Chinese hackers cloned attack tool belonging to NSA’s Equation Group

Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of Read More …

NSA Recommends How Enterprises Can Securely Adopt Encrypted DNS

The National Security Agency released a cybersecurity product, “Adopting Encrypted DNS in Enterprise Environments,” Thursday explaining the benefits and risks of adopting the encrypted domain name system (DNS) protocol, DNS over HTTPs (DoH), in enterprise environments. The release provides solutions Read More …

US government formally blames Russia for SolarWinds hack

Four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, have released a joint statement today formally accusing the Russian government of orchestrating the SolarWinds supply chain attack. US officials said that “an Advanced Persistent Threat (APT) actor, Read More …

NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability

The US National Security Agency has published a security alert today urging companies to update VMWare products for a vulnerability that is currently exploited by “Russian state-sponsored malicious cyber actors.” The vulnerability tracked as CVE-2020-4006, impacts VMWare endpoint and identity Read More …

NSA: Top 25 vulnerabilities actively abused by