubliceerd. De aanbevelingen uit het rapport bevestigen de urgentie van een snellere vorming van het Landelijk Dekkend Stelsel van informatieknooppunten (LDS), de digitale veiligheid van ICT-producten en -diensten en regie en coördinatie van de overheid om de digitale weerbaarheid op systematische en doelmatige wijze te beheersen. Dit sluit nauw aan op verschillende adviezen die de raad heeft geadresseerd in de CSR Adviesbrief 'Inzake kabinetsreactie WRR-rapport en korte Citrix-evaluatie' in september 2020 en in het CSR Adviesrapport ‘Integrale aanpak cyberweerbaarheid’ van april dit jaar.
https://www.cybersecurityraad.nl/actueel/nieuws/2022/01/11/cyber-security-raad-waardeert-rapport-kwetsbaar-door-software-van-de-ovv
De Wetenschappelijke Raad voor het Regeringsbeleid (WRR) pleit in het rapport 'Opgave AI. De nieuwe systeemtechnologie' voor een integrale aanpak voor Artificiële Intelligentie (AI), met intensieve betrokkenheid en een duidelijke visie van de overheid. Dit sluit nauw aan op het eerder dit jaar door de Cyber Security Raad (hierna de raad) gepubliceerde CSR Adviesrapport ‘Integrale aanpak cyberweerbaarheid’. Het WRR-rapport benadrukt volgens de raad wederom het belang van een cyberweerbare samenleving; AI en cyberweerbaarheid zijn nauw verbonden met elkaar en daarom moet het chefsache zijn, zowel bij de overheid als bij het bedrijfsleven.
https://www.cybersecurityraad.nl/actueel/nieuws/2021/12/13/wrr-rapport-opgave-ai.-de-nieuwe-systeemtechnologie-benadrukt-belang-cyberweerbaarheid
‘Cyberweerbaarheid moet chefsache zijn. Nederland moet de krachten bundelen om te komen tot een integrale aanpak van onze cyberweerbaarheid en werken aan één cyberweerbaarheidsstrategie met een meerjarenprogramma en dekkende financiering: Er is een integrale aanpak nodig met een bijbehorende investering van 833 miljoen euro door het komende kabinet. Ook digitale autonomie moet op het hoogste politieke en ambtelijke niveau worden belegd, vanuit een integrale visie op cyberweerbaarheid. Voor de versterking van onze cyberweerbaarheid is het daarom essentieel dat de CSR Adviesrapporten ‘Integrale aanpak cyberweerbaarheid’ en ‘Nederlandse Digitale Autonomie en Cybersecurity’ integraal worden overgenomen en dat er niet aan cherry picking wordt gedaan.’
https://www.cybersecurityraad.nl/actueel/nieuws/2021/11/30/delegatie-csr-in-gesprek-met-leden-vaste-kamercommissie-voor-digitale-zaken
Op dinsdag 28 september 2021 heeft de Cyber Security Raad (hierna de raad) de handreiking ‘Toetsingskader digitale autonomie en cybersecurity’ online beschikbaar gesteld en overgedragen aan de directeuren-generaal van de ministeries van Binnenlandse Zaken en Koninkrijksrelaties (BZK), Economische Zaken en Klimaat (EZK) en de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV), namens het ministerie van Justitie en Veiligheid. Zij zullen in de komende maanden een praktische doorvertaling van de handreiking maken.
https://www.cybersecurityraad.nl/actueel/nieuws/2021/09/28/handreiking-toetsingskader-digitale-autonomie-en-cybersecurity-beschikbaar-gesteld
De Cyber Security Raad (hierna de raad) heeft vandaag het CSR Jaaroverzicht 2020 gepubliceerd, met daarin een weergave van de inzet van de raad over het afgelopen jaar. Dit jaaroverzicht is op 10 augustus jl. aan de demissionair minister van Justitie en Veiligheid aangeboden.
https://www.cybersecurityraad.nl/actueel/nieuws/2021/08/12/csr-jaaroverzicht-2020
digitaltrustcenter.nl
Fri, 26 Apr 2024 13:55:12 +0200Veilig digitaal ondernemen Wil je als ondernemer of security verantwoordelijke meldingen van ernstige cyberdreigingen voor bedrijven in je mailbox ontvangen? Sluit je dan aan bij de DTC Community. Ter ondersteuning van ondernemers is er ook een breed palet aan cybersecurity informatie en een gereedschapskist met cybertools. Testen of je de basis al op orde hebt? Doe de CyberVeilig Check voor zzp en mkb of de Basisscan Cyberweerbaarheid .
https://www.digitaltrustcenter.nl/nieuws/bedrijven-passen-steeds-beter-internetstandaarden-toe
Horeca blinkt uit in gemiddelde eindscore websitescan De bovenstaande figuur toont de gemiddelde eindscore per bedrijfstak door de jaren heen, waarbij in 2023 een dubbele meting is verricht. Opvallend is dat de bedrijfstak ‘Horeca’ één van de uitblinkers is. Met een gemiddelde score van 70,8%, scoort deze bedrijfstak bijvoorbeeld beter dan ‘Gezondheid en welzijnszorg’. De bedrijfstak ‘Verhuur en handel van onroerend goed’ scoort met 60.9% gemiddeld het minst goed. Binnen de bedrijfstak 'Financiële dienstverlening' is het afgelopen jaar relatief veel aandacht besteed aan het implementeren van veiligheidsstandaarden voor hun websites, zij verbeterden hun score met bijna 10 procentpunten. Eindscores e-mailscan daalden in 2024 bij meeste bedrijfstakken De scan van Internet.nl test naast websites ook of mailservers en internetverbindingen voldoen aan de moderne securitystandaarden. De resultaten van de e-mailscan blijken - net als uit de websitescan - niet afhankelijk te zijn van bedrijfsgrootte, maar wel van bedrijfstak. De bedrijfstak ‘Horeca’ kwam ook bij de e-mailscan het beste uit de test, met een gemiddelde van 63,1%. Bij meer dan de helft van de bedrijfstakken zijn de eindscores in 2024 gedaald in vergelijking met 2023, waarbij de grootste daling te zien is in de Bouwnijverheid. De Financiële dienstverlening is hierop een uitzondering, waarbij juist een stijging van bijna 19 procentpunten te zien is. Omdat er van de e-mail pas twee scans uitgevoerd zijn (in april 2023 en januari 2024) kan er echter nog geen lange trendontwikkeling aangetoond worden. E-mailbeveiligingstest: grote verschillen tussen klein en groot De scores op Internet.nl worden bepaald op basis van verschillende standaarden. Zo wordt er onder meer gekeken naar beveiligingsopties, het toepassen van een domeinnaamhandtekening (DNSSEC), HTTPS, en het gebruik van IPv6. Uit het onderzoek valt op dat de score van grote bedrijven op de categorie IPv6 afneemt. Op het toepassen van DNSSEC wordt door kleine bedrijven met 2 tot 10 werkzame personen substantieel beter gescoord dan door grote bedrijven, 27,9% om 8,8% bij bedrijven met 50 tot 250 werknemers. In de subcategorie authenticatie valt op dat grote bedrijven een stuk beter scoren dan kleine bedrijven en zzp'ers. Bij deze categorie wordt gekeken naar hoe goed bedrijven e-mailoplichting - zoals phishing en spoofing - proberen te voorkomen door DMARC, DKIM en SPF toe te passen. Zelf aan de slag Ben je benieuwd of jouw website en e-mails voldoen aan de ruim 30 internetstandaarden? Voer je websiteadres en maildomein in op Internet.nl en bekijk je score. Nog geen 100%? Ga dan aan de slag met de verbeteringen. Bekijk de links onderaan dit nieuwsbericht voor uitleg en adviezen.
https://www.digitaltrustcenter.nl/nieuws/bedrijven-passen-steeds-beter-internetstandaarden-toe
Vandaag deelde het CBS een toevoeging op het onderzoek naar de toepassing van internetstandaarden voor bedrijfswebsites. Per bedrijfsgrootteklasse en bedrijfstak is in kaart gebracht in welke mate Nederlandse bedrijven (veilige) internetstandaarden voor hun website en e-mail gebruiken. Positief nieuws: de gemiddelde eindscore van de websitescan van alle bedrijven met een website is in 2,5 jaar tijd met bijna 8% toegenomen. Opvallend is dat de bedrijfstak 'Horeca' zowel bij de websitescans als bij de e-mailscans de hoogste gemiddelde eindscores heeft. Eindscore websitescan niet afhankelijk van bedrijfsgrootte Bijna 80% van de Nederlandse bedrijven met 2 of meer werknemers heeft een website. Om inzicht te krijgen in het beveiligingsniveau van deze websites, onderzoekt het Centraal Bureau voor Statistiek (CBS), in opdracht van het ministerie van Economische zaken en Klimaat en Platform Internetstandaarden het gebruik van internetstandaarden. Via Internet.nl is het mogelijk een websitescan uit te voeren, waarbij uitgebreid getest wordt of verschillende belangrijke internetstandaarden op jouw website zijn geïmplementeerd. Uit deze test komt een eindscore. Het CBS laat zien dat de gemiddelde eindscore met de jaren toeneemt. In de Cybersecuritymonitor wordt geconstateerd dat kleine bedrijven vaak minder maatregelen treffen dan grote bedrijven om hun ICT-systemen te beveiligen, maar bij het toepassen van internetstandaarden valt het op dat kleine bedrijven het even goed, zo niet beter, doen dan grote bedrijven.
https://www.digitaltrustcenter.nl/nieuws/bedrijven-passen-steeds-beter-internetstandaarden-toe
Bereid je voor op NIS2 De NIS2-Quickscan is een zelfscan voor organisaties die straks onder aan de NIS2-regels vallen en willen weten hoe zij zich kunnen voorbereiden. Deze scan is met name bedoeld voor IT- en cybersecurity-specialisten en -verantwoordelijken binnen organisaties. De scan biedt ook handelingsperspectief: per thema worden technische of organisatorische maatregelen voorgesteld die helpen bij het voorbereiden op de NIS2. Vragen over de NIS2? Op het online securityplatform DTC Community delen ruim 4.000 professionals en ondernemers kennis hierover uit. Meld je ook aan.
https://www.digitaltrustcenter.nl/nieuws/kritieke-kwetsbaarheden-in-cisco-asa-en-firepower-threat-defense-ftd
Cisco heeft actief misbruikte kwetsbaarheden verholpen in Adaptive Security Appliance (ASA) en Firepower Threat defense (FTD). Dit zijn applicaties voor je netwerkbeveiliging. De kwetsbaarheden zijn ingeschaald als 'High/High' door het Nationaal Cyber Security Centrum (NCSC). Dit betekent dat de kans op misbruik groot is en de schade eveneens groot kan zijn. Wat is het risico? Er zijn drie verschillende kwetsbaarheden betrokken bij het actief misbruik. De kwetsbaarheid met kenmerk CVE-2024-20353 (Cisco) kan er voor zorgen dat een niet-geauthenticeerde externe kwaadwillende het apparaat opnieuw kan laten opstarten wat resulteert in een Denial-of-Service (DoS). De kwetsbaarheid met kenmerk CVE-2024-20358 (Cisco) zou een geauthenticeerde, lokale kwaadwillende in staat kunnen stellen willekeurige opdrachten uit te voeren op het onderliggende besturingssysteem met root-rechten. Om misbruik te kunnen maken van dit beveiligingslek zijn adminrechten vereist. De kwetsbaarheid met kenmerk CVE-2024-20359 (Cisco) zou een geauthenticeerde, lokale kwaadwillende in staat kunnen stellen willekeurige code uit te voeren met root-rechten. Om misbruik te kunnen maken van dit beveiligingslek zijn adminrechten vereist. Wat kun je doen? Cisco heeft updates uitgebracht om de kwetsbaarheden in Adaptive Security Appliance (ASA) en Firepower Threat defense (FTD) te verhelpen. Ook heeft Cisco een beveiligingsadvies en blog gepubliceerd met daarin IOC's, malware detectie methoden en maatregelen om reeds gecompromitteerde systemen te herstellen en de getroffen systemen te upgraden. Extra informatie hierover is te vinden bij het Britse NCSC: Persistent webshell en In-memory shellcode loader. Als er binnen jouw bedrijf gebruik gemaakt wordt van Adaptive Security Appliance (ASA) en Firepower Threat defense (FTD), dan adviseert het Digital Trust Center (DTC) om zo spoedig mogelijk de beveiligingsupdates te (laten) installeren. Als je niet zeker weet of je gebruikmaakt van deze software, vraag dit dan na bij je IT-dienstverlener.
https://www.digitaltrustcenter.nl/nieuws/kritieke-kwetsbaarheden-in-cisco-asa-en-firepower-threat-defense-ftd
Veilig digitaal ondernemen Wil je als ondernemer of security verantwoordelijke meldingen van ernstige cyberdreigingen voor bedrijven in je mailbox ontvangen? Sluit je dan aan bij de DTC Community. Ter ondersteuning van ondernemers is er ook een breed palet aan cybersecurity informatie en een gereedschapskist met cybertools. Testen of je de basis al op orde hebt? Doe de CyberVeilig Check voor mkb en zzp.
https://www.digitaltrustcenter.nl/nieuws/actief-misbruik-kritieke-kwetsbaarheid-in-qlik-sense-server
Oude kwetsbaarheden in Qlik Sense servers zijn de afgelopen maanden actief misbruikt door een ransomwaregroepering. Onder de slachtoffers zijn enkele Nederlandse bedrijven die hun server niet bijtijds geüpdatet hebben. Dat heeft het samenwerkingsverband Melissa ontdekt. Het Digital Trust Center (DTC) heeft de afgelopen week bedrijven met een op het internet aangesloten Qlik Sense server genotificeerd. Het betreft kwetsbaarheden in Qlik Sense Enterprise die ongeauthenticeerde kwaadwillenden in staat stellen om het systeem waar Qlik Sense op is geïnstalleerd, over te nemen. Het Nationaal Cyber Security Centrum (NCSC) heeft de inschaling van deze kwetsbaarheden verhoogd naar ‘High-High’. Dit betekent dat zowel de kans op misbruik, als de mogelijke schade groot is. Wat is het risico? Het gaat binnen dit advies om drie kwetsbaarheden die bekend zijn met de volgende kenmerken: CVE-2023-41265, CVE-2023-41266, CVE-2023-48365. Deze kwetsbaarheden worden volgens securityonderzoekers van Arctic Wolf - direct of via een combinatie - misbruikt om systemen te besmetten met ransomware. Zodra toegang is verkregen, downloaden aanvallers aanvullende tools zoals AnyDesk en Plink en wijzigen ze het beheerderswachtwoord. Vervolgens wordt van het remote desktop protocol (RDP) gebruik gemaakt om door het netwerk te bewegen en de ransomware uit te rollen. Het gaat bij deze kwetsbaarheid om een specifieke vorm van ransomware die de naam 'Cactus' draagt. Eerder deze maand werd een Nederlandse leverancier van schoolboeken en digitaal lesmateriaal ook getroffen door deze vorm van ransomware. Wat kun je doen? Er zijn al enige tijd updates beschikbaar voor de gemelde kwetsbaarheden. Het DTC adviseert om deze beveiligingsupdates zo snel mogelijk te (laten) installeren. Neem contact op met je IT-dienstverlener als je niet zeker weet of je gebruik maakt van een kwetsbare versie van Qlik Sense. Voor meer informatie heeft Qlik een informatiepagina's beschikbaar gesteld: CVE-2023-41265 en CVE-2023-41266 CVE-2023-48365 Qlik-software kan worden gedownload vanaf de Qlik Download-pagina. Hiervoor is een login vereist.
https://www.digitaltrustcenter.nl/nieuws/actief-misbruik-kritieke-kwetsbaarheid-in-qlik-sense-server
Bereid je voor op NIS2 De NIS2-Quickscan is een zelfscan voor organisaties die straks onder aan de NIS2-regels vallen en willen weten hoe zij zich kunnen voorbereiden. Deze scan is met name bedoeld voor IT- en cybersecurity-specialisten en -verantwoordelijken binnen organisaties. De scan biedt ook handelingsperspectief: per thema worden technische of organisatorische maatregelen voorgesteld die helpen bij het voorbereiden op de NIS2. Vragen over de NIS2? Op het online securityplatform DTC Community delen ruim 4.000 professionals en ondernemers kennis hierover uit. Meld je ook aan.
