CTO at NCSC Summary: week ending June 29th
The National Cyber Security Centre (NCSC) will continue to help empower businesses, the public sector and the public to protect themselves from cyber attacks,
Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note…
In the high-level this week:
Trusting the tech: using password managers and passkeys to help you stay secure online - NCSC UK publishes - citizen level guidance on these important technologies which can raise authentication hygiene
National Security Strategy 2025: Security for the British People in a Dangerous World - UK Government publishes:
“The National Cyber Security Centre (NCSC) will continue to help empower businesses, the public sector and the public to protect themselves from cyber attacks, and to support response and recovery when incidents do occur.”
“The AI Security Institute (AISI) will remain a central plank as the world’s largest government team dedicated to AI security, working alongside centres of expertise across government, including the National Cyber Security Centre, the UK’s technical authority for cyber security.”
National Security Strategy (Joint Committee) Parliament Live session
UK’s Modern Industrial Strategy: Digital and Technologies Sector Plan - UK Government publishes - “Cyber security: Driving investment into our internationally-renowned cyber sector and supporting cutting-edge innovation to address the challenges that prevent widespread technology adoption. We will build on the momentum of the Cyber Security and Resilience Bill and take advantage of innovation opportunities Executive Summary 7 presented by AI and post-quantum encryption. We will establish key supply routes into our leading intelligence and defence capabilities, including the National Cyber Security Centre and the National Cyber Force.”
Ransomware attack contributed to patient's death - BBC reports -” King's College Hospital NHS Foundation Trust confirmed that one patient had "died unexpectedly" during the cyber attack on 3 June 2024, which disrupted more than 10,000 appointments. A spokesperson for the trust said a number of contributing factors led to the patient's death including "a long wait for a blood test result".
Revolutionizing Cyber Resiliency for Military Systems - DARPA publishes - “Our High-Assurance Cyber Military Systems (HACMS) program successfully applied formal methods to military systems like quadcopters, helicopters, and automobiles – making them inherently secure against cyber threats.” - see the call to action video
Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times reports - “The hacking group “Homeland Justice,” believed to be affiliated with Iranian state intelligence, announced the breach via its Telegram channel, stating that it had “extracted all data and wiped the servers” of the capital’s municipal IT infrastructure.”
EU Managed Security Services Certification to drive the cybersecurity market - ENISA publishes - “ENISA launches a call for expression of interest to participate in the relevant Ad Hoc Working Group”
Iran Strike Press Conference - US Department of Defence publishes - “I join the president and the secretary in being incredibly proud of the air crews, naval forces, cyber operators, planners and support teams and commanders who made this mission possible.”
Federal Reserve Board announces that reputational risk will no longer be a component of examination programs in its supervision of banks - Federal Reserve announces - “The Board has started the process of reviewing and removing references to reputation and reputational risk from its supervisory materials, including examination manuals, and, where appropriate, replacing those references with more specific discussions of financial risk.”
Ransomware attack takes down Tonga’s National Health Information System - Matangi Tonga Online reports
Tonga Govt. refuses to pay USD$1million ransom to health hackers - Matangi Tonga Online reports
Cabinet approves NT$8.8 billion plan to enhance cybersecurity resilience - Focus Taiwan reports - “Taipei, May 8 (CNA) The Cabinet on Thursday approved a four-year plan to spend NT$8.8 billion (US$290.6 million) to strengthen the country's cybersecurity resilience.”
Promote the seventh phase of the National Information and Communications Security Development Plan to build a trustworthy and secure digital society - Taiwan Administration of Cyber Security announces four pillars -
Cybersecurity defense for the whole society
Improve the cybersecurity resilience of critical infrastructure
Strengthen my country's information security industry
AI emerging cybersecurity technology application and cooperation
Pacific Cyber Week and Pacific Cyber Capacity Building and Coordination Conference 2025 - Australian Government for Department of Foreign Affairs and Trade announces - “The P4C will bring together key stakeholders from across the Pacific to understand the region's needs and discuss opportunities for cyber resilience in the Pacific.”
