Security News

5 steps to building NSA-level access control for your app
2023-04-13 04:00

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. In this article, we will focus and elaborate on the best practices offered by the NSA for building secure access management, and how they can be implemented at the application level.

NSA shares guidance on how to secure your home network
2023-02-22 21:40

The U.S. National Security Agency has issued guidance to help remote workers secure their home networks and defend their devices from attacks. "At a minimum, you should schedule weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security," the NSA said.

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA
2023-01-26 14:52

Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber...

Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched
2023-01-26 02:07

Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center and patched by Microsoft last year, according to Akamai's researchers. The bug isn't a remote code execution flaw; it's a vulnerability that allows someone to pretend to be another to an application or operating system, in the context of identity and certificate cryptography checks on Windows.

NSA asks Congress to let it get on with that warrantless data harvesting, again
2023-01-14 20:57

NSA director General Paul Nakasone told the Privacy and Civil Liberties Oversight Board yesterday that the loss of Section 702 of the Foreign Intelligence Surveillance Act would mean American spies would "Lose critical insights into the most significant threats to our nation" if allowed to lapse on December 31. In his speech, Nakasone said Section 702 is "Irreplaceable," and he provided several stories of the FBI and NSA cooperating using the law to stop terrorist plots and online attacks to justify his claim.

NSA shares tips on mitigating 5G network slicing threats
2022-12-14 16:02

The National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence, have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations. The 5G network slicing report builds upon Potential Threat Vectors to 5G Infrastructure, a paper published last year by the Enduring Security Framework cross-sector working group focused on addressing risks and threats to the security and stability of U.S. national security systems.

Citrix patches critical ADC flaw the NSA says is already under attack from China
2022-12-14 06:57

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today. Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.

NSA Over-surveillance
2022-11-11 12:25

Here in 2022, we have a newly declassified 2016 Inspector General report-"Misuse of Sigint Systems"-about a 2013 NSA program that resulted in the unauthorized targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

NSA urges orgs to use memory-safe programming languages
2022-11-11 11:35

The US National Security Agency has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives - namely C#, Rust, Go, Java, Ruby or Swift. "NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency.

NSA on Supply Chain Security
2022-11-04 14:16

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. The supplier also holds a critical responsibility in ensuring the security and integrity of our software.