CTO at NCSC Summary: week ending September 29th
When covert infrastructure is comprised of 60,000 active devices..
Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note.
In the high-level this week:
UK and US issue alert over cyber actors working on behalf of Iranian state - UK National Cyber Security Centre alerts -
Attackers working on behalf of Iran’s Islamic Revolutionary Guard Corps use social engineering to gain access to victims’ online accounts
Individuals at higher risk are encouraged to stay vigilant to targeted phishing attempts and to sign up for the NCSC’s cyber defence services for individuals
UK continues to call out malicious activity that puts individuals' personal and business accounts at risk, urging them to take action to reduce their chances of falling victim
G7 Cyber Expert Group Statement On Planning For The Opportunities And Risks Of Quantum Computing - US Department of the Treasury releases - “No matter where entities are in their adoption timelines, the G7 CEG strongly encourages financial authorities and institutions to begin taking the following steps to build resilience against quantum computing risks:
Develop a better understanding of the issue, the risks involved, and strategies for mitigating those risks.
Assess quantum computing risks in their areas of responsibility.
Develop a plan for mitigating quantum computing risks.”
Reminder: The UK National Cyber Security Centre position is covered in Post-quantum cryptography: what comes next?
If you're a gamer - your country needs you, says Healey as he seeks more cyber recruits - Forces News reports - “Ahead of his speech, Mr Healey said he wanted to fast-track recruits in cyber defence "to help face down Putin's online aggression".”
House Homeland Security Republicans Introduce Bill to Combat CCP Cyber Threat Actors - Committee on Homeland Security publishes - “to establish an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to address the cybersecurity threats posed by state-sponsored cyber actors associated with the People’s Republic of China (PRC), including ‘Volt Typhoon.’”
DHS Announces $279.9 million in Grant Funding for the Fiscal Year 2024 State and Local Cybersecurity Grant Program - US Department of Homeland Security announces - “Now in its third year, this program provides funding to state, local, and territorial (SLT) governments to help reduce cyber risk and build resilience against evolving cybersecurity threats. Established by the State and Local Cybersecurity Improvement Act, and part of the Bipartisan Infrastructure Law, the SLCGP provides approximately $1 billion in funding over four years to support SLT governments as they develop capabilities to detect, protect against, and respond to cyber threats.”
Cyberoefening: defensieteams uit hele wereld vallen elkaars netwerken aan - Netherlands Ministry of Defence announces - “Hackers from home and abroad fought each other at Gilze-Rijen airbase during the past 2 weeks. The Defense Cyber Command (DCC) organized the annual Computer Assisted Exercise (CAX) Cybernet. The participants were not only from defense organizations, but also from national and civil organizations in the security domain. They attacked each other's networks and defended them in a closed environment.”
Director Wray's Remarks at the 2024 Aspen Cyber Summit - FBI publishes - “Ultimately, as part of this operation, we were able to identify thousands of infected devices, and, then, with court authorization, issued commands to remove the malware from them, prying them from China’s grip.”
Exposed by Default: A Security Analysis of Home Router Default Settings - Various academics research - "analysis of 40 commercial off-the-shelf home routers, representative of recent models across 14 brands. We surveyed 81 parameters and behaviors including default and deep default settings. "
Semiconductors
UK chipmaker EnSilica partners with Taiwan's biggest semiconductor firm - UK Tech News reports - “The Berkshire-based developer of application specific integrated circuits (ASICs) said it had joined the Design Center Alliance of the Taiwan Semiconductor Manufacturing Company’s Open Innovation Platform.”
Chip Giants TSMC and Samsung Discuss Building Middle Eastern Megafactories - The Wall Street Journal reports - “Potential projects in the United Arab Emirates could be worth more than $100 billion, though major hurdles remain”
The new 6-mW open-source plastic chip can run machine learning tasks and operate while bent around a pencil - IEEE Spectrum reports - “The new ultralow-power 32-bit microprocessor from U.K.-based Pragmatic Semiconductor and its colleagues can operate while bent, and can run machine learning workloads. The microchip’s open-source RISC-V architecture suggests it might cost less than a dollar, putting it in a position to power wearable healthcare electronics, smart package labels, and other inexpensive items, its inventors add.”
Reporting on/from China
Did a Chinese University Hacking Competition Target a Real Victim? - Wired reports - “They acknowledge that there is no hard evidence that the competition was used to attack a real-world target and that the evidence they do have is circumstantial. But they said they are 85 percent confident that this is what occurred because no alternative explanations make sense.”
