The Cyber Assessment Framework - What is it and What Does it Mean for You?
The Cyber Assessment Framework (CAF) is a collection of 14 guidelines produced by the United Kingdom National Cyber Security Centre (UK NCSC) aimed to support organisations in developing their cyber security systems. This is used in conjunction with the UK implementation of the EU Network and Information Systems Directive (NIS-D) to further protect Critical National Infrastructure (CNI); however the framework is designed in such a way that it can be applied to a wider range of organisations.
PCAPs - The World of Network Traffic
How does one get started obtaining pcaps in an enterprise environment? Having each endpoint on your network store the traffic they detect is likely both heavy on resources and difficult to manage and aggregate. On the other hand, having your network perimeter devices such as your firewalls do the same would mean capturing unfiltered traffic or compelling an already-preoccupied machine to work overtime to either analyse packets itself or forward packets to another machine for monitoring.
Green energy is not immune to cyber attack : Nordex
On Thursday 31st March 2022, a large manufacturer of wind turbines, The Nordex Group, discovered a cyber security incident on their infrastructure. Conti, the hacking group, has since claimed responsibility for the incident, which indicates that this was a ransomware based attack.
Five Eyes Release Cyber Security Advisory
On 20th April 2022, the Five Eyes intelligence alliance released a Cyber Security advisory (CSA) on the impact of Russia’s invasion of Ukraine on the wider cyber world. Russian organisations have previously targeted Ukrainian critical national infrastructure with the infamous ‘NotPetya’ and ‘BlackEnergy’ attacks (more details from NCSC UK and CISA USA).
Cyber Vulnerabilities Everywhere: Spring4Shell
Just a few months after the Log4j Java library was discovered to have a vulnerability (called Log4Shell) that not only affected many software products but also reportedly affected several critical OT devices; a new vulnerability affecting Java’s most popular framework Spring has been discovered.
January 2022 - Cyber Attack Hits Largest New Mexico County
Bernalillo County, the most populous county within New Mexico, was hit by a cyber attack on 5th January 2022. The largest target of this attack was the Metropolitan Detention Center in the Albuquerque area. The cyber attack in question was a form of ransomware that has affected significant portions of the detention center, namely the automatic door and camera systems. This has resulted in an emergency notice being issued to the federal courts due to a lapse in jail conditions
Operational Technology (OT) and the Log4Shell vulnerability
On the 24th November 2021, the Alibaba Cloud Security team privately notified Apache about a new vulnerability in a very popular Java programming language library called Log4j. The vulnerability became public knowledge on the 9th December 2021 and officially published in CVE databases during the 11th & 12th December 2021.