Security News

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. The supplier also holds a critical responsibility in ensuring the security and integrity of our software.

NSA, CISA, and the Office of the Director of National Intelligence have shared a new set of suggested practices that software suppliers can follow to secure the supply chain. "Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software," the NSA said on Monday.

Tensions between the US, China, and Taiwan have far-reaching impacts beyond semiconductor saber-rattling and trade restrictions. NSA Director of Cybersecurity Rob Joyce has some critical lessons on how companies can withstand an escalation in China-Taiwan tensions and what such conflicts matter in the first place.

U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign. " actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.

An ex-NSA employee has been charged with trying to sell classified data to the Russians. It's a weird story, and the FBI affidavit raises more questions than it answers.

The FBI alleges it then followed the money as it moved from a cryptocurrency exchange to the NSA staffer's personal bank account. Jareh Sebastian Dalke, who was employed at the NSA as an information security systems designer from June 6 to July 1, allegedly began communicating with what he believed to be a foreign agent on July 29, according to a statement from the Department of Justice announcing his arrest in Denver on September 28.

A former U.S. National Security Agency employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation. Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer as part of a temporary assignment in Washington D.C. According to an affidavit filed by the FBI, Dalke was also a member of the U.S. Army from about 2015 to 2018 and held a Secret security clearance, which he received in 2016.

The National Security Agency and CISA have issued guidance on how to secure operational technology and industrial control systems part of U.S. critical infrastructure.The advisory also "Notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems."

China has accused the U.S. National Security Agency of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre disclosed its findings last week, and accused the Office of Tailored Access Operations at the USA's National Security Agency of orchestrating thousands of attacks against the entities located within the country.

Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam. Per the terms of the agreements, Ryan Adams [PDF], Marc Baier [PDF] and Daniel Gericke [PDF], all three former NSA operatives, will be "Debarred," meaning they are prohibited from participating in any activities regulated under the International Traffic in Arms Regulations for three years.