06 Feb 2020

ODNI Plans to Share More About Cyber Threats Under New Counterintelligence Strategy

On Tuesday, the Office of the Director of National Intelligence unveiled plans for a new approach to combatting cyber threats that encourages greater private sector participation. A document related to the strategy will be released on Monday. An overview of the plan was released at an event hosted by the

Read More
24 Jan 2020

Flaws in the U.S. Vulnerabilities Equities Process

Last week, the security community was in a flurry around the disclosure of a severe vulnerability (known as CVE-2020-0601) in Microsoft’s Windows operating system. Notably, it was because the National Security Agency (NSA) tipped off Microsoft, helping the tech giant patch the flaw instead of exploiting it for national security missions. NSA was praised for its cultural shift from offense to defense, however, in my opinion, not all that glitters is gold.

Read More
24 Jan 2020

Bipartisan Coalition Bill Introduced to Reform NSA Surveillance

A coalition of US lawmakers introduced new bipartisan legislation that aims to protect Americans from government surveillance, such as that run by the NSA. The bill, named Safeguarding Americans’ Private Records Act, was introduced today by Senators Wyden and Daines in the upper chamber while Representatives Lofgren, Davidson, and Jaypal

Read More
15 Jan 2020

NSA’s First Public Vulnerability Disclosure: An Effort to Build Trust

The US National Security Agency (NSA) has discovered and reported a bug to Microsoft. The vulnerability was tracked as CVE-2020-0601 and impacted Windows 10 and Windows Server systems. The NSA stated that this was the first time it decided to report and publicly disclose a security vulnerability pertaining to a

Read More
14 Jan 2020

Vulnerabilities, the Search for Buried Treasure, and the US Government

Most weeks, it is far outside the normal job responsibilities for cybersecurity professionals to understand what the United States (or other governments) do to find or use computer vulnerabilities. Just stay patched and keep the board of directors happy. This is not one of those weeks.

This week we learned that the National Security Agency disclosed to Microsoft that it had discovered a major vulnerability (dubbed CVE-2020-0601) in Windows 10. A Washington Post article, by veteran cyber journalist Ellen Nakashima, declared this to be a “a major shift in the NSA’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries’ networks.”

Read More
06 Nov 2019

Kaspersky identifies mysterious APT mentioned in 2017 Shadow Brokers leak

Kaspersky has identified one of the advanced persistent threat (APT) groups mentioned in a leaked US National Security Agency (NSA) scanning tool. The python script was made public as part of the ‘Lost in Translation’ leak by the mysterious Shadow Brokers group in 2017. That leak also exposed other NSA

Read More
21 Oct 2019

NSA And NCSC Warning: Russian Hackers Disguised As Iranian Spies Attacked 35 Countries

The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) warned on Monday that the Russian state-backed hacking group Turla (aka Snake or Uroburos) has been impersonating Iranian state-sponsored hackers in a campaign targeting organizations in the US, the UK and 33 other countries, many of

Read More
08 Oct 2019

US And UK Governments Issue Update Now Warning For Windows, macOS And Linux Users

The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) that falls under the US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) are all warning that Windows, macOS And Linux Users relying on certain Virtual Private Network (VPN) applications are at

Read More
03 Oct 2019

America Launches New Cybersecurity Directorate

The US National Security Agency (NSA) has established a new Cybersecurity Directorate to take over the foreign intelligence and cyber activities of the agency. According to an NSA spokesperson, the new directorate “will reinvigorate NSA’s white hat mission by sharing critical threat information and collaborating with partners and customers to

Read More
06 Sep 2019

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

A new report by Check Point indicates that Chinese state-backed hackers set deliberate traps to steal the NSA-linked cyber weapons that were leaked by the mysterious Shadow Brokers group in 2017. Earlier this year, Symantec already found evidence that Chinese cyber espionage group Buckeye (aka APT3, UPS Team, Gothic Panda,

Read More