2024 Collection of Outstanding Achievements in Cyber Security Innovation and Entrepreneurship - Beijing CESI Technology Development Co., Ltd. reports - Innovation and Entrepreneurship Works of College Students - I found the easiest way to translate was via Google lens.
Huawei to step up AI ecosystem development despite US tech sanctions - South China Morning Post reports - “In 2024 and over the next five years, Huawei will invest even more into ecosystem development” with the firm’s partners, he added, citing the company’s “All Intelligence” strategy and mission to build AI systems “that are accessible to every person, home and organisation”.
China is a ‘fire-breathing dragon on government steroids’ whose tech will surpass Western firms in a decade, U.S. think tank says - Fortune reports - “It’s time to reject the view that “China can’t innovate,” says a leading U.S. think tank, as Beijing tries to foster its own advanced technologies to get a strategic edge against Washington. A new report from the Information Technology and Innovation Foundation, a non-partisan Washington-based think-tank focused on tech, argues that China is already ahead of the U.S. in some industries, and rapidly catching up in sectors where it doesn’t have a lead. “
Can China Innovate in Advanced Industries? - video on the release of the report - “ITIF hosted an expert briefing event on Capital Hill to discuss its 20-month investigation into Chinese firms’ innovative capabilities in key advanced industries.”
Biden Administration to Prepare Ban on Chinese Car Software - Bloomberg reports - “The Biden Administration’s primary concern is preventing China or Russia from hacking vehicles or tracking cars by intercepting communication with software systems that their domestic companies have created.”
Artificial intelligence
The Global AI Research Agenda - Department of State publishes - “The Global AI Research Agenda (GAIRA) recommends principles, priorities, and practices for AI research and development (R&D) to advance safe, secure, and trustworthy development of AI systems in international contexts. It aims to strengthen collaboration in researching the interactions between individuals, communities, and society with AI systems, foster innovation, and support equitable access to the benefits of AI.”
AI in Global Development Playbook - US Aid publishes - “The United States aims to ensure that the benefits of AI are shared equitably across the globe.”
Election Security Update as of Mid-September 2024 - Office of the Director of National Intelligence analyses:
"Of the top three actors we are tracking, Russia has generated the most AI content related to the election and has done so across all four mediums—text, images, audio, and video—though the degree to which this content has been released and spread online varies"
"Iranian actors have used AI to help generate social media posts and write inauthentic news articles for websites that claim to be real news sites."
"China is using AI in broader influence operations seeking to shape global views of China and amplify divisive U.S. political issues, but not for any specific operations targeting U.S. election outcomes."
AI and current cyber threats - German Federal Office for Information Security assesses - “Contrary to the media hype, it should be noted that AI is currently not producing any new, unique tactics, techniques and procedures (TTPs). Rather, existing, classic techniques are being simplified and accelerated.”
GenAI used in malware - HP Wolf Security asserts - “In Q2, however, the HP Threat Research team identified a malware campaign spreading AsyncRAT using VBScript and JavaScript that was highly likely to have been written with the help of GenAI. The scripts’ structure, comments and choice of function names and variables were strong clues that the threat actor used GenAI to create the malware.”
Tech giants push to dilute Europe's AI Act - Reuters reports - “The world's biggest technology companies have embarked on a final push to persuade the European Union to take a light-touch approach to regulating artificial intelligence as they seek to fend off the risk of billions of dollars in fines.”
Cyber proliferation
New U.S.-led Actions Expand Global Commitments to Counter Commercial Spyware - United States Department of State announces - “Ahead of a groundbreaking inaugural September 22 meeting on the margins of the UN General Assembly (UNGA), the Department of State announced that Austria, Estonia, Lithuania, and the Netherlands have endorsed the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware. Global support for this critical initiative has continued to expand – from an initial group of 11 like-minded partners to 21 – since its launch as a Presidential Initiative at the second Summit for Democracy in March 2023. The Joint Statement is part of the broader “
Greece Spyware Victims Refuse to Give Up After Intelligence Agency ‘Exonerated’- Balkan Insight reports - “After a Supreme Court prosecutor found no evidence to incriminate the Greek intelligence service in the use of malicious spyware, those targeted are considering taking their fight to the European rights court.”
