1004 matches found
Announcing the $12k NIST Elliptic Curves Seeds Bounty
The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in ear...
NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations
Today, the National Security Agency NSA and Cybersecurity and Infrastructure Security Agency CISA released a joint cybersecurity advisory CSA, NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large...
CISA and NSA Release New Guidance on Identity and Access Management
Today, CISA and the National Security Agency NSA published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework ESF, a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that...
NSA AI Security Center
The NSA is starting a new artificial intelligence security center: The AI security centers establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense...
New Revelations from the Snowden Documents
Jake Appelbaums PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything...
China Hacked Japan’s Military Networks
The NSA discovered the intrusion in 2020--we dont know how--and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on--plans, capabilities, assessments of military shortcomings, according to...
The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole'
The National Security Agency has urged top lawmakers to resist demands that it obtain warrants for sensitive data sold by data brokers...
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,...
Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia
In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and...
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...
Former TikTok exec: Chinese Communist Party had "God mode" entry to US data
A former executive at TikToks parent company ByteDance has claimed in court documents that the Chinese Communist Party CCP had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco...
Snowden Ten Years Later
In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...
Feeding Gophers to Ghidra
Feeding Gophers to Ghidra By Max Kersten · June 6, 2023 The scripts discussed in the article are based on the magnificent work of Dorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze these files without diving into a...
Feeding Gophers to Ghidra
Feeding Gophers to Ghidra By Trellix · June 6, 2023 This blog was written by Max Kersten The scripts discussed in the article are based on the magnificent work ofDorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze the...
Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own
On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians...
PUB-A-263783333
In TBD of TBD, there is a possible downgrade attack against cryptography in a 5G NSA network due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory CSA to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China PRC state-sponsored cyber actor, also known as Volt Typhoon...
NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI
The security issues raised by ChatGPT and similar tech are just beginning to emerge, but Rob Joyce says it’s time to prepare for what comes next...
APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre NCSC, the US National Security Agency NSA, US Cybersecurity and Infrastructure Security Agency CISA and US Federal Bureau of...
Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA
Proof-of-concept Poc code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency NSA and the U.K. National Cyber Security Centre NCSC reported to Microsoft last year. Tracked as CVE-2022-34689 CVSS score: 7.5, the spoofing...