The Cyber Security Skills in the UK Labour Market 2021 report explores the nature and extent of cyber security skills gaps (people lacking appropriate skills), skills shortages (a lack of people available to work in cyber security job roles) and job vacancies in the UK.

The research uses a mixture of:

• Representative surveys with cyber sector businesses and the wider population of UK organisations (businesses, charities and public sector organisations – with a focus on businesses)
• Qualitative research with training providers, cyber firms and large organisations in various sectors
• A secondary analysis of cyber security job postings using the Burning Glass Technologies database.

Click to download

What is Credential Dumping?
When the term password cracking is used in the cyber world, it is being used as a broad concept as it shelters all the methods related to attacking/dumping/retrieving passwords of the victim/target. But today, in this article we will solely focus on a technique called Credential Dumping. Credential dumping is said to be a technique through which username and passwords are extracted from any login account from the target system. It is this technique that allows an attacker to get credentials of multiple accounts from one person. And these credentials can be of anything such as a bank, email account, social media account, wireless networks.

(more…)

In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591. It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks. APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns.

The FBI and CISA have information indicating APT actors are using multiple CVEs to exploit Fortinet FortiOS vulnerabilities. The FBI and CISA believe the APT actors are likely exploiting these Fortinet FortiOS vulnerabilities—CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591—to gain access to multiple government, commercial, and technology services networks.

The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks. APT actors may use other CVEs or common exploitation techniques—such as spearphishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.

Click to download

Cloud computing is the delivery of computing services like software, digital content, servers, data storage, integrated development environment over the Internet. Cloud is a metaphor for the internet as denoted in network diagrams. Companies offering such services are called as Cloud Service Providers or CSPs. They typically charge a fee for delivering computing services based upon usage just like electricity, gas, and water.

Cloud computing is a disruptive technology that has the potential to enhance collaboration, agility, scaling and availability as well as a possibility to reduce costs through optimized and efficient computing.

Click to download 

This report aims to demonstrate the state of full stack security based on thousands of security assessments performed globally, as delivered by the Edgescan SaaS during 2020. I am still as passionate as ever in compiling this report and delving into the underlying data, as it
gives unique insight into what’s going on from a trends and statistics perspective and indeed a snapshot of the overall state of cyber security.
The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This
is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the OWASP Top 10 and Verizon DBIR (we are happy contributors for many years now).

This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems.

Click to download