nsa – Page 7 – WindowsTechs.com

The FBI Identified a Tor User

Posted on January 17, 2023 by Bruce Schneier

According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Yet, that’s exactly what the FBI did. It found Al-Azhari allegedly visited the site from an IP address associated with Al-Azhari’s grandmother’s house in Riverside, California. The FBI also found what specific pages Al-Azhari visited, including a section on donating Bitcoin; another focused on military operations conducted by ISIS fighters in Iraq, Syria, and Nigeria; and another page that provided links to material from ISIS’s media arm. Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible…

Continue reading The FBI Identified a Tor User→

State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)

Posted on December 13, 2022 by Zeljka Zorz

An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) deployments, the US National Security Agency has warned. “Targeting Ci… Continue reading State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)→

NSA Over-surveillance

Posted on November 11, 2022 by Bruce Schneier

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans.
Given all we learned from … Continue reading NSA Over-surveillance→

NSA on Supply Chain Security

Posted on November 4, 2022 by Bruce Schneier

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“:

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities…

Continue reading NSA on Supply Chain Security→

Museum Exhibit Casually Reveals Upgrade of U.S. Nuke Launching System

Posted on October 17, 2022 by Matthew Gault

The process behind generating the nuclear biscuit was a secret for decades. Now it’s in a museum. Continue reading Museum Exhibit Casually Reveals Upgrade of U.S. Nuke Launching System→

Chinese-linked hackers targeted U.S. state legislature, researchers say

Posted on October 13, 2022 by AJ Vicens

Researchers with Symantec said the group that it has tracked for years has recently targeted government networks in the U.S. and Middle East.

The post Chinese-linked hackers targeted U.S. state legislature, researchers say appeared first on CyberScoop.

Continue reading Chinese-linked hackers targeted U.S. state legislature, researchers say→

NSA Employee Charged with Espionage

Posted on October 4, 2022 by Bruce Schneier

An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent).

It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent. It’s not clear how much of this was the employee’s idea, and whether he was goaded by the FBI agent. Still, hooray for not leaking NSA secrets to the Russians. (And, almost ten years after Snowden, do we still have this much trouble vetting people before giving them security clearances?)…

Continue reading NSA Employee Charged with Espionage→

A Response Guide for New NSA and CISA Vulnerabilities

Posted on September 15, 2022 by Mark Stone

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading. Many of the vulnerabilities in the report are […]

The post A Response Guide for New NSA and CISA Vulnerabilities appeared first on Security Intelligence.

Continue reading A Response Guide for New NSA and CISA Vulnerabilities→

Levels of Assurance for DoD Microelectronics

Posted on August 29, 2022 by Bruce Schneier

The NSA has has published criteria for evaluating levels of assurance required for DoD microelectronics.

The introductory report in a DoD microelectronics series outlines the process for determining levels of hardware assurance for systems and custom microelectronic components, which include application-specific integrated circuits (ASICs), field programmable gate arrays (FPGAs) and other devices containing reprogrammable digital logic.

The levels of hardware assurance are determined by the national impact caused by failure or subversion of the top-level system and the criticality of the component to that top-level system. The guidance helps programs acquire a better understanding of their system and components so that they can effectively mitigate against threats…

Continue reading Levels of Assurance for DoD Microelectronics→