Welcome to our June Newsletter!
In this month's edition:
?We’ll cover the latest cyber security news from hacks to new security updates.
?There’s a new blog on DDoS attacks and why investing in DDoS Protection is so important!
?Finally, more news from our partnership with AppViewX, we attended Infosec Security Europe on the 4th of June to Join AppViewX on their stand to talk all things certificate lifecycle management.
THIS MONTH'S CYBER NEWS - LATEST
Our curated roundup of top news stories in the cyber security world this month, include the UK considering mandatory reporting for ransomware attacks, Cyber Security Standards to be embedded across the UK Government and MS Exchange server flaws exploited to deploy keylogger in targeted attacks:
Officials are set to propose a major overhaul of how the country responds to ransomware attacks by requiring all victims to report incidents to the government, and then obliging those victims to seek a license before making any extortion payments.
The proposals will be included in a public consultation to be published next month, according to multiple sources with knowledge of the matter who spoke to Recorded Future News.
Also being put forward is a complete ban on ransom payments for organizations involved with critical national infrastructure. The ban intends to remove the incentive for hackers to disrupt these critical services by preventing them from monetizing attacks.
The UK Government is to embed UK Cyber Security Council standards across its cyber workforce by 2025.
In an effort to “strengthen its approach to cyber skills”, a statement from the Department for Science, Innovation & Technology said UK government will use UK Cyber Security Council professional standards and titles to maintain a clear and consistent career framework. This will include:
? Mapping its Government Security Career Framework to Council professional titles and specialisms by 2025. This will provide certainty around the skills and competencies required by each professional role and show clear pathways into and across cyber security within government.
? Map government cyber security training programmes to Council standards.
? Support government staff to achieve professional recognition and encourage senior government cyber professionals to become assessors to use their professional recognition to give back to the professional community.
? Support cyber security specialists at the National Cyber Security Centre (NCSC) to gain Council recognition and using the Council standards to define the skills industry will need to deliver NCSC-recognised services.
? Allow buyers of cyber security services in government to request that staff servicing contracts hold Council titles.
An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East.
Russian cyber security firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first ever compromise dates back to 2021.
This keylogger was collecting account credentials into a file accessible via a special path from the internet, countries targeted by the intrusion set include Russia, the U.A.E., Kuwait, Oman, Niger, Nigeria, Ethiopia, Mauritius, Jordan, and Lebanon
领英推荐
FEATURE: The importance of DDoS for organisations
Organisations are relying heavily on their online presence and digital services. However, the threat of distributed denial-of-service (DDoS) attacks is more significant than ever before. These malicious attacks can cripple websites, applications, and network infrastructure within minutes, resulting in devastating consequences for business operations, revenue, and reputation.
Implementing DDoS protection measures is no longer an option – it's a necessity. A comprehensive DDoS protection solution and attack defense plan can help detect and mitigate attacks, ensure business continuity, protect revenue and reputation, comply with regulations, and stay ahead of evolving threats.
By implementing DDoS protection measures, businesses can safeguard their operations, revenue, and reputation from the devastating consequences of these malicious attacks. Read our latest blog on DDoS protection here.
THIS MONTH'S DEMO: AppViewX Certificate Management
Everyone's talking about certificate management this month. It's not glamorous but it has become higher profile in the cyber community recently thanks to Google’s well publicised intention to reduce Chrome certificate lifespans to a maximum of 90 days. FullProxy CTO Chris T. says "We still don't know when Google's shorter lifespans will come into effect - but the reality is that lengthy certificate lifespans aren't good cyber security practise. The longer an SSL/TLS certificate stays valid, the less secure it becomes."
FullProxy have partnered with AppViewX to offer our customers Cert+, an all-in-one certificate management tool design to automate certificate renewals and provide a single-pane-of-glass visibility of expiration dates and gives you alerts when they’re due to expire. Check out a demo here.
Automating your certificate management ahead of Google’s change will ensure the impact on your team is minimised and the risk to your web infrastructure mitigated, find out more about our partnership with AppViewX here.
For more about 90 day certificates and how you can manage the change, check out our new blog.
FULLPROXY NEWS: We joined AppViewX at Infosec!
Our partners AppViewX invited us down to Infosec at the start of June to join them on their stand - and chat to anyone who would listen about the benefits of using AppViewX Cert+!
Digit Expo West meets your Scottish cyber dream team!
Lovely to meet so many people at Digit Expo West in Glasgow at the end of last month! Thanks to you we were able to raise £350 for Digital Xtra, a Scottish- based charity who help young people and disadvantaged groups gain access to STEM and cyber education. We really enjoyed connecting with each and every one of you.
There's still an opportunity to take advantage of our event special offers on our Cyber MOT and Pen Testing services. Offers now valid to the end of August!
Stay cyber safe!
Abbie & The FullProxy Team