NSA Warns Smartphones Leak Location Data
The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are. Continue reading NSA Warns Smartphones Leak Location Data
Category Archives: National Security Agency
Someone is trying to catfish women by pretending to be Paul Nakasone
Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks. Emailing random women from an outpost in Syria is probably not on his to-do list. So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her. “I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.” Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top […]
The post Someone is trying to catfish women by pretending to be Paul Nakasone appeared first on CyberScoop.
Continue reading Someone is trying to catfish women by pretending to be Paul Nakasone
New Bill Proposes NSA Surveillance Reforms
The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans. Continue reading New Bill Proposes NSA Surveillance Reforms
Microsoft Patches Major Crypto Spoofing Bug
January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches. Continue reading Microsoft Patches Major Crypto Spoofing Bug
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. Continue reading Cryptic Rumblings Ahead of First 2020 Patch Tuesday
New Bug Found in NSA’s Ghidra Tool
Flaw in National Security Agency’s Ghidra reverse-engineering tools allows hackers to execute code in vulnerable systems. Continue reading New Bug Found in NSA’s Ghidra Tool
Cybereason raises $200 million for its enterprise security platform
Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling […] Continue reading Cybereason raises $200 million for its enterprise security platform
The NSA is experimenting with machine learning concepts its workforce will trust
As the U.S. National Security Agency incorporates machine learning and artificial intelligence into its defensive cyber operations, officials are weighing whether cyber operators will have confidence in the algorithms underpinning those emerging technologies. NSA operators want to say, “is my AI or ML system explainable?” Neal Ziring, NSA’s Technical Director for Capabilities, told CyberScoop Thursday. “Contexts where the AI is recommending an action is where that will be most important.” The intelligence agency still is exploring how machine learning, an automated method of data analysis, might be used to detect threats and protect new Internet of Things technology. Given the amount of information that agency employees need to sort through, machine learning could help prioritize tasks and decrease the amount of time employees spend on triage. The NSA aims to use machine learning and artificial intelligence, in which computers make their own decisions, to more efficiently stop threats, and eventually leverage those tools in offensive operations. But, if NSA workers don’t trust the […]
The post The NSA is experimenting with machine learning concepts its workforce will trust appeared first on CyberScoop.
Continue reading The NSA is experimenting with machine learning concepts its workforce will trust
After remote-code test, DHS sounds the alarm on BlueKeep
The Department of Homeland Security has added its voice to a chorus of government and corporate cybersecurity professionals urging users to patch their systems for BlueKeep, a critical vulnerability recently reported in old Microsoft Windows operating systems. DHS’s Cybersecurity and Infrastructure Security Agency said Monday said it had used the BlueKeep vulnerability to execute remote code on a test machine operating Windows 2000. The agency released an advisory reiterating that, like the famed WannaCry ransomware, BlueKeep is “wormable,” in that malware exploiting the vulnerability could spread to other systems. The BlueKeep vulnerability, for which Microsoft published an advisory on May 14, could allow a hacker to abuse the popular Remote Desktop Protocol, which grants remote access to computers for administrative purposes, to delete data or install new programs on a system. When it was disclosed, security experts immediately warned of BlueKeep’s severity, and as of last week, close to 1 million internet-exposed machines were still vulnerable […]
The post After remote-code test, DHS sounds the alarm on BlueKeep appeared first on CyberScoop.
Continue reading After remote-code test, DHS sounds the alarm on BlueKeep
Criminal campaign uses leaked NSA tools to set up cryptomining scheme, Trend Micro says
Since March, criminals have been using hacking tools that were reportedly stolen from the National Security Agency in targeting companies around the world as part of a cryptomining campaign, researchers with cybersecurity company Trend Micro said Thursday. The broad-brush campaign has hit organizations in the banking, manufacturing and education sectors, among others, Trend Micro says. The criminals are essentially hijacking corporate computing power to harvest the cryptocurrency Monero. It’s hardly a new concept, but in this case it’s a reminder that tools deployed by state-sponsored hackers can also be used by relatively unskilled crooks more interested in making money than in spying. “Entry-level cybercriminals are gaining easy access to what we can consider ‘military-grade’ tools — and are using them for seemingly ordinary cybercrime activity,” Trend Micro researchers wrote in a blog post. The attacks are exploiting old versions of Microsoft Windows using a variant of a backdoor based on the EternalBlue exploit, Trend Micro said. EternalBlue is code reportedly […]
The post Criminal campaign uses leaked NSA tools to set up cryptomining scheme, Trend Micro says appeared first on CyberScoop.