This month, the NCSC and its Cyber Essentials delivery partner IASME will update the technical requirements for the 2023 Cyber Essentials scheme. These changes come as part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. Changes come into play on 24th April 2023, and as stated on their website, these modifications will cover a variety of key areas.
A new malicious package has been detected on the Node Package Manager (npm) repository that poses a significant threat to users who may unknowingly install it. Named ‘Vibranced,’ the package has been carefully crafted to mimic the popular ‘colors’ package, which has over 20 million weekly downloads.
Remote or hybrid work have become the de facto standard for many companies, post-pandemic, as more employees demand more flexible workplace policies. Therefore, organizations looking to support hybrid work will require a long-term strategy that ensures their infrastructure is equipped to securely facilitate this new flexible work environment.
In last week’s discussion around readiness and resilience, I introduced the concept of what it means to have “threat-informed” cybersecurity. This week, I want to show you what that looks like in the real world – how it should drive you to challenge more assumptions, reduce your attack surface, and game out real-world scenarios.
Deep packet inspection (DPI), as the name suggests, is a type of network packet filtering and an advanced mode of examining network packets. In DPI, network packets that are transmitted through an inspection point are evaluated. At this inspection point, a DPI tool determines where the packets came from, whether a service or application. With DPI, packets are categorized, inspected, and redirected to prioritize business-critical applications and other online services.
