Cyber Essentials Readiness

So, you have a driver to achieve cyber essentials, great stuff. Now if you are a business of reasonable size and scale this activity requires a bit of planning, context and lots of access and data. This could be via a distributed team or via a dedicated project team. In this post I’m going to look at what you may need to conduct the planning, discovery, assessment, and certification for Cyber Essentials and/or CE+.

Defence

Office Microsoft Support Diagnostic Tool (MSDT) Vulnerability “Follina”

This is a fast publish!

Confirmed all Office (ISO Install/PRO and 365) when using the Rich Text Format (RTF) method.

Office 365 has some sort of patch against the .DOCX format.

oh dear….
Windows 11 (not 100% up to date from APRIL)
Office 365 (should be fully patched)

.RTF

MSDT Exploit! pic.twitter.com/M2Xn1TxANX
— MrR3b00t | #StandWithUkraine #DefendAsOne (@UK_Daniel_Card) May 31, 2022

WGET Execution

Guides

Wireguard Client for Linux on KALI

So as always there are a million things in tech and well it’s rare that someone knows EVERYTHING. I must connect to a Wireguard VPN from a KALI VM. Should be simple, well actually it was a bit more complicated as I had two errors along the way!

Leadership

Cyber Leadership

Myth: you must be a “techie” to lead in the CYBERS

Ok so you might be sitting here going… but Dan you send pews and do “techy” stuff… do you not lead? Well, I mean I do all kinds of things, I write business cases, I play with spreadsheets (fun right!), I integrate systems and look at data and sometimes write really bad code! (hey, the pews aren’t going to send themselves!) but… I want to talk about some realities here.

Defence

CVE-2022-22972 & CVE-2022-22973

More VMware Workspace One Vulns

This is a fast publish

Vmware just released patches for two new vulnerabilities in Workspace One, followed by guidance from CISA to patch by May 23^rd or remove the devices from the network/internet!

“All Federal Civilian Executive Branch agencies must complete the following actions:

By 5:00 PM EDT on Monday, May 23, 2022:

Enumerate all instances of impacted VMware products [VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager] on agency networks.

Education

The CYBER GANG Cookbook

Volume 1

Introduction

I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)

Defence

The Director of GCHQ speaks at CyberUK 2022

Sir Jeremy Fleming was speaking at CyberUK, the UK’s flagship cyber security conference this week.

The full presentation is here but I’ve picked out some key highlights.

“Of course, we can count ourselves lucky compared to those caught up in wars, but we are also seeing a heightened cyber risk. Cyber criminals are consistently evolving their tactics; the lines are blurring with hostile state activity and ransomware remains a real threat.”

“Cyber clearly matters to everyone.”

“At the global level, the UK has developed as a cyber power. Alongside the more traditional forms of diplomacy and statecraft, cyber now plays a vital role in our national security and prosperity.”

Leadership

CYBER CYBER CYBER – What cyber means for the…

I’m sitting here drinking a cup of tea and thought I’d jot down some of the things I tend to think about. I figured this might help people consider aspects of “cyber” that they might not have considered before.

Leadership

Security Myths and Bad Advice

It must be good, someone posted about it on LinkedIn!

Ok this isn’t my normal jam, normally I’d just write something that’s hopefully good advice/practise and that would be that. But today let’s try something different!

This was inspired by a twitter convo which evolved into this: https://twitter.com/UK_Daniel_Card/status/1522138771789123584?s=20&t=dL9OkicTY2Orj5hfBtDvVQ

So… what are some cyber security myths that ended up being good practise or “good advice”? Well here’s what I came up with, supported by some awesome cyber community people!

Education

Real World Consumer Cyber Security

Cyber in the Consumer World

My focus normally is on business to business (B2B) environments and “Enterprise” computing and cyber security. However, I’ve been known to venture into the consumer world from time to time. I wondered whether people would be interested in exploring with me what cyber security in the consumer world look like?

Last week I set on an adventure to see what “hacking” myself might look like. I’m thinking that there might be more to this than a fleeting glance at Instagram hacking and a bit of fun on twitter with alts. Maybe we need to look at consumer security and how/if we have got a good user experience in this space?