Security News

The U.S. National Security Agency used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service.

From the dates and the title, the George Davida patent application which NSA unsuccesfully tried to block would have been US4202051A, for a key stream generator based on a LFSR combined with a non-linear feedback circuit. "In April 1978 a patent application made by Carl Nicolai for a speech scrambling device was evaluated by the NSA using Inman's new criteria. Once again, there was disagreement between NSA directorates. Neither Research and Engineering nor COMSEC believed that Nicolai's invention should be classified. Howard Rosenblum, DDC, noted that Nicolai employed"a sophisticated use of well-known, open-source techniques" of spread spectrum technology and that "so many unclassified spread spectrum systems are already in the public domain that it is too late to try to close the door by imposing secrecy orders based solely on the fact that the system uses spread spectrum techniques.

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup. In a blog, Brad Smith, Microsoft's president and chief legal officer, said the software and cloud services giant would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU. To my understanding, there would still be direct access to data and keys from the US in this new Microsoft setup.

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

The U.S. National Security Agency last week released a cybersecurity advisory focusing on the security of operational technology systems, particularly in terms of connectivity to IT systems. The advisory shares recommendations for evaluating risks and improving the securing of connections between IT systems - these can often serve as an entry point into industrial networks - and OT systems.

According to the U.S. National Security Agency, which issued an alert Thursday, the advanced persistent threat group known as APT29 is conducting "Widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access." The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware that organizations should patch immediately, researchers warned.

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.

The U.S. government on Thursday warned that Russian APT operators are exploiting five known - and already patched - vulnerabilities in corporate VPN infrastructure products, insisting it is "Critically important" to mitigate these issues immediately. According to the NSA, the five vulnerabilities should be prioritized for patching alongside the newest batch of Exchange Server updates released by Microsoft earlier this week.

A joint advisory from the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation warn that the Russian Foreign Intelligence Service is exploiting five vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw in attacks late last year.