Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

The Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about active exploits against unpatched F5 Network's BIG-IP systems. 

A patch for the vulnerability (CVE-2022-1388) was issued on May 4; since then, working proof-of-concept exploits have circulated among cybercriminals, making it easier for even less-skilled attackers to take advantage, CISA explains. 

Along with CISA, the F5 BIG-IP vulnerability alert was issued by the Multi-State Information and Analysis Center (MS-ISAC). Both organizations "strongly urge" administrators to upgrade F5's BIG-IP systems to a patched version. 

"According to public reporting, there is active exploitation of this vulnerability, and CISA and MS-ISAC expect to see widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector networks," the alert states. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

CISA: Unpatched F5 BIG-IP Devices Under Active Attack

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

Organizations increasingly rely on open source code. Many enjoy the convenience of using open source code to quickly innovate or spin up services without the time-consuming process of developing their own code, but there's a catch: Open source code can turn into a security nightmare for organizations.

On the eve of 2022, a zero-day vulnerability — Log4j — was exploited by threat actors and placed organizations' software and Web applications, along with their business-critical data, at an increased risk. What made this attack so far-reaching was that the vulnerability stemmed from widely used open source code.

This points to a broader issue — threat actors rely on subverting open source for malicious purposes. Often, in the case of Log4j and other software such as EspoCRM, Pimcore, and Akaunting, they are able to capitalize on the inherent vulnerabilities associated with this code and remain undetected. As an industry, there is often a belief that vulnerabilities with open source code will be easy to spot, but that isn't the case — Log4j was put into production in 2013 and nobody noticed any issues until it was already too late.

**Open Source Is a Double-Edged Sword  
**Open source code can be an amazing resource for organizations. At its core, it's ready-to-use software that enables teams to decrease development time. This speeds innovation and empowers developers to relatively quickly stand up and deploy software. Additionally, this code is supported by a community of developers who volunteer their time. This means that new features can be released and bugs can be fixed by the community with no cost passed on to the developer. It's this extraordinary benefit that _also_ presents as a security risk.

While there are numerous benefits to utilizing open source code, there also are risks associated with its use. For instance, open source can only be developed based on community involvement. If the community loses interest in the project, or if key individuals get called to work on another project, development will stall. Additionally, bugs may be overlooked as developers assume it's the community's responsibility to locate and fix them. While many hands often make light work, this is a common problem with group work that doesn't have clear processes in place to ensure a consistent product.

There's also a very common misstep that I see organizations take when it comes to open source. While many of them rely upon open source code, they don't view the code as their own and often don't apply the same security controls that they would to their own, natively built code. That means that open source libraries often escape security testing and code reviews, which creates an environment where bugs and security flaws can get baked into a product at a foundational level.

**Come Together to Secure Open Source Code  
**As an industry, there are actions that we can take to better secure our open source code from threat actors. To start, if you're using a code scanning tool, scan all the open source libraries you're using. I would also encourage developers to contribute to the project. If enough people get involved, the project owners can institute these security steps themselves. Additionally, always be sure to check what security steps the project follows before using it.

Ensuring that security is built-in upfront will help to ensure that potential vulnerability gaps are closed, and has the added benefit of helping your industry peers who rely on open source.

**Address Open Source Concerns With Attacker-Centric Behavioral Analytics  
**Open source code, and its related vulnerabilities, aren't going away anytime soon. While government agencies, such as the Federal Trade Commission, have provided guidance to reduce vulnerabilities related to open source, there are additional steps organizations can take to further mitigate any threats.

Vulnerabilities may already be present in your code and organizations cannot solely rely on security teams to find and manage those vulnerabilities. Protection starts with review by their own engineering teams. Additionally, it is important to utilize a solution that will protect your organization from these inherent vulnerabilities and block any attempts to exploit your data. Utilizing attacker-centric behavioral analytics is vital to help your organization mitigate these threats.

Signature-based defenses will often fail at protecting your organization from exploits like Log4j since attacks can be launched in a multitude of ways. Monitoring and detecting suspicious behavior over time will help to identify the various attack patterns so your organization can mount a stronger defense.

If the last two years are any indication, organizations need to be on the lookout for increased cyberattacks. In 2022, I encourage you to start securing your code at the foundational level, and together, work to secure our ubiquitous open source code upon which we so heavily rely.

The Industry Must Better Secure Open Source Code From Threat Actors

Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.

Microsoft Security Intelligence this week tweeted a warning about an attack campaign targeting SQL servers and using a new approach to evade PowerShell monitoring. 

