Security News

NSA Releases Guidance for Securing Enterprise Communication Systems
2021-06-18 12:32

The NSA on Thursday released guidance to help organizations secure their communication systems, specifically Unified Communications and Voice and Video over IP. UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors. The NSA has warned that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware.

NSA shares guidance on securing voice, video communications
2021-06-17 18:00

The National Security Agency has shared mitigations and best practices that systems administrators should follow when securing Unified Communications and Voice and Video over IP call-processing systems. Since these communication systems are tightly integrated with other IT equipment within enterprise networks, they also inadvertently increase the attack surface by introducing new vulnerabilities and the potential for covert access to an organization's communications.

Reality Winner, NSA Contractor in Leak Case, Out of Prison
2021-06-15 13:24

A former government contractor who was given the longest federal prison sentence imposed for leaks to the news media has been released from prison to home confinement, a person familiar with the matter told The Associated Press on Monday. Reality Winner, 29, has been moved to home confinement and remains in the custody of the federal Bureau of Prisons, the person said.

Ex-NSA leaker Reality Winner released from prison early for 'exemplary' behavior
2021-06-14 20:36

Reality Winner, the former NSA intelligence contractor who leaked evidence of Russian interference in a US Presidential election to the press, has been released from prison. Her attorney Alison Allen announced Winner, 29, had been let out on Monday early due to "Exemplary" behavior while inside.

Report: Danish Secret Service Helped NSA Spy On European Politicians
2021-06-01 01:41

The U.S. National Security Agency used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service.

Newly Declassified NSA Document on Cryptography in the 1970s
2021-05-10 11:21

From the dates and the title, the George Davida patent application which NSA unsuccesfully tried to block would have been US4202051A, for a key stream generator based on a LFSR combined with a non-linear feedback circuit. "In April 1978 a patent application made by Carl Nicolai for a speech scrambling device was evaluated by the NSA using Inman's new criteria. Once again, there was disagreement between NSA directorates. Neither Research and Engineering nor COMSEC believed that Nicolai's invention should be classified. Howard Rosenblum, DDC, noted that Nicolai employed"a sophisticated use of well-known, open-source techniques" of spread spectrum technology and that "so many unclassified spread spectrum systems are already in the public domain that it is too late to try to close the door by imposing secrecy orders based solely on the fact that the system uses spread spectrum techniques.

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away
2021-05-07 15:20

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup. In a blog, Brad Smith, Microsoft's president and chief legal officer, said the software and cloud services giant would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU. To my understanding, there would still be direct access to data and keys from the US in this new Microsoft setup.

PoC exploit released for Microsoft Exchange bug dicovered by NSA
2021-05-03 17:24

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

NSA Issues Guidance on Securing IT-OT Connectivity
2021-05-03 11:25

The U.S. National Security Agency last week released a cybersecurity advisory focusing on the security of operational technology systems, particularly in terms of connectivity to IT systems. The advisory shares recommendations for evaluating risks and improving the securing of connections between IT systems - these can often serve as an entry point into industrial networks - and OT systems.

NSA: 5 Security Bugs Under Active Nation-State Cyberattack
2021-04-16 18:10

According to the U.S. National Security Agency, which issued an alert Thursday, the advanced persistent threat group known as APT29 is conducting "Widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access." The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware that organizations should patch immediately, researchers warned.