Reporting on/from China
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace - Atlantic Council releases - “China’s domestic cyber pipeline dwarfs that of the United States. China is also increasingly moving to recruit from the Middle East and East Asia. “
Butian Vulnerability Platform: Forging China's Next Generation of White Hat Hackers - Natto Thoughts releases - “The Butian Platform proudly identifies itself as the largest vulnerability response platform in China, boasting over 153,000 registered “white hat experts” and more than 2 million reported vulnerabilities as of June 2025.”
Chinese start-up delivers 1st self-developed 1,000-qubit quantum system - Global Times reports - “The new system has achieved a tenfold increase in integration compared with the previous generation. It features domestic design in key components, making it the smallest and most efficient product of its kind in China”
In light of US sanctions, China unveils first parallel optical computing chip, ‘Meteor-1’ - South China Morning Post reports - “The chip achieves a theoretical peak computing power of 2,560 TOPS (tera-operations per second) at 50GHz optical frequency – performance comparable to Nvidia’s advanced GPUs – according to a report by Chinese publisher DeepTech last week.”
The US is Choosing to Replace the Chinese Huawei Telecommunications Towers in Panama, and the Panama Government is Complying - Newsroom Panama reports - “it will replace telecommunications equipment from the Chinese company Huawei—installed in 13 locations across the country—with U.S. technology considered more secure.”
Ant Group pushes wider adoption of AI-enabled smart glasses for mobile payments - South China Morning Post reports - “In the coming years, this technology could enable people to complete transactions simply by looking at or gesturing towards a product,”
China’s top player Empyrean eyes opportunities from US chip curbs on design software - South China Morning Post reports - “Beijing-based company hopes to ascend to the top tier of global EDA providers, but acknowledges considerable gap with US rivals”
Trump Adviser David Sacks Says China Adept at Evading Chip Curbs - Bloomberg repots - “Sacks argues that overly restrictive US sales of AI chips to American allies could create an opening for Huawei and other Chinese companies, and calls for a more nuanced approach to chip export controls.”
Chinese industrial maximalism: Lu Feng - High Capacity reflects - “Lu Feng presents a theory of what I call “Chinese industrial maximalism.” At a time when China is already the world’s manufacturing superpower and faces accusations of “overcapacity” from the US and EU, Lu Feng argues that what China needs is more industrial development, not less.”
AI
AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models - dreadnode publish - “The benchmark consists of 70 realistic blackbox capture-the-flag (CTF) challenges from the Crucible challenge environment on the Dreadnode platform, requiring models to write python code to interact with and compromise AI systems”
The road to Top 1: How XBOW did it - XBOW trumpets - “Over the past 90 days alone, the vulnerabilities submitted were classified as 54 critical, 242 high, 524 medium, and 65 low severity issues by program owners.”
Developing the NCCoE Chatbot: Technical and Security Learnings from the Initial Implementation - NIST publishes - “a point in time examination of the NCCoE Chatbot, outlining the NCCoE’s approach to developing the tool, as well as the NCCoE’s response to specific security challenges.“
Why Big Tech cannot agree on artificial general intelligence - Financial Times reports - “But critics argue this definition falls short of describing a truly intelligent system. “That’s just automation, which is something that we’ve done for decades,” says Chollet, the former Google engineer.”
Alibaba updates open-source Qwen3 models to support AI deployment on Apple devices - South China Morning Post reports - “the Qwen team of Alibaba’s cloud computing unit said it launched open-source Qwen3 models optimised for Apple’s MLX framework for machine learning. Alibaba owns the South China Morning Post.”
Cyber proliferation
Paragon must answer for spyware use against civil society and journalists - Access Now call - demanding a response..
Trust Broken at the Core - iVerify publish - “It seems like Intellexa is solely relying on the closed nature of the iOS ecosystem, which makes it more difficult for researchers to get insight into system activity and find malicious processes and/or files.”
