Author Archives: DFMTeam

The Cyber Scheme and APMG  have announced a new collaborative working arrangement designed to help professionals develop and grow their cyber security career.

The Cyber Scheme and APMG are committed to improving entry routes and career pathways, which will be adopted as ‘best practice’ by the Cyber Security industry. Both APMG  and The Cyber Scheme are prioritising making career pathways simpler, more regulated and more accessible for people from a wide range of backgrounds. By following appropriate governance under internationally recognised standards, * this joint venture will assure the exams they create will be of the highest quality, and a benchmark for anyone wishing to further their education in this dynamic industry.

Exams and assessments for career pathways will be available through The Cyber Scheme and APMG  for several international recognised schemes. APMG  are an accreditation body with an established relationship with the newly established UK Cyber Security Council, and both they and The Cyber Scheme are keen to develop a working relationship with the Council, helping to underpin the quality of service offerings as they are developed. The organisations will be working with the Sponsors of The Cyber Scheme, a consortium of industry thought leaders and experts dedicated to the development and improvement of the Cyber Security industry.

* APMG’s certification and accreditation processes are developed and managed in accordance with a robust quality management system accredited by the United Kingdom Accreditation Service (UKAS). 

Richard Pharro, CEO of APMG says: “There are thousands of competent Cyber Security professionals in the UK, but not enough. There are excellent cyber security university courses, but they cannot educate enough people. A main focus of this collaboration is to help people get onto the first rung of a career in cyber security; to build a workforce that over time can develop and grow into the wide range of cyber security roles that need to be filled . We look forward to working with Charles and his team to help make this happen”

Charles White, MD of The Cyber Scheme adds: “I echo the sentiment from Richard; being able to construct a suitable entry level standard with industry collaboration is critical to help thousands of people either career transition or join the workforce and to get themselves on the first rung of the Cyber ladder. In addition, our professional sponsors’ ability to devise more modern standards that meet today’s market is vital. And so our collaboration with APMG allows The Cyber Scheme to be sound in the knowledge that any standard or qualification grades will have the scrutiny and due governance provided by the most reputable global accreditation and examination institute”.

(108)

The UK Cyber Security Council has appointed tigerbond as its lead agency to devise a structured PR and marketing programme to raise awareness of its aims.

The Council, which became operational in 2021, was formed as the voice of the UK’s cyber security profession. Its role is to develop, promote and align professional standards, and encourage progression along cyber security career paths, in accordance with the UK government’s National Cyber Security Strategy.

Following a competitive tender process, the UK Cyber Security Council has chosen tigerbond on an initial three month contract, with an option for a further 12 months as it enters a new funding cycle.

Simon Hepburn, chief executive of the UK Cyber Security Council, said: “From online shopping to banking, cyber security plays an intrinsic role in our increasingly digital personal and professional lives. We want the Council to be leading the charge at the forefront of the rapidly growing cyber security sector.

“Our objective is to develop and promote the highest professional and ethical standards across the profession to ensure the UK becomes the safest place to live and work online, and for that we need support from an agency partner. “According to a recent DCMS report, the sector is rapidly expanding and employs 52,700 individuals and contributes around £5.3 billion GVA to the UK economy, a 33% increase on the previous year. Comparatively, that’s roughly half the size of the GVA added by the UK’s agricultural industry – but not enough people know the scale of the sector or the rapid growth that’s still to come.

“Our tender process was extremely competitive and the standard of submissions we received was very high, but tigerbond stood out. Tigerbond will support by engaging with the cyber security sector and those seeking to enter it, alongside government, industry and academia, with the combined aim of developing and promoting UK cyber security excellence globally and growing the UK’s skills base.”

Tigerbond has long-standing experience of working with membership organisations and trade bodies, and will support the Council with increased awareness and positioning. The comms activity for the Council will seek to raise awareness of its purpose, vision and mission, whilst positioning it at the forefront of an inclusive and diverse cyber industry.
This will include refining the organisation’s messaging in order to reach and engage with key stakeholders including existing sector organisations and professionals, the public sector, and those in education or currently working in other sectors who may consider a career in cyber security.

Chris Gilmour, co-founder at tigerbond, said: “It was evident early in the tendering process just how significant the UK Cyber Security Council’s role will be in providing stewardship for this rapidly expanding and increasingly vital sector, and we were inspired to assist in this journey.

“The team’s experience working across public and private sector, trade bodies and membership organisations has put us in good stead for delivering impact. We can’t wait to kick off our campaigns this year and generate some strong results for Simon and his team.”

