Security News

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it. The NSA general counsel is not a Senate-confirmed role.

Cyber Privacy: Who Has Your Data and Why You Should Care is the title of a new book from April Falcon Doss, a former associate general counsel for intelligence law at America's NSA. Doss spoke to The Register about her concerns with pervasive data collection and its potential for harm. Explaining why she wrote the newly published book, Doss said: "I spent years immersed in and I was constantly discovering new areas of data collection, new ways in which data is being used, new concerns for individuals, and I thought, you shouldn't have to be a data expert to understand these things."

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others. These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant.

The bug exists in the Citrix Application Delivery Controller and Gateway, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web. Microsoft bugs are well-represented, including the BlueKeep RCE bug in Remote Desktop Services, which is still under active attack a year after disclosure.

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The NSA notes that it has observed Chinese threat actors scanning for or attempting to exploit these vulnerabilities against multiple victims.

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. CVE-2019-0708: A remote code execution vulnerability exists within Microsoft Windows' Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.

The U.S. National Security Agency warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. As part of these attacks, the NSA has seen twenty-five publicly disclosed vulnerabilities exploited to gain access to networks, deploy malicious mobile apps, and spread laterally through a system while attackers steal sensitive data.

AEM introduced the Network Service Assistant with Certi-Lite, a new category of hybrid tester that bridges the gap in existing test equipment between network connectivity and standards-based cable testing. With NSA Certi-Lite, network owners no longer have to choose between wire testers for basic cable continuity, a network tester to qualify real-world multi-gig and network connectivity testing, or a cable certifier for those times when a deeper-dive test on cabling is required.