Bounty Hunting
Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims - US Department of Justice announce - “Kai West, a British National, Is Charged With Operating the “IntelBroker” Online Identity, Infiltrating Victim Computer Networks, Stealing Data, Selling It, and Causing Millions in Damages to Dozens of Victims Around the World”
Reflections this week are around root cause analysis and systematic vulnerability reduction at scale in code bases.
Today we see patchy capabilities in those organisations who develop software and their ability to do vulnerability variance discovery and reduction at scale.
Many are able to address discrete vulnerabilities which are reported. However very few are able to develop CodeQL or joern queries to comprehensively surface variants of these. An even smaller number still have test coverage which gives them confidence or are capable to then to address at scale without fear of function issues.
I highlight as unless we get confident, comfortable and capable at addressing vulnerability at such scale in code the lumpy path of cyber resilience is going to get lumpier..
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
UAC-0001 (APT28) cyberattacks against government agencies using BEARDSHELL and COVENANT
Ukraine CERT provide some initial access insight into this alleged Russian threat.
As a result of the computer-technical investigation, software tools were discovered - a component of the COVENANT framework and the BEARDSHELL backdoor, and the method of the initial attack was also clarified. This time, an unidentified person sent a document called "Act.doc" using Signal, which contained a macro.
https://cert.gov.ua/article/6284080
Reporting on China
Cyber threat bulletin: People's Republic of China cyber threat activity: PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign
Our friends and partners at the Canadian Centre for Cyber Security publishes initial access detail by this alleged Chinese threat actor.
Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network.
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure
Nico Paulo Yturriaga and Pham Duy Phuc detail possible alleged Chinese campaign which will be of interest due to the victimology.
It specifically targets the energy, oil, and gas sector through phishing attacks and the exploitation of Microsoft ClickOnce. The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious. Its methods reflect a broader shift toward “living off the land” tactics, blending malicious operations within cloud and enterprise tooling to evade traditional detection mechanisms.
Our analysis reveals how this campaign has progressively evolved with advanced evasion tactics and C2 obfuscation across each variant. Key findings include abuse of ClickOnce [1] to proxy execution, early injection via .NET AppDomainManager hijacking [2], and anti-analysis measures (anti-debugging loops and sandbox detection).
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
SecurityScoreCard give insight into this covert infrastructure allegedly used by Chinese threat actors. If nothing else both validates the UK’s approach through the PSTI regime, but also why proactive action should be taken at the operator / ISP edge.
Over 1,000 actively infected nodes
Targets are highly localized in the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan
Victims in real estate, IT, networking, media and more
LapDogs leverages a custom backdoor named “ShortLeash,” which establishes a foothold on compromised devices and enables the hackers to act covertly
Small Office/Home Office (SOHO) devices are mainly targeted
Campaign growth is deliberate, beginning September 2023 and expanding with methodical tasking
LapDogs shares commonalities with some prolific China-Nexus ORB networks, most notably PolarEdge, while conclusively standing out as an independent ORB
Reporting on North Korea
Zoom & doom: BlueNoroff call opens the door
Daniel Albrecht, Sean Alexander and Elena Lapina detail an alleged North Korean campaign against a Canadian gambling provider.
We believe this is part of a targeted social engineering campaign leveraging both trusted contact impersonation and brand (Zoom) impersonation, with convincingly spoofed domains targeting operational workflows that prioritize speed and routine.
https://fieldeffect.com/blog/zoom-doom-bluenoroff-call-opens-the-door
Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure
Enki detail tradecraft which was used in a recent alleged North Korean operation. The fact that they use Github should empower some to understand the threat.
A sophisticated spearphishing attack was detected in which Github was used as attack infrastructure to distribute malware.
The malware accesses the attacker’s private repositories using a hardcoded Github Personal Access Token (PAT).
Log files stored in the private repository revealed an IP address used by the attacker for testing purposes.
Analysis of the XenoRAT C&C indicated links to the North Korean threat group Kimsuky.