Headquartered in London, tigerbond’s office network includes Manchester, Glasgow, Leeds, Belfast and four cities across Canada. It delivers the full mix of integrated communications services from PR and social to digital, design, branding and web. It was recently named as one of PR Week’s top 12 agencies to watch in the UK in 2022. For more information on tigerbond, please visit:https://www.tigerbond.com/  and to learn more about the UK Cyber Security Council, visit:https://www.ukcybersecuritycouncil.org.uk/ 

(117)

The UK Cyber Security Council – the charitable, self-regulatory body for the cyber security education and skills sector – today announced the appointment of Simon Hepburn, a charity and education executive with over twenty years’ experience in a variety of national and international organisations, as its chief executive.

Hepburn has previously been chief executive of a charity and founded two others, and has held director positions with a variety of charities, academy trusts and businesses. He was also a Trustee Board member of ACEVO (Association for Chief Executives of Voluntary Organisations) and has also sat on the BBC Charities Advisory Board.

“Simon Hepburn’s record is one of delivering at the sharp end of education and careers, for charitable organisations like the Council,” said Dr. Claudia Natanson, chair of the Board of Trustees of the UK Cyber Security Council. “The Council may well be the voice for the profession, but it is absolutely intended to be a ‘doing’ organisation rather than just a ‘talking’ organisation, so this attribute made him an excellent candidate for CEO; we welcome his passion and energy and look forward to him driving the organisation forwards.”

“I make no secret of my passion for supporting people and organisations to reach their full potential and make a positive contribution to society – it has been at the heart of my career to date. I intend to bring the full weight of that knowledge and experience to bear on the activities of the Council, benefiting the cyber security profession,” said Simon Hepburn, CEO of the UK Cyber Security Council. I’m excited by the opportunity to work with one of the most critical sectors in our country, delivering education and skills support and resources to organisations and the professionals that are essential to the safe, secure and prosperous operation of the UK economy.”

Hepburn’s other career roles include:

• Founder of Black Star Inc., advising on diversity and inclusion, leadership and management, people and change, strategy and organisation development, careers and employability
• UK Director at international social action charity City Year UK, leading on school partnerships, programme design and delivery, leadership programme development, mentor experience and programme impact
• Director of Education and Policy at ed-tech company U-Explore Ltd, supporting schools, colleges, local authorities and businesses on careers and employability programme development and partnerships
• Director of Pathways and Partnerships for Academies Enterprise Trust Careers, leading on the development of the Championing Careers Guidance Programme working in partnership with the Greater London Authority (GLA)

Simon Hepburn succeeds Don MacIntyre, who was appointed as interim CEO by the Board of Trustees in January 2021 during the Council’s formation.

(224)

According to a survey carried by OnePoll on behalf of privacy advice and comparison website, Comparitech.com, almost half (48%) of the respondents that said they currently used Netflix claimed that they would pay a premium to be able to access content that is normally restricted to the US audience. A further 43% of those who used Netflix said that they felt it was wrong for Netflix to ban VPNs in order for customers to access US restricted content.

“While Netflix did recently push up its prices, there was no extra benefit to the customer.  Instead, if users were willing to pay a premium to access more content, Netflix could use this extra capital to negotiate better deals with licensing agencies to offer a better service to its customers rather than put its customers privacy at risk with this unpopular VPN ban,” said Paul Bischoff from Comparitech.com. 

This lockdown has meant Netflix has come under fire from consumers angry about its decision to block VPN connections from accessing content out of uncertainty of where the traffic is coming from – Netflix content varies across different regions, so VPNs can be used to get around regional content blocking in order for users to watch whatever they want.  NordVPN even surmised that this is the reason for Netflix’s subscriber growth taking a hit and share prices going down.

The findings bring into question whether the uproar about VPN blocking is actually necessary given there is a clear market for people willing to pay extra to Netflix to get the content they want to see.

(94)

?When plugged into any device, The USB Killer, released earlier this summer, rapidly draws power from the hardware, then returns that power in an overloading burst. According to the makers, this “instantly and permanently disables unprotected hardware.” Potential targets include not just PCs, but TVs, copy machines—anything with a USB port.

To read the article in full click here .

(195)

Following the news that a sophisticated Mac OS X backdoor has been uncovered, Anton Tyurin, the Head of Attack Detection Software Department, Positive Technologies offered @DFMag the following expert comment.

