Category: Gov/ISAC Feeds

March 18, 2025

A Vulnerability in Apache Tomcat Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC

A vulnerability has been discovered in Apache Tomcat, which could allow for remote code execution. Apache Tomcat is an open-source Java servlet container and web server used to host Java-based web applications and implement Java Servlet and JavaServer Pages (JSP) specifications, providing a platform for running dynamic web content. Successful exploitation of the of this vulnerability could allow for remote...

March 14, 2025

MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Sante PACS Server, the most severe of which could allow for remote code execution. Successful exploitation of the most severe vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. – Read...

March 13, 2025

Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation – All CISA Advisories

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and...

March 13, 2025

Siemens Tecnomatix Plant Simulation – All CISA Advisories

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Tecnomatix Plant Simulation...

March 13, 2025

Siemens SINEMA Remote Connect Server – All CISA Advisories

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote...

March 13, 2025

Siemens SCALANCE LPE9403 – All CISA Advisories

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403...

March 13, 2025

The problems with patching – NCSC Feed

Applying patches may be a basic security principle, but that doesn’t mean it’s always easy to do in practice. – Read More – NCSC Feed

March 13, 2025

There’s a hole in my bucket – NCSC Feed

…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’ – Read More – NCSC Feed

March 13, 2025

Thinking about the security of AI systems – NCSC Feed

Why established cyber security principles are still important when developing or implementing machine learning models. – Read More – NCSC Feed

March 13, 2025

The logic behind three random words – NCSC Feed

Whilst not a password panacea, using ‘three random words’ is still better than enforcing arbitrary complexity requirements. – Read More – NCSC Feed

March 13, 2025

The security benefits of modern collaboration in the cloud – NCSC Feed

By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’. – Read More – NCSC Feed

March 13, 2025

The problems with forcing regular password expiry – NCSC Feed

Why the NCSC decided to advise against this long-established security guideline. – Read More – NCSC Feed

March 13, 2025

The problems with forcing regular password expiry – NCSC Feed

Why the NCSC decided to advise against this long-established security guideline. – Read More – NCSC Feed

March 13, 2025

The security benefits of modern collaboration in the cloud – NCSC Feed

By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’. – Read More – NCSC Feed

March 13, 2025

Thanking the vulnerability research community with NCSC Challenge Coins – NCSC Feed

Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors. – Read More – NCSC Feed

March 13, 2025

The Cyber Assessment Framework 3.1 – NCSC Feed

Latest version of the CAF focusses on clarification and consistency between areas of the CAF. – Read More – NCSC Feed

March 13, 2025

Spotlight on shadow IT – NCSC Feed

New guidance to help organisations manage rogue devices and services within the enterprise. – Read More – NCSC Feed

March 13, 2025

Security, complexity and Huawei; protecting the UK’s telecoms networks – NCSC Feed

With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future. – Read More – NCSC Feed

March 13, 2025

Supplier assurance: having confidence in your suppliers – NCSC Feed

Questions to ask your suppliers that will help you gain confidence in their cyber security. – Read More – NCSC Feed

March 13, 2025

Researching the hard problems in hardware security – NCSC Feed

Introducing the next chapter of the NCSC research problem book, which aims to inspire research on the biggest impact topics in hardware cyber security. – Read More – NCSC Feed

March 13, 2025

RITICS: Securing cyber-physical systems – NCSC Feed

Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems. – Read More – NCSC Feed

March 13, 2025

Protecting how you administer cloud services – NCSC Feed

New advice on implementing high-risk and ‘break-glass’ accesses in cloud services. – Read More – NCSC Feed

March 13, 2025

Protect your management interfaces – NCSC Feed

Why it’s important to protect the interfaces used to manage your infrastructure, and some recommendations on how you might do this. – Read More – NCSC Feed

March 13, 2025

Post-quantum cryptography: what comes next? – NCSC Feed

Jeremy B explains how the NCSC will help organisations plan their migration to PQC. – Read More – NCSC Feed

March 13, 2025

Preparing for the long haul: the cyber threat from Russia – NCSC Feed

Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency. – Read More – NCSC Feed

March 13, 2025

Principles and how they can help us with assurance – NCSC Feed

Explaining the forthcoming NCSC Technology Assurance Principles. – Read More – NCSC Feed

