Security News

Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center and patched by Microsoft last year, according to Akamai's researchers. The bug isn't a remote code execution flaw; it's a vulnerability that allows someone to pretend to be another to an application or operating system, in the context of identity and certificate cryptography checks on Windows.

NSA director General Paul Nakasone told the Privacy and Civil Liberties Oversight Board yesterday that the loss of Section 702 of the Foreign Intelligence Surveillance Act would mean American spies would "Lose critical insights into the most significant threats to our nation" if allowed to lapse on December 31. In his speech, Nakasone said Section 702 is "Irreplaceable," and he provided several stories of the FBI and NSA cooperating using the law to stop terrorist plots and online attacks to justify his claim.

The National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence, have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations. The 5G network slicing report builds upon Potential Threat Vectors to 5G Infrastructure, a paper published last year by the Enduring Security Framework cross-sector working group focused on addressing risks and threats to the security and stability of U.S. national security systems.

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today. Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.

Here in 2022, we have a newly declassified 2016 Inspector General report-"Misuse of Sigint Systems"-about a 2013 NSA program that resulted in the unauthorized targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

The US National Security Agency has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory safe alternatives - namely C#, Rust, Go, Java, Ruby or Swift. "NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations," advised the agency.

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. The supplier also holds a critical responsibility in ensuring the security and integrity of our software.

NSA, CISA, and the Office of the Director of National Intelligence have shared a new set of suggested practices that software suppliers can follow to secure the supply chain. "Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software," the NSA said on Monday.

Tensions between the US, China, and Taiwan have far-reaching impacts beyond semiconductor saber-rattling and trade restrictions. NSA Director of Cybersecurity Rob Joyce has some critical lessons on how companies can withstand an escalation in China-Taiwan tensions and what such conflicts matter in the first place.

U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign. " actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.