Security News

SonicWall announced three new high-performance firewall models for enterprises and large organizations - NSa 4700, NSa 6700 and NSsp 13700 - designed to accelerate network throughput, stop advanced cyberattacks like ransomware, and securely connect millions of users. The new SonicWall NSa 4700 and NSa 6700 next-generation firewalls deliver 18 and 36 Gbps of firewall throughput - three times the previous comparable SonicWall appliances.

Chris Inglis was last week appointed America's national cyber director, responsible for coordinating the government's computer security strategy and defending its networks. The United States has been lacking a government computer security chief since President Trump eliminated the position of cybersecurity advisor to the National Security Council in 2018, then held by ex-NSA exploit extraordinaire and Christmas lights enthusiast Rob Joyce.

The NSA on Thursday released guidance to help organizations secure their communication systems, specifically Unified Communications and Voice and Video over IP. UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors. The NSA has warned that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware.

The National Security Agency has shared mitigations and best practices that systems administrators should follow when securing Unified Communications and Voice and Video over IP call-processing systems. Since these communication systems are tightly integrated with other IT equipment within enterprise networks, they also inadvertently increase the attack surface by introducing new vulnerabilities and the potential for covert access to an organization's communications.

A former government contractor who was given the longest federal prison sentence imposed for leaks to the news media has been released from prison to home confinement, a person familiar with the matter told The Associated Press on Monday. Reality Winner, 29, has been moved to home confinement and remains in the custody of the federal Bureau of Prisons, the person said.

Reality Winner, the former NSA intelligence contractor who leaked evidence of Russian interference in a US Presidential election to the press, has been released from prison. Her attorney Alison Allen announced Winner, 29, had been let out on Monday early due to "Exemplary" behavior while inside.

The U.S. National Security Agency used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service.

From the dates and the title, the George Davida patent application which NSA unsuccesfully tried to block would have been US4202051A, for a key stream generator based on a LFSR combined with a non-linear feedback circuit. "In April 1978 a patent application made by Carl Nicolai for a speech scrambling device was evaluated by the NSA using Inman's new criteria. Once again, there was disagreement between NSA directorates. Neither Research and Engineering nor COMSEC believed that Nicolai's invention should be classified. Howard Rosenblum, DDC, noted that Nicolai employed"a sophisticated use of well-known, open-source techniques" of spread spectrum technology and that "so many unclassified spread spectrum systems are already in the public domain that it is too late to try to close the door by imposing secrecy orders based solely on the fact that the system uses spread spectrum techniques.

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup. In a blog, Brad Smith, Microsoft's president and chief legal officer, said the software and cloud services giant would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU. To my understanding, there would still be direct access to data and keys from the US in this new Microsoft setup.

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.