Instead of PowerShell, these threat actors are using sqlps.exe, a utility that comes standard with every version of SQL and functions as a "wrapper for running SQL-built CMDlets, to run commands and change the start mode of the SQL service to LocalSystem," Microsoft explained in a tweet thread. The new campaign starts with a brute-force attack and ultimately allows attackers to take over the targeted servers and deploy malware such as coin miners. 

Defenders should take note of the co-opting of the sqlps.exe utility and start to monitor their SQL server environments for its use as closely as they do for PowerShell, according to the Microsoft Security Intelligence team's advisory tweets. 

"The use of this uncommon living-off-the-land binary (LOLBin) highlights the importance of gaining full visibility into the runtime behavior of scripts in order to expose malicious code," the team said.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft Flags Attack Targeting SQL Servers With Novel Approach

It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.

Digital transformation, hybrid work, and the shift to the cloud have increased attack surfaces and created new vulnerabilities. Businesses must evolve cybersecurity strategies to protect themselves in today's threat landscape, as ransomware attacks, data breaches, and software supply chain attacks have become almost daily occurrences.

It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.

**Accelerating the Adoption of Zero-Trust Network Access  
**In today's age of distributed workforces and multiple devices, we are seeing considerable demand for cloud-based zero-trust and zero-knowledge architecture to store passwords, files, and other confidential information. Zero-trust network access is the only viable solution in a world where the "network perimeter" no longer exists. In addition to securing network connectivity for their distributed workforces, organizations need to ensure that their third-party vendors and business partners can connect to needed network resources securely.

**Securing Users Through a Zero-Trust Approach  
**A zero-trust approach includes strong user and device authentication, role-based access control (RBAC) with least-privilege access, and comprehensive password security, including strong, unique passwords for every user account and multifactor authentication (MFA).

Businesses should require two-factor authentication (2FA) wherever it's supported, preferably using a time-based one-time password (TOTP) code or a hardware-based FIDO2 key. This way, even if a cybercriminal steals an employee's password, it's useless without the second authentication factor. Enforcing these policies, and making them easier for employees to follow, can be accomplished by deploying an enterprise-grade password security platform.

Just one stolen password can bring down tens of thousands, even millions of dollars' worth of cybersecurity defenses. Password-related cyberattacks are going to keep happening to companies of all sizes, because cybercriminals know that too many organizations play fast and loose with their password security. It is critical to implement a zero-trust network access architecture to include RBAC with least-privilege access and secure access management.

As organizations implement privileged access management (PAM), cybercriminals are looking for the more vulnerable attack vectors in an organization, which are often contractors, new employees, or users who are not very technologically savvy — to then seek privileged escalation. It is therefore imperative that identity security evolves from protecting privileged access to protecting every user and every access device.

**Keeping Infrastructure a Secret  
**Securing human users with zero-trust network access is critically important, but so is securing infrastructure secrets. Over the past years, organizations have been trading on-premises computing for multicloud and hybrid-cloud environments and monolithic applications for modern microservices-based distributed applications. This has resulted in more systems interconnecting and exchanging critical information, often protected by infrastructure secrets such as certificates, database passwords, API keys, and Remote Desktop Protocol (RDP) credentials.

This information unlocks access to highly privileged systems and data, enabling devices and apps to leverage cloud resources and execute sensitive business processes — yet they are often nor managed securely or effectively. For this reason, secrets are prized by cybercriminals for use in highly sophisticated cyberattacks. As an example, among the massive amounts of data stolen during the NVIDIA security breach were code-signing certificates — which threat actors are now using to spread malware in the wild.

**Implementing a Comprehensive IT Secrets Management Strategy  
**As data environments become more complex, and the number of connected devices and apps grows exponentially, organizations need to shore up their IT secrets management. This capability must be integrated with existing DevOps environments and build systems and also with identity and authentication systems.

Organizations can't afford to take an ad hoc approach to securing data using point solutions. It is important to adopt comprehensive, zero-trust tools and protocols for managing digital authentication credentials to adequately organize and secure their private infrastructure data across user credentials and infrastructure secrets. With modern identity security and access management technology, organizations can dramatically improve their security posture while gaining visibility and control over their critical credentials, secrets, and passwords.  