https://www.digitaltrustcenter.nl/nieuws/samenwerkingsverband-melissa-vindt-diverse-nederlandse-slachtoffers-van-ransomwaregroepering
Uit gezamenlijk onderzoek van cybersecuritybedrijven Fox-IT, Northwave en Responders, in het kader van project Melissa, zijn Nederlandse slachtoffers geïdentificeerd van de ransomwaregroepering ‘Cactus'. Project Melissa is een samenwerking tussen het Openbaar Ministerie (OM), de politie, het Nationaal Cyber Security Centrum (NCSC), Cyberveilig Nederland en diverse cybersecuritybedrijven. Ransomwaregroep ‘Cactus’ Sinds eind 2023 zijn wereldwijd verschillende aanvallen van Cactus bekend. Omdat vanuit het samenwerkingsverband Melissa maandelijks ransomwarestatistieken onderling worden gedeeld, is gebleken dat er minimaal tien Nederlandse organisaties slachtoffer zijn van Cactus. Dit betreft de periode tot en met maart 2024. Om meer slachtoffers te voorkomen hebben de cybersecuritybedrijven Fox-IT, Northwave en Responders hun (technische) informatie in de vorm van ‘Indicators of Compromise’ (IOC’s) in april met elkaar gedeeld. Een IOC is een stukje informatie dat wijst op een mogelijke inbreuk op de beveiliging of een cyberaanval. Uit een gezamenlijke analyse waarbij ook securitybedrijf ESET Nederland werd betrokken, bleek dat de slachtoffers op steeds dezelfde manier werden aangevallen (gecompromitteerd). Een Qlik Sense-server, als onderdeel van de IT-omgeving, bleek bij alle slachtoffers niet te zijn voorzien van de laatste software-versie. Zo kon deze gebruikt worden door Cactus om ongeoorloofd binnen te dringen in de IT-omgeving van de slachtoffers. Het verkrijgen van toegang is een belangrijke eerste stap voor de uitvoering van een geslaagde ransomware-aanval. Identificatie en notificatie Nederlandse organisaties Fox-IT heeft vervolgens door middel van 'fingerprinting' geïdentificeerd welke servers kwetsbaar, of mogelijk al misbruikt zijn door Cactus, en vervolgens hierop het internet gescand. De resultaten hiervan zijn gedeeld met het Dutch Institute for Vulneability Disclosure (DIVD), het NCSC en het Digital Trust Center (DTC). Hierop zijn door het DTC de Nederlandse bedrijven op de hoogte gebracht, zodat ze (tegen)maatregelen konden nemen om deze kwetsbaarheid te verhelpen. Door het zo snel mogelijk bijwerken van de Qlik Sense-server is het voor de cybercriminelen niet meer mogelijk om het netwerk van het potentiële slachtoffer binnen te dringen, waardoor een ransomware-aanval kan worden voorkomen. Daarnaast zijn verschillende buitenlandse Computer Security Incident Response Teams (CSIRTs) door DIVD geïnformeerd en buitenlandse politiediensten door de Nederlandse politie over de kwetsbare servers en de bijbehorende IP-adressen. Zij kunnen op hun beurt organisaties informeren om de kwetsbaarheid zo snel mogelijk te verhelpen. Onderzoek vanuit Melissa wijst uit dat er wereldwijd zo’n 5.200 Qlik Sense-servers te benaderen zijn via het internet, waarvan er meer dan 3.100 kwetsbaar zijn. De samenwerking heeft dus in potentie maximaal 3.100 slachtoffers van ransomwaregroepering Cactus helpen voorkomen. Van de 3.100 kwetsbare servers zijn er wereldwijd al 122 uitgebuit (door aannemelijk Cactus), waarvan ook verschillende in Nederland. “Deze ontdekking onderschrijft het belang van het goed samenwerken in het cybersecuritydomein. Het onderling vertrouwen door initiatieven zoals project Melissa is zeer significant toegenomen, waardoor het beter dan ooit mogelijk is die gezamenlijke vuist tegen cybercriminaliteit te vormen.”, aldus forensisch IT-expert Willem Zeeman van Fox-IT. …
https://www.digitaltrustcenter.nl/nieuws/samenwerkingsverband-melissa-vindt-diverse-nederlandse-slachtoffers-van-ransomwaregroepering
Bereid je voor op NIS2 De NIS2-Quickscan is een zelfscan voor organisaties die straks onder aan de NIS2-regels vallen en willen weten hoe zij zich kunnen voorbereiden. Deze scan is met name bedoeld voor IT- en cybersecurity-specialisten en -verantwoordelijken binnen organisaties. De scan biedt ook handelingsperspectief: per thema worden technische of organisatorische maatregelen voorgesteld die helpen bij het voorbereiden op de NIS2. Vragen over de NIS2? Op het online securityplatform DTC Community delen ruim 4.000 professionals en ondernemers kennis hierover uit. Meld je ook aan.
https://www.digitaltrustcenter.nl/nieuws/voorkom-supply-chain-aanvallen-door-de-keteninventarisatie
wid.cert-bund.de
Fri, 03 May 2024 11:03:39 GMTEin Angreifer kann mehrere Schwachstellen in Oracle Linux ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0181
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Zustand herbeizuführen und um potenziell seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0761
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1503
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1799
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1862
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2253
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2307
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2649
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2643
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2692
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2810
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3112
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0002
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0177
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0195
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand herbeizuführen oder beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0232
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0345
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0473
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0475
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0488
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0511
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Zustand zu verursachen und einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0527
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0521
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0534
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0549
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0559
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0561
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0594
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0632
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0654
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um beliebigen Programmcode auszuführen und Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0661
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0690
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um Dateien zu manipulieren, unbekannte Effekte zu verursachen oder einen Denial-of-Service-Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0722
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0731
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0741
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service oder einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0749
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0773
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0851
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NetApp ActiveIQ Unified Manager ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0861
Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux in "shim" ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0903
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0920
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder sonstige Auswirkungen zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1008
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Anwendungen, die QT verwenden ausnutzen, um Dateien zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1015
Ein authentisierter Angreifer kann eine Schwachstelle in JFrog Artifactory ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1021
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in bluez ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1020
Ein entfernter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen oder um Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1019
Ein Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code im Kontext des Dienstes auszuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1018
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1011
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1017
Ein lokaler Angreifer kann eine Schwachstelle in WildFly Application Server ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1016
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes oder mit administrative Privilegien auszuführen oder einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1478
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um Informationen offenzulegen und seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1206
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder TCP Verbindungen zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1154
Ein Angreifer kann eine Schwachstelle in PHP ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0695
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1011
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1796
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Java ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1930
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0121
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Red Hat Advanced Cluster Management for Kubernetes ausnutzen, um einen Denial of Service Angriff durchzuführen oder beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0158
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0280
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Podman ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0751
Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0789
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0867
Ein Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0926
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Veritas NetBackup ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1001
Ein Angreifer kann mehrere Schwachstellen in ZScaler Client Connector ausnutzen, um Dateien zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1014
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2887
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe Acrobat, Adobe Acrobat Reader, Adobe Acrobat DC und Adobe Acrobat Reader DC ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0382
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0393
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Cisco IP Phone ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder um Anrufe zu initiieren oder Töne auf dem Gerät abzuspielen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1013
Ein anonymer Angreifer kann mehrere Schwachstellen in pgAdmin ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten oder Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1012
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1010
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FRRouting Project FRRouting ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1009
Ein lokaler Angreifer kann eine Schwachstelle in Hashicorp Vault ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1007
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1006
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen und um einen Denial-of-Service-Zustand zu erzeugen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1005
Ein entfernter Angreifer kann mehrere Schwachstellen in SonicWall GMS ausnutzen, um Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1004
Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, Cross-Site Scripting (XSS)-Angriffe durchzuführen oder einen Men-in-the-Middle-Angriff auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1003
Ein lokaler Angreifer kann mehrere Schwachstellen in Broadcom Fabric OS ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1002
Ein lokaler Angreifer kann eine Schwachstelle in ZScaler Client Connector ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1000
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Hitachi Energy RTU500 ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0999
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in ZScaler Client Connector ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0998
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Tinyproxy ausnutzen, um beliebigen Programmcode auszuführen und um vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0997
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der SCP Komponente mehrerer Produkte ausnutzen um Daten offenzulegen und zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1995
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um die Integrität und die Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0941
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trustwave ModSecurity ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1578
Ein Angreifer kann mehrere Schwachstellen in expat ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0062
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1664
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder weitere, nicht spezifizierte Auswirkungen zu erzielen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1823
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2152
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen Informationen offenzulegen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0157
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trustwave ModSecurity ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0188
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen oder Daten zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0328
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0732
Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0782
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ntp ausnutzen, um nicht näher definierte Auswirkungen zu erreichen. Die Ausnutzung erfordert eine bestimmte Konfiguration und ggf. das Mitwirken eines Administrators, beispielsweise durch Social Engineering.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1033
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1085
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Python ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1097
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1131
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1197
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen und um Sicherheitsmechanismen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1237
Ein entfernter, anonymer Angreifer kann eine Schwachstelle im IBM HTTP Server ausnutzen, um kryptografische Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1302
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1323
Ein Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um die Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1760
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1794
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1833
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational Business Developer ausnutzen, um die Integrität und Verfügbarkeit zu gefährden
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1846
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1926
Ein lokaler Angreifer kann mehrere Schwachstellen in Broadcom Brocade Switch ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, ein Cross-Site-Scripting-Angriff durchzuführen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1937
Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessoren ausnutzen, um beliebigen Programmcode auszuführen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2001
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel PROSet Wireless WiFi Software ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2013
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2054
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2192
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in HPE Fabric OS ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2234
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2284
Ein lokaler Angreifer kann eine Schwachstelle in shadow ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2357
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2544
Ein Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um einen nicht näher spezifizierten Angriff zu starten.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2570
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2618
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2628
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2690
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2741
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2746
Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen oder beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2853
Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2916
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GnuTLS ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2978
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3020
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3060
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3069
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3087
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3172
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service zu verursachen, Code auszuführen oder um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3181
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3201
Ein lokaler Angreifer kann eine Schwachstelle in Python "pip" ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3228
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0006
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0014
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0017
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0086
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0119
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GnuTLS ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0131
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0136
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0163
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0182
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0260
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0266
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in expat ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0278
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0344
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0386
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PostgreSQL JDBC Driver ausnutzen, um eine SQL-Injection durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0424
Ein lokaler Angreifer kann eine Schwachstelle in less ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0434
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0486
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0482
Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0518
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um beliebigen Code auszuführen oder um Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0560
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0585
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0591
Ein lokaler Angreifer kann eine Schwachstelle in libvirt ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0593
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen und Informationen falsch darzustellen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0612
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessor ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0615
Ein Angreifer kann mehrere Schwachstellen in GnuTLS ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0686
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift, Red Hat Ansible Automation Platform und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0681
Ein Angreifer kann mehrere Schwachstellen in Python ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0687
Ein lokaler Angreifer kann eine Schwachstelle in libvirt ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0692
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0721
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im X.Org X Server und in Xming ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0778
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FRRouting Project FRRouting ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0806
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um eine laufende Instanz zu manipulieren, Informationen offenzulegen oder einen Denial-of-Service auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0844
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen und weitere, nicht spezifizierte Auswirkungen zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0846
Ein lokaler Angreifer kann eine Schwachstelle in ffmpeg ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0856
Ein Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0894
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0912
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux (pcs) ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0911
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0909
Ein Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0923
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0930
Ein Angreifer kann mehrere Schwachstellen in ffmpeg ausnutzen, um beliebigen Code auszuführen oder einen 'Denial of Service'-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0939
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in Libreswan ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0950
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0962
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0970
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1514
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2187
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen oder Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2193
Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Code auszuführen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2280
Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2749
Ein Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2838
Ein entfernter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht näher spezifizierten Angriff zu starten.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2862
Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3038
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3059
Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 und Xming ausnutzen, um seine Privilegien zu erhöhen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3131
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3169
Ein Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0034
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0093
Ein Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0127
Ein Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0181
Ein entfernter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen oder sensible Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0218
Ein lokaler Angreifer kann eine Schwachstelle in libvirt ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0645
Ein Angreifer kann mehrere Schwachstellen in GNU Emacs ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0708
Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0995
Ein lokaler Angreifer kann mehrere Schwachstellen in Acronis Cyber Protect ausnutzen, um Informationen offenzulegen, sensible Daten zu ändern und um seine Berechtigungen zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0996
Ein lokaler Angreifer kann mehrere Schwachstellen im Bluetooth Standard ausnutzen, um Dateien zu manipulieren oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1813
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Dateien zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0879
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen und einen Denial of Service Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1257
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2176
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in binutils ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0728
Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0748
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0788
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1062
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FRRouting Project FRRouting ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1181
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GStreamer ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1522
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1662
Ein lokaler oder entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und eine nicht spezifizierte Auswirkung zu erzielen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1680
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Informationen offenzulegen und einen Denial of Service Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1686
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1731
Ein entfernter Angreifer kann eine Schwachstelle in systemd ausnutzen, um Dateien zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1751
Ein Angreifer kann mehrere Schwachstellen in libsndfile ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1906
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1957
Ein Angreifer kann mehrere Schwachstellen im Intel Ethernet Controller ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder seine Privilegien zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2000
Ein Angreifer kann diese Schwachstellen in avahi ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2023
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FRRouting Project FRRouting ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2196
Ein Angreifer kann eine Schwachstelle in FRRouting Project FRRouting ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2263
Ein Angreifer kann mehrere Schwachstellen in mutt ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2299
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2302
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GStreamer ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2401
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2503
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2530
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2525
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2553
Ein lokaler Angreifer kann mehrere Schwachstellen in Grub2 ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2552
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational ClearQuest ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2550
Ein lokaler Angreifer kann mehrere Schwachstellen in avahi ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2589
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel und Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2598
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2712
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FRRouting ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2748
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2770
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2799
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um Informationen offenzulegen, seine Privilegien zu erweitern oder einen Denial-of-Service-Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2864
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2953
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und seine Berechtigungen zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2950
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in der Bluetooth Spezifikation ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3043
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3090
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in QT ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3214
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3223
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um beliebigen Code auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0015
Ein lokaler Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0050
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0072
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0079
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0097
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der EDK2 NetworkPkg IP stack implementation ausnutzen, um beliebigen Programmcode auszuführen, vertrauliche Informationen offenzulegen und einen Denial of Service Zustand auszulösen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0126
cert.ssi.gouv.fr
Fri, 03 May 2024 11:31:22 +0000De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0366/
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0365/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0364/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0363/
De multiples vulnérabilités ont été découvertes dans le greffon Media Streaming de Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0362/
De multiples vulnérabilités ont été découvertes dans PostgreSQL pgAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0361/
De multiples vulnérabilités ont été découvertes dans SonicWall GMS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0360/
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0359/
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0358/
De multiples vulnérabilités ont été découvertes dans Cisco IP Phone. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0357/
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0356/
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0355/
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0354/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0353/
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0352/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une élévation de privilèges et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0351/
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0350/
Une vulnérabilité a été découverte dans les produits Belden. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité..
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0349/
Une vulnérabilité a été découverte dans les produits MongoDB. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0348/
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance. Cisco indique que les vulnérabilités CVE-2024-20353 et CVE-2024-20359 …
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0347/
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0346/
Une preuve de concept a été publiée affectant l'agent Cortex XDR de Palo Alto Networks. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0345/
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0344/
De multiples vulnérabilités ont été découvertes dans les produits Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0343/
De multiples vulnérabilités ont été découvertes dans NagiosXI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à l'intégrité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0342/
De multiples vulnérabilités ont été découvertes dans Synacor Zimbra Collaboration. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS)
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0341/
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0340/
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0339/
Une vulnérabilité a été découverte dans Siemens RUGGEDCOM APE1808. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0338/
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0337/
De multiples vulnérabilités ont été découvertes dans les produits OwnCloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0336/
Une vulnérabilité a été découverte dans SolarWinds Platform. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0335/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0334/
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une élévation de privilèges.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0333/
De multiples vulnérabilités ont été découvertes dans les produits Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0332/
De multiples vulnérabilités ont été découvertes dans SolarWinds Platform. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0331/
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0330/
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de …
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0329/
Une vulnérabilité a été découverte dans Citrix uberAgent. Elle permet à un attaquant de provoquer une élévation de privilèges.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0328/
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0327/
CISA.gov (US)
Thu, 02 May 24 12:00:00 +0000Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector. Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently, CISA has listed 55 directory traversal vulnerabilities in our Known Exploited Vulnerabilities (KEV) catalog. Approaches to avoid directory traversal vulnerabilities are known, yet threat actors continue to exploit these vulnerabilities which have impacted the operation of critical services, including hospital and school operations. CISA and the FBI urge software manufacturer executives to require their organizations to conduct formal testing to determine their products’ susceptibility to directory traversal vulnerabilities. For more information on recommended principles and best practices to achieve this goal, visit CISA’s Secure by Design page. To catch up on the publications in this series, visit Secure by Design Alerts.
https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-and-fbi-release-secure-design-alert-urge-manufacturers-eliminate-directory-traversal
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected: DIAEnergie: Versions v1.10.00.005 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89 Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. CVE-2024-34031 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-34031. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89 Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed. CVE-2024-34032 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-34032. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. CVE-2024-34033 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-34033. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Michael Heinzl reported these vulnerabilities to CISA. 4. MITIGATIONS Delta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. 5. UPDATE HISTORY May 02, 2024: Initial Publication
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02
CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-123-01 CyberPower PowerPanel ICSA-24-123-02 Delta Electronics DIAEnergie ICSA-24-067-01 Chirp Systems Chirp Access (Update C) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-releases-three-industrial-control-systems-advisories
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a Recoverable Format, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Use of Hard-coded Cryptographic Key, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, writing arbitrary files to the server and achieving code execution, gaining access to services with the privileges of a PowerPanel application, gaining access to the testing or production server, learning passwords and authenticating with user or administrator privileges, injecting SQL syntax, writing arbitrary files to the system, executing remote code, impersonating any client in the system and sending malicious data, or obtaining data from throughout the system after gaining access to any device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerPanel, a business management software, are affected: PowerPanel: 4.9.0 and prior 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED PASSWORD CWE-259 The application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges. CVE-2024-34025 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 USE OF HARD-CODED PASSWORD CWE-259 The application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. CVE-2024-34025 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.3 RELATIVE PATH TRAVERSAL CWE-23 A specially crafted Zip file containing path traversal characters can be imported to the server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. CVE-2024-33615 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.4 USE OF HARD-CODED CREDENTIALS CWE-798 Hard-coded credentials are used by the platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel application. CVE-2024-32053 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.5 ACTIVE DEBUG CODE CWE-489 Hard-coded credentials for the test server can be found in the production code. This might result in an attacker gaining access to the testing or production server. CVE-2024-32047 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.6 STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257 The key used to encrypt passwords stored in the database can be found in the application code, allowing the passwords to be recovered. CVE-2024-32042 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 3.2.7 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 An attacker with certain MQTT permissions can create malicious messages to all Power Panel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code. CVE-2024-31856 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.8 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321 The devices Power Panel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data. CVE-2024-31410 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). 3.2.9 IMPROPER AUTHORIZATION CWE-285 Certain MQTT wildcards are not blocked on the system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. CVE-2024-31409 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA. 4. MITIGATIONS CyberPower has released a new version of PowerPanel that fixes these vulnerabilities: PowerPanel Business: Update to v4.10.1 or later version CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. 5. UPDATE HISTORY May 02, 2024: Initial Publication
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors. The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects. However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments. CISA and partners encourage OT operators in critical infrastructure sectors to apply the recommendations listed in the fact sheet to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-and-partners-release-fact-sheet-defending-ot-operations-against-ongoing-pro-russia-hacktivist
CERT Coordination Center (CERT/CC) has released information on a vulnerability in R programming language implementations (CVE-2024-27322). A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply the necessary updates: CERT/CC VU#23819 Hidden Layer Blog: R-Bitrary Code Execution--Vulnerability in R’s Deserialization Comprehensive R Archive Network
https://www.cisa.gov/news-events/alerts/2024/05/01/certcc-reports-r-programming-language-vulnerability
CISA released three Industrial Control Systems (ICS) advisories on April 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-121-01 Delta Electronics CNCSoft-G2 DOPSoft ICSA-24-016-01 SEW-EURODRIVE MOVITOOLS MotionStudio (Update A) ICSA-24-109-01 Unitronics Vision Legacy Series (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-releases-three-industrial-control-systems-advisories
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 DOPSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected: CNCSoft-G2: Versions 2.0.0.5 (with DOPSoft v5.0.0.93) and prior 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. CVE-2024-4192 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ). A CVSS v4 score has also been calculated for CVE-2024-4192. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Natnael Samson working with Trend Micro Zero Day Initiative reported this vulnerability to CISA. 4. MITIGATIONS Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.4 or later. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. 5. UPDATE HISTORY April 30, 2024: Initial Publication
https://www.cisa.gov/news-events/ics-advisories/icsa-24-121-01
ncsc.gov.uk
Wed, 01 May 2024 06:40:44 GMTChris P explains how AMS will enable high-threat organisations to stay connected ‘on the go'.
https://www.ncsc.gov.uk/blog-post/advanced-mobile-solutions-update
How to disrupt email phishing attacks that target senior executives or budget holders.
https://www.ncsc.gov.uk/guidance/business-email-compromise-defending-your-organisation
Download the NCSC’s point-of-sale leaflet explaining how new PSTI regulation affects consumers and retailers.
https://www.ncsc.gov.uk/blog-post/smart-devices-law
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
For large, complex firms struggling with the prescriptiveness of Cyber Essentials, ‘Pathways’ will provide a new route to certification.
https://www.ncsc.gov.uk/blog-post/pathways-achieve-cyber-essentials-certification
Many everyday items are now connected to the internet: we explain how to use them safely.