Reporting on Iran
Israeli Officials Warn Iran Is Hijacking Security Cameras to Spy
Bloomberg alleged that Iran is using weak IoT camera security for situational awareness.
Iran is tapping into private security cameras in Israel to gather real-time intelligence about its adversary, exposing a recurrent problem with the devices that has emerged in other global conflicts.
Earlier this week, after Iranian ballistic missiles tore through high-rise buildings in Tel Aviv, a former Israeli cybersecurity official went on public radio to issue a stark warning: Turn off your home surveillance cameras or change the password.
“We know for the past two or three days, the Iranians have been trying to connect to cameras to understand what happened..”
Reporting on Other Actors
Case of attack targeting domestic web servers using MeshAgent and SuperShell
AhnLab ASEC remind the globe that some actors will exploit the web edge for initial access. This campaign is unattributed and could be so many possible threat actors based on the TTPs.
https://asec.ahnlab.com/ko/88559/
Prolific Phishing Campaign Leveraging Zoom's Infrastructure
Michael Robertson details a campaign is another example of SaaS misuse for phishing..
These phishing attempts originate from noreply-zoomevents@zoom.us, bypassing numerous email security filters. These messages are cryptographically signed (SPF/DKIM/DMARC) and originate from Zoom Events, making it exceedingly difficult for users to identify them as phishing.
https://blog.reconinfosec.com/zoom-events-phishing
Fake SonicWall App Steals VPN Credentials
SonicWall detail a campaign which likely involves SEO and/or phishing coupled with a malicious installer which is code signed.
a deceptive campaign to distribute a hacked and modified version of SonicWall’s SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software. NetExtender enables remote users to securely connect and run applications on the company network. Users can upload and download files, access network drives, and use other resources as if they were on the local network. Security solutions from SonicWall (GAV: Fake-NetExtender [Trojan]) and Microsoft (TrojanSpy:Win32/SilentRoute.A) will flag the installer as malicious and enable proactive defenses.
The website impersonating the legitimate NetExtender is hosting a Trojanized version of SonicWall’s actual NetExtender version 10.3.2.27 (the latest release version), digitally signed by “CITYLIGHT MEDIA PRIVATE LIMITED.”
Discovery
How we find and understand the latent compromises within our environments.
The Jitter-Trap: How Randomness Betrays the Evasive
Masha Garmiza does a wonderful job on bringing some data science to detection.
Sleep with jitter configuration is considered a stealthier option. In trending frameworks such as Sliver, the jitter option is configured by default
..
However, we found that traffic identified with jitter is more noticeable and less common within benign traffic.
https://www.varonis.com/blog/jitter-trap
The Cyber Deception Maturity Model: Where Does Your Organization Stand?
Rad details his deception maturity framework.
https://deceptiq.com/blog/cyber-deception-maturity-model
Defence
How we proactively defend our environments.
NIS2 Technical Implementation Guidance
ENISA publishes this guidance for those looking to implement in Europe.
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for these entities are defined at EU level by Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024. ENISA’s guidance offers practical advice, examples of evidence, and mappings of security requirements to help companies implement the regulation.
https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance
DeviceOffboardingManager
Ugur Koc provides the IT janitors with a mop for aisle 1337.
A modern PowerShell-based GUI tool for managing and offboarding devices from Microsoft Intune, Autopilot, and Entra ID (formerly Azure AD). This tool provides a streamlined interface for device lifecycle management across Microsoft services.
https://github.com/ugurkocde/DeviceOffboardingManager
Incident Writeups & Disclosures
How they got in and what they did.
CoinMarketCap Client-Side Attack: A Comprehensive Analysis
Himanshu Anand details this compromise which presents a challenge to a lot of organisations to detect if it happened to them.
Fun anecdote - in the 1990s a security consultancy I worked for ran its website off a CD/DVD to prevent modification. Maybe the immutable website should come back in vogue.