Bounty Hunting
U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme - US Department of Justice announces - “From January 2019 through May 2020, Westbrook executed a hack-to-trade scheme through which he generated millions of dollars in profits. On at least five occasions, Westbrook gained unauthorized access to Office365 email accounts belonging to corporate executives employed by certain U.S.-based companies to obtain non-public information, including information about impending earnings announcements.”
Cybercrime : Successful strike against the infrastructure of digital money launderers in the underground economy - German Federal Criminal Police Office reports - “have shut down 47 exchange services hosted in Germany that were being used for criminal purposes. These were platforms on which conventional currencies and cryptocurrencies could be exchanged.”
Personal data protection: the supervisory authority is not obliged to exercise a corrective power in all cases of breach and, in particular, to impose a fine - Court of Justice of the European Union rules - “This could be the case, inter alia, where, as soon as the controller became aware of the breach, it took the necessary measures to ensure that that breach was brought to an end and did not recur”
No reflections this week..
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday..
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
Cyber operations by Russia: new goals, tools and groups. Analytics on the hacker attacks against Ukraine in H1 2024
Ukrainian Government alleges that Russian threat actors are ramping up against National Security & Defence as well as Critical National Infrastructure targets. The tradecraft is as old as time..
Among the trends of the H1 2024, cyberattacks on Ukrainian central and local state authorities saw a significant increase. In fact, the number of investigated cyber incidents targeting security, defense, and energy sectors more than doubled.
..
Phishing and malware are the primary tools for cyber espionage. Thus, constantly raising public awareness of the basic principles of cyber hygiene and current threats is crucial to combat these attacks.
https://cip.gov.ua/en/news/cyber-operations-rf-h1-2024-report
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
Zoltán Rusnák gives a sense of the alleged scale 18th Center of Information Security of the FSB compromises..
Between November 1st, 2022 and December 31st 2023, we observed more than a thousand unique machines in Ukraine that were attacked by Gamaredon. The seven-day moving average of daily additions is visualized in Figure 1.
Analyzing the Newest Turla Backdoor Through the Eyes of Hybrid Analysis
Vlad Pascal alleges a recent sample of a Russian implant has various evasion techniques present - noting that these are no more sophisticated than a Red Team.
A Hybrid Analysis perspective and deep technical dive into the new Turla APT backdoor
Turla starts its attack by using shortcut files to infect victims
Evasion techniques employed by the group involve unhooking and disabling ETW and AMSI for stealth
Backdoor implements custom commands for execution of malicious PowerShell scripts and file creation
https://hybrid-analysis.blogspot.com/2024/09/analyzing-newest-turla-backdoor-through.html
Reporting on China
Derailing the Raptor Train
Black Lotus Labs gives a sense of the alleged scale employed in Chinese covert infrastructure.
In mid-2023, Black Lotus Labs began an investigation into compromised routers that led to the discovery of a large, multi-tiered botnet consisting of small office/home office (SOHO) and IoT devices that we assess is likely operated by the nation-state Chinese threat actors known as Flax Typhoon. We call this botnet “Raptor Train,” and it has been over four years in the making.
At its peak in June 2023, the Raptor Train botnet consisted of over 60,000 actively compromised devices. Since that time, there have been more than 200,000 SOHO routers, NVR/DVR devices, network attached storage (NAS) servers, and IP cameras; all conscripted into the Raptor Train botnet, making it one of the largest Chinese state-sponsored IoT botnets discovered to-date.
https://blog.lumen.com/derailing-the-raptor-train/
Flax Typhoon-Linked Company Integrity Technology: a Competitor, Business Partner and Client of i-SOON
Natto Thoughts analyses the indictment and also gives a sense of alleged Chinese cover infrastructure scale..
The joint advisory stated that a Chinese information security company, Integrity Technology Group (Integrity Tech) “has controlled and managed a botnet active since mid-2021….As of June 2024, the botnet consisted of over 260,000 devices,” with victim devices observed in North America, South America, Europe, Africa, Southeast Asia and Australia. The attribution section of the joint advisory stated that Integrity Technology has “links to the PRC government” and that the intrusions and activity linked to the botnet are “consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”
nattothoughts.substack.com/p/flax-typhoon-linked-company-integrity
Reporting on North Korea
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
Codi Starks, Michael Barnhart, Taylor Long, Mike Lombardi, Joseph Pisano and Alice Revelli detail what they alleged is the end-to-end of North Korean operations involved in the IT worker threat scenario.. Shows that pre-employment security screening is a critical control in the modern day.
