Security News

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees
2020-07-08 10:55

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. Affected gear includes the Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bugs being targeted in the wild, though Rob Joyce, former head of the NSA's Tailored Access Operations elite hacking team, urged admins to apply the patches - right after fixes emerged for vulns in F5 and Palo Alto networking gear, too.

5 NSA-recommended strategies for improving your VPN security
2020-07-06 18:34

A senior NSA official speaking to reporters last week said that telework infrastructure like VPNs have become a focus for malicious actors, which led the NSA to release a formal advisory on how to secure VPNs from cyberattacks. "VPN gateways tend to be directly accessible from the internet and are prone to network scanning, brute force attacks, and zero-day vulnerabilities," the NSA bulletin said.

NSA Publishes Recommendations on Securing IPsec VPNs
2020-07-06 13:44

Used within organizations of all sizes for remote connection to assets and for telework, VPNs can deliver the expected level of security if strong cryptography is employed and if admins perform regular assessments to identify and eliminate misconfigurations and vulnerabilities. Thus, the NSA recommends that network administrators avoid default settings and reduce the attack surface of VPN gateways, ensure that only CNSSP 15-compliant cryptographic algorithms are used, remove unused or non-compliant cryptography, and keep both VPN gateways and clients up to date.

NSA Warns of Sandworm Backdoor Attacks on Mail Servers
2020-05-29 16:34

The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet's top email server software, according to the National Security Agency. Exim is the default MTA included on some Linux distros like Debian and Red Hat, and Exim-based mail servers in general run almost 57 percent of the internet's email servers, according to a survey last year.

NSA Publishes IOCs Associated With Russian Targeting of Exim Servers
2020-05-29 15:31

The U.S. National Security Agency on Thursday published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team. The open-source Exim mail transfer agent is used broadly worldwide, powering more than half of the Internet's email servers and also being pre-installed in some Linux distributions.

NSA warns about Sandworm APT exploiting Exim flaw
2020-05-29 10:36

The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously
2020-05-29 06:08

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously
2020-05-29 06:08

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.

NSA: Russian Agents Have Been Hacking Major Email Program
2020-05-29 03:57

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K. He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign - in hopes of thwarting their use for other means.

Shadow Broker leaked NSA files point to unknown APT group
2020-04-24 10:35

Remember the Shadow Brokers, the mysterious group that stole and leaked a collection of NSA files in 2016? Well, it's the gift that keeps on giving. A security researcher claims to have unearthed a previously-unknown APT group after reading over some of the dumped files.