News • Insights • Analysis
The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers. The two agencies say Read More …
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in Read More …
The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells. Web shells are one of today’s most popular forms Read More …
Three years and eight days ago, on April 14, 2017, a mysterious group of hackers known as the Shadow Brokers published a collection of hacking tools that ended up changing the internet forever. Known as the “Lost in Translation” dump, Read More …
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of Read More …
Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) Read More …
The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. TLSI (aka TLS break and inspect) is the process through which Read More …
In 2017, a mysterious group of hackers known as the Shadow Brokers published online a data dump called “Lost in Translation.” The data dump — believed to have been obtained from the US National Security Agency (NSA) — contained a Read More …
Both the US NSA and UK NCSC warn hackers are actively exploiting vulnerabilities in VPN products Both the US National Security Agency (NSA) and a GQHC agency in the United Kingdom have issued warnings about “multiple vulnerabilities in Virtual Private Network (VPN) Read More …
A medium severity bug reported on Saturday impacts Ghidra, a free, open-source software reverse-engineering tool released by the National Security Agency earlier this year. The vulnerability allows a remote attacker to compromise exposed systems, according to a NIST National Vulnerability Database description. Read More …