**About the Author**

    

Darren Guccione is the CEO and Co-founder of Keeper Security, a top-rated password manager and secure digital vault. Darren is an entrepreneur, tech leader, and serial inventor who is passionate about creating disruptive technologies and finding the intersection between art, science, finance and technology. Darren is an engineer and certified public accountant. In addition to founding Keeper Security, Darren co-founded Callpod, Inc., in 2006 and OnlyWire, LLC, in 2008. He also served as the CFO and co-founder of Apollo Solutions, Inc., which was acquired by CNET Networks (now CBS Interactive).

2022: The Year Zero Trust Becomes Mainstream

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

The first shots fired in the current conflict between Russia and Ukraine were not by firearms, but keystrokes. In this new-age war, the cybersphere is a primary battleground, and advanced threat actor groups are the foot soldiers. This Russian-Ukrainian cyber battlefield is complex and multipolar, populated by many disparate threat groups, each determined to do their part — and take their share of the winnings.

Moscow deviated from the standard norms of conventional warfare when it attacked Georgia in 2008, and had been deploying major cyberattacks against Georgian websites and Internet infrastructure. This was reported to be a Kremlin-backed, nation-state campaign, according to the Small War Journal. It was considered the "first case in history of a coordinated cyberspace domain attack synchronized with major combat actions in the other warfighting domains."

In the past year, the escalation of cybercrime has been made blatantly manifest through the spike in ransomware attacks, the deployment of pernicious new malware, and the unprecedented surge in cybercriminals and cyber incidents — coordinated and conducted within the illicit underground communities of the Dark Web.

CISOs of 2022 must maintain constant vigilance, ensuring their organization has the capacity to track, monitor, and remediate threats coming in from multiple focal points. It’s not only the well-known advanced persistent threats (APTs) anymore, but your average Dark Web actor or the local anonymous chapter.

It is not uncommon to see threat actor groups declaring their latest victories in the ongoing digital battle, be it pro-Ukranian threat-actor groups announcing their successful breach of Russian federal organizations or pro-Russian threat actors targeting Western infrastructure. A brief scroll through these groups' Twitter profiles and telegram channels is sufficient to see how structured and organized they behave.

**Mass Mobilization**  
How can we explain the mass mobilization of threat actors of all levels of sophistication, taking to the cyber battlefield to play their part in a conventional war between nation-states? It would be simplistic to attribute this massive paradigm shift only to advancements in technology. Instead, this external, global change is deeply connected to the changing internal dynamics of the cybercriminal underground itself.

The proliferation of cyber offensive capabilities on a global scale has unfolded in tandem with the proliferation of knowledge within the cybercriminal underground, allowing threat actor groups to build off of one another and "leapfrog" their way forward at a dizzying pace. Now, there is a clear opportunity for cybercriminals of every level of sophistication to buy instead of build their arsenal for attack.

**Criminals Go Leapfrogging**  
A business phenomenon known as leapfrogging has advanced rapidly in the cybercriminal underground over the past decade. Leapfrogging refers to the process of bypassing the standard, step-by-step path of development, whereby a nation, an enterprise, or individual takes advantage of existing opportunities and innovations to skip ahead, accelerating development to jump straight to a leading position. 

In the cybercriminal underground, threat actors have access to a multitude of leapfrog enablers, able to employ the tools and services developed by their more experienced counterparts to deploy complex attacks that previously had been possible only for those who had followed the step-by-step evolutionary practice of building cyber expertise.

New offerings within the illicit underground economy of the Dark Web have allowed threat actors to wholly outsource their tools for attack, with prebuilt packages of scripts and tools facilitating anything from distributed denial-of-service (DDoS) attacks to common vulnerability exploitation. To capitalize on this booming new underground industry, many malware authors have moved to profit on their expertise, providing their skills "as-a-service." This allows their customers to cherry-pick targets while bypassing the tiresome and complicated process of developing sophisticated malware or deploying and maintaining servers to control the malware’s operations during the attack.

**New Services  
**The demand for quick wins and easy profits has spurred more actors to offer new kinds of services in various pricing strategies. One of the more popular services today is offered by initial access brokers (IABs). IABs sell access to thousands of compromised endpoints on a daily basis, allowing cybercriminals to buy their first way into the networks of almost every enterprise and vendor out there. 

For as little as $10 a piece, threat actors can purchase access and gain a steady foothold in their targets' systems, attaining a beachhead into highly secured organizations without having to bother with the complex, drawn-out process of gaining initial access on their own. By outsourcing access, attackers of all levels of sophistication can leapfrog several steps, jumping yet another step closer to the level of an APT.

