The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban--­th...

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool's future in jeopardy...

Rockwell Automation FactoryTalk View Machine Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Microsoft shifts to a new threat actor naming taxonomy

April 19, 2023 update – We have published a JSON file mapping old threat actor names with their new names in the updated taxonomy, summarized here: https://aka.ms/threatactors. We also added hunting queries that Microsoft customers can use while transitioning to the new taxonomy. See the Resource...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 202...

The Opportunities—and Obstacles—for Women at NSA and Cyber Command

WIRED spoke with three women working in cybersecurity in the US intelligence community about the progress of recent years and the work that remains...

Michael Ellis as NSA General Counsel

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it. While important details remain unclear, media accounts include numerous...

Telos Automated Message Handling System contains multiple vulnerabilities

Overview Telos Automated Message Handling System AMHS contains multiple XSS vulnerabilities and a database information disclosure vulnerability. Description Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community IC security marking requirements. AMHS versions prio...

James Clapper: Lessons Learned in a Post-Snowden World

LAS VEGAS – The 2013 leaks by Edward Snowden highlight holes in the U.S. government around transparency and proactively dealing with insider threats, former national intelligence director James Clapper acknowledged. The U.S. intelligence community needs to be more transparent with the public, whi...

NSA on the Future of National Cybersecurity

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The firs...

What Past Whistle-Blowers Think of the Trump-Ukraine Complaint

Two former intelligence community whistle-blowers say the life of whoever wrote the Trump-Ukraine complaint has been permanently altered...

Read the Trump Whistleblower Complaint Right Here

A conversation between Donald Trump and Ukrainian president Volodymyr Zelensky sparked a detailed complaint from an intelligence community whistle-blower. Here it is...

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

Gray Day: My Undercover Mission To Expose America’s First Cyber Spy

Who is Eric O’Neill? Eric O’Neill serves as Carbon Black’s national security strategist where he is a thought leader on a wide range of issues including counterterrorism and national security matters. Prior to this, he was as an operative for the FBI, where he conducted national security field...

Russian Propaganda Talks on Capitol Hill Thrust Cyber Espionage into the Public Eye

Leading tech executives from Google, Facebook, and Twitter returned to Capitol Hill on Wednesday for a second day of testimony as senators from both sides of the aisle took the companies to task for allegedly failing to defuse Russia's attempt to sway American voters ahead of the 2016 presidentia...

Tracing Spam: Diet Pills from Beltway Bandits

Reading junk spam messages isn't exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here's the simple story of how a recent spam email advertising celebrity "diet pills" was traced back to a Washington, D.C.-area defense...

White House Approves New Rules for Sharing of Raw Intelligence Data

President Obama last week approved a change in the way the National Security Agency shares raw signals intelligence data with the rest of the U.S. intelligence community, a shift that privacy experts worry will erode the civil liberties of Americans. An unclassified document released by the Offic...

Yahoo Asks DNI to De-Classify Email Scanning Order

Yahoo continues to seek high ground with regard to public reports that last year it scanned user email messages in compliance with a classified government order. General counsel Ron Bell yesterday sent a letter to Director of National Intelligence James R. Clapper asking the government to confirm...