NSA Archives - Cyber Security Minute

Pro-Iran Attackers Access Multiple Water Facility Controllers

Issued by: Dark Reading

Critical infrastructure in multiple US states may have been compromised by Iran-affiliated attackers targeting programmable logic controllers (PLCs). A warning from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate comes after an attack was detected on a Pennsylvania water authority…

Vulnerabilities

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

Issued by: Dark Reading

Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with…

Application Security

NSA Publishes Guidance on Mitigating Software Memory Safety Issues

Issued by: Security Week

Caused by how programs manage or allocate memory, logic errors, incorrect order of operations, or the use of uninitialized variables, software memory safety issues are often exploited for remote code execution (RCE). Representing the most common cause of vulnerabilities in many cases (Microsoft and Google blame memory safety issues for 70% of their bugs), memory…

Application Security

US Gov Issues Supply Chain Security Guidance for Software Suppliers

Issued by: Security Week

Created by the Enduring Security Framework (ESF), a cross-sector working group seeking to mitigate the risks threatening the critical infrastructure and national security, the guidance provides recommendations for developers, suppliers, and organizations. In September, the three US agencies released the first part of the series, which included recommendations for developers looking to improve the software…

Network Security, Software Security, Vulnerabilities

NSA Cyber Specialist, Army Doctor Charged in US Spying Cases

Issued by: Security Week

In one case, cybersecurity expert Jareh Sebastian Dalke, 30, spent less than four weeks working at the NSA, the government’s huge and powerful signals intelligence agency, before he suddenly quit, citing family problems at the end of June. In the few weeks he was at the NSA, he printed out top secret documents, and after…

Network Security

US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Issued by: Security Week

A general-purpose document titled Open Radio Access Network Security Considerations, the guidance is based on current knowledge and recommended practices and should apply to a variety of industries. “Open RAN is the industry term for the evolution of traditional RAN architecture to open interoperable interfaces, virtualization, and big data and AI-enabled intelligence,” the document reads….

Network Security

CISA’s Joint Cyber Defense Collaborative: Why it just might work

Issued by: CSO

The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) has a new director, Jen Easterly. The Senate confirmed Easterly in July, with swearing taking place on August 09, 2021. It should come as no surprise to CISOs to see Easterly dig in and immediately leverage the newly minted Joint Cyber…

Network Security

Director of Cybersecurity at NSA Gets Dedicated Twitter Account

Issued by: Security Week

The account, @NSA_CSDirector, is currently being used by Joyce, but it will likely be passed on to future NSA cybersecurity directors, similar to the @POTUS Twitter account used by the president of the United States. Joyce has promised to share “insights and information about what we are up to.” His first tweet after announcing the…

Vulnerabilities

Reality Winner, NSA Contractor in Leak Case, Out of Prison

Issued by: Security Week

Reality Winner, 29, has been moved to home confinement and remains in the custody of the federal Bureau of Prisons, the person said. The person could not discuss the matter publicly and spoke to the AP on condition of anonymity. She pleaded guilty in 2018 to a single count of transmitting national security information. Winner…

Software Security

Biden Names 2 Ex-NSA Officials for Senior Cyber Positions

Issued by: Security Week

Chris Inglis, a former NSA deputy director, is being nominated as the government’s first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. The appointments come as the Biden administration grapples with the aftermath…