Cyber Security Standard for connected and automated vehicles

The British Standards Institute (BSI) has recently published its standard for cyber security for connected and automated vehicles, PAS 1885:2018. The standard builds upon the 8 key principles guidance published by H.M. Government in 2018 Read Moreā€¦

What to ask Elon Musk about AI

Jon Ellard, Managing Partner at Ntegra recently posted on his website a very interesting and thought provoking article entitled "What to ask Elon Musk about AI".

The link to the post can be found

I have contributed to the discussion and recommend Jon's post to you.

Special Prosecutor Robert Meuller's Indictment

Robert Mueller's indictment of 12 Russians for allegedly meddling in the US Presidential elections is now available in the public domain. It makes fascinating reading!

It provides detailed chapter and verse on who were the people involved, how the Russians set about their tasks and even identifies some of the tools involved. It is a case study in how to conduct a cyber attack against an adversary. If you are familiar with the "kiil chain" it follows those activities quite closely. For anyone who is engaged in cyber security I recommend that you take time out to read the indictment because it describes an attack playbook.

Inside the unnerving supply chain attack that corrupted CCCleaner

This article, published in WIRED makes very interesting reading. It describes how CCCleaner, a well known anti malware product was compromised prior to the company being acquired by Avast. Well worth a read. The article cane be found at this url:-

The increased cyber security threat to enterprises

Over the past few weeks and months, the cyber security threat landscape has
been made much worse by two significant leaks of data which occurred in 2017. These are the Vault 7 leaks and the Shadow broker leks

Vault 7 leaks
On the 7th March 2017, WikiLeaks started to released documents about the US Government’s offensive cyber warfare capabilities. The first tranche
consisted of 7,818 web pages with 943
attachments, purportedly from the Center for Cyber Intelligence. Between the 7th March and 7th September 2017, a further 22 tranches of information were released including the cyber warfare
tools and software claimed to have been developed by the CIA. The information, software and tools that were leaked are generally accepted to be “nation state” capabilities.

Shadow Broker leaks
Shadow broker is a group of self-styled hackers who first came to prominence in about 2013 but in the middle of 2017, they released into the public domain a massive collection of tools and
information about zero-day exploits hoarded and used by the Tailored Access Operations (TAO) Group of the US Government’s National Security Agency. TAO is widely understood to be the
proactive hacking (cyber warfare) group within the NSA. The Shadow Broker leaks exposed vulnerabilities in Cisco routers, Mycroft’s Windows Operating System and Linux mail servers amongst others, including the exploit used by the authors of WannaCry ransomware that infected computers in over 150 countries worldwide.

The consequences
The consequences of these two leaks is that extremely advanced and sophisticated “nation state” cyber warfare and hacking tools and information has been released into the public domain and the
hands of lesser capable countries, and criminals and hackers. This in turn has significantly enhanced their capabilities to attack enterprises who, for the most art, are not equipped to defend
against “nation state” types of attack. These tools operated across the entire security stack namely infrastructure, application, data and user domains.

This site uses cookies to enable us to optimise your experience and to generate usage statistics through Google analytics.

We do not share any of your information or activity on this website with others. For more information please see our Privacy policy which can be found on our 'Legal Stuff' page.