nsa – Page 14 – WindowsTechs.com

VMware Flaw a Vector in SolarWinds Breach?

Posted on December 18, 2020 by BrianKrebs

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. Continue reading VMware Flaw a Vector in SolarWinds Breach?→

NSA on Authentication Hacks (Related to SolarWinds Breach)

Posted on December 18, 2020 by Bruce Schneier

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about… Continue reading NSA on Authentication Hacks (Related to SolarWinds Breach)→

NSA Warns: Patched VMware Bug Under Active Exploit

Posted on December 7, 2020 by Tom Spring

Feds are warning that foreign adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products. Continue reading NSA Warns: Patched VMware Bug Under Active Exploit→

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

Posted on December 4, 2020 by Tara Seals

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” Continue reading VMware Rolls a Fix for Formerly Critical Zero-Day Bug→

December 2020 Patch Tuesday forecast: Always consider the risk

Posted on December 4, 2020 by Help Net Security

The final Patch Tuesday of the year is upon us and what a year it has been. Forcing many changes this year, the pandemic has impacted the way we conduct both security and IT operations. But even with the need to support remote operations and new applic… Continue reading December 2020 Patch Tuesday forecast: Always consider the risk→

Michael Ellis as NSA General Counsel

Posted on November 18, 2020 by Bruce Schneier

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it.

While important details remai… Continue reading Michael Ellis as NSA General Counsel→

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Posted on October 28, 2020 by Bruce Schneier

Senator Ron Wyden asked, and the NSA didn’t answer:

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edwa… Continue reading The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products→

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Posted on October 21, 2020 by Tara Seals

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. Continue reading Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks→

NSA Advisory on Chinese Government Hacking

Posted on October 21, 2020 by Bruce Schneier

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching…

Continue reading NSA Advisory on Chinese Government Hacking→

25 vulnerabilities exploited by Chinese state-sponsored hackers

Posted on October 21, 2020 by Zeljka Zorz

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be e… Continue reading 25 vulnerabilities exploited by Chinese state-sponsored hackers→