The following is a list of remote administration tools identified during Mandiant engagements:
GoToRemote / LogMeIn
GoToMeeting
Chrome Remote Desktop
AnyDesk
TeamViewer
RustDesk
https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat
Reporting on Iran
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
The Federal Bureau of Investigation (FBI), U.S. Cyber Command - Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) disclose these technical TTPs of these Iranian actors.
Cyber actors working on behalf of the IRGC tailor instances of social engineering to include areas of interest or relevance to a target, including:
Impersonations of known individuals, associates, and/or family members;
Impersonations of known email service providers regarding account settings;
Requests from impersonation accounts of well-known journalists for interviews;
Conference invitations;
Speaking engagement requests; • Embassy events;
Foreign policy discussions/opinions and article reviews; and,
Current US campaigns and elections.
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
Stav Shulman, Matan Mimran, Sarah Bock and Mark Lechtik outline what they alleged is contemporary Iranian capability. Old vulnerabilities seem the be the initial access mechanism..
UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain persistent access to high-priority networks, such as those in the government and telecommunications space throughout the Middle East.
VIROGREEN is a custom framework used to exploit vulnerable SharePoint servers with CVE-2019-0604 (Figure 7). The framework provides post-exploitation capabilities including scanning for and exploiting CVE-2019-0604; controlling post-exploitation payloads, backdoors (including the STAYSHANTE web shell and the BASEWALK backdoor) and tasking; controlling a compatible agent regardless of how the agent has been implanted; and executing commands and uploading/downloading files.
https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks
Data breach behind advocacy campaign
Swedish Government attribute what they allege is a breach to Iran.
The security police have conducted a preliminary investigation into a serious data breach from a foreign power. The breach is deemed to be an influence campaign carried out on behalf of the Iranian regime
Reporting on Other Actors
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
Sekoia detail an unattributed set of compromises detail with a specific region. The use of watering holes in this manner will be of interest to some as will some of the mobile tradecraft..
Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application.
Despite the lack of sophisticated techniques like zero-day exploits, the campaign was notable for its scale and duration before being noticied. The earliest signs of compromise date back to the end of 2022.
This particular campaign did not match any known TTPs associated with previous attacks in the region. This suggests the emergence of a previously unknown activity cluster targeting the Kurdish community.
…
Across the 25 compromised kurdish websites, we identified four distinct variants of a same script designed to gather intelligence from online visitors.
Discovery
How we find and understand the latent compromises within our environments.
Opaque Predicates and How to Hunt Them
Midi12 details a neat trick to detect and overcome this obfuscation technique..
Today we will see how to deal with opaque predicates from a reverse engineer’s point of view while analyzing obfuscated binaries.
In computer programming, an opaque predicate is a predicate—an expression that evaluates to either “true” or “false”—for which the outcome is known by the programmer a priori, but which, for a variety of reasons, still needs to be evaluated at run time. Opaque predicates have been used as watermarks, as they will be identifiable in a program’s executable. They can also be used to prevent an overzealous optimizer from optimizing away a portion of a program. Another use is in obfuscating the control or dataflow of a program to make reverse engineering harder.
From the definition, we get that an opaque predicate will obfuscate the control flow.
For each disassembled block we check the last instruction of the block listing and check if it is a conditional jump instruction. If we match an instruction we evaluate the condition to check if the branch is taken using the Symbolic Execution engine.
https://blog.midi12.re/opaque-predicates-how-hunt-them/
Defence
How we proactively defend our environments.
Detecting and mitigating Active Directory compromises
Australian Signals Directorate (ASD), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom's National Cyber Security Centre (NCSC-UK) come together with this Aussie led release
By implementing the recommendations in this guidance, organisations can significantly improve their Active Directory security, and therefore their overall network security, to prevent intrusions by malicious actors.
Segugio
reecDeep gives the world of malware analysis a work-aid..
Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extracting the malware's final stage configuration.
Segugio was created to address the need for speeding up the extraction of IoCs from malicious artifacts within the analysis environment.It is fully automated and designed to simplify the life of security analysts and specialists working in cyber incident response (DFIR), enabling them to quickly identify malicious artifacts without needing to perform complex static and dynamic analyses, and focus instead on behavioral analysis.
https://github.com/reecdeep/segugio
Incident Writeups & Disclosures
How they got in and what they did.
Nothing this week
Vulnerability
Our attack surface.
