Security News

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

The National Security Agency has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings. The NSA points out that securing devices for the use of public Wi-Fi hotspots is not enough, as their Bluetooth and Near Field Communications functions require similar attention as well.

The U.S. National Security Agency is offering advice to security teams looking for wireless best practices to protect corporate networks and personal devices. The NSA advises turning off Bluetooth in public, lest a user be open to a range of attacks such as BlueBorne or BlueBugging - both used to access and exfiltrate corporate data on targeted devices.

The US National Security Agency today published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely. The info sheet published today by the NSA can help identify potential threats and vulnerable public connections, as well to minimize risks and better secure wireless devices and data.

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and the U.K.'s National Cyber Security Centre formally attributed the incursions to the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center. "The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said.

Rob Joyce, the director of cybersecurity at the National Security Agency, on Thursday announced that his role now has an official Twitter account. Joyce has promised to share "Insights and information about what we are up to." His first tweet after announcing the creation of the account informed followers about the cybersecurity advisory released by the NSA in collaboration with other security agencies to describe a global brute force attack campaign attributed to Russia.

The National Security Agency warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files. In a new advisory released today, the NSA states that the Russian GRU's 85th Main Special Service Center, military unit 26165, has been using a Kubernetes cluster since 2019 to perform password spray attacks on US and foreign organizations, including the US government and Department of Defense agencies.

SonicWall announced three new high-performance firewall models for enterprises and large organizations - NSa 4700, NSa 6700 and NSsp 13700 - designed to accelerate network throughput, stop advanced cyberattacks like ransomware, and securely connect millions of users. The new SonicWall NSa 4700 and NSa 6700 next-generation firewalls deliver 18 and 36 Gbps of firewall throughput - three times the previous comparable SonicWall appliances.

Chris Inglis was last week appointed America's national cyber director, responsible for coordinating the government's computer security strategy and defending its networks. The United States has been lacking a government computer security chief since President Trump eliminated the position of cybersecurity advisor to the National Security Council in 2018, then held by ex-NSA exploit extraordinaire and Christmas lights enthusiast Rob Joyce.