“There is nothing unusual. A malware with similar functionality was detected in 2012 by Dr.Web. Dubbed BackDoor.DaVinci.1, this cross-platform Trojan can gain full control over computers running both Windows and Mac OS X, or even destroy your OS.

“If we compare Backdoor.OSX.Mokes with its versions for Windows and Linux, we will find nothing new, because developers initially aimed at cross-platform malware retaining all features. Of course, the mechanism of malware persistence in the system was changed for Mac OS X. By the way, not only antiviruses can detect that kind of malware behavior, but also persistence monitoring tools such as BlockBlock (https://objective-see.com/products/blockblock.html).

“OSX/Keydnap has a mechanism for gathering and retrieving passwords and keys stored in the OS (Keychain). This is probably the main idea of that malware. OSX/Mokes captures audio and video from a webcam, takes screenshots every 30 seconds, logs keystrokes, and monitors removable storage devices. More serious spy, so to say.

“Both Trojans are able to execute commands on a victim’s computer remotely – and both could be detected by its communication methods. OSX/Keydnap uses TOR to connect to the C&C server, this could be easily tracked by modern IDS systems.

“OSX/Mokes uses 443 port to transmit the AES-encrypted data, this is alarming incompliance: 443 port is used by default for HTTPS connections with TLS cryptographic protocol.

“It is classic: do not visit suspicious websites, do not open suspicious files (especially from root), update your antiviruses and your OS. Using Mac OS X does not guarantee security: it is widely used now, so malware authors will create more programs for it.

“The delivery vector of Mokes malware is unclear: it could be delivered by email or a faked application (from untrusted websites) run by users themselves, or it could come by vulnerability exploitation in Flash/Java/Safari (previously unknown vulnerabilities? Why not!).

“We can also guess who the user of this backdoor is and what resources he possesses to be able to store and analyze large amount of data stolen from victim computers (audio and video). Is it industrial espionage, or some state intelligence agency?”

(130)

Following the news that a Gugi malware is targeting Android banking apps,  Artem Chaykin, Head of Mobile Application Security Department, Positive Technologies provided the following comment to @DFMag;

“The best way to avoid Android Trojans – do not install apps from unknown sources. By default you can install apps only from Google Play, but Android allows you to change this. As an Android user you should always install apps only from the official market.

“If you run a company, it could be hard to convince all your employees to apply this security rule on all BYOD or corporative devices. However you can force them to do this by applying mobile security policies via MDM systems or Microsoft Exchange, for example. This can protect users from typical Android Trojans.

“The new generation of Android Trojans is another story. According to our statistics, 75% of Android banking apps are exposed to high-severity vulnerabilities and some of them, like one-time passwords stealing, can be exploited by malware applications with zero permissions. What you can do? Install updates to applications as soon as they come, use security systems which can detect suspicious behavior of your applications… and yes, simply try to avoid serious operations (like money transfer) via Android mobile apps.”

(80)

Guidance Software, a global company that develops and provides software solutions for digital investigations to law-enforcement and retail agencies, is best known for creating EnCase, a high-quality product line centered around digital forensics, endpoint security analytics, e-discovery and cyber security incident response.

Under the new agreement, Atos will provide top-tier forensic security products from Guidance Software to customers worldwide, according to a statement released to the media. Together, they plan to deliver solutions to organizations that will find, assess and counter hidden cyber threats within their networks.

“Today, organizations face an increasing variety of cybersecurity threats from both inside and outside the traditional network perimeter,” said Chris Moret, vice president for cybersecurity at Atos in the media statement.. “This partnership adds best-in-class endpoint detection and response tools from Guidance to our portfolio of security solutions clients use to protect their most valuable systems and data.”

Together, Atos and Guidance can provide 360-degree visibility for an organization’s secure data and provide unrivaled automated response if a threat is found, according to the press release.

“Guidance is committed to growing our business through strategic global partnerships,” said Scott Skidmore, Vice President of Guidance’s global channel in the statement released to the press. “Atos is a strategic partner in our strategy to accelerate growth across the globe. At Guidance, we are focused on strengthening our capabilities and services so that our partners have the best forensic security solutions to fit their market needs.”

Guidance was founded in 1997 and currently has 371 employees worldwide. Their software is best known for aiding authorities in convicting Scott Peterson, who murdered his wife and unborn child in 2004 and for catching Dennis Rader, the famed “BTK killer” who killed 10 people between 1974 and 1991 and wasn’t caught until he taunted police by sending them a CD in 2005, leaving behind traceable digital footprints. https://www.guidancesoftware.com/

(202)