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Listen to all five episodes now, covering a wide range of cyber security topics.
https://www.ncsc.gov.uk/blog-post/cyber-series-podcast
NCSC publishes new report on criminal online activity.
https://www.ncsc.gov.uk/blog-post/ever-wondered-how-cyber-crime-gang-operates
How our Office 365 advisory and new security guidance from Microsoft can help protect your cloud services.
https://www.ncsc.gov.uk/blog-post/securing-office-365-with-better-configuration
Latest version of the CAF reflects the increased threat to critical national infrastructure
https://www.ncsc.gov.uk/blog-post/cyber-assessment-framework-3-2
Key talks from the UK government’s flagship cyber security event will be livestreamed from Birmingham’s ICC.
https://www.ncsc.gov.uk/blog-post/watch-cyberuk2024-plenaries
Guidance to help CEOs in public and private sector organisations manage a cyber incident.
https://www.ncsc.gov.uk/guidance/ceos-responding-cyber-incidents
Tips to help you secure and reduce interactive access to your cloud infrastructure.
https://www.ncsc.gov.uk/blog-post/interactive-administration-cloud-managing-risk
A step by step guide to recovering online accounts.
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
How setting up 2SV can help protect your online accounts, even if your password is stolen.
https://www.ncsc.gov.uk/guidance/setting-2-step-verification-2sv
Use privacy settings across social media platforms to manage your digital footprint.
https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
New online learning helps small organisations get to grips with cyber security.
https://www.ncsc.gov.uk/blog-post/training-for-small-organisations-and-charities-now-available
The NCSC’s e-learning package 'Top Tips For Staff' can be completed online, or built into your own training platform.
https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
How the funded Cyber Essentials Programme helped the ‘Law Centres Network’ protect its IT estate - and client data - from cyber attacks.
https://www.ncsc.gov.uk/blog-post/funded-cyber-essentials-help-small-charities
If migrating SCADA solutions to the cloud, cyber security must be a key consideration for operational technology organisations.
https://www.ncsc.gov.uk/blog-post/scada-cloud-new-guidance-ot-organisations
How to protect your backups that are stored in the public cloud.
https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks.
https://www.ncsc.gov.uk/blog-post/cyes-protect-customers
A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’.
https://www.ncsc.gov.uk/blog-post/new-connected-places-infographic-published
As attackers' tactics change, so must network defenders'.
https://www.ncsc.gov.uk/blog-post/products-on-your-perimeter
A new paper from the ONCD explores how metrics can influence markets to improve the cyber security ecosystem.
https://www.ncsc.gov.uk/blog-post/market-incentive-the-pursuit-for-resilient-software-hardware
As cyber threats evolve, boards must remain vigilant in cyber security governance.
https://www.ncsc.gov.uk/blog-post/cyber-security-governance-the-role-of-the-board
The ‘NCSC for Startups’ alumnus giving identity verification the 'Trust Stamp'
https://www.ncsc.gov.uk/blog-post/revolutionising-identity-services-using-ai
Why small organisations need to manage their private branch exchange (PBX) telephone networks.
https://www.ncsc.gov.uk/blog-post/protecting-pbx-from-cyber-attacks
Protecting your organisation’s telephony systems from cyber attacks and telecoms fraud.
https://www.ncsc.gov.uk/guidance/private-branch-exchange-best-practice
The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it.
https://www.ncsc.gov.uk/blog-post/cyber-proliferation-threat-conference
Understanding the risks - and benefits - of using AI tools.
https://www.ncsc.gov.uk/guidance/ai-and-cyber-security-what-you-need-to-know
New NCSC guidance describes how organisations can make the most of containerisation.
https://www.ncsc.gov.uk/blog-post/unleashing-the-power-of-cloud-with-containerisation
How safe is it to scan that QR code in the pub? Or in that email?
https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk
How to defend your organisation from email phishing attacks.
https://www.ncsc.gov.uk/guidance/phishing
Advice and recommendations for mitigating this type of insider behaviour.
https://www.ncsc.gov.uk/guidance/reducing-data-exfiltration-by-malicious-insiders
An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.
https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat
CounterCraft's co-founder, Dan Brett, explains how they turn the tables so that social engineering can be used to protect organisations from attackers.
https://www.ncsc.gov.uk/blog-post/playing-cyber-criminals-own-game
Can an equivalent cyber security standard deliver the same outcomes as the NCSC’s Cyber Essentials scheme?
https://www.ncsc.gov.uk/blog-post/cyber-essentials-are-there-any-alternative-standards
Ollie Whitehouse, the NCSC’s new Chief Technology Officer, outlines the cyber security challenges he’ll be prioritising.
https://www.ncsc.gov.uk/blog-post/landing-at-the-ncsc-glad-i-brought-my-towel
How to set up online (or 'cloud') services so they're protected against common cyber attacks.
https://www.ncsc.gov.uk/blog-post/using-online-services-safely
Detect and prevent malicious software and viruses on your computer or laptop.
https://www.ncsc.gov.uk/guidance/what-is-an-antivirus-product
Whilst not a password panacea, using 'three random words' is still better than enforcing arbitrary complexity requirements.
https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words
How to get the most from penetration testing
https://www.ncsc.gov.uk/guidance/penetration-testing
Why sanitisation is necessary, the risks to manage, and how to sanitise affordably.
https://www.ncsc.gov.uk/guidance/secure-sanitisation-storage-media
How to avoid malware sent using scam ‘missed parcel’ SMS messages, and what to do if your phone is already infected.
https://www.ncsc.gov.uk/guidance/scam-missed-parcel-sms-messages
How to erase the personal data from your phone, tablets, and other devices (and why it's important when you're buying and selling them).
https://www.ncsc.gov.uk/guidance/buying-selling-second-hand-devices
Introducing the next chapter of the NCSC research problem book, which aims to inspire research on the biggest impact topics in hardware cyber security.
https://www.ncsc.gov.uk/blog-post/introducing-hardware-security-problem-book
Both CIR Delivery Partners are now accepting enquiries and applications.
https://www.ncsc.gov.uk/blog-post/announcing-iasme-delivery-partner-cyber-incident-response-l2
Henry O discusses the pitfalls of performing a basic ‘lift and shift’ cloud migration.
https://www.ncsc.gov.uk/blog-post/new-cloud-guidance-lift-shift-successfully
New guidelines will help developers make informed decisions about the design, development, deployment and operation of their AI systems.
https://www.ncsc.gov.uk/blog-post/introducing-guidelines-secure-ai-system-development
The Cyber Advisor scheme has been gaining momentum since its launch six months ago – what happens next?
https://www.ncsc.gov.uk/blog-post/cyber-advisor-first-6-months
Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.
https://www.ncsc.gov.uk/blog-post/thanking-vulnerability-research-community-ncsc-challenge-coins
The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design - and hopes to encourage more cyber defenders to engage with international standards.
https://www.ncsc.gov.uk/blog-post/rfc-indicators-of-compromise-for-ietf
New guidance from the NCSC helps system and risk owners plan their migration to post-quantum cryptography (PQC).
https://www.ncsc.gov.uk/blog-post/migrating-to-post-quantum-cryptography-pqc
SMS and telephone guidance updated to address the rise in Artificial Inflation of Traffic (AIT).
https://www.ncsc.gov.uk/blog-post/ait-fraud-what-you-need-to-know
Trusted Research provides advice on how international collaboration and research can be undertaken securely
https://www.ncsc.gov.uk/blog-post/trusted-research
How to ensure your organisation's SMS and telephone messages are effective and trustworthy.
https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice
The US Cybersecurity and Infrastructure Security Agency have relaunched an updated version of LME.
https://www.ncsc.gov.uk/blog-post/logging-made-easy-with-cisa
The NCSC is retiring Logging Made Easy (LME). After 31 March 2023, we will no longer support LME, and the GitHub page will close shortly after.
https://www.ncsc.gov.uk/blog-post/ncsc-to-retire-logging-made-easy
Launching the first phase rollout of a protective DNS service for schools.
https://www.ncsc.gov.uk/blog-post/introducing-pdns-for-schools
Introducing a new set of NCSC principles to strengthen the resilience of organisations' cloud backups from ransomware attackers.
https://www.ncsc.gov.uk/blog-post/new-principles-make-cloud-backups-more-resilient
Helping to make cloud backups resistant to the effects of destructive ransomware.
https://www.ncsc.gov.uk/guidance/principles-for-ransomware-resistant-cloud-backups
How organisations can map their supply chain dependencies, so that risks in the supply chain can be better understood and managed.
https://www.ncsc.gov.uk/guidance/mapping-your-supply-chain
Why macros are a threat, and the approaches you can take to protect your systems.
https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office
NCSC publishes free e-learning to help organisations manage the cyber security risks across their supply chains.
https://www.ncsc.gov.uk/blog-post/new-cyber-security-training-packages-launched-to-manage-supply-chain-risk
A new collection of resources from the NCSC can help take your supply chain knowledge to the next level
https://www.ncsc.gov.uk/blog-post/mastering-your-supply-chain
How to ensure your devices are as secure as possible.
https://www.ncsc.gov.uk/guidance/securing-your-devices
How 'small but actionable' insights can improve behaviours and decision making.
https://www.ncsc.gov.uk/blog-post/data-driven-cyber-empowering-security-focused-insights
A new Cyber Incident Exercising scheme is now open for organisations to apply to be Assured Providers, with IASME and CREST as our delivery partners.
https://www.ncsc.gov.uk/blog-post/new-scheme-ready-cie-providers
A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.
https://www.ncsc.gov.uk/blog-post/cyberfirst-navigators-interactive-video-and-downloads-help-secondary-school-kids-stay-safe-online
The NCSC has published new cryptographic research on robust cryptography – we explain its significance and how the ideas could support research to inform future global standards.
https://www.ncsc.gov.uk/blog-post/building-on-our-history-cryptographic-research
Harry W introduces the NCSC's new Cyber Incident management (IM) guidance
https://www.ncsc.gov.uk/blog-post/getting-started-with-cyber-incident-management
A new white paper examines the rise of 'ransomware as a service' and extortion attacks.
https://www.ncsc.gov.uk/blog-post/ransomware-cyber-crime-ecosystem
Why established cyber security principles are still important when developing or implementing machine learning models.
https://www.ncsc.gov.uk/blog-post/thinking-about-security-ai-systems
Large Language Models are an exciting technology, but our understanding of them is still 'in beta'.
https://www.ncsc.gov.uk/blog-post/exercise-caution-building-off-llms
Introducing the new NCSC research problem book and find out how you can get involved.
https://www.ncsc.gov.uk/blog-post/problem-shared-problem-research-book
Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.
https://www.ncsc.gov.uk/guidance/vulnerability-scanning-tools-and-services
Do loose prompts* sink ships? Exploring the cyber security issues of ChatGPT and LLMs.
https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk
How to defend organisations against malware or ransomware attacks
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Cyber security considerations for organisations thinking about taking out cyber insurance.
https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance
Announcing CREST as our first delivery partner and the scheme's readiness for incident response providers to join.
https://www.ncsc.gov.uk/blog-post/expanding-the-scope-of-cyber-incident-response
Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal life.
https://www.ncsc.gov.uk/blog-post/how-cyberfish-s-founder-got-hooked-on-cheltenham
ThinkCyber's CEO Tim Ward reflects on the challenges that startups face when developing innovative products.
https://www.ncsc.gov.uk/blog-post/tackling-human-factor-transform-cyber-security-behaviours
Managing 'unknown assets' that are used within an organisation.
https://www.ncsc.gov.uk/guidance/shadow-it
New guidance to help organisations manage rogue devices and services within the enterprise.
https://www.ncsc.gov.uk/blog-post/spotlight-on-shadow-it
Key findings and full report from the 6th year of the Active Cyber Defence (ACD) programme.
https://www.ncsc.gov.uk/report/acd-the-sixth-year
How to make sure your organisation is prepared for home working.
https://www.ncsc.gov.uk/guidance/home-working
For environments that are secure by design, a 'full-fat SOC' is not always required.
https://www.ncsc.gov.uk/blog-post/soc-or-not
New ACD services developed to help protect SMEs from the harms caused by cyber attacks.
https://www.ncsc.gov.uk/blog-post/active-cyber-defence-6th-annual-report-available
Check that you're talking to a genuine NCSC employee, and not a criminal.
https://www.ncsc.gov.uk/guidance/how-to-spot-scammers-claiming-to-be-from-the-ncsc
Refreshed guidance published to help practitioners manage cyber risk.
https://www.ncsc.gov.uk/blog-post/new-techniques-added-to-the-ncsc-risk-management-toolbox
New NCSC report outlines the growing threat to the legal sector, with recommendations to improve cyber resilience.
https://www.ncsc.gov.uk/blog-post/threats-and-key-takeaways-for-the-legal-sector
An updated report from the NCSC explaining how UK law firms - of all sizes - can protect themselves from common cyber threats.
https://www.ncsc.gov.uk/report/cyber-threat-report-uk-legal-sector
New advice on implementing high-risk and ‘break-glass’ accesses in cloud services.
https://www.ncsc.gov.uk/blog-post/protecting-how-you-administer-cloud-services
Early Warning, one of the NCSC’s flagship ACD services, will be soon be migrated to the MyNCSC platform. Here we explain the background and what users can expect.
https://www.ncsc.gov.uk/blog-post/early-warning-is-joining-myncsc
Traced Mobile Security co-founder Benedict Jones describes how 'NCSC for Startups' helped evolve his business.
https://www.ncsc.gov.uk/blog-post/leveraging-ncsc-insight-fight-against-mobile-threats
Jamie H explains why ensuring a robust cloud configuration is a critical investment.
https://www.ncsc.gov.uk/blog-post/new-cloud-security-guidance-its-all-about-the-config
How cyber security start-up Trust Stamp capitalised on the CA programme.
https://www.ncsc.gov.uk/blog-post/a-cyber-accelerator-success-story
How to set up and use video conferencing services, such as Zoom and Skype, safely and securely
https://www.ncsc.gov.uk/guidance/video-conferencing-services-using-them-securely
Want security that works better for people? Make it accessible.
https://www.ncsc.gov.uk/blog-post/accessibility-as-a-cyber-security-priority
NCSC Deputy Director for Cyber Growth Chris Ensor explains how we have used the Cyber Security Body of Knowledge to build the early foundations for professional standards – and what it is we are building.
https://www.ncsc.gov.uk/blog-post/building-cyber-skills-and-roles-from-cybok-foundations
NCSC’s cyber security Board Toolkit draws on industry expertise in a major update to the guidance.
https://www.ncsc.gov.uk/blog-post/i100-and-ncsc-collaborate-on-refreshed-guidance-for-boards
Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner’s Office (ICO), reflect on why it’s so concerning when cyber attacks go unreported – and look at some of the misconceptions about how organisations respond to them.
https://www.ncsc.gov.uk/blog-post/why-more-transparency-around-cyber-attacks-is-a-good-thing-for-everyone
Advice in response to the increase in sextortion scams
https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself
Report informing readers about the threat to UK industry and society from commercial cyber tools and services.
https://www.ncsc.gov.uk/report/commercial-cyber-proliferation-assessment
Using data and scientific methods to make more evidence-based decisions about cyber security.
https://www.ncsc.gov.uk/blog-post/data-driven-cyber-transforming-cyber-security-through-an-evidence-based-approach
Catherine H reflects on how the changes to the refreshed Assured Cyber Security Consultancy scheme go deeper than just a new name - and welcomes two new consultancies to the scheme.
https://www.ncsc.gov.uk/blog-post/putting-the-consultancy-community-at-its-heart
Launching a new Industry Assurance scheme aimed at helping the UK’s small organisations.
https://www.ncsc.gov.uk/blog-post/introducing-cyber-advisors
Lindy Cameron, CEO, introduces changes to the NCSC’s cyber security resources specifically designed for board members.
https://www.ncsc.gov.uk/blog-post/refreshed-toolkit-helps-board-members-to-govern-cyber-risk
What the UK Cyber Security Council's Chartership programme means for the CCP scheme and the organisations who use CCP for recruitment and development.
https://www.ncsc.gov.uk/blog-post/the-new-route-for-cyber-security-professional-recognition
Why it's important to protect the interfaces used to manage your infrastructure, and some recommendations on how you might do this.
https://www.ncsc.gov.uk/blog-post/protect-your-management-interfaces
Guidance for preventing lateral movement in enterprise networks.
https://www.ncsc.gov.uk/guidance/preventing-lateral-movement
Reflecting on the choices available for 2-step verification and reiterating the NCSC guidance.
https://www.ncsc.gov.uk/blog-post/what-if-a-service-changes-your-2-step-verification-options
Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can't implement the zero trust principles.
https://www.ncsc.gov.uk/guidance/zero-trust-building-a-mixed-estate
In our third blog about migrating to a zero trust architecture, we consider the security properties of an Always On VPN, and the factors to consider when deciding if you no longer need one.
https://www.ncsc.gov.uk/blog-post/zero-trust-migration-how-will-i-know-if-i-can-remove-my-vpn
The latest addition to the NCSC’s suite of supply chain guidance is now available.
https://www.ncsc.gov.uk/blog-post/new-supply-chain-mapping-guidance
Guidance describes practical steps to help organisations assess cyber security in their supply chains.
https://www.ncsc.gov.uk/blog-post/supply-chain-cyber-security-new-guidance-from-the-ncsc
Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation
https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations
Andrew Roughan, CEO of the NCSC’s innovation partner Plexal, explains why a whole-of-society approach is vital for cyber security innovation.
