Security News

NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers
2020-10-21 11:06

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The NSA notes that it has observed Chinese threat actors scanning for or attempting to exploit these vulnerabilities against multiple victims.

Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA
2020-10-20 23:40

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. CVE-2019-0708: A remote code execution vulnerability exists within Microsoft Windows' Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.

NSA: Top 25 vulnerabilities actively abused by Chinese hackers
2020-10-20 11:20

The U.S. National Security Agency warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. As part of these attacks, the NSA has seen twenty-five publicly disclosed vulnerabilities exploited to gain access to networks, deploy malicious mobile apps, and spread laterally through a system while attackers steal sensitive data.

AEM introduces  NSA, a hybrid Qualification+ tester, changes testing landscape
2020-10-19 00:30

AEM introduced the Network Service Assistant with Certi-Lite, a new category of hybrid tester that bridges the gap in existing test equipment between network connectivity and standards-based cable testing. With NSA Certi-Lite, network owners no longer have to choose between wire testers for basic cable continuity, a network tester to qualify real-world multi-gig and network connectivity testing, or a cable certifier for those times when a deeper-dive test on cabling is required.

NSA Issues Cybersecurity Guidance for Remote Workers, System Admins
2020-09-21 18:50

The National Security Agency has published two cybersecurity information sheets with recommendations for National Security System and Department of Defense workers and system administrators on securing networks and responding to incidents during the work-from-home period. Recommended steps to mitigate the compromise, the NSA says, include rebooting and resetting routers, disabling their remote administration functionality and updating the firmware; disconnecting infected machines from the network, resetting passwords on a different device and running anti-malware software; and removing ransomware infections and restoring a previously backed-up good state.

NSA Publishes Guidance on UEFI Secure Boot Customization
2020-09-16 11:53

According to the NSA incompatibility issues often result in Secure Boot being disabled, which the agency advises against. "Customization enables administrators to realize the benefits of boot malware defenses, insider threat mitigations, and data-at-rest protections. Administrators should opt to customize Secure Boot rather than disable it for compatibility reasons. Customization may - depending on implementation - require infrastructures to sign their own boot binaries and drivers," the NSA says.

NSA, NCMF Lay Out Design Plans for Cyber Center for Education and Innovation
2020-09-08 11:49

The National Security Agency and the National Cryptologic Museum Foundation last week shared information on the design plans for the proposed Cyber Center for Education and Innovation, set to be built on the NSA-Washington campus at Fort Meade. The center will also be the home of the National Cryptologic Museum, which the NSA says aims to inspire transparency, courtesy of large open floor plans, tall glass windows and skylights, and a well-lit main room.

Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway
2020-09-03 15:02

It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.

NSA Mass Surveillance Program Illegal, U.S. Court Rules
2020-09-03 14:02

A U.S. federal appeals court ruled that the controversial National Security Agency mass surveillance program exposed in 2013 was illegal - and may have even been unconstitutional. The call comes seven years after former NSA contractor and whistleblower Edward Snowden outed the mass surveillance program, which enabled snooping in on millions of American's phone calls, in a bombshell leak that drew widespread worries about privacy.