Cyber Essentials Pathways: from proof of concept to cyber confidence
An alternate path to Cyber Essentials Plus certification, without compromising the integrity of the scheme.
● Live advisory feed
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
An alternate path to Cyber Essentials Plus certification, without compromising the integrity of the scheme.
Why the UK is pioneering an initiative to develop a national scale, sovereign defence capability
Pen testers suggest what organisations can do to make their job more difficult.
Organisations using Fortinet services are being urged to take action following a campaign affecting firewalls and VPN gateways.
Different code deserves different levels of oversight, so calibrate your approach to ‘vibe coding’ accordingly.
Dr Richard Horne highlighted the scale of cyber threats against the UK’s critical infrastructure at RUSI’s Annual Security Lecture.
Attackers are compromising open-source packages to spread malware. Cyber defenders are asked to review dependencies to reduce risks
New guidance explains how to design Zero Trust Network Access architectures aligned with zero trust principles and not built on old trust assumptions.
When it comes to using agentic AI, make sure you can walk before you run.
Using Artificial Intelligence to find vulnerabilities can bring added security considerations.
Organisations must act now to prepare for a wave of patches that will address decades of technical debt.
Poor metrics can render a well-intentioned security operation centre entirely ineffective.
Adopting AI will require time, the development of new capabilities and careful oversight.
Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
Passkeys offer a more usable, secure replacement for passwords and are already supported by most modern devices.
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert network indicators.
SilentGlass, a plug-and-play device, actively blocks any unexpected or malicious HDMI and Display Port connections.
Ensuring cross domain technologies are better understood - and more easily deployed - across sectors.
As the technology landscape develops, the definition of cyber security is expanding with it.
An NCSC assessment highlighting the impacts on cyber threat from AI developments between now and 2027.
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.
Key findings and full report from the 6th year of the Active Cyber Defence (ACD) programme.
An updated report from the NCSC explaining how UK law firms - of all sizes - can protect themselves from common cyber threats.
Report informing readers about the threat to UK industry and society from commercial cyber tools and services.
Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.
Key findings from the 5th year of the Active Cyber Defence (ACD) programme.
This report outlines the risks associated with the use of official and third party app stores.
A technical analysis of a new variant of the SparrowDoor malware.
Assessing the security of network equipment.
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
The year three report covers 2019 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
Technical report on best practice use of this fundamental data routing protocol.
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.
The NCSC report highlights the cyber threats faced by the sports sector and suggests how to stop or lessen their impact on organisations.
A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.
NCSC technical paper about the privacy and security design of the NHS contact tracing app developed to help slow the spread of coronavirus.
A summary of the NCSC’s security analysis for the UK telecoms sector