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-an-ecosystem-based-approach-to-cyber-security
New report outlines the growing threat that charities face, and how they can become resilient to cyber attacks.
https://www.ncsc.gov.uk/blog-post/phishing-and-ransomware-amongst-biggest-threats-to-charity-sector
Security questions to ask your IT service providers during the coronavirus lockdown
https://www.ncsc.gov.uk/guidance/moving-business-from-physical-to-digital
Awareness and training programmes help schools prepare for cyber attacks.
https://www.ncsc.gov.uk/blog-post/uk-schools-build-cyber-resilience
The Industry 100 scheme is just one of the NCSC's initiatives that encourage women to work in cyber security.
https://www.ncsc.gov.uk/blog-post/industry-100-women-can-do-it
Andrew A explains what you must check before giving Managed Service Providers (MSPs) the keys to your kingdom.
https://www.ncsc.gov.uk/blog-post/using-msps-to-administer-your-cloud-services
Useful tips and resources for people using personal IT to work from home.
https://www.ncsc.gov.uk/blog-post/secure-home-working-personal-it
Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing.
https://www.ncsc.gov.uk/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-working
Richard C explains how an understanding of vulnerabilities - and their exploitation - informs how the NCSC assesses the security of computer systems.
https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture
An update on the work to make Principles Based Assurance (PBA) usable in practice.
https://www.ncsc.gov.uk/blog-post/making-principles-based-assurance-a-reality
Nick B explains how a new code of practice will protect consumers from malicious actors and vulnerable apps
https://www.ncsc.gov.uk/blog-post/code-of-practice-for-app-store-operators-and-developers
Explaining the forthcoming NCSC Technology Assurance Principles.
https://www.ncsc.gov.uk/blog-post/principles-and-how-they-can-help-us-with-assurance
Vicky Brock of Vistalworks describes how the 'NCSC For Startups' programme has helped her organisation develop solutions to tackle illicit online trade.
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-vistalworks-cracking-down-on-illicit-trade
Guidance for staff responsible for managing a cyber incident response within their organisation.
https://www.ncsc.gov.uk/guidance/putting-staff-welfare-at-the-heart-of-incident-response
How to shop safely online.
https://www.ncsc.gov.uk/guidance/shopping-online-securely
We speak to Charlene Hunter, CEO of Coding Black Females, about how she got into the industry and why a range of backgrounds is so important to cyber security.
https://www.ncsc.gov.uk/blog-post/cyberfirst-girls-falling-into-coding
We speak to Anna Brailsford, CEO of Code First Girls, about her path into the industry and why she thinks now is the best time for women to consider a career in cyber security.
https://www.ncsc.gov.uk/blog-post/cyberfirst-girls-from-top-gun-to-tech
Making sure you minimise your cloud provider’s access to your data.
https://www.ncsc.gov.uk/blog-post/personnel-security-in-the-cloud
We're inviting all security professionals to share their expertise with delegates at next year's CYBERUK.
https://www.ncsc.gov.uk/blog-post/cyberuk-2023-technical-masterclass-call
Ian Levy explains how the NCSC's new internet scanning capability will help us understand the UK's vulnerability to cyber attack.
https://www.ncsc.gov.uk/blog-post/scanning-the-internet-for-fun-and-profit
Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.
https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits
Implementing asset management for good cyber security.
https://www.ncsc.gov.uk/guidance/asset-management
Free service helps thousands of organisations spot suspicious activity on their networks and a new feature will now help users even more.
https://www.ncsc.gov.uk/blog-post/early-warning-whats-new-and-whats-in-it-for-you
Anne W takes stock of where we are following the changes to Cyber Essentials in early 2022, discussing some of the feedback received and clarifying some common misconceptions.
https://www.ncsc.gov.uk/blog-post/reviewing-the-cyber-essentials-update-2022
The CISP team provides some background on where things have got to on the project to deliver the new version of CISP and what we can expect to see in the future.
https://www.ncsc.gov.uk/blog-post/whats-been-happening-with-cisp-then
Sara Ward, the CEO of Black Country Women's Aid, discusses her organisation's experience of gaining Cyber Essentials Plus certification.
https://www.ncsc.gov.uk/blog-post/cyber-essentials-plus-is-for-charities-too
Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector.
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-the-case-for-collaboration
Chris Wallis, CEO of Intruder, explains how completing the NCSC's Startup Programme was a turning point for his organisation.
https://www.ncsc.gov.uk/blog-post/winning-trust-and-making-powerful-connections
Recommended authentication models for organisations looking to move 'beyond passwords'.
https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.
https://www.ncsc.gov.uk/report/diversity-and-inclusion-in-cyber-security-report
New guidance to protect your brand from being exploited online, and to help you choose alternate authentication models.
https://www.ncsc.gov.uk/blog-post/protect-your-customers-to-protect-your-brand
How to protect your brand from being exploited online.
https://www.ncsc.gov.uk/guidance/takedown-removing-malicious-content-to-protect-your-brand
Why the security of artificial intelligence (AI) and machine learning (ML) is important, how it's different to standard cyber security, and why the NCSC has developed specific security principles.
https://www.ncsc.gov.uk/blog-post/introducing-our-new-machine-learning-security-principles
By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’.
https://www.ncsc.gov.uk/blog-post/the-security-benefits-of-modern-collaboration-in-the-cloud
New guidance for businesses of all sizes planning to take part in Joint Ventures.
https://www.ncsc.gov.uk/blog-post/information-security-best-practice-for-the-construction-sector
To reduce data breaches from cloud services, seek out providers who ensure functionality is ‘secure by default’
https://www.ncsc.gov.uk/blog-post/securing-the-cloud-by-design-and-by-default
How to protect 'smart' security cameras and baby monitors from cyber attack.
https://www.ncsc.gov.uk/guidance/smart-security-cameras-using-them-safely-in-your-home
How password deny lists can help your users to make sensible password choices.
https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere
The NCSC launches its first guidance for charities, helping them to protect their valuable data - quickly, easily and at low cost.
https://www.ncsc.gov.uk/blog-post/were-trying-cure-cancer-why-would-anyone-attack-us
Why striving for better (rather than perfect) security will help more people stay safer online.
https://www.ncsc.gov.uk/blog-post/not-perfect-better-improving-security-one-step-time
In a perfect world we'd use unique passwords for every online service. But the world isn't perfect...
https://www.ncsc.gov.uk/blog-post/living-password-re-use
Emma W on why supporting users to do the right things is better then telling them what to do.
https://www.ncsc.gov.uk/blog-post/even-jedi-cant-achieve-password-perfection-0
Emma W discusses the question everyone keeps asking us.
https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
Allow your website to accept pasted passwords - it makes your site more secure, not less.
https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords
Ian M discusses what makes a good password
https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
If your organisation's security depends on the strength of your users' passwords... ...you've got bigger problems.
https://www.ncsc.gov.uk/blog-post/spending-our-users-security-budgets-wisely
Why the NCSC decided to advise against this long-established security guideline.
https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
A brief guide to MIKEY-SAKKE, a protocol that allows organisations to provide secure communications with end-to-end encryption.
https://www.ncsc.gov.uk/guidance/mikey-sakke-frequently-asked-questions
Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability.
https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking
Advice on the selection and deployment of protective Domain Name Systems (DNS).
https://www.ncsc.gov.uk/guidance/protective-dns-for-private-sector
Toby L, Technical Lead for Incident Management, explains how modern-day ransomware attacks are evolving.
https://www.ncsc.gov.uk/blog-post/rise-of-ransomware
Guidance to help farmers improve the security and resilience of their business against cyber threats.
https://www.ncsc.gov.uk/guidance/cyber-security-for-farmers
Immediate actions for all organisations using the SolarWinds Orion suite of IT management tools
https://www.ncsc.gov.uk/guidance/dealing-with-the-solarwinds-orion-compromise
HBC is an NCSC IT monitoring and analysis service for government departments.
https://www.ncsc.gov.uk/blog-post/introducing-host-based-capability-hbc
Using knowledge from the 'cyber frontline' to improve our 'Mitigating malware and ransomware' guidance.
https://www.ncsc.gov.uk/blog-post/rebooting-malware-and-ransomware-guidance
Cyber security advice for small businesses adapting to new ways of working
https://www.ncsc.gov.uk/blog-post/moving-your-small-business-from-the-physical-to-the-digital
Unparalleled access to skilled users transformed Rebellion Defence’s product roadmap.
https://www.ncsc.gov.uk/blog-post/how-rebellion-defence-accelerate-product-development
Approaches to the design, development and assessment of products capable of resisting elevated threats.
https://www.ncsc.gov.uk/guidance/design-guidelines-for-high-assurance-products
Advice for those concerned a device has been infected.
https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take
You should be serving web pages over HTTPS. Are you?
https://www.ncsc.gov.uk/blog-post/serve-websites-over-https-always
The NCSC's technical director outlines the challenges that TLS 1.3 presents for enterprise security.
https://www.ncsc.gov.uk/blog-post/tls-13-better-individuals-harder-enterprises
Have you ever wondered what it's like to work in the NCSC Vulnerability Research team, and how it compares to working in industry?
https://www.ncsc.gov.uk/blog-post/day-life-ncsc-vulnerability-researcher
Andrew A puts some context around the recently published KRACK guidance and explains why patching - once again - is the answer.
https://www.ncsc.gov.uk/blog-post/time-krack-security-patches-out-again
Jon L provides an update on the NCSC's guidance on the 'WannaCry' ransomware.
https://www.ncsc.gov.uk/blog-post/wannacry-ransomware-guidance-updates
MalwareTech's blog post on coming across a kill switch to stop the spread of the recent ransomware incident.
https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0
The NCSC has open sourced the code behind MailCheck - one of our Active Cyber Defence projects.
https://www.ncsc.gov.uk/blog-post/open-sourcing-mailcheck
How the NCSC is helping public sector organisations to adopt important anti-phishing protocols.
https://www.ncsc.gov.uk/blog-post/making-email-mean-something-again
The following tips can help organisations create their own cyber incident response exercises.
https://www.ncsc.gov.uk/guidance/effective-steps-to-cyber-exercise-creation
Following attacks on political party websites, this guidance provides a summary of 5 practical steps that your organisation can take to help it prepare to respond in the event of a Denial of Service (DoS) attack.
https://www.ncsc.gov.uk/guidance/guidance-following-recent-dos-attacks-2019-general-election
Security advice for organisations using text messages to communicate with end users
https://www.ncsc.gov.uk/guidance/protecting-sms-messages-used-in-critical-business-processes
Two new platform-specific guides and an OEMConfig update for Android.
https://www.ncsc.gov.uk/blog-post/mobile-device-guidance-updates-chrome-os-and-ubuntu
Stuart H explains security improvements within the NHS COVID-19 app since its launch
https://www.ncsc.gov.uk/blog-post/nhs-covid-19-app-improving-its-security-posture
Stuart H outlines the evolving work on the security of the new NHS COVID-19 app.
https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-securing-the-nhs-covid-19-app
Focused on automating UEFI firmware updates on Windows devices.
https://www.ncsc.gov.uk/blog-post/firmware-updates-linux-and-using-data-influence-procurement-decisions
Andy P summarises how organisations can protect users' accounts from password spraying.
https://www.ncsc.gov.uk/blog-post/spray-you-spray-me-defending-against-password-spraying-attacks
An introduction to the updated Windows 10 guidance following the 1709 “Fall Creators Update”.
https://www.ncsc.gov.uk/blog-post/whats-new-windows-fall-creators-update-1709
Andy P explains how the NCSC rolls out software updates without delays.
https://www.ncsc.gov.uk/blog-post/ncsc-it-installing-software-updates-without-breaking-things
The latest blog on NCSC's own IT, this time how we protect our Windows end user devices from malware.
https://www.ncsc.gov.uk/blog-post/ncsc-it-dont-leave-your-windows-open-christmas
Intel's report this week of security vulnerabilities emphasises the importance of automating firmware updates.
https://www.ncsc.gov.uk/blog-post/firmware-bugs-are-buses
Discussing the state of UEFI firmware running on Windows laptops.
https://www.ncsc.gov.uk/blog-post/automating-uefi-firmware-updates
Introducing our new Windows 10 with MDM guidance.
https://www.ncsc.gov.uk/blog-post/modernising-windows-10-management
In part 3, we discuss why there is no one right answer to "What is the best MDM product?", as we found when building our own IT system.
https://www.ncsc.gov.uk/blog-post/ncsc-it-mdm-products-which-one-best-1
New device security guidance and some timely reminders
https://www.ncsc.gov.uk/blog-post/whats-new-windows-10
A look at the high-level design of the NCSC's new IT system, including the single sign-on architecture, our initial end user device choices, and how we tackled the captive portal problem.
https://www.ncsc.gov.uk/blog-post/ncsc-it-architecture-behind-ncscs-it-system-0
A straight answer to a difficult question
https://www.ncsc.gov.uk/blog-post/which-smartphone-most-secure
Initial research shows firmware frequently out of date.
https://www.ncsc.gov.uk/blog-post/firmware-ii-status-check
Investigating the security of firmware and why this often overlooked component should not be ignored.
https://www.ncsc.gov.uk/blog-post/getting-grip-firmware
We recommend that guidance is given to all remote and mobile users on how to keep information on their devices safe and secure.
https://www.ncsc.gov.uk/guidance/end-user-devices-advice-end-users
A structured look at what data to collect for security purposes and when to collect it.
https://www.ncsc.gov.uk/blog-post/what-exactly-should-we-be-logging
Work from schools and companies paying dividends in the number and diversity of pupils taking up computer science.
https://www.ncsc.gov.uk/blog-post/cyber-schools-hub-local-success-national-impact
Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers.
https://www.ncsc.gov.uk/blog-post/cyberfirst-industries-support-cybertv
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.
https://www.ncsc.gov.uk/guidance/early-years-practitioners-using-cyber-security-to-protect-your-settings
Laying the groundwork for incident readiness.
https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes
Guidance to help schools provide secure remote learning tools for pupils, students and staff.
https://www.ncsc.gov.uk/blog-post/home-learning-technology-securing-tools-for-remote-education
New NCSC training package to help schools improve their cyber security.
https://www.ncsc.gov.uk/blog-post/cyber-security-for-schools
The NCSC's first 'Outreach' event welcomes pupils from Carlton Primary School.
https://www.ncsc.gov.uk/blog-post/reaching-out-to-the-next-generation-of-cyber-sprinters
Sara Liddell, Principal of Knockevin Special School, explains the opportunities for pupils and staff following their CyberFirst award.
https://www.ncsc.gov.uk/blog-post/knockevin-school-first-special-school-to-achieve-cyberfirst-status
In November the NCSC hosted students from four schools at our London headquarters to mark EmPower Cyber Week.
https://www.ncsc.gov.uk/blog-post/empower-cyber-week-at-the-ncsc-london
Glitch, Nano and the rest of the CyberSprinters gang are back in a new set of cyber security puzzles for kids.
https://www.ncsc.gov.uk/blog-post/hacker-games-and-trojan-tales-new-cybersprinter-activities
The NCSC's free Web Check and Mail Check services can help protect schools from cyber attacks.
https://www.ncsc.gov.uk/blog-post/cyber-tools-for-uk-schools
Updated NCSC guidance on enabling your staff to use their own devices for work.
https://www.ncsc.gov.uk/blog-post/bring-your-own-device-how-to-do-it-well
A Critical National Infrastructure (CNI)-specific look at NCSC guidance on remote access architecture design
https://www.ncsc.gov.uk/blog-post/cni-system-design-secure-remote-access
The NCSC view on BYOD and the rise in home working
https://www.ncsc.gov.uk/blog-post/bring-your-own-device-the-new-normal
What organisations should think about before choosing apps for secure communications and collaboration...
https://www.ncsc.gov.uk/blog-post/using-secure-messaging-voice-and-collaboration-apps
Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency.
https://www.ncsc.gov.uk/blog-post/preparing-the-long-haul-the-cyber-threat-from-russia
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
How startups can make the most of their time when pitching to cyber security experts.