As cyber capabilities proliferate, trickling from APTs to less advanced threat groups, there are tens of thousands of actors that may be simply one click away from purchasing the advanced capabilities that would allow them to leapfrog to quasi-APT status.

The question is no longer how relevant and actionable your threat intelligence is; it’s how comprehensive and scalable it can be. Simply put, can your cybersecurity team continuously track millions of cybercriminal actors every day, and deliver the critical insights you need to block threats in real time?

How Threat Actors Are a Click Away From Becoming Quasi-APTs

MDR Sentinel expands TorchLight’s leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status

**SPOKANE, WA – May 10, 2022** - TorchLight today announced MDR Sentinel, a scalable, cloud-native turnkey security information and event management (SIEM) and security orchestration, automation, and response (SOAR) service. The new service is powered by enterprise-grade Microsoft Sentinel security tools combined with TorchLight’s nationwide virtual security operations center (vSOC) capabilities.

TorchLight is a Complete Security Solutions Provider (CSSP) that offers turnkey MDR services in addition to its own SIEM/SOAR MDR service that works with all leading cybersecurity products and environments to manage alerts and respond quickly and effectively to all threats.

The turnkey nature of MDR Sentinel is ideal for customers that are significant users of Microsoft software and services. TorchLight has also partnered with Cisco Systems for a turnkey managed SOAR MDR service that combines the full suite of Cisco Secure products along with TorchLight vSOC services.

**MDR Sentinel Details**

MDR Sentinel offers security analytics and threat intelligence across endpoint and cloud network environments. The service features built-in data connectors to collect security data from Microsoft software and services – including Microsoft Azure and Microsoft’s Defender for Endpoints, Cloud Apps and Office365 – as well as leading third-party firewalls and security systems.

MDR Sentinel assesses this data at scale and can detect threats with minimal false positives and investigates those threats with Microsoft’s experienced artificial intelligence (AI). The system responds rapidly to any incidents alerting the live cybersecurity experts in TorchLight’s vSOC who analyze significant events and provide incident management and support.

As a cloud-based SIEM, MDR Sentinel is less expensive and faster to deploy than traditional on-premises SIEMs. The service establishes connections to Microsoft Azure which also increases efficiency gains and significantly reduces management effort. The collaboration with Microsoft allows TorchLight to offer its clients best-fit Microsoft licensing as well as access to Microsoft’s analytics and intelligence.

"The cloud is joining end-user devices as the repository for valuable business data. MDR Sentinel offers an unparalleled ability to protect the entire range of a company’s data assets. This breadth combined with TorchLight’s nationwide SOC services is a comprehensive service and a good value,” said TorchLight CTO Stephen Heath.

“Microsoft is a pioneer in cloud-native SEIM / SOAR capabilities and our goal as a Microsoft Gold Partner is to use this technology and our SOC capabilities to give companies new tools to modernize their security operations,” said Jim Kreutel of TorchLight.

MDR Sentinel is now available. More details are at the TorchLight website.

**About TorchLight**

TorchLight is a full-service, nationwide Complete Security Solution Provider (CSSP) founded and built on the concept of providing a complete Design-Build-Manage (DBM) approach to cybersecurity solutions. We deploy a risk-aligned approach to translate business needs into cybersecurity, and cybersecurity into business strategy, to drive customer trust and investor confidence—combined with 24×7 monitoring and intelligence gathering. Through partnerships with Cisco and Microsoft, the industry leading security technology companies, we provide both turnkey and Bring-Your-Own-Tech cybersecurity solutions, along with a full range of consulting, reselling, and managed security service provider (MSSP) services.

TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity, nefarious types are going in with the ultimate goal of infecting targets with various botnets or establishing a backdoor via Log4Shell.

That's according to Barracuda researchers, who found that attackers are particularly probing for the critical vulnerability tracked as CVE-2022-22954 in droves, with swaths of actual exploitation attempts in the mix as well.

The security vulnerability carries a CVSS score of 9.8 and affects the VMware Workspace ONE Access and Identity Manager. Workspace ONE is VMware's platform for delivering corporate applications to any device (a sort of juiced-up mobile device management solution), and the identity manager handles authentication to the platform. The bug allows remote code execution (RCE) via server-side template injection for attackers that have network access.

"A server-side template-injection issue may allow an unauthenticated user with access to the Web interface to execute any arbitrary shell command as the VMware user," Mike Goldgof, Barracuda's senior director of product marketing for data protection, network, and application security, tells Dark Reading. "In effect, a hacker can bring down the system, extract data, inject ransomware, etc."

