The Cyber Security Navigator

The RAF Ensign flies atop Westminster Abbey this morning, catching the sunrise. A wonderful sight.

Has your account been compromised? Navigate the recovery process with confidence using this guide👇 ncsc.gov.uk/guidance/recov…

@charlesarthur @joetidy @MetroUK @telent_UK @BTP @networkrail So, it wasn’t a teenage skriptkiddie after all. Nor was it a world-ending event as rightly flagged by @ciaranmartinoxf Ill-informed, unsubstantiated reporting can do the work for the bad actors, particularly terrorists. Let’s be wary and mindful bbc.co.uk/news/articles/…

@charlesarthur @joetidy @MetroUK @telent_UK @BTP @networkrail Commuters targeted in cyber-terror attack at major train stations across UK metro.co.uk/2024/09/25/uk-… via @MetroUK

Good grief. This is getting out of hand. This train hack was a minor inconvenience for the proportion of passengers who use the station wifi. Similar to digital graffiti and likely carried out by a 16 year old prankster.

@joetidy But they clearly had some skill ….. and motivation

@TheCybrSecNav I doubt anyone with even a hint of cyber skills/ sophistication would have done this.

@joetidy Such speculation doesn’t help the cause - not all hackers are teenagers wearing hoodies, far from it, nor are they all males either! I could equally speculate that hack was orchestrated by Putin’s regime or some pro-Palestinian group/individual to sow terror but without evidence

@TheCybrSecNav An educated guess after doing this job for a while!

@Coffee_Fueled @VicHarkness 🤔 That’s not right @AmazonUK 😡 I’ve ordered directly, James, following your link - Order #4181 ✅

@VicHarkness Yep. People who order will be annoyed when it doesn't arrive, and Amazon won't be the ones dealing with the backlash - even though they're the ones falsely claiming they can deliver the book and hiding the actual publisher's listing behind a tiny link tucked away.

Have ordered my own book from Amazon, since they claim to sell it directly. Amazon do not have any stock (and won't), but have prioritised their own offer over the publisher's (who does have stock). Can't tell if it's malice or incompetence, but fraud can be reckless too. If you want it, either go direct via bores.co/book, or go through Amazon but make sure to scroll down to the other options buying, and get the one that offers a five day delivery rather than 6-7 months (the five day one actually has stock, Amazon themselves do not, nor will they get any).

The Pall Mall Process declaration is an important step in tackling the proliferation and irresponsible use of commercial cyber intrusion capabilities. The NCSC’s latest blog covers what the process means moving forward. ncsc.gov.uk/blog-post/cybe…

🚨We’ve published a new joint cyber security advisory revealing evolving tactics used by Russian state-linked cyber actors as more organisations move to cloud-based infrastructure ⬇️ ncsc.gov.uk/news/uk-allies…

Spear phishing, mass campaigns, or targeted attacks – no matter the form, phishing poses a threat to organisations of all sizes. 🤚 The updated NCSC guidance equips you with the tools to detect, report, and mitigate phishing attempts effectively. 🔒 ncsc.gov.uk/guidance/phish…

@DanielGDresner Much appreciated, Professor 🙏 @TEISS while it will be my 3rd …… 🙈🙉🙊😉

Well worthwhile...and @aj66inuk deserves the mug. Thank you @ajstewart_lang for capturing my mug...in a moment of rapture it seems. I must have been talking about internal audit functions...🙈

@Coffee_Fueled Nor is #CyberSecurity rocket science …….

Just saw someone comparing entry level cyber security to brain surgery. These people have no idea. It's not some special, elite field. At the start you need a functional brain, ability to read a knowledgebase, and at least some level of initiative. Stop hamming it up.

Well said @cybergeekgirl #BrewMonday 🫖☕️

@aj66inuk @troyhunt @Charlotte_Hunt_ @haveibeenpwned Hear hear 👂👏🍾🥂

@troyhunt @Charlotte_Hunt_ @haveibeenpwned 👏👍✊Keep up the great work, Troy

10 years ago today, I started a pet project with a stupid name. Like all my previous projects, I expected it to scratch an itch and then fail miserably. But @haveibeenpwned didn't do that, not by a long shot. A decade later here we are! 🎂 troyhunt.com/a-decade-of-ha…

@Coffee_Fueled @weaselhacks Agreed

@TheCybrSecNav @weaselhacks Trust but verify is dead. Verify then trust. Then verify again.

A little concerned that 80% of people who responded think only approved organisations can issue an ISO 27001 cert. That means 4 in 5 probably don't critically evaluate certs they receive from vendors. Due diligence problems.

@Scott_Helme Agreed, disappointing but not surprising. Stuck record, wrong track 😞

It’s getting a little tedious watching our government trot out the same nonsense over and over and over again…

@Selyst @SyInstitute Take the win 😉

Just on a call with @SyInstitute colleagues. As a boomer I’m Delighted to be referred to as middle aged!

@Coffee_Fueled @weaselhacks Another example of need for verification before trust? 🤔

@weaselhacks There are companies, who I won't name (lawsuit threats are unpleasant), who basically make a business of doing exactly this (usually with a very thin veil of providing some generic templates).