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-the-feedback-loop
Jenny, information and compliance security manager at a large European law firm and i100 member, explains how the legal sector is working with the NCSC to keep the law profession cyber secure.
https://www.ncsc.gov.uk/blog-post/i100-insider-the-cyber-security-advocate
Key findings from the 5th year of the Active Cyber Defence (ACD) programme.
https://www.ncsc.gov.uk/report/acd-the-fifth-year
Active Cyber Defence extends its services to organisations beyond the public sector.
https://www.ncsc.gov.uk/blog-post/acd-5th-year-report-now-available-to-download
Explaining the rationale behind the NCSC's updated Security Operations Centres guidance.
https://www.ncsc.gov.uk/blog-post/soc-guidance-101
Why trying to avoid trusting the KMS doesn't make sense (and other common misconceptions).
https://www.ncsc.gov.uk/blog-post/mythbusting-cloud-key-management-services
New guidance for cyber attack victims focuses on the welfare of staff responding to (and affected by) the crisis.
https://www.ncsc.gov.uk/blog-post/avoiding-crisis-mismanagement
Andrew A explains what's new in a significant update to the NCSC's flagship cloud guidance.
https://www.ncsc.gov.uk/blog-post/relaunching-the-ncscs-cloud-security-guidance-collection
Covering the ‘Product development', 'Design and functionality' and ‘Though-life’ aspects of product assurance.
https://www.ncsc.gov.uk/blog-post/the-technology-assurance-principles
Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.
https://www.ncsc.gov.uk/report/organisational-use-of-enterprise-connected-devices
As the beta version of the new device security principles for manufacturers is released, Luna R explains the thinking behind them, how manufacturers can use them and invites feedback.
https://www.ncsc.gov.uk/blog-post/laying-foundations-enterprise-device-security
The NCSC hands over administration of the Certified Cyber Professional scheme, with details to be announced at CYBERUK 2022.
https://www.ncsc.gov.uk/blog-post/ccp-scheme-to-be-run-by-the-uk-cyber-security-council
This report outlines the risks associated with the use of official and third party app stores.
https://www.ncsc.gov.uk/report/threat-report-on-application-stores
Updated IET code of practice explains current best practice for building-related systems and interconnections with the wider cyber environment.
https://www.ncsc.gov.uk/blog-post/cyber-security-in-the-built-environment-considering-security-throughout-a-buildings-lifecycle
A technical analysis of a new variant of the SparrowDoor malware.
https://www.ncsc.gov.uk/report/mar-sparrowdoor
By day, Ollie W is Chief Technology Officer for a multinational cyber security company. For the past four years he has also moonlighted at the NCSC as an i100 integree. In this blog, he reflects on his experiences so far and considers the opportunities for others to be part of i100 too.
https://www.ncsc.gov.uk/blog-post/inside-industry-100-the-on-loan-cto
Awen Collective tells us how they got the most from their winning appearance in Cyber Den.
https://www.ncsc.gov.uk/blog-post/cyberuk-2022-taming-the-dragon
Assessing the security of network equipment.
https://www.ncsc.gov.uk/report/vendor-security-assessment
Latest version of the CAF focusses on clarification and consistency between areas of the CAF.
https://www.ncsc.gov.uk/blog-post/the-cyber-assessment-framework-3-1
With the spring clean almost complete, we’re about to begin pruning CISP content.
https://www.ncsc.gov.uk/blog-post/cisp-development-update
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.
https://www.ncsc.gov.uk/blog-post/use-of-russian-technology-products-services-following-invasion-ukraine
The 'Motivating Jenny' project is helping to change the conversation about security in software development.
https://www.ncsc.gov.uk/blog-post/motivating-developers-to-write-secure-code
Reflecting on five years of Industry 100 and looking ahead to an even brighter future.
https://www.ncsc.gov.uk/blog-post/five-years-of-i100
How to reduce the likelihood of unauthorised content appearing within your organisation's social media channels.
https://www.ncsc.gov.uk/guidance/social-media-protect-what-you-publish
How to enjoy online gaming securely by following just a few tips
https://www.ncsc.gov.uk/guidance/online-gaming-for-families-and-individuals
Advice for organisations on implementing multi-factor authentication (or 2-step verification) to protect against password guessing and theft on online services.
https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services
This white paper explains how basic security controls can protect organisations from the most common cyber attacks.
https://www.ncsc.gov.uk/guidance/white-papers/common-cyber-attacks-reducing-impact
Guidance for organisations that use, own, or operate an online service who are looking to start securing it.
https://www.ncsc.gov.uk/guidance/building-operating-secure-online-service
Guidance for organisations wishing to deploy products that use IPsec.
https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data
Two new pieces of NCSC guidance replace Good Practice Guides 43 and 53.
https://www.ncsc.gov.uk/blog-post/transaction-monitoring-building-operating-secure-online-service-guidance-published
Guidance to help the construction industry improve the security and resilience of their business against cyber threats.
https://www.ncsc.gov.uk/guidance/cyber-security-for-construction-businesses
New guidance to help small-to-medium construction businesses protect themselves from common cyber attacks.
https://www.ncsc.gov.uk/blog-post/construction-businesses-understanding-the-cyber-threat
This guidance is aimed at service owners and security specialists involved in the provision of online services.
https://www.ncsc.gov.uk/guidance/transaction-monitoring-for-online-services
Good practises for the management of public domain names owned by your organisation.
https://www.ncsc.gov.uk/guidance/managing-public-domain-names
Can your startup help counter the rise of malicious advertising?
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-taking-on-malvertising
When organisations might face a greater threat, and the steps to take to improve security.
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
Trial project makes vulnerability scanning easier.
https://www.ncsc.gov.uk/blog-post/introducing-scanning-made-easy
...and that's why we are making some changes. Anne W summarises what they are, and explains the thinking behind them.
https://www.ncsc.gov.uk/blog-post/we-think-cyber-essentials-is-well-still-essential
The fight against scams is a team sport; our new guidance explains how your organisation can help.
https://www.ncsc.gov.uk/blog-post/sms-and-telephone-best-practice-new-guidance-for-organisations
An architecture pattern for safely importing data into a system from an external source.
https://www.ncsc.gov.uk/guidance/pattern-safely-importing-data
The NCSC now uses 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist'. Emma W explains why...
https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.
https://www.ncsc.gov.uk/report/decrypting-diversity-2021-diversity-and-inclusion-in-cyber-security
How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using Office 365's 'Report Phishing' add-in for Outlook.
https://www.ncsc.gov.uk/guidance/configuring-o365-outlook-report-phishing-for-sers
The NCSC produces advice for practitioners working with victims who are being tracked, stalked, or virtually monitored.
https://www.ncsc.gov.uk/blog-post/new-guidance-for-practitioners-supporting-victims-of-domestic-cyber-crime
How to start the journey to zero trust architecture once you have decided it meets your business requirements.
https://www.ncsc.gov.uk/blog-post/zero-trust-migration-where-do-i-start
How organisations can address the growing trend in which multiple vulnerabilities within a single product are exploited over a short period.
https://www.ncsc.gov.uk/blog-post/why-vulnerabilities-are-like-buses
Ticketmaster UK reported malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
https://www.ncsc.gov.uk/guidance/ncsc-advice-ticketmaster-customers
How to prevent malicious advertisements from ruining your day.
https://www.ncsc.gov.uk/blog-post/ill-make-you-offer-you-cant-refuse
Do you need antivirus (AV) products on smartphones and tablets?
https://www.ncsc.gov.uk/blog-post/av-or-not-av
How operators of critical national infrastructure (CNI) can use NCSC guidance and blogs to secure their internet-facing services.
https://www.ncsc.gov.uk/blog-post/protecting-internet-facing-services-public-service-cni
We caught up with George Brown, founder of PORGiESOFT, about his first few weeks in NCSC For Startups...
https://www.ncsc.gov.uk/blog-post/ncsc-for-startups-porgiesoft
Guidance to help you assess the security of voice, video and messaging communication services.
https://www.ncsc.gov.uk/guidance/secure-communication-principles
Risk appetites; what are they, what’s their purpose, how do organisations go about defining them?
https://www.ncsc.gov.uk/blog-post/a-two-part-blog-about-risk-appetites
Chris Ensor highlights some important elements of the NCSC's new Technology Assurance strategy.
https://www.ncsc.gov.uk/blog-post/future-of-technology-assurance-in-the-uk
The first in a series of blogs to ease your journey towards a zero trust architecture.
https://www.ncsc.gov.uk/blog-post/zero-trust-is-it-right-for-me
Zero trust architecture design principles 1.0 launched.
https://www.ncsc.gov.uk/blog-post/zero-trust-1-0
The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services.
https://www.ncsc.gov.uk/blog-post/brightening-outlook-security-cloud
In part 2 of his Cloud Blog Trilogy, Andrew explains why it's better for everyone if cloud providers are willing to be open about how they run their services.
https://www.ncsc.gov.uk/blog-post/cloudy-chance-transparency
Don’t constrict yourself, Python 2 slithers off into the sunset in 2020
https://www.ncsc.gov.uk/blog-post/time-to-shed-python-2
Introducing some notable changes to our new EUD guidance for Windows 10 1809
https://www.ncsc.gov.uk/blog-post/comparing-configurations-in-windows-10-1809
Highlighting guidance which will help you secure your servers
https://www.ncsc.gov.uk/blog-post/serving-up-some-server-advice
Guidance for enterprise administrators, small businesses and home users in relation to the recently published 'Krack' vulnerability in Wi-Fi networks protected by WPA2.
https://www.ncsc.gov.uk/guidance/krack
Assessing the cyber security needs of major events.
https://www.ncsc.gov.uk/guidance/cyber-security-for-major-events
Alpha release for the ZTA principles on GitHub.
https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles
Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/wannacry-guidance-for-home-users-and-small-businesses
Call opens for the fourth NCSC Cyber Accelerator programme
https://www.ncsc.gov.uk/blog-post/fresh-call-for-next-generation-cyber-security-solutions
How we made our commercial assurance business react to the demand of the Smart Meter programme, and how we can use this as a catalyst for future improvement.
https://www.ncsc.gov.uk/blog-post/assuring-smart-meters
NCSC Technical Director warns that 'Connected Places' will likely be a target for malicious actors.
https://www.ncsc.gov.uk/blog-post/connected-places-new-ncsc-security-principles-for-smart-cities
How to implement a secure end-to-end data export solution
https://www.ncsc.gov.uk/guidance/design-pattern-safely-exporting-data
Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.
https://www.ncsc.gov.uk/guidance/using-tls-to-protect-data
A new framework published by the RTF highlights the power of collaboration to address widespread cyber threats.
https://www.ncsc.gov.uk/blog-post/ransomware-taskforce-rtf-announce-framework-to-combat-ransomware
Start-up companies reflect in a packed first week on the NCSC's Cyber Accelerator programme.
https://www.ncsc.gov.uk/blog-post/exhausted-energised-and-overwhelmed-in-good-way
Adam H catches up with past graduate of the Cyber Accelerator programme, Aquilai CTO, Jack Chapman.
https://www.ncsc.gov.uk/blog-post/getting-the-most-from-cyber-accelerator
The NCSC's security specialists who help run Cyber Accelerator explain what they get out of the programme.
https://www.ncsc.gov.uk/blog-post/cyber-accelerator-view-from-the-experts-side
'Risk Management' is the first certifiable specialism under the NCSC's revised CCP scheme.
https://www.ncsc.gov.uk/blog-post/first-certified-cyber-professional-cpp-specialism-now-live
Our relaunched device guidance makes it easier for you to configure the security of your devices.
https://www.ncsc.gov.uk/blog-post/securing-your-devices-future
There are a number of different architectural models that can be used to design the administration approach for IT systems. This section describes some common approaches and the risks associated with each.
https://www.ncsc.gov.uk/guidance/systems-administration-architectures
Help understanding what good asset management looks like from a cyber security perspective and some of the challenges it presents.
https://www.ncsc.gov.uk/blog-post/asset-management-for-cyber-security
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
https://www.ncsc.gov.uk/report/acd-report-year-four
Our new white paper will help you weigh up the benefits and drawbacks of distributed ledger technology.
https://www.ncsc.gov.uk/blog-post/is-blockchain-the-right-tool-for-you
Managing the cyber security of high profile events in the real and virtual worlds.
https://www.ncsc.gov.uk/guidance/cyber-security-for-high-profile-conferences
The NCSC's online portal for threat intelligence sharing is being upgraded.
https://www.ncsc.gov.uk/blog-post/get-ready-for-cisp-2
How NCSC guidance can help organisations detect and protect themselves from credential abuse.
https://www.ncsc.gov.uk/blog-post/identifying-suspicious-credential-usage
How malware works on Operational Technology (OT) and how to stop it.
https://www.ncsc.gov.uk/blog-post/what-is-ot-malware
How charities can erase personal data from donated laptops, phones and tablets, before passing them on.
https://www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices
The year three report covers 2019 and aims to highlight the achievements and efforts made by the Active Cyber Defence programe.
https://www.ncsc.gov.uk/report/acd-report-year-three
Hunting for common security weaknesses using Microsoft Defender for Endpoint.
https://www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats
Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK.
https://www.ncsc.gov.uk/blog-post/strength-of-ics-coi-is-the-team
Guidance on development and deployment of secure communications protocols in connected systems.
https://www.ncsc.gov.uk/blog-post/introducing-the-protocol-design-principles
Compromise of your software build pipeline can have wide-reaching impact; here's how to tackle the problem.
https://www.ncsc.gov.uk/blog-post/defending-software-build-pipelines-from-malicious-attack
MyNCSC brings together a range of NCSC cyber security services within a single, accessible platform.
https://www.ncsc.gov.uk/blog-post/myncsc-coming-soon
Unpicking the NCSC's new data breach guidance released to coincide with International Data Privacy Day.
https://www.ncsc.gov.uk/blog-post/introducing-data-breach-guidance-for-individuals-and-families
Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems.
https://www.ncsc.gov.uk/blog-post/ritics-securing-cyber-physical-systems
How to safely exchange information between systems and organisations.
https://www.ncsc.gov.uk/blog-post/cross-domain-security
Technical report on best practice use of this fundamental data routing protocol.
https://www.ncsc.gov.uk/report/responsible-use-of-bgp-for-isp-interworking
Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.
https://www.ncsc.gov.uk/blog-post/vulnerability-scanning-keeping-on-top-of-the-most-common-threats
Introducing our new guidance: essential steps to follow when you're buying (or selling) used electronic devices
https://www.ncsc.gov.uk/blog-post/erasing-personal-data-second-hand-devices
Questions to ask your suppliers that will help you gain confidence in their cyber security.
https://www.ncsc.gov.uk/blog-post/supplier-assurance-having-confidence-in-your-suppliers
Questions to ask your suppliers that will help you gain confidence in their cyber security.
https://www.ncsc.gov.uk/guidance/supplier-assurance-questions
Everything you need to know about the 19 Academic Centres of Excellence in Cyber Security Research (ACE-CSR) in one place
https://www.ncsc.gov.uk/blog-post/ace-csr-brochure-2020
A new white paper from the NCSC explains the potential benefits of adopting a cloud-system.
https://www.ncsc.gov.uk/blog-post/the-elephant-in-the-data-centre
The second report examining how the NCSC's ACD programme is improving the security of the UK public sector and the wider UK cyber ecosystem.
https://www.ncsc.gov.uk/report/active-cyber-defence-report-2019
Public Key Infrastructure - what it is and how to build your own
https://www.ncsc.gov.uk/blog-post/designing-and-building-a-privately-hosted-pki
How a Vulnerability Disclosure Process ensured a bug in the NHS COVID-19 app was fixed quickly and responsibly
https://www.ncsc.gov.uk/blog-post/bugs-happen-be-ready-to-fix-them
Avoiding common problems when moving to the cloud.
https://www.ncsc.gov.uk/blog-post/move-to-a-cloud-not-a-storm
Stuart T discusses a new approach to delivering improvement to NCSC website users.
https://www.ncsc.gov.uk/blog-post/transforming-the-way-we-work-with-missions
Richard C introduces new guidance on safe, malware-free data import.
https://www.ncsc.gov.uk/blog-post/import-data-not-malware
Helen L discusses how security can be woven more seamlessly into the development process.
https://www.ncsc.gov.uk/blog-post/leaky-pipe-secure-coding
Ollie N explains the thinking behind the NCSC’s new Vulnerability Disclosure Toolkit, which is now available to download.
https://www.ncsc.gov.uk/blog-post/helping-to-manage-vulnerability-disclosure
A guide to 'whaling' - targeted phishing attacks aimed at senior executives.
https://www.ncsc.gov.uk/guidance/whaling-how-it-works-and-what-your-organisation-can-do-about-it
NCSC Technical Director Dr Ian Levy and the NHS Test and Trace App acting CISO Stuart H explain how security and privacy have been approached in the new version of the app.
https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
Our new guidance will help you ask the right questions if considering cyber insurance for your organisation.
https://www.ncsc.gov.uk/blog-post/is-cyber-insurance-right-for-you
The NCSC report highlights the cyber threats faced by the sports sector and suggests how to stop or lessen their impact on organisations.
https://www.ncsc.gov.uk/report/the-cyber-threat-to-sports-organisations
Kirsty P and Dan U look at new measures designed to improve the security of connected devices.
https://www.ncsc.gov.uk/blog-post/connecting-smart-devices-with-confidence
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.
https://www.ncsc.gov.uk/blog-post/a-different-future-for-telecoms-in-the-uk
A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.
https://www.ncsc.gov.uk/report/summary-of-ncsc-analysis-of-us-may-2020-sanction
The NCSC's guidance for the risk management of high risk vendors in telecommunications networks.
https://www.ncsc.gov.uk/guidance/ncsc-advice-on-the-use-of-equipment-from-high-risk-vendors-in-uk-telecoms-networks
Using the cloud securely should be your primary concern - not the underlying security of the public cloud.
https://www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem
A guide to what's changed (and what hasn't) in the updated NCSC phishing guidance.
https://www.ncsc.gov.uk/blog-post/return_of_phishing_guidance
Recent additions to the End User Device (EUD) security collection.
https://www.ncsc.gov.uk/blog-post/windows-10-in-s-mode
Andrew A explains the updated guidance for Microsoft Office macros
https://www.ncsc.gov.uk/blog-post/malicious-macros-are-still-causing-problems
With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future.
https://www.ncsc.gov.uk/blog-post/blog-post-security-complexity-and-huawei-protecting-uks-telecoms-networks
Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles
https://www.ncsc.gov.uk/blog-post/studies-in-secure-system-design
In this blog post, Ian Levy explains how security researchers are helping make the NHS COVID-19 App better.
https://www.ncsc.gov.uk/blog-post/nhs-covid-19-app-security-two-weeks-on
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.
https://www.ncsc.gov.uk/blog-post/drawing-good-architecture-diagrams
Whether you're using it to work from home, or just catching up with friends and family, new guidance from the NCSC will help you to use video conferencing, such as Zoom and Skype, securely.
https://www.ncsc.gov.uk/blog-post/video-conferencing-new-guidance-for-individuals-and-for-organisations
In this blog post, Ian Levy explains how the new NHS COVID-19 app will help us fight the coronavirus while protecting your privacy and security (and not draining your phone battery).