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," Goldgof noted. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets." 

The activity sometimes involves a second bug (CVE-2022-22960, CVSS score of 7.8), which is a local privilege escalation (LPE) vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation (a platform for creating private clouds). The bug arises because of improper permissions in support scripts, according to VMware's advisory, and could allow attackers with local access to achieve root privileges. 

In this case, it's being chained with the previous flaw for a full exploitation vector, Barracuda noted.

VMware disclosed the bugs in April, and soon thereafter, a proof-of-concept (PoC) exploit was released on GitHub and tweeted out to the world. Unsurprisingly, researchers from multiple security firms started seeing probes and exploit attempts very soon thereafter — and the hits just keep coming. 

"Any serious vulnerability in a broadly used platform or application is cause for concern. Threat actors are always looking for an opportunity to hit multiple targets with minimal effort," Mike Parkin, senior technical engineer at Vulcan Cyber, tells Dark Reading. "VMware is one of the most popular virtualization platforms around, and often runs on powerful iron with multiple applications running on top of it. This gives an attacker multiple reasons to go after VMware servers."

**VMware Payloads du Jour**  
Barracuda researchers noticed that most of the probing in its telemetry now is for the VMware RCE vulnerability, using the PoC code from GitHub. Most of the actual exploit attempts meanwhile are now primarily from botnet operators, especially IPs hosting variants of the Mirai distributed denial-of-service (DDoS) botnet malware, along with a few EnemyBot samples (another DDoS baddie).

Otherwise, "some Log4Shell exploit attempts were also seen in the data," researchers noted.

As for who's behind the attacks, most originate in the US (76%), mostly emanating from data centers and cloud providers. However, the researchers also found "consistent background attempts" from Russian IP addresses that are well known to be affiliated with opportunistic cybercrime cartels.

"Some of these IPs perform scans for specific vulnerabilities at regular intervals, and it looks like the VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes," the researchers explained.

In April, another set of attacks was flagged, with a very different aim. An Iranian cyber-espionage group known as Rocket Kitten was seen exploiting the CVE-2022-22954 RCE to deliver the Core Impact penetration testing tool on vulnerable systems. And in another batch of April activity, cryptominers reportedly made their way into the exploitation-palooza lineup.

After several initial spikes in April, the interest levels in triggering these vulnerabilities have been holding steady, according to Barracuda, and the firm expects the scanning and exploitation attempts to continue for some time.

The best defense against this spate of attacks (and most botnet and Log4Shell activity) is Security 101 — i.e., patching. Defenders can also build in an extra layer of protection with a Web application firewall (WAF), adding "defense in depth against zero-day attacks and other vulnerabilities," according to Barracuda's Tuesday writeup.

It's important for companies to hop on patches for popular platforms as soon as vendor disclosures come out, Goldgof notes.

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," he says. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets."

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

Cyberattackers are targeting US online businesses by injecting malicious PHP code into e-commerce checkout pages and exfiltrating scraped data to a command-and-control (C2) server spoofed to look like a legitimate credit-card processor.

That's according to a flash alert from the FBI issued this week, which detailed one attack in particular that began in September 2020. Along with scraping credit-card data, the cybercriminals were modifying the business checkout page code to gain backdoor access to the business' system. The FBI provided indicators of compromise and recommended mitigations for similar e-tailers, including patching and ongoing monitoring of e-commerce environments. 

**Businesses Should Take Alert 'Seriously'**  
Cyvatar CISO Dave Cundiff explained in an emailed reaction to the alert that basic cybersecurity hygiene and monitoring would be enough to fend off this sort of attack. 

"Continually verifying and monitoring an organization's fundamental cybersecurity is a requirement these days," Cundiff said. "If the fundamentals of an organization’s security are not strong, then the additional complexity of any additional security is useless." 

US businesses should take this alert seriously, according to Kunal Modasiya, senior director of product management at PerimeterX,.

"Given the risks of supply-chain attacks in general, it is important that businesses look beyond server-side security tools, such as static code analysis, external scanners, and the limitations of CSP to solutions," Modasiya says. 

Ron Bradley, vice president of Shared Assessments, meanwhile notes that organizations dealing with credit-card data, which he called "one of the crown jewels for fraudsters," should have technical controls like file integrity monitoring (FIM) in place.  

"If you're running a website, especially one which transacts funds, and if you don't have FIM implemented, I don't want to shop there," Bradley said. "Furthermore, you're going to get pummeled by bad actors because you don't have your house in order."

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund.

A new venture capital firm, Ballistic Ventures, is making investments in cybersecurity innovation, with an initial fund predicted to reach $300 million, the group said. 

Ballistic has already begun investing in startup cybersecurity companies, including Concentric AI, Nudge Security, Pangea, and Veza. The VC touts its deep bench of founders with a collective 90 cybersecurity firms, 10,000-plus security pros, and more than $100 billion in value to their collective credit. 

“At Ballistic, we have assembled the who’s who in cybersecurity – a deep bench of the best operators, entrepreneurs and investors who have been at the forefront of industry for three decades,” said Ted Schlein, Ballistic Ventures general partner, in a statement announcing the group. “For us, the cybersecurity fight is real and personal – and the need for revolutionary solutions has never been more urgent." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

New Venture Capital Fund Focuses on Emerging Cybersecurity Tech

Multi-million-pound commitment will empower everyone from recent graduates to career changers to IT professionals in the UK to begin a successful career in cybersecurity.

LONDON, May 17, 2022 – (ISC)² – the world’s largest non-profit association of certified cybersecurity professionals – today announced it will help expand the UK’s cybersecurity workforce by offering free certification and education for 100,000 cybersecurity career pursuers through the new (ISC)2 entry-level cybersecurity certification. The 100K in the UK program represents a multi-year, multi-million-pound investment towards cybersecurity workforce skills development throughout the UK.

There has never been a better or more urgent time to start a cybersecurity career. The UK is one of the largest cybersecurity career markets in Europe, with more than 300,000 active cybersecurity practitioners. However, it is also challenged by a cybersecurity workforce shortage of more than 33,000, with UK government figures stating that at least 17,500 new people need to enter the industry annually just to maintain the status quo.

“The cybersecurity profession needs the next generation to join its ranks now more than ever,” said Clar Rosso, CEO, (ISC)². “Unfortunately, until now, individuals looking for their first cybersecurity job often do not know where to start, what to expect, or how to convince employers to give them a chance. To address this, we have developed the (ISC)2 entry-level cybersecurity certification to be a trusted endorsement of an individual and their foundational knowledge, skills and abilities. Through the 100K in the UK scheme, we are committed to giving 100,000 cybersecurity career pursuers the opportunity to achieve this certification for free, making a powerful contribution that positively impacts the UK’s cybersecurity workforce challenge today, not years from now.”

“Cybersecurity certifications that validate young professionals and career changers looking for their first role are essential to delivering a much-needed expansion of the UK cybersecurity talent pool. We welcome all initiatives to attract more first-time cybersecurity professionals to the profession. The (ISC)2 100K in the UK scheme is a timely industry commitment given the strong need to recruit for entry- and junior-level cybersecurity positions which are outstripping the workforce supply by a significant margin,” said Simon Hepburn, CEO of the UK Cyber Security Council.

**How 100K in the UK Will Work**

The scheme is open to all UK residents who do not hold an (ISC)² cybersecurity certification. Recent graduates, career changers and IT professionals looking to move into cybersecurity are encouraged to apply here.

Once enrolled, participants will gain access to the online self-paced education course for the (ISC)2 entry-level cybersecurity certification. Participants also will receive a voucher to cover the full cost of the (ISC)2 entry-level cybersecurity certification exam, which they can pursue as soon as they feel ready. The exam can only be taken in-person at an authorised Pearson VUE test centre in the UK.

After successfully completing the exam, candidates will become full members of (ISC)² with access to a wide array of professional development resources to help them throughout their careers. The (ISC)2 entry-level cybersecurity certification is the first step on a career-long journey that will help cybersecurity professionals gain experience and work toward advanced qualifications such as the (ISC)2 CISSP and (ISC)2 CCSP.

**What the Exam Covers**

*   The (ISC)² entry-level cybersecurity certification exam evaluates candidates on the following five subject areas:
*   Security Principles
*   Business Continuity (BC), Disaster Recovery (DR) and Incident Response Concepts
*   Access Controls Concepts
*   Network Security
*   Security Operations

The exam outline provides additional details on each domain, and the online self-paced course materials help to guide candidates through the subject areas.

For more information about the (ISC)² 100K in the UK scheme, including registration and enrollment instructions, and important terms and conditions, visit https://cloud.connect.isc2.org/100K-inthe-UK.

**About (ISC)²**

(ISC)² is an international non-profit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 168,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.

(ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities

Source

DARKReading