On June 20, 2025, CoinMarketCap (CMC) - a cornerstone of the cryptocurrency ecosystem, relied upon by millions for real-time crypto data - experienced a significant security incident. A client-side attack compromised its frontend, tricking users into connecting their crypto wallets through a sophisticated phishing scheme. This breach underscores critical vulnerabilities in trusted content delivery paths. While we don’t know whether the API response was compromised through third-party code or internal misconfiguration, the result was clear: client-side malware execution through a trusted API.
https://cside.dev/blog/coinmarketcap-client-side-attack-a-comprehensive-analysis
Vulnerability
Our attack surface.
Triaging security issues reported by third parties
Nick Wellnhofer of libxml2 outlines how things will work going forward..
The basic idea is to treat security issues like any other bug. They will be made public immediately and fixed whenever maintainers have the time. There will be no deadlines. This policy will probably make some downstream users nervous, but maybe it encourages them to contribute a little more.
Achieving RCE in famous Japanese chat tool with an obsolete Electron feature
RyotaK details what can go wrong when web technologies are melded into desktop technologies and a confluence of issues come together.
Dangerous method is exposed to the preload context
An incorrectly enabled legacy feature that allows access to the preload context
Routing parser difference between desktop and web
By combining these problems, I achieved remote code execution in the Chatwork desktop application, which can be triggered when a user performs actions on an attacker-provided URL.
https://flatt.tech/research/posts/escaping-electron-isolation-with-obsolete-feature/
Offense
Attack capability, techniques and trade-craft.
Mythic C2 with EarlyBird Injection and Defender Evasion
Ivan Spiridonov details a technique detection engineers will want to ensure they have coverage of.
The technique works by creating a process in a suspended state using CreateProcessW with the CREATE_SUSPENDED flag. This creates the process but doesn't start the main thread, giving us time to inject our code. We then use VirtualAllocEx to allocate memory in the target process with execute permissions and WriteProcessMemory to write our shellcode to that allocated memory.
The key is QueueUserAPC, which adds our shellcode to the thread's APC queue. When we call ResumeThread to start the process, Windows checks if the thread has any queued APCs and executes them before starting the thread's main function. This means our shellcode executes before the legitimate process code, giving us control from the very beginning of the process lifecycle.
WerFault.exe (Windows Error Reporting) is an ideal injection target because it's a legitimate system process that runs regularly, has network access for sending error reports to Microsoft, and is less likely to be monitored than other system processes.
https://xbz0n.sh/blog/mythic-c2-early-bird-defender-evasion
Untrustworthy Trust Builders: Account Operators Replicating Trust Attack
Jonas Bülow Knudsen details an Active Directory attack scenario that should be pretty noisy and easy to detect..
The Incoming Forest Trust Builders group (not AdminSDHolder protected) can create inbound forest trusts with ticket-granting ticket (TGT) delegation enabled. This configuration causes servers to send their TGT across the trust when coerced to authenticate to a computer with unconstrained delegation. An attacker can abuse this by creating a trust to a fake domain, coercing a DC to authenticate to a host in the fake domain with unconstrained delegation, and then use the TGT of the DC to perform DCSync. The coerced DC must perform Kerberos authentication to send its TGT, requiring a DNS conditional forwarder to the fake domain, which the DnsAdmins group (another group AdminSDHolder does not protect) can create.
breaking ld_preload rootkit hooks
0xMatheuZ highlights an evasion technique on Linux which solutions on such platforms which rely on userland hooks will want to ensure coverage of.
This article explores a technique to bypass Userland based hooks, such as those implemented via LD_PRELOAD by leveraging io_uring, a modern Linux kernel interface for asynchronous I/O. By bypassing traditional libc wrappers, such as
open(),write(), andclose(), which are commonly intercepted in LD_PRELOAD based hooks, it’s possible to evade detection or interference by such malicious userspace mechanisms.
https://matheuzsecurity.github.io/hacking/using-io-uring-to-break-linux-rootkits-hooks/
Primitive Injection - Breaking the Status Quo
trickster0 details a technique which uses RtlInitializeBitMapEx as a way to write process memory although size constrained so you need many.
https://trickster0.github.io/posts/Primitive-Injection/
Skinny Guerrilla Command and Control
JC Steiner releases an implant framework teams should ensure there is coverage of.