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app
NCSC technical paper about the privacy and security design of the NHS contact tracing app developed to help slow the spread of coronavirus.
https://www.ncsc.gov.uk/report/nhs-covid-19-app-privacy-security-report
Guidance for members of the public, website administrators and JavaScript developers in relation to the recently publicised cryptocurrency mining compromises of several websites
https://www.ncsc.gov.uk/guidance/ncsc-advice-malicious-software-used-illegally-mine-cryptocurrency
Alex M explains why she joined the i100 scheme and talks about one of the projects she has been working on.
https://www.ncsc.gov.uk/blog-post/industry-100-a-project-in-data-driven-security
Raising a cheer for SaaS vendors who respond to our cloud security principles.
https://www.ncsc.gov.uk/blog-post/ncsc-it-theres-confidence-and-then-theres-saas
Free NCSC webinar explains how to protect your organisation from scam email campaigns.
https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work
NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used.
https://www.ncsc.gov.uk/blog-post/the-future-of-telecoms-in-the-uk
A summary of the NCSC’s security analysis for the UK telecoms sector
https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector
How Platform as a Service (PaaS) can make good security easier to achieve.
https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas
On World Sight Day, Stuart T discusses how accessibility is a key element in the NCSC website's development.
https://www.ncsc.gov.uk/blog-post/ncsc-website-accessibility-is-key
There has been a lot happening with vulnerability co-ordination and I wanted to update you with the NCSC thinking and approach.
https://www.ncsc.gov.uk/blog-post/ncsc-vulnerability-disclosure-co-ordination
Assessing the cyber security threat to UK Universities
https://www.ncsc.gov.uk/report/the-cyber-threat-to-universities
An easy-to-use guide that helps small businesses prepare their response to (and plan their recovery from) a cyber incident.
https://www.ncsc.gov.uk/blog-post/getting-back-to-business
Cyber incident trends in the UK with guidance on how to defend against, and recover from them.
https://www.ncsc.gov.uk/report/incident-trends-report
Our research shows that using Serverless components makes it easier to get good security in the cloud
https://www.ncsc.gov.uk/blog-post/cloud-security-made-easier-with-serverless
What you need to know before buying artificially intelligent security products
https://www.ncsc.gov.uk/blog-post/intelligent-security-tools-are-they-a-smart-choice-for-you
Applying patches may be a basic security principle, but that doesn't mean it's always easy to do in practice.
https://www.ncsc.gov.uk/blog-post/the-problems-with-patching
Publication of the UK’s process for how we handle vulnerabilities.
https://www.ncsc.gov.uk/blog-post/equities-process
Non-email sending (parked) domains can be used to generate spam email, but they're easy to protect.
https://www.ncsc.gov.uk/blog-post/protecting-parked-domains
Why the NCSC spends more effort getting confidence in the security of some cloud services than in others.
https://www.ncsc.gov.uk/blog-post/ncsc-it-how-ncsc-chose-its-cloud-services
Using the Cloud Security Principles to evaluate the suitability of a cloud service.
https://www.ncsc.gov.uk/blog-post/applying-the-cloud-security-principles
We've published updated security architecture design principles, and a new set of 'anti-patterns'
https://www.ncsc.gov.uk/blog-post/secure-systems-design--new-guidance-now-available
Advice for organisations on the acquisition, management and disposal of network devices.
https://www.ncsc.gov.uk/guidance/acquiring-managing-and-disposing-network-devices
Advice for users of WhatsApp following today's vulnerability announcement
https://www.ncsc.gov.uk/guidance/whatsapp-vulnerability
An outline of the NCSC's approach to understanding the security of Software as a Service (SaaS) offerings.
https://www.ncsc.gov.uk/guidance/understanding-software-service-saas-security
Guidance for enterprise administrators who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/ransomware-wannacry-guidance-enterprise-administrators-1
The NCSC's Technical Director outlines how the Active Cyber Defence programme will help the UK defend itself from cyber attacks.
https://www.ncsc.gov.uk/blog-post/active-cyber-defence-tackling-cyber-attacks-uk
If your security culture isn't improving naturally, here's what you can do about it.
https://www.ncsc.gov.uk/blog-post/growing-positive-security-cultures
Here we explain a bit about maturity models, look at how they've been used for cyber security, and explain why the NCSC is no longer supporting the IA Maturity Model (IAMM) introduced in 2008.
https://www.ncsc.gov.uk/blog-post/maturity-models-cyber-security-whats-happening-iamm
Why recognising and understanding the complexity of systems is necessary if we want to make more informed security decisions.
https://www.ncsc.gov.uk/blog-post/mice-and-cyber
The first in a series of blogs about how we built an OFFICIAL IT system to meet the needs of the NCSC.
https://www.ncsc.gov.uk/blog-post/ncsc-it-how-ncsc-built-its-own-it-system-0
Is Android Go suitable for enterprise?
https://www.ncsc.gov.uk/blog-post/ready-set-android-go
How organisations can approach enterprise technology in order to deter cyber attacks.
https://www.ncsc.gov.uk/guidance/approaching-enterprise-technology-cyber-security-mind
Making sense of cyber security in OT environments
https://www.ncsc.gov.uk/guidance/operational-technologies
This guidance provides a primer on the essential techniques, technologies and uses of access management.
https://www.ncsc.gov.uk/guidance/introduction-identity-and-access-management
Girls from Hertfordshire school triumph in NCSC's annual cyber security competition
https://www.ncsc.gov.uk/blog-post/the-cyber-experts-of-tomorrow
First joint National Cyber Security Centre (NCSC) and National Crime Agency (NCA) report published today.
https://www.ncsc.gov.uk/report/cyber-threat-uk-business
How the NCSC is attracting newcomers - and helping existing staff to thrive - in the cyber security domain.
https://www.ncsc.gov.uk/blog-post/mind-the-gap
How certificates should be initially provisioned, and how supporting infrastructure should be securely operated.
https://www.ncsc.gov.uk/guidance/provisioning-and-securing-security-certificates
In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve.
https://www.ncsc.gov.uk/blog-post/-do-what-i-mean-----time-to-focus-on-developer-intent
A breach of Uber customers’ and drivers’ records from October 2016 was reported to the NCSC on Tuesday 21 November 2017.
https://www.ncsc.gov.uk/guidance/ncsc-advice-uber-customers-and-drivers
Advice for users of Reddit following its data breach.
https://www.ncsc.gov.uk/guidance/ncsc-advice-reddit-users
Advice for Dixons Carphone customers following its data breach.
https://www.ncsc.gov.uk/guidance/ncsc-advice-dixons-carphone-plc-customers
Advice for those affected by the British Airways data breach
https://www.ncsc.gov.uk/guidance/ncsc-advice-british-airways-customers
Even the best authentication can't help you if there is an easy way to bypass it.
https://www.ncsc.gov.uk/blog-post/are-security-questions-leaving-gap-your-security
You've read the blogs, now watch the video...
https://www.ncsc.gov.uk/blog-post/people-unsung-heroes-cyber-security
David K introduces the concept of cyber resilience, and the benefits it brings.
https://www.ncsc.gov.uk/blog-post/cyber-resilience-nothing-sneeze
Why I'm trying desperately to stop saying 'it depends' when it comes to simple cyber security questions...
https://www.ncsc.gov.uk/blog-post/please-stop-saying-it-depends
Remote system administration provides powerful and flexible access to systems and services.
https://www.ncsc.gov.uk/blog-post/protecting-system-administration-with-pam
This blog post explains how making security more usable can help to make an organisation more secure.
https://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all-
Why we need a more coherent approach in the language we use to describe cyber security attacks.
https://www.ncsc.gov.uk/blog-post/rating-hackers-rating-defences
It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.
https://www.ncsc.gov.uk/guidance/preparing-denial-service-dos-attacks
Ian Levy explains why the NCSC asked Nominet to build this critical service.
https://www.ncsc.gov.uk/blog-post/protective-dns-service-public-sector-now-live
We’ve been exploring the challenges faced by security monitoring teams.
https://www.ncsc.gov.uk/blog-post/keeping-your-security-monitoring-effective
Lucie discusses her role as FS-ISAC Industry 100 integree in the NCSC.
https://www.ncsc.gov.uk/blog-post/industry-100-fs-isac-ncsc-and-its-xlnt
Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK.
https://www.ncsc.gov.uk/blog-post/developing-cyber-security-profession-have-your-say
What Jon got up to at the Technology Leaders Network.
https://www.ncsc.gov.uk/blog-post/debunking-cloud-security-myths
Dave Harcourt, chief security advisor at BT, talks about how they are leading the way in building a community for ISPs to share data in real time to better protect UK customers.
https://www.ncsc.gov.uk/blog-post/bts-proactive-protection-supporting-ncsc-make-our-customers-safer
Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.
https://www.ncsc.gov.uk/guidance/managing-risk-cloud-enabled-products
Guidance for home users in relation to the recently published processor vulnerabilities ‘Meltdown’ and ‘Spectre’.
https://www.ncsc.gov.uk/guidance/home-user-guidance-manage-processor-vulnerabilities-meltdown-and-spectre
This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.
https://www.ncsc.gov.uk/guidance/gdpr-security-outcomes
Get involved in the next step for the cyber security profession.
https://www.ncsc.gov.uk/blog-post/establishing-a-council-for-the-cyber-security-profession
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket
The National Cyber Security Centre's Technical Director, Ian Levy, was recently targeted for a prank.
https://www.ncsc.gov.uk/blog-post/serious-side-pranking
How to limit the effectiveness of tools commonly used by malicious actors.
https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools
Advice for customers of Marriott International following the reports of a data breach.
https://www.ncsc.gov.uk/guidance/ncsc-advice-marriott-international-customers
New guidance on implementing MFA to better secure online services
https://www.ncsc.gov.uk/blog-post/stepping-multi-factor-authentication
When your security policies conflict with business requirements, staff's willingness to break the rules may be the only way to get work done.
https://www.ncsc.gov.uk/blog-post/security-breaches-communication-what-are-your-users-telling-you
Regardless of the type of phish, you'll still need multiple layers of defence to protect your organisation.
https://www.ncsc.gov.uk/blog-post/phishing-spear-phishing-and-whaling-does-it-change-price-phish
In the fourth blog about the NCSC’s IT system, we look at how the networking topologies and practices differ from traditional approaches.
https://www.ncsc.gov.uk/blog-post/ncsc-it-networking-cloud
Moving to the cloud from closed-off data centres means we’re exposing more of our services to the Internet than we ever have done before. Andrew A talks through his thoughts on why this sometimes results in accidental data leakage and how to reduce the risk of that happening.
https://www.ncsc.gov.uk/blog-post/my-cloud-isnt-castle
NCSC Technical Director Ian Levy explains why new guidance on cloud-enabled products (including AV) requires a nuanced approach.
https://www.ncsc.gov.uk/blog-post/managing-supply-chain-risk-cloud-enabled-products
The NCSC's Chief Executive Ciaran Martin outlines why the UK needs a National Cyber Security Centre.
https://www.ncsc.gov.uk/blog-post/ciaran
Steve M from Sopra Steria discusses his experience of Industry 100, working with the NCSC and the importance of collaboration.
https://www.ncsc.gov.uk/blog-post/industry-100-inspiring-collaboration
How data from the Active Cyber Defence projects is helping the NCSC to improve government IT.
https://www.ncsc.gov.uk/blog-post/improving-government-one-bit-time
Why foiling phishing attacks means much more than just punishing users for falling for them.
https://www.ncsc.gov.uk/blog-post/im-gonna-stop-you-little-phishie
How developer-centric approaches can encourage software professionals to make better security decisions.
https://www.ncsc.gov.uk/blog-post/developers-need-help-too
Chris Ensor talks about the project to build the Cyber Security Body of Knowledge (CyBOK), and how you can help to lay the foundations.
https://www.ncsc.gov.uk/blog-post/building-cyber-security-body-knowledge-0
Guidance for risk assessors, and developers of applications which will be run on devices handling OFFICIAL data.
https://www.ncsc.gov.uk/guidance/application-development-guidance-introduction
Guidance for those who want to understand and reduce the impact of the ROCA vulnerability.
https://www.ncsc.gov.uk/guidance/roca-infineon-tpm-and-secure-element-rsa-vulnerability-guidance
Guidance for enterprise administrators in relation to the recently published processor vulnerabilities ‘Meltdown’ and ‘Spectre’
https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance
Advice on protective monitoring to warn against attacks on HMG ICT systems.
https://www.ncsc.gov.uk/guidance/protective-monitoring-hmg-ict-systems-gpg-13
NCSC Nieuws
Thu, 25 Apr 2024 09:17:00 GMTUit gezamenlijk onderzoek van cybersecuritybedrijven Fox-IT, Northwave en Responders, in het kader van het samenwerkingsverband Melissa, zijn Nederlandse slachtoffers geïdentificeerd van de ransomwaregroepering ‘Cactus'.
https://www.ncsc.nl/actueel/nieuws/2024/april/25/ook-nederlandse-bedrijven-slachtoffer-van-ransomwaregroepering-cactus
Er is in Nederland actief misbruik waargenomen van kwetsbaarheid CVE-2024-3400 in Palo Alto PAN-OS. Het NCSC adviseert de door Palo Alto beschikbaar gestelde updates met spoed in te zetten.
https://www.ncsc.nl/actueel/nieuws/2024/april/19/palo-alto
Voor het digitaal veilig functioneren van de Nederlandse samenleving is het belangrijk dat organisaties oog hebben voor risico’s in hun supply chain. Dat geldt zeker voor publieke en private organisaties die over zogenoemde Te Beschermen Belangen (TBB) ten aanzien van de Nationale Veiligheid (NV) beschikken. Voor deze organisaties hebben de AIVD, CIO Rijk, het NCSC en de NCTV de Cybercheck ontwikkeld: een handreiking die helpt bij het in kaart brengen van mogelijke supply chain risico’s als gevolg van de inzet van producten en diensten afkomstig uit landen met een offensief cyberprogramma.
https://www.ncsc.nl/actueel/nieuws/2024/april/18/cybercheck-ook-jij-hebt-supply-chain-risicos
Op 23 en 24 april vindt in het The Hague Conference Center de NISDUC 2024 plaats. Tijdens dit congres, dat tot op de laatste stoel bezet is, gaan ruim 600 deelnemers van publieke en private partijen uit Nederland, België en Luxemburg met elkaar in gesprek over de nieuwe Europese cyberrichtlijn: NIS2. De NISDUC 2024 wordt georganiseerd door de Rijksinspectie Digitale Infrastructuur (RDI) en het Nationaal Cyber Security Centrum (NCSC), met medewerking van andere betrokken toezichthouders.
https://www.ncsc.nl/actueel/nieuws/2024/april/18/nisduc-2024-publieke-en-private-partijen-samen-aan-de-slag-met-de-nis2-richtlijn
Op 23 en 24 april organiseert de RDI in samenwerking met het NCSC en met medewerking van andere betrokken toezichthouders de NISDUC 2024 in Den Haag. Dit internationale congres staat helemaal in het teken van de implementatie van de nieuwe Europese richtlijn NIS2. Voor publieke en private partijen is het een unieke gelegenheid om zich gezamenlijk voor te bereiden op de nieuwe wetgeving voor cyberveiligheid.
https://www.ncsc.nl/actueel/nieuws/2024/maat/1/nisduc
Op donderdag 29 februari heeft de Rijksoverheid de NIS2-Quickscan gelanceerd: een hulpmiddel voor organisaties die willen weten hoe zij zich kunnen voorbereiden op de komst van de nieuwe Europese NIS2-richtlijn. Deze richtlijn is gericht op het vergroten van de digitale weerbaarheid van organisaties in de Europese Unie.
https://www.ncsc.nl/actueel/nieuws/2024/februari/29/nis2-quickscan-helpt-organisaties-bij-voorbereiding-op-nieuwe-cyberwet
De Projectgroep Melissa, bestaande uit Het Openbaar Ministerie (OM), de politie, het Nationaal Cyber Security Centrum (NCSC), Cyberveilig Nederland (CVNL) en diverse private partijen, presenteert hierbij het Jaarbeeld Ransomware 2023 over de periode januari tot en met december 2023. Eerder is een Jaarbeeld Ransomware verschenen over de periode september 2022 tot en met augustus 2023. Het Jaarbeeld Ransomware 2023 biedt inzicht in ransomware-aanvallen in Nederland en is gebaseerd op geanonimiseerde aangeleverde gegevens over ransomware-aanvallen door aangesloten cybersecuritybedrijven, politie, OM en het NCSC.
https://www.ncsc.nl/actueel/nieuws/2024/februari/22/jaar
Tijdens een incident response onderzoek, door de Militaire Inlichtingen en Veiligheidsdienst (MIVD) en de Algemene Inlichtingen- en Veiligheidsdienst (AIVD), is er op een aantal FortiGate-apparaten nieuwe malware aangetroffen. Dit benadrukt een trend waar interesse wordt getoond in publiek benaderbare edge devices. In de publicatie bieden de MIVD en AIVD inzicht in deze malware. Tevens bieden wij in dit bericht handelingsperspectief om de risico’s van deze malware te beperken.