Eliminating Memory Safety Vulnerabilities at the Source
Jeff Vander Stoep and Alex Rebert provide some assertions which are interesting, but likely need further validation as it stems from known knowns.
"vulnerabilities decay exponentially. They have a half-life. The distribution of vulnerability lifetime follows an exponential distribution given an average vulnerability lifetime λ:"
"The percent of vulnerabilities caused by memory safety issues continues to correlate closely with the development language that’s used for new code. Memory safety issues, which accounted for 76% of Android vulnerabilities in 2019, and are currently 24% in 2024, well below the 70% industry norm, and continuing to drop."
Offense
Attack capability, techniques and trade-craft.
Unprotect the App-Bound Encryption Key via an RPC call to Google Chrome Elevation Service
Snovvcrash shows how to circumvent this new Google Chrome security feature..
Unprotect the App-Bound Encryption Key via an RPC call to Google Chrome Elevation Service (PoC for https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html)
gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
createdump
Remko Weijnen details this living off the land technique.
This project demonstrates how to dump the LSASS process using the
createdump.exetool, a Microsoft signed executable, from the Windows App, leveraging a custom hook to enable process access toLSASS.
https://github.com/rweijnen/createdump
Supernova
Nikos Vourdas released this a little while ago, but worth understanding from a detection perspective.
Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode.
https://github.com/nickvourd/supernova
Exploitation
What is being exploited.. well CUPS in about 3..2.. and..
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
CISA warns..
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
Simple Machine Learning Techniques For Binary Diffing (with Diaphora)
Joxean Koret shows the power of machine learning when applied to binary diffing.
In this talk I will try to discuss how a machine learning (ML) engine was added to Diaphora, the initial steps, what problems were found, which dataset(s) were used, how they were built & cleaned up, how it works in Diaphora, how it enhanced Diaphora, etc
..
Over all, it was finding more partial results and removing multimatches, which is an indicative of it working properly.
After manually testing some new results with a couple of binaries, it turned out that almost no false positive was added, because Diaphora is pretty good trying to remove them (for functions that aren’t tiny).
https://github.com/joxeankoret/diaphora-ml
https://github.com/joxeankoret/diaphora-ml/blob/main/docs/diaphora-ml-techniques-44con-final.pdf
X-Ray-TLS
Florent Moriconi, Olivier Levillain, Aurélien Francillon and Raphael Troncy show through dynamic analysis and heuristics they can reliably extract keys.
Transparent Decryption of TLS Sessions by Extracting Session Keys from Memory
We present X-Ray-TLS, a new target-agnostic TLS decryption method that supports TLS 1.2, TLS 1.3, and QUIC. Our method relies only on existing kernel facilities and does not require a hypervisor or modification of the target programs, making it easily applicable at scale. X-Ray-TLS works on major TLS libraries by extracting TLS secrets from process memory using a memory changes reconstruction algorithm. It works with TLS hardening, such as certificate pinning and perfect forward secrecy. We benchmark X-Ray-TLS on major TLS libraries, CLI tools, and a web browser. We show that X-Ray-TLS significantly reduces the manual effort required to decrypt TLS traffic of programs running locally, thus simplifying security analysis or reverse engineering. We identified several use cases for X-Ray-TLS, such as large-scale TLS decryption for CI/CD pipelines to support the detection of software supply chain attacks.
Generic: no prior knowledge on target program internals
Transparent: minimum intrusiveness, no program cooperation
Practical: only Linux kernel facilities (no hypervisor)
Support TLS hardening: Perfect Forward Secrecy, certificate pinning
https://dl.acm.org/doi/10.1145/3634737.3637654
https://github.com/eurecom-s3/x-ray-tls
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Aggregate reporting
Australian Information Security Manual September 2024 Update
“Bad Romance”: How Kaspersky Lab Failed to Conquer the Western Cybersecurity Market
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
Digital Behavioural Biometrics: A Review of Reviews - “This article provides the first systematic review of reviews (n = 41) on digital behavioural biometrics to ascertain what can be inferred about identity from digital sources, and “boundaries” to their applications”
Scientists are building giant ‘evidence banks’ to create policies that actually work
Artificial intelligence
Books
Nothing this week
Events
National Intelligence History Conference - Bletchley Park on Wednesday 20 – Friday 22 November 2024.
Workshop on SOC Operations and Construction (WOSOC) 2025 - Call for Papers
Video of the week - “An Outage Strikes: Assessing the Global Impact of CrowdStrike’s Faulty Software Update”
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.