Security News

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions.The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

CISA, the Federal Bureau of Investigation, and the National Security Agency warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.

We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "When or even if" a quantum computer will ever exist to "Exploit" public-key cryptography. In the document, titled Quantum Computing and Post-Quantum Cryptography FAQ, the NSA said it "Has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.

The National Security Agency's Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing information that might lead to him being taken off the air. The statement emphasized that the NSA is only authorized to target foreign entities, adding, "With limited exceptions, NSA may not target a U.S. citizen without a court order that explicitly authorizes the targeting."

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

The National Security Agency has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings. The NSA points out that securing devices for the use of public Wi-Fi hotspots is not enough, as their Bluetooth and Near Field Communications functions require similar attention as well.

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging - both used to access and exfiltrate corporate data on targeted devices.