Defence
This is a fast publish!
Confirmed all Office (ISO Install/PRO and 365) when using the Rich Text Format (RTF) method.
Office 365 has some sort of patch against the .DOCX format.
Guides
So as always there are a million things in tech and well it’s rare that someone knows EVERYTHING. I must connect to a Wireguard VPN from a KALI VM. Should be simple, well actually it was a bit more complicated as I had two errors along the way!
Leadership
Ok so you might be sitting here going… but Dan you send pews and do “techy” stuff… do you not lead? Well, I mean I do all kinds of things, I write business cases, I play with spreadsheets (fun right!), I integrate systems and look at data and sometimes write really bad code! (hey, the pews aren’t going to send themselves!) but… I want to talk about some realities here.
Read more “Cyber Leadership”
Defence
This is a fast publish
Vmware just released patches for two new vulnerabilities in Workspace One, followed by guidance from CISA to patch by May 23rd or remove the devices from the network/internet!
“All Federal Civilian Executive Branch agencies must complete the following actions:
By 5:00 PM EDT on Monday, May 23, 2022:
Enumerate all instances of impacted VMware products [VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager] on agency networks.
Read more “CVE-2022-22972 & CVE-2022-22973”
Education
Volume 1
I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)
Read more “The CYBER GANG Cookbook”
Threat Intel
This is an evolving post and will likely be updated over time. Online “community” or “criminal gangs” etc. can be fluin and dynamic, thinking of them in rigid structures and trying to compare them to “In Real Life (IRL)” organisationas directly doesn’t really work. They work generally in a collective fashion. No masters and no slaves etc.
I don’t really like to use the term “hacker” in this sense, perhaps hacktivist or criminal groups is the right fit, however, words aside there is the question: Who is KILLNET, are they a threat and who are they a threat to?
KILLNET was suposedly formed as a resonse to the IT ARMY of Ukraine (Ukraine Cybe Army) (formed late Feb) which is odd given the first post from KILLNET was on January the 23rd and IT ARMY of UKRAINE setup their telegram on Feb 26th.
Read more “KILLNET: Area they really a threat?”
Defence
Sir Jeremy Fleming was speaking at CyberUK, the UK’s flagship cyber security conference this week.
The full presentation is here but I’ve picked out some key highlights.
“Of course, we can count ourselves lucky compared to those caught up in wars, but we are also seeing a heightened cyber risk. Cyber criminals are consistently evolving their tactics; the lines are blurring with hostile state activity and ransomware remains a real threat.”
“Cyber clearly matters to everyone.”
“At the global level, the UK has developed as a cyber power. Alongside the more traditional forms of diplomacy and statecraft, cyber now plays a vital role in our national security and prosperity.”
Read more “The Director of GCHQ speaks at CyberUK 2022”
Leadership
I’m sitting here drinking a cup of tea and thought I’d jot down some of the things I tend to think about. I figured this might help people consider aspects of “cyber” that they might not have considered before.
Read more “CYBER CYBER CYBER – What cyber means for the world in the modern age”
Threat Intel
OPSEC is hard! Doing things that are covert is expensive and time consuming. Being invisible in today’s digital age is very hard. Operating covertly in plain sight it also hard.
Everything about this “stuff” is hard, except sometimes maybe it’s just viewed as “it’s hard and expensive” so why even bother, or conversely… maybe the objective can be “we want people to know it was us.”
Either way there’s some interesting reading if we look at “cyber” and “opsec”. For the minute I’ve just started to collect a list of links to articles which show some of the ways opsec failures have occurred in the past in relation to the GRU.
Read more “OPSEC is Hard: Are you even trying?”
Leadership
Ok this isn’t my normal jam, normally I’d just write something that’s hopefully good advice/practise and that would be that. But today let’s try something different!
This was inspired by a twitter convo which evolved into this: https://twitter.com/UK_Daniel_Card/status/1522138771789123584?s=20&t=dL9OkicTY2Orj5hfBtDvVQ
So… what are some cyber security myths that ended up being good practise or “good advice”? Well here’s what I came up with, supported by some awesome cyber community people!
Read more “Security Myths and Bad Advice”