UK government shares the outcome of proposals to improve the UK’s cyber resilience
The UK government has published the outcome of proposals for policy measures to help improve the UK’s cyber resilience as part of the National Cyber Strategy 2022.
Previous cyber attacks have shown that attacks on critical service providers can interrupt activity across society and have national security implications.
The government plans to make amendments to the Network Information Systems (NIS) regulations to bring managed service providers (MSPs) into scope.
Last Pass share information about a recent security incident
Last Pass have shared details about a recent security incident with a cloud storage company in their supply chain that has enabled an unauthorised party to access customer information. Customer’s passwords have not been accessed and remain encrypted.
This incident followed a security incident in August. Last Pass released details of that incident and have since provided an update following their investigation.
This security incident is a good reminder for organisations to think about their supply chain security and, for organisations that have networks of national significance, check their eligibility to use Cyber Incident Response (CIR) companies to help them deal with an attack.
The NCSC updates its vulnerability disclosure kit
The NCSC has updated its Vulnerability Disclosure Toolkit to include additional information on implementing a disclosure process, including validation and triage.
The toolkit is for organisations of all sizes and focuses on the essential components to get started. Even if organisations have a process in place, the toolkit may still help to improve it.
CISA publish joint advisory on Cuba ransomware actors
US agencies, CISA and FBI have released a joint advisory about the number of attacks involving Cuba ransomware.
They identified, since December 2021, that the number of U.S. entities compromised by Cuba ransomware has doubled, with ransoms demanded and paid on the increase.
This is another demonstration of how ransomware continues to be a global threat to organisations.
The NCSC has guidance for organisations advising how to mitigate ransomware and other malware.
NCSC and DCMS create Code of Practice for app developers and operators
The NCSC and DCMS have today published the Code of Practice for App Store Operators and App Developers and published the response to the Call for Views on App Security and Privacy Interventions.
The code of practice is a voluntary way for developers and operators to demonstrate that they are meeting a fundamental level of security.
The eight principles within the code of practice are designed to ensure that apps and app stores provide security and privacy as standard.
The NCSC has a blog post explaining more about the new code of practice.