March 13, 2025

Products on your perimeter considered harmful (until proven otherwise) – NCSC Feed

As attackers’ tactics change, so must network defenders’. – Read More – NCSC Feed

March 12, 2025

How Rebellion Defence used NCSC For Startups to accelerate product development – NCSC Feed

Unparalleled access to skilled users transformed Rebellion Defence’s product roadmap. – Read More – NCSC Feed

March 12, 2025

NCSC For Startups diaries: PORGiESOFT – NCSC Feed

We caught up with George Brown, founder of PORGiESOFT, about his first few weeks in NCSC For Startups… – Read More – NCSC Feed

March 12, 2025

NCSC for Startups: the case for collaboration – NCSC Feed

Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector. – Read More – NCSC Feed

March 12, 2025

NCSC For Startups: the feedback loop – NCSC Feed

How startups can make the most of their time when pitching to cyber security experts. – Read More – NCSC Feed

March 12, 2025

Migrating to post-quantum cryptography – NCSC Feed

New guidance from the NCSC helps system and risk owners plan their migration to post-quantum cryptography (PQC). – Read More – NCSC Feed

March 12, 2025

Motivating developers to write secure code – NCSC Feed

The ‘Motivating Jenny’ project is helping to change the conversation about security in software development. – Read More – NCSC Feed

March 12, 2025

Moving to a cloud, not a storm – NCSC Feed

Avoiding common problems when moving to the cloud. – Read More – NCSC Feed

March 12, 2025

Mythbusting cloud key management services – NCSC Feed

Why trying to avoid trusting the KMS doesn’t make sense (and other common misconceptions). – Read More – NCSC Feed

March 12, 2025

Log4j vulnerability: what should boards be asking? – NCSC Feed

Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability. – Read More – NCSC Feed

March 12, 2025

Looking back at the ballot – securing the general election – NCSC Feed

NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe. – Read More – NCSC Feed

March 12, 2025

Intelligent security tools: are they a smart choice for you? – NCSC Feed

What you need to know before buying artificially intelligent security products – Read More – NCSC Feed

March 12, 2025

Introducing Cyber Advisors… – NCSC Feed

Launching a new Industry Assurance scheme aimed at helping the UK’s small organisations. – Read More – NCSC Feed

March 12, 2025

From the cyber proliferation threat all the way to Pall Mall – NCSC Feed

The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it. – Read More – NCSC Feed

March 12, 2025

Exercise caution when building off LLMs – NCSC Feed

Large Language Models are an exciting technology, but our understanding of them is still ‘in beta’. – Read More – NCSC Feed

March 12, 2025

Data-driven cyber: empowering government security with focused insights from data – NCSC Feed

How ‘small but actionable’ insights can improve behaviours and decision making. – Read More – NCSC Feed

March 12, 2025

AIT fraud: what you need to know – NCSC Feed

SMS and telephone guidance updated to address the rise in Artificial Inflation of Traffic (AIT). – Read More – NCSC Feed

March 12, 2025

Active Cyber Defence: Sixth annual report now available – NCSC Feed

New ACD services developed to help protect SMEs from the harms caused by cyber attacks. – Read More – NCSC Feed

March 12, 2025

Threat report on application stores – NCSC Feed

This report outlines the risks associated with the use of official and third party app stores. – Read More – NCSC Feed

March 12, 2025

Vendor Security Assessment – NCSC Feed

Assessing the security of network equipment. – Read More – NCSC Feed

March 12, 2025

Decrypting diversity: Diversity and inclusion in cyber security report 2021 – NCSC Feed

The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made. – Read More – NCSC Feed

March 12, 2025

Incident trends report (October 2018 – April 2019) – NCSC Feed

Cyber incident trends in the UK with guidance on how to defend against, and recover from them. – Read More – NCSC Feed

March 12, 2025

Joint report on publicly available hacking tools – NCSC Feed

How to limit the effectiveness of tools commonly used by malicious actors. – Read More – NCSC Feed

March 12, 2025

ACD – The Fifth Year – NCSC Feed

Key findings from the 5th year of the Active Cyber Defence (ACD) programme. – Read More – NCSC Feed