https://www.ncsc.nl/actueel/nieuws/2024/februari/6/nieuwe-malware-benadrukt-aanhoudende-interesse-in-edge-devices
Er zijn vier kritieke kwetsbaarheden in Ivanti Connect Secure (voorheen Pulse Connect Secure) en Policy Secure. Controleer voor het meest recente beveiligingsadvies de website van het NCSC. Meer informatie over de update-instructies zijn te vinden op de website van Ivanti. De kwetsbaarheden stellen kwaadwillenden in staat om authenticatie te omzeilen en op afstand willekeurige code uit te voeren onder root-rechten. Naast de kwetsbaarheden om authenticatie te omzeilen, is er ook een SSRF-kwetsbaarheid aangetroffen in Ivanti. Onderstaande afbeelding geeft een schematisch overzicht van updates en gevonden kwetsbaarheden met daarbij het handelingsperspectief per versienummer. In dit overzicht hebben we de versies genoemd die ondersteund worden door de nieuwe updates. Het NCSC raadt aan om bij het gebruik van niet-ondersteunde versies contact op te nemen met Ivanti. Wanneer er nieuwe informatie beschikbaar komt zal het NCSC deze verstrekken op de website.
https://www.ncsc.nl/actueel/nieuws/2024/februari/2/vier-kritieke-kwetsbaarheden-in-ivanti-connect-secure-en-policy-secure
Digitale dreigingen nemen toe, terwijl onze weerbaarheid achterblijft. Daarom is het goed om mogelijke cyberscenario’s te oefenen en daar lessen uit te trekken. Ruim 120 organisaties uit de publieke en private sector, meer dan 3000 personen, deden mee aan de cyberoefening ISIDOOR 2023. Deelnemers kwamen uit 12 verschillende sectoren zoals bijvoorbeeld drinkwater, telecom, energie, financiën en transport. Ook hebben ministeries, veiligheidsregio’s en politie meegedaan aan de oefening.
https://www.ncsc.nl/actueel/nieuws/2023/december/8/isidoor
Per 1 december is Corine Schipper-Derkse waarnemend directeur van het NCSC. De waarneming overbrugt de periode tot de start van de nieuwe directeur, die op dit moment wordt geworven.
https://www.ncsc.nl/actueel/nieuws/2023/december/1/interim-periode-directeur
Op 18 oktober is de zelf-evaluatie NIS2 gelanceerd, die in nauwe afstemming met betrokken ministeries en toezichthouders, door de Rijksinspectie Digitale Infrastructuur (RDI) is ontwikkeld. Wie de zelf-evaluatie invult, weet of zijn organisatie onder de NIS2-richtlijn valt. Ook wordt duidelijk of de organisatie volgens de NIS2-richtlijn wordt gezien als ‘essentieel’ of ‘belangrijk’ voor het functioneren van de maatschappij en/of de economie. Je kunt de zelf-evaluatie hier vinden en raadplegen.
https://www.ncsc.nl/actueel/nieuws/2023/oktober/18/zelf-evaluatie-nis2-gelanceerd
Het Openbaar Ministerie (OM), de politie, het Nationaal Cyber Security Centrum (NCSC), Cyberveilig Nederland en diverse private partijen* uit de cybersecuritysector hebben vandaag het convenant ‘Melissa’ ondertekend. Melissa is een samenwerkingsverband tussen deze publieke en private partijen om ransomwareaanvallen te bestrijden. Het gezamenlijke doel is om Nederland een onaantrekkelijk doelwit te maken voor ransomwarecriminelen.
https://www.ncsc.nl/actueel/nieuws/2023/oktober/3/melissa-samenwerkingsverband-ransomwarebestrijding
Drie overheidsorganisaties op het gebied van cybersecurity openen één gezamenlijk loket voor meldingen van dreigingen en kwetsbaarheden. Deze stap past in de voorbereiding op de integratie van deze drie organisaties naar één nationale cyberorganisatie eind 2025. Het gaat om het Nationaal Cyber Security Centrum (NCSC), onderdeel van het ministerie van Justitie en Veiligheid, het Computer Security Incident Response Team voor digitale diensten (CSIRT-DSP) en het Digital Trust Center (DTC), beide onderdeel van het ministerie van Economische Zaken en Klimaat. Het gezamenlijk doel: Nederland digitaal veiliger maken.
https://www.ncsc.nl/actueel/nieuws/2023/oktober/3/overheid-intensiveert-samenwerking-op-waarschuwingen-voor-cyberdreigingen
Op 7 september heeft demissionair minister van Justitie en Veiligheid Dilan Yeşilgöz-Zegerius aan Stichting NL CISO Circle of Trust (CCoT) een OKTT-status (objectief kenbaar tot taak) toegekend. Met de toekenning van de OKTT-status kunnen het Nationaal Cyber Security Centrum (NCSC) en CCoT efficiënter samenwerken, doordat incident- en dreigingsinformatie tijdig gedeeld kan worden. De publiek-private samenwerking wordt hiermee verder geïntensiveerd.
https://www.ncsc.nl/actueel/nieuws/2023/september/28/stichting-ciso-circle-of-trust-verkrijgt-oktt-status
Websites van Nederlandse organisaties zijn deze week het doelwit van DDoS-aanvallen. Deze aanvallen zijn opgeëist door de hacktivistische groepering NoName057(16).
https://www.ncsc.nl/actueel/nieuws/2023/augustus/8/nederlandse-organisaties-doelwit-van-ddos-aanvallen
De weerbaarheid tegen cybercriminaliteit, digitale spionage of sabotage via digitale weg, begint bij individuele organisaties. Door toegenomen en steeds complexere cyberdreigingen uit binnen- en buitenland moeten private- of publieke organisaties en bedrijven daarbij ook passende ondersteuning krijgen vanuit de overheid. Daarom heeft het kabinet besloten om de bestaande cybersecurity rijksoverheidsorganisaties samen te voegen tot één centrale, zichtbare en effectieve nationale cybersecurityorganisatie. In deze organisatie komen het Nationaal Cyber Security Centrum (NCSC) van het ministerie van Justitie en Veiligheid (JenV), het Digital Trust Center (DTC) en het Computer Security Incident Response Team voor digitale dienstverleners (CSIRT-DSP), beide van het ministerie van Economische Zaken en Klimaat (EZK).
https://www.ncsc.nl/actueel/nieuws/2023/juni/26/een-herkenbaar-overheidsloket-voor-cybersecurityadvies
In korte tijd zijn er meerdere kwetsbaarheden gevonden in MOVEit Transfer, een applicatie voor het delen van bestanden. De kans op misbruik van de gevonden kwetsbaarheden en de mogelijke impact hiervan zijn ingeschat op hoog. Het NCSC raadt organisaties die gebruik maken van MOVEit Transfer aan het stappenplan opgesteld door Progress te doorlopen en de beschikbaar gestelde beveiligingsupdates zo spoedig mogelijk te installeren.
https://www.ncsc.nl/actueel/nieuws/2023/juni/16-2/opnieuw-kwetsbaarheid-gevonden-in-moveit-transfer
In mei 2023 is de planning aangepast door de internetconsultatieperiode te verschuiven naar het najaar van 2023. Eerder werd de zomer van 2023 als tijdspad aangehouden. Naar verwachting treden de wetten eind 2024 in werking.
https://www.ncsc.nl/actueel/nieuws/2023/juni/16/aanpassing-in-de-planning-van-de-nationale-implementatie-van-de-europese-cer--en-nis2-richtlijnen
Er een kwetsbaarheid gevonden in MOVEit Transfer, een applicatie voor het delen van bestanden. De kans op misbruik van deze kwetsbaarheid en de mogelijke impact hiervan zijn ingeschat op hoog. De ontwikkelaar van de applicatie, Progress, heeft inmiddels een beveiligingsadvies gepubliceerd. Toegang tot gecompromitteerde systemen en de hierin opgeslagen gegevens vindt mogelijk al plaats sinds 28 mei. De kwetsbaarheid kan mogelijk ook worden misbruikt voor het verkrijgen van beheerdersrechten.
https://www.ncsc.nl/actueel/nieuws/2023/juni/2/misbruik-kwetsbaarheid-moveit-transfer
first.org
Thu, 25 Apr 2024 10:30:00 +0000So what are we expecting in terms of numbers of CVEs this quarter?
https://www.first.org/blog/20240419-Q2Vulnerability-Forecast
Message from the Chair; Christmas CTF in Norway; Incentivizing anti-abuse proactivity among online service providers; FIRST Newcomers & Membership Committee; Growth Stack Media Appointed as FIRST's Agency of Record; On the Road to Fukuoka - Registration is Open!; FIRST Standards Committee update (aka “the wheel reinvention prevention committee”); Special Interest Group Updates; FIRST on Social Media; Upcoming Events
https://www.first.org/newsroom/post/202401
FIRST Elevates Public Relations Efforts with Appointment of Growth Stack Media as Agency of Record
https://www.first.org/newsroom/announce/20240208
Join us for the second edition of Balkan Cybersecurity Days! Organized by DCAF in collaboration with partners AKCESK and FIRST, the event will take place from March 20-22, 2024, in Durrës, Albania. The Call for Speakers for this event is open through February 9th. Interested presenters can learn more at here. Bringing together cybersecurity professionals from the public and private sectors, the agenda includes a high-level opening, a panel on promoting cybersecurity talent, and plenary sessions in response to FIRST’s call for papers. Days two and three feature technical training sessions. #BCD2024
https://www.first.org/newsroom/announce/20240130
Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.
https://www.first.org/blog/20240109-vulnerability-forecast-2024
WHEN: Monday, March 25 through Wednesday, March 27, 2024. LOCATION North Carolina State University, McKimmon Center 1101 Gorman Street Raleigh, NC, 27606 We are seeking individuals to submit abstracts for talks, panels, birds-of-a-feather sessions. Any interested persons can submit no later than January 31, 2024.
https://www.first.org/newsroom/announce/20231114
Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.
https://www.first.org/blog/20231222-Is-the-LoA-DoA-for-Routing
Are you interested in getting involved in FIRST’s 2024 events? If so, take special note of the details and dates below. This digest covers… FIRSTCON24 Call for Speakers and Trainings Closing This Month 2024 Events Speaking and Sponsorship Opportunities 2024 Events Save the Date Information
https://www.first.org/newsroom/announce/20231128
Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.
https://www.first.org/blog/20231121-The-rising-tide-of-vulnerabilities
Focused on the Global Vulnerability Management Ecosystem, attendees will have the opportunity to advance the art and science of vulnerability management with industry leaders.
https://www.first.org/newsroom/announce/20231109
In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing those comments, FIRST is proud to announce the official publication of CVSS version 4.0.
https://www.first.org/newsroom/releases/20231101
Message from the Chair; CVSS v4.0 is now available; The Board in Oslo; Migrating to the new FIRST SSO; SIGs; On the Road to Fukuoka / Call for presentations; New Teams Members: August, September, October; Upcoming Events
https://www.first.org/newsroom/post/202310
Open CSIRT Foundation and FIRST join forces to bring European cyber security experts together in Spain
https://www.first.org/newsroom/releases/20230901
FIRST Impressions Podcast has been selected as one of the Top 10 Incident Response Podcasts on the web. The FIRST Impressions podcast brings you regularly scheduled content focused on discussions from across the incident response and security spectrum. Hosted by Chris John Riley and Martin McKeay, new episodes released first Friday of the month!
https://blog.feedspot.com/incident_response_podcasts/
Message from the Chair; Conference Roundup; Special Interest Groups; Weekend Training; Training on DNS Prevention, Detection, Disruption and Defense; Diversity and Inclusion; New Board Member Introduction; M3AAWG 58 Meeting; 36th Annual FIRST Conference to take place June 9-14, 2024 in Fukuoka, Japan; New Members; Standards; Communications; Upcoming Events.
https://www.first.org/newsroom/post/202307
The latest tool will be critical to properly assess and prioritize dealing with vulnerabilities and prepare defences against cyber-attacks. Critical CVSS 4.0 will also allow consumers to assess real-time threats.
https://www.first.org/newsroom/releases/20230713
FIRST’s AGM took place during the 35th Annual Conference in Montréal, Canada at the start of June 2023. Senior cybersecurity expert Tracy Bills, CERT/CC was elected to lead FIRST’s Board of Directors with the organization’s leadership team further strengthened with the appointment of Carlos Alvarez from ICANN to the Board.
https://www.first.org/newsroom/releases/20230608
(v1. Approved by FIRST Board 05-17-2023) At FIRST, we believe that diversity is essential to achieving our missions of global cooperation and shared language. We embrace diversity in all its forms, reflecting the global and diverse membership of FIRST.
https://www.first.org/about/policies/diversity
SIG updates: Human Factors in Security (HFS-SIG), EPSS SIG, SecLounge SIG; Remembering Andrew Cormack - by Serge Droz; Profile Deactivation on FIRST Portal; Board in Tokyo; Team Profiling - RWANDA NATIONAL CSIRT; Suguru Yamaguchi Fellowship Program; and New Teams.
https://www.first.org/newsroom/post/202305
People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.
https://www.first.org/blog/20230505-123456-again
The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.
https://www.first.org/blog/20230228-DNS_Abuse_Techniques_Matrix
The Forum of Incident Response and Security Teams (FIRST) plans to hold its 35th Annual Conference with the theme ‘Empowering Communities,’ in Montreal, Quebec, Canada, from June 4 to 9, 2023. This six-day event brings the incident prevention community together with cyber security experts to foster information sharing, cooperation, and coordination. Typically, over 1,000 people from around the world attend.
https://www.first.org/newsroom/releases/20230224
"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.
https://www.first.org/blog/20230223_long_time_no_see
Upcoming Events - Bilbao, Kigali, Amsterdam; TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe; 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions; Date for your Diaries - Amsterdam 2023 FIRST Technical Colloquium, April 17-19; Chair Sherif Hashem and Board Member Michael Hausding participate in the FIRST & ITU-ARCC Regional Symposium for Africa and Arab Regions; First 100 days on the FIRST board; Are you interested in becoming a future board member?; Be a FIRST trainer! David Rüfenacht, Senior Threat Intelligence Analyst, provides a first-hand account; Special Interest Groups Update; Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) Join Forces to Address Global Internet and Security Issues; Twenty More Members Join FIRST;
https://www.first.org/newsroom/newsletters/FIRST_POST_Jan_Mar_2023.pdf
The Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) announced today they will work together to combat growing Internet abuse and cybersecurity issues.
https://www.first.org/newsroom/releases/20221219
In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.
https://www.first.org/blog/20221027_ICANN_was_a_massive_success_in_getting_the_word_out_about_DNS_Abuse_and_FIRST
Traffic Light Protocol Version 2.0 is Now Available; FIRST delivers training in Uganda, and the Western Balkans; Peter Lowe speaks about DNS Abuse at ICANN75 AGM in Kuala Lumpur; FIRST Chair Sherif Hashem participates in the Cyber Diplomacy and Norms panel at The Second Community of African Cyber Experts; The World Opens - FIRST Events Round Up; Special Interest Groups Update and New NETSEC SIG Formed; The Board meets in Davos; Board of Directors Organization and Roles for 2022/23; Twenty new members join FIRST
https://www.first.org/newsroom/newsletters/FIRST_POST_oct_dec_2022.pdf
The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.
https://www.first.org/blog/20220805_building_a_trusted_and_cyber_secure_europe
The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.
https://www.first.org/newsroom/releases/20220805
With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.
https://www.first.org/blog/20220729_Average_ransom_payment
Annual FIRST Conference in Dublin, the Republic of Ireland, is a triumph; Dr. Sherif Hashem is the new Chair of FIRST, and four new members join the FIRST Board of Directors; Four new additions to the FIRST Board of Directors; The FIRST 2021-22 Annual Report is now available; FIRST adds a New Director of Community and Capacity Building to the team; 34 new members join FIRST;
https://www.first.org/newsroom/newsletters/FIRST_POST_July_sept_2022.pdf
Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.
https://www.first.org/blog/20220722_SOARs_vs_No-Code_Security_Automation_The_Case_for_Both
Last week FIRST learned that it is among a large group of organizations that were rejected from participating in the Open ended Working Group (OEWG) process, despite the groups expressed commitment to work with non-governmental organizations.
https://www.first.org/newsroom/releases/20220721
A new Chair and four new cyber security experts joined the Forum of Incident Response and Security Team (FIRST) Board of Directors during the recent AGM to serve the 2022-24 term. Current board member Dr. Sherif Hashem was voted in as the new chair and brings extensive knowledge, experience, and international relations to the role.
https://www.first.org/newsroom/releases/20220720
I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.
https://www.first.org/blog/20220715_I_Want_the_Needle_and_the_Haystack_YARA_Security_Analytics_for_Incident_Response
Over the past five days, 1,000 specialists representing six continents united in the cyber-crime fight at the Forum of Incident Response and Security Teams (FIRST) conference in Dublin, Ireland From how Ukraine is dealing with cyber attacks against its critical infrastructure, to the rapidly growing access to online child sexual abuse material and the sophisticated approaches to ransomware, phishing, and online fraud as well discussing cooperation with the United Nations and with INTERPOL and law enforcement– no stone was left unturned for delegates working together to protect societies world-wide
https://www.first.org/newsroom/releases/20220701
Over 1,000 specialists representing six continents to participate in the Forum of Incident Response and Security Teams (FIRST) five-day program in Ireland Google’s Maddie Stone addresses the 0-day cyber-attack in-the-wild and how combating the unknown can help future online defense
https://www.first.org/newsroom/releases/20220620
DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.
https://www.first.org/blog/20220519_The_Challenge_of_Defining_DNS_Abuse
I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.