This framework seeks to solve that problem by allowing each implant to have its functions "turned on" or "turned off" upon its creation. Do you want to have an implant with just the ability to execute shell commands? Do you want an implant to only have a socks proxy? This is possible with the SGCC!
..
The implant can be created with as a powershell script. The obfuscations applied include having hardcoded values put in variables, and variable names changed to be dictionary words.
https://github.com/JCSteiner/SGCC---public
FileFix - A ClickFix Alternative
mr.d0x detail a social engineer technique that teams will likely want to ensure either don’t work or if they do are detected in their environments.
in this blog post, I’ll present an interesting method to social engineer users into executing OS commands without leaving the browser. I’ll be referring to this method as FileFix Attack, but feel free to call it whatever you want
https://mrd0x.com/filefix-clickfix-alternative/
FileFix: A Simple Social Engineering Trick That Launches PowerShell from the Browser
wsuks
Alex shows why blocking ARP spoofing through switch level port security and/or being able to detect it still has value in 2025.
To automatically exploit the WSUS attack, this tool spoofs the IP address of the WSUS server on the network using ARP, and when the client requests Windows updates, it serves PsExec64.exe with a predefined PowerShell script to gain local admin privileges. Both the executable file that is served (default: PsExec64.exe) and the command that is executed can be changed if required.
https://github.com/NeffIsBack/wsuks
dnsimg
Asher Falcon details a technique which whilst not malicious in intent has uses for various stages of malicious code delivery and/or other C2 activities. Either way, likely want to be able to detect..
I was intrigued by the idea of storing images in DNS records, and I wanted to test out how effectively images could be stored in DNS records. I've always been interested in TXT records because they seem to be a useful way of storing arbitrary data, and in this blog post I'll discuss how I went from an idea to developing the project into almost a protocol sort of method for storing an image on a domain name.
https://asherfalcon.com/blog/posts/2
Exploitation
What is being exploited..
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix detail a memory corruption vulnerability for which exploits have been observed in the wild.
Memory overflow vulnerability leading to unintended control flow and Denial of Service
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
golem
2ourc3 releases a tool for vulnerability discovery which shows the AI productivity gains..
Golem automates C/C++ vulnerability discovery by combining Semgrep rule scans, LLVM call-graph & CFG slicing, and AI-driven context analysis. It flags potential security issues, generates rich graph artifacts, and leverages large-language models (GPT-4 or Ollama) to produce a detailed, prioritized audit report, so you can find and fix critical bugs faster.
https://github.com/20urc3/golem
ctail
HD Moore shares a tool to tail certificate transparency logs.
ctailis designed for quickly tailing the head of the logs and may not be the best choice for building comprehensive databases.
rxtls
Pepijn van der Stap has an industrialised tool to do the same.
rxtls is a high-throughput, fault-tolerant Certificate Transparency log processor designed for hyperscale environments. It provides efficient processing of CT logs with dynamic backpressure handling, adaptive rate limiting, and comprehensive observability.
https://github.com/x-stp/rxtls
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual report
How we analyse, compare, and integrate multiple threat actor attribution assessments
Tactical Indicators and Warnings from Strategic Human Intelligence
Artificial intelligence
Nothing overly of note this week
Books
CYBER GRU: Russian military intelligence in cyberspace - coming soon
Events
September 2025: 15th IDF Training Seminar to be held - “The Digital Forensics Study Group will hold the 15th (2025) IDF Training Seminar in September 2025, both in person (Tokyo and part of Osaka) and online.”
Video of week - HON. Emil Michael, Under Secretary of Defense for Research and Engineering calls for formal methods to become the DoD’s gold standard for cybersecurity.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.