New NCSC guidance to support organisations to assess the supply chain risk
The NCSC has published new guidance ‘How to assess and gain confidence in your supply chain cyber security’ aimed at medium to large organisations. Supply chain attacks can result in devastating, expensive and long-term ramifications for affected organisations and their customers, and the guidance aims to help mitigate this.
US publishes advisory on top CVEs exploited by Chinese state
US agencies CISA, FBI and NSA have published a new advisory about Chinese state actors continuing to use open source tools and to exploit vulnerabilities to gain access to critical infrastructure networks of interest to them. It lists the 20 most exploited vulnerabilities since 2020, which includes many familiar and much publicised ones, such as Log4j.
Legal notices issued following Huawei consultation
By the end of 2027, Huawei technology must be removed from the UK’s 5G public networks.
Following a consultation, legal documents have been issued to 35 UK telecoms network operators and has been based on guidance from the National Cyber Security Centre.
In 2020, the NCSC published guidance relating to Huawei as well as a collection of content around 5G and the future of UK telecoms:
