Security News
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the...
May have reeled in blueprints related to weapons development A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army...
The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target. An indictment [PDF] named Rim Jong Hyok as a participant in "a conspiracy to hack and extort US hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide."
In an audit [PDF] published Tuesday, the OIG found NASA has a "Comprehensive privacy program that includes processes for determining whether information systems collect, store, and transmit PII; publishing System of Records Notices; and providing general privacy training to its workforce." That's a welcome assessment, given NASA employs around 16,000 people and - as with all government agencies - collects PII about them and the contractors, partners, and members of the public it engages.
The NASA Office of Inspector General has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective." We could go on, but you get the idea: NASA infosec isn't great.
A vulnerability in network technology widely used in space and aircraft could, if successfully exploited, have disastrous effects on those critical systems, according to academics. In a study published today, boffins at the University of Michigan in the US, with some help from NASA, detailed the flaw and a technique to exploit it, which they dubbed PCspooF. Exploiting PCspooF can cause critical systems on a network to malfunction by disrupting their timing.
While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency's information technology systems - including many containing high-value assets or critical infrastructure - are unclassified and are therefore not covered by its current insider threat program. While NASA's exclusion of unclassified systems from its insider threat program is common among federal agencies, adding those systems to a multi-faceted security program could provide an additional level of maturity to the program and better protect agency resources.
An audit of NASA's infosec preparedness against insider threats has warned it faces "Serious jeopardy to operations" due to lack of protection for Unclassified information. A Monday report [PDF] found that NASA has done well, as required, in its efforts to defend and prevent insider threats to Classified information - stuff that NASA defines as "Official information regarding the national security that has been designated Confidential, Secret, or Top Secret."
The U.S. National Aeronautics and Space Administration identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA's Office of Inspector General. NASA has institutional systems, which are used for the day-to-day work of employees - these include data centers, web services, computers and networks.
NASA has fired up the avionics of the Artemis I core stage ahead of tomorrow's planned redo of the prematurely terminated hotfire test. Those boosters are missing a key ingredient: the SLS core stage, which continues to languish on the B-2 test stand at NASA's Stennis Space Center near Bay St. Louis, Mississippi.