https://www.first.org/blog/20220428_Chris_Gibson_TC_Netherlands
New Director of IT & Security role to bolster FIRST’s Business Plan; Upcoming Technical Colloquia, Symposiums, and Annual Conference; Last chance to nominate individuals or teams for the Incident Response Hall of Fame; FIRST contributes to important global policy and governance discussions; Mentors sought for new FIRST Mentorship Program; Eleven more member teams join FIRST; FIRST Infrastructure Updates - New Application Process
https://www.first.org/newsroom/newsletters/FIRST_POST_April_Jun_2022.pdf
Each year, the FIRST membership elects five individuals to the FIRST board of directors.
https://www.first.org/newsroom/news/20220401
The Board of Directors strongly believes that FIRST should be an inclusive organization with broad global participation and collaboration to make the internet safe for everyone.
https://www.first.org/newsroom/releases/20220325
FIRST encourages states to not attack CSIRTs and critical infrastructure
https://www.first.org/blog/20220224_GGE
Nonprofits that focus on action and tangible results to more effectively collaborate and coordinate to increase efficiency and impact globally
https://www.first.org/newsroom/releases/20220223
Three new Special Interest Groups created by FIRST members; FIRST partcipates in several important UN actvites; 19 events organized in 2021 - registraton opens for FIRST Annual Conference in 2022; Twelve more member teams join FIRST
https://www.first.org/newsroom/newsletters/FIRST_POST_Jan-Mar2022.pdf
Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.
https://www.theregister.com/2022/01/19/twitter_cvss_vulnerabilites/
Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.
https://www.first.org/blog/20220105-Automation_SIG_A_New_SIG_Adventure
Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.
https://www.first.org/blog/20211129-meeting_person_first_oslo_technical_colloquium
Norwegian members of FIRST to host a technical colloquium in Oslo in November; More FIRST events to add to your calendar; The FIRST Board of Directors meets across two continents to build our two-year business plan; Empowering Women in Cybersecurity: ITU, FIRST, and EQUALS Global Mentorship Pilot Program concludes; 16 more member teams join FIRST;
https://www.first.org/newsroom/newsletters/FIRST_POST_Sep2021.pdf
Alexander Jäger, Senior Security Engineer of Google, continues in his role as Chief Financial Officer
https://www.first.org/newsroom/releases/20210708
Did you miss our Virtual 33rd FIRST Annual Conference?; ICASI integrates into FIRST PSIRT SIG, bolstering the incident response and security team industry; FIRST Welcomes a new Chair and Five New Board of Directors; FIRST publishes its fifth Annual Reportt; A new fellowship team joins FIRST - Malawi CERT; Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST’s Incident Response Hall of Fame; FIRST membership continues to grow - we’re now at 575 members from 98 countries.
https://www.first.org/newsroom/newsletters/FIRST_POST_Jun2021.pdf
Jeffrey and Dan join past inductees Ian Cook, Don Stikvoort, and Klaus-Peter Kossakowski
https://www.first.org/newsroom/releases/20210630
FIRST published its fifth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and security teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2020-2021.
https://www.first.org/newsroom/releases/20210611
ICASI – the Industry Consortium for Advancement of Security on the Internet was officially integrated into the Forum of Incident Response and Security Teams (FIRST) on May 28, 2021. Established in 2008, ICASI’s purpose was to strengthen the global security landscape by driving excellence and innovation in security response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global security challenges. This role will continue but as part of the existing FIRST PSIRT SIG, expand and improve the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.
https://www.first.org/newsroom/releases/20210601
33rd FIRST Annual Conference: Crossing Uncertain Times; Mark your calendars: FIRST reveals 2021 events calendar; FIRST welcomes its 97th country and member 562: Benin bjCSIRT; FIRST, ITU and Equals launches Women in Cyber Mentorship Program for Arab and Africa Regions; Get your nominations in for the third edition of The Incident Response Hall of Fame; New Podcast - FIRST Impressions - is launched!
https://www.first.org/newsroom/newsletters/FIRST_POST_Mar2021.pdf
Together, We’re Creating Better Threat Intelligence Sharing for the World
https://www.first.org/blog/20210118-Thank_You_FIRST_Community_for_Helping_Team_Cymru
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped
https://www.first.org/blog/20210111-Preparing_for_Post-Intrusion_Ransomware
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
https://www.first.org/blog/20210104-Using_similarity_to_expand_context_and_map_out_threat_campaigns
Over 2500 Cybersecurity Professionals Participate In 32nd FIRST Annual Conference - Where Defenders Share. 2021 33rd Annual Conference Theme And Call For Papers. 2020 FIRST Virtual Symposium For Africa And The Arab Region - Supporting The Effectiveness Of Incident Response Within Africa. Ian Cook And Don Stikvoort Receive Joint Honors In The Incident Response Hall Of Fame Awards. New Code Of Ethics Launched On Global Ethics Day. FIRST Partners With Itu And Equals Global Partnership To Empower Women In Cybersecurity. FIRST To Contribute To Itu National Cybersecurity Strategy Guide. Mou Signed Between First And Ocf To Advance Membership Of Incident Responders And Security Teams Across The Globe. Reminder - 2021 First Membership Renewal.
https://www.first.org/newsroom/newsletters/FIRST_Dec2020.pdf
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
https://www.first.org/blog/20201214-Current_Events_to_Widespread_Campaigns
Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.
https://www.first.org/blog/20201207-Pay2Key
Los equipos de respuesta a incidentes de seguridad necieron tras el considerado primer gran ciberataque mundial, provocado por el 'virus Moris', en 1988.
https://www.first.org/newsroom/releases/20201118
Virtual Conference to take place November 16-18 2020
https://www.first.org/newsroom/releases/20201113
October 21, 2020 – following a global consultation, the Forum of Incident Response and Security Teams (FIRST) is launching new ethics guidelines for incident response and security teams today on Global Ethics Day. ethicsfIRST provides guidance for cybersecurity professionals on how to conduct themselves professionally and ethically during incidents. Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore the meaning of ethics in international affairs
https://www.first.org/newsroom/releases/20201021
2020-2022 Board Announced. Welcoming a new board member – Shawn Richardson. FIRST reveals its new Vision and Mission. FIRST 32nd Annual Conference – Virtual Edition. Tips on how to publish your ideas in peer-reviewed journals. Code of Conduct – A Reminder. Infrastructure update. Have you read our new Annual Report yet?
https://www.first.org/newsroom/newsletters/FIRST_autumn_2020.pdf
The awards celebrate outstanding contribution to the Incident Response community and cyber security
https://www.first.org/newsroom/releases/20200923
The results of the 2020 FIRST Board of Directors election follow: Alexander Jaeger (Google IRT) Serge Droz (Liaison,Proton-CERT) Dave Schwartzburg (Cisco Systems) Javier Berciano (Liaison,One eSecurity) Shawn Richardson (NVIDIA) The full board list can be found here. Thank you to all of the candidates who ran in the election.
https://www.first.org/newsroom/news/20200730
July 27th, 2020 - The Forum of Incident Response and Security Teams (FIRST) is proud to publish its fourth Annual Report today. The report details the organization’s achievements towards building a mature global incident response community. It covers the period between the 2019 conference in Edinburgh, Scotland and July 2020. FIRST Annual Report 2019-2020
https://www.first.org/newsroom/releases/20200727
2020 Agm & Election. 2020 Conference update and impact of Covid-19. First 2020 CTI Symposium in Switzerland moved online. First to Review the Traffic Light Protocol standard to increase global adoption. First updates coordination principles for Multi-Party Vulnerability Coordination and Disclosure. First and Mitre Engenuity partner to expand The Global Understanding of Adversary Behaviors. More new partnerships forged to make the internet safe for everyone. Virtual site visits currently available for new applicants. Critical VPN vulnerabilities show the need for proactive risk scanning. ISO and standards update. New breach workshop materials available. A new initiative to build trust. First infrastructure update Portal & SSO.
https://www.first.org/newsroom/newsletters/FIRST_summer_2020.pdf
FIRST suspended the requirement for a physical site visit for applying members until further notice. Sponsoring teams may conduct a virtual site visit.
https://www.first.org/membership/updates-202004
Coordinated Vulnerability Disclosure is hard: Here is what to do about it.
https://www.first.org/blog/20200518_Ethics_Responsibilities_Vulnerabilities
Málaga Hosts the first European Symposium and Tf-Csirt Meeting for Global Security Experts. FIRST participates in the un’s Development of Cyber Norms. FIRST Technical Colloquium - Ljubljana, Slovenia. FIRST releases updated computer security incident response team (CSIRT) Services Framework – Version 2.1. SPECIAL RECOGNITIONS – Member Awarded Order Of Three Stars In Latvia. Raising awareness of FIRST. First Infrastructure Update - Member Portal & Identity Project. Annual Conference and Annual General Meeting update
https://www.first.org/newsroom/newsletters/FIRST_spring_2020.pdf
Internet Hall Of Fame inducts the late Suguru Yamaguchi. FIRST launches Women In Cybersecurity Initiative. FIRST Metrics SIG Webinar series re-launched. FIRST Infrastructure Update. “Insure” you participate in this call. A warm welcome to our 500th member - Versia. Improving Security Together.
https://www.first.org/newsroom/newsletters/FIRST_Dec2019.pdf
Calling for public consultation until end of January, 2020
https://www.first.org/newsroom/releases/20191219
The Emergence of Computer Security Incident Response, 1989–2005, by Rebecca Slayton and Brian Clarke (available in PDF).
https://www.first.org/newsroom/newsletters/trusting-infrastructure.pdf
October 9th, 2019 – As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, premier organization and recognized global leader in incident response - Forum of Incident Response and Security Teams (FIRST) has produced 11 vital steps that organizations should take to improve their incident response strategy.
https://www.first.org/newsroom/releases/20191009
FIRST pledges to financially support up to four regions to ensure global integration of security teams Available in PDF
https://www.first.org/newsroom/releases/20191023
Bringing together Security and Incident Response teams from around the globe.
https://www.first.org/newsroom/newsletters/FIRST_Sept2019.pdf
Is content king? Fisher argues data alone can lead us astray, instead, it is the story we should focus on. With a presentation loaded with artwork and visuals, Fisher hopes to teach statistic savvy security responders to see the bigger picture. What patterns appear when we take a step back? What narrative does the evidence summon? Question your answers and dive into this discussion with Chris and Martin.
https://media.first.org/podcasts/FIRST2019-Fischer.mp3
Not EVERYONE who tweets from the toilet at 6 in the morning is a Narcissist.” In this episode, Chris and Martin dive into a discussion with data savvy Monica Whitty about how to spot and stop an insider threat. Unfortunately, most insider attacks we never see coming, but as Whitty explains, hindsight can be a tool. Realizing that not every perpetrator is evil or malicious, companies can begin to see the data for what it really is: people. Navigate psychological factors and learn to spot warning signs in this perceptive podcast!
https://media.first.org/podcasts/FIRST2019-Whitty.mp3
September 18th, 2019 – At FIRST we strongly believe that in order to build a global cybersecurity incident response community, from which every company or user participating in the Internet can benefit, we should all work to limit the impact of sanctions or export regulations on incident responders. This includes being a forum where technology corporations such as Huawei, have the ability to participate the same as others.
https://www.first.org/newsroom/releases/20190918
No computers, no worries! After favorable feedback from the 2018 Conference, Chiyuki and her team returned this year with even more tabletop fun. Chris and Martin get the inside scoop on how a little friendly competition creates an international platform for learning. Without technology, red and blue teams ultimately work together to solve a handful of security scenarios in this Choose Your Own Adventure style exercise.
https://media.first.org/podcasts/FIRST2019-Matsuda.mp3
Prof. Dr. Klaus-Peter Kossakowski honored as the inaugural inductee of The Incident Response Hall of Fame
https://www.first.org/newsroom/releases/20190731
July 21st 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the CSIRT Services Framework Version 2.0 (PDF). This version is heavily based on the lessons learned from our work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Because of this, we ask for feedback from all interested parties which will then become incorporated in the planned Version 2.1.
https://www.first.org/education/csirt_services_framework
Join Chris John Riley and Martin McKeay live from annual FIRST conference in Edinburgh, Scotland as they interview Ken Munro. Ken is a partner and founder at Pen Test Partners, LLP and was the opening keynote for the 31st Annual FIRST Conference.
https://media.first.org/podcasts/FIRST2019-KenMonro.mp3
July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.
https://www.first.org/newsroom/releases/20190712
Missing out on #FIRSTCON19 this week! No worries! Join the interview in progress. Martin chats with Lisa Bradley (Senior Manager, NVIDIA PSIRT) and Jessica Butler (Senior Application Developer, NVIDIA) about their presentation at FIRST 2019 happening Monday, June 17 from 16:45-17:45.
https://media.first.org/podcasts/FIRST2019-Butler-Bradley.mp3
Forum of Incident Response and Security Teams 31st Annual Conference opens today at Edinburgh International Conference Centre
https://www.first.org/newsroom/releases/20190617
FIRST launched its FIRST Post, a quarterly newsletter with updates from the FIRST community. Learn more about our Edinburgh conference, our new Executive Director, Chris Gibson, and several key initiatives such as the Product Security Incident Response Team (PSIRT) framework and policy outreach.
https://www.first.org/newsroom/newsletters/FIRST_POST_Summer2019.pdf
Join the interview in progress! Desiree is a SOC Security Architect at Finanz Informatik. Desiree and Chris John Riley discuss her upcoming presentation that focuses on how to better integrate improvements into your security monitoring. Desiree presents at the 31st Annual FIRST Conference on Monday, June 17 at 12:45 in Fintry.
https://media.first.org/podcasts/FIRST2019-DesireeSacher.mp3
The Forum of Incident Response and Security Teams releases its third annual report, covering the scope of its activities from the 2018 conference in Kuala Lumpur, through its 2019 annual event in Edinburgh.
https://www.first.org/newsroom/releases/20190606
Join the interview in progress! Chris John Riley chats with Ralf Hund, CTO at VMRay and a supporter of the annual FIRST conference since 2016. Ralf shares his thoughts on the ongoing game of cat and mouse the industry is faced with when dealing with malware detection and the new protection technologies VMRay is working on in order to provide incident responders with faster and greater visibility to threats.
https://media.first.org/podcasts/FIRST2019-RalfHund.mp3
enisa.europa.eu
2024-04-18On 17 April, the European Union Agency for Cybersecurity (ENISA),the European Commission (DG CNECT) and the Belgian presidency of the Council of the European Union organised the 2nd EU Cybersecurity Policy Conference.
https://www.enisa.europa.eu/news/shaping-cybersecurity-policy-towards-a-trusted-and-secure-europe
The European Union Agency for Cybersecurity (ENISA) publishes the executive summary of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking.
https://www.enisa.europa.eu/news/skills-shortage-and-unpatched-systems-soar-to-high-ranking-2030-cyber-threats
Greek Minister of Digital Governance, Dimitrios Papastergiou joined the European Union Agency for Cybersecurity (ENISA) on the occasion of celebrating the 20 years since its establishment and the ENISA Management Board voted to extend a second mandate to Executive Director, Juhan Lepassaar.
https://www.enisa.europa.eu/news/new-chapter-begins-as-enisa-celebrates-20-years-of-strengthening-cybersecurity
Preluding 2024 EU elections, the NIS Cooperation Group with the support of the EU Agency for Cybersecurity (ENISA), the European Commission and the European External Action Service updated the compendium on elections cybersecurity.
https://www.enisa.europa.eu/news/safeguarding-eu-elections-amidst-cybersecurity-challenges
ENISA publishes a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management. The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and is now available publicly.
https://www.enisa.europa.eu/news/geopolitics-accelerates-need-for-stronger-cyber-crisis-management
The European Cybersecurity Scheme on Common Criteria (EUCC) drafted by the European Union Agency for Cybersecurity (ENISA) has been adopted as the first scheme within the EU cybersecurity certification framework.
https://www.enisa.europa.eu/news/an-eu-prime-eu-adopts-first-cybersecurity-certification-scheme
The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness.
https://www.enisa.europa.eu/news/cisa-and-enisa-enhance-their-cooperation
The European Union Agency for Cybersecurity (ENISA)’s new report on the Denial-of-Service (DoS) attacks threat landscape finds 66% of DoS attacks are politically motivated.
https://www.enisa.europa.eu/news/warfare-and-geopolitics-are-fuelling-denial-of-service-attacks
To evaluate and strengthen current working methods ahead of the 2024 elections, EU institutions have organised a cybersecurity exercise today.
https://www.enisa.europa.eu/news/eu-cybersecurity-exercise-foster-cooperation-secure-free-and-fair-eu-elections
The new report of the European Union Agency for Cybersecurity (ENISA) confirms investment continues to grow but stresses the importance of vulnerability management.
https://www.enisa.europa.eu/news/cybersecurity-investment-spotlight-on-vulnerability-management
The European Union Agency for Cybersecurity (ENISA) has formalised a Working Arrangement with Ukraine counterparts focused around capacity-building, best practices exchange and boosting situational awareness.
https://www.enisa.europa.eu/news/enhanced-eu-ukraine-cooperation-in-cybersecurity
Germany is the winner of the 2023 edition of the ECSC, followed by Switzerland in second place and Denmark in third place. The European Union Agency for Cybersecurity (ENISA) thanks the Norwegian University of Science and Technology (NTNU) for hosting the 9th edition in Hamar.
https://www.enisa.europa.eu/news/germany-wins-the-2023-european-cybersecurity-challenge
The 11th edition of the Threat Landscape of the European Union Agency for Cybersecurity (ENISA) highlights the disruptive impacts of AI chatbots and AI-enabled manipulation of information.
https://www.enisa.europa.eu/news/eu-elections-at-risk-with-rise-of-ai-enabled-information-manipulation
Together with the European Commission under the Spanish Presidency of the EU Council, the European Union Agency for Cybersecurity (ENISA) co-organised and co-hosted the Blue Olex table-top cyber exercise in the Hague, Netherlands
https://www.enisa.europa.eu/news/blue-olex-2023-getting-ready-for-the-next-cybersecurity-crisis-in-the-eu
The European Cybersecurity Month (ECSM) campaign will focus on social engineering, a top cyber threat.
https://www.enisa.europa.eu/news/emerging-technologies-make-it-easier-to-phish