1004 matches found
US Cyber Command Operations During the 2022 Midterm Elections
The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organizations offensive cyber operations during the runup to the 2022 midterm elections. He didnt name names, of course: We did conduct operations persistently to make sure that our foreign adversaries...
CVE-2023-22671
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input...
CVE-2023-22671
Ghidra NSA: CVE-2023-22671 affects Ghidra/RuntimeScripts/Linux/support/launch.sh through 10.2.2. Root cause: user input is passed to eval inside launch.sh, enabling command injection when analyzeHeadless is invoked with untrusted input. Impact is high (command injection as per CVSS 3.1) with pote...
Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
The U.S. National Security Agency NSA on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller ADC and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518...
CVE-2022-27518
Unauthenticated remote arbitrary code execution...
Vulnerability fixed in Citrix Gateway and ADC
Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing
Today, the National Security Agency NSA, CISA, and the Office of the Director of National Intelligence ODNI, published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework ESF, a public-private cross-sector working group led by the NSA and CISA—present...
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Citrix has released security updates to address a critical vulnerability CVE-2022-27518 in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators...
Android is slowly mastering memory management vulnerabilities
Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follow...
NSA Over-surveillance
Here in 2022, we have a newly declassified 2016 Inspector General report--"Misuse of Sigint Systems"--about a 2013 NSA program that resulted in the unauthorized that is, illegal targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. Theres nothing really...
NSA on Supply Chain Security
The NSA together with CISA has published a long report on supply-chain security: "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.": Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code,...
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control C2 tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web interface in Simplified Chinese with remote administration features...
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
Summary This joint Cybersecurity Advisory CSA provides the top Common Vulnerabilities and Exposures CVEs used since 2020 by People’s Republic of China PRC state-sponsored cyber actors as assessed by the National Security Agency NSA, Cybersecurity and Infrastructure Security Agency CISA, and Feder...
Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors
CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA providing the top Common Vulnerabilities and Exposures CVEs used since 2020 by People’s Republic of China PRC state-sponsored cyber actors. PRC state-sponsored cybe...
NSA Employee Charged with Espionage
An ex-NSA employee has been charged with trying to sell classified data to the Russians but instead actually talking to an undercover FBI agent. Its a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks--which is weird in...
Microsoft Exchange Server Has a Zero-Day Problem
Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more...
CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense
CISA and the National Security Agency NSA have published a joint cybersecurity advisory about control system defense for operational technology OT and industrial control systems ICSs. Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators wit...
CISA and NSA Publish Open Radio Access Network Security Considerations
CISA and the National Security Agency NSA have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework ESF Open Radio Access Network RAN Working Panel, a subgroup within the cross-sector working group—assessed the benefits and securit...
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory CSA is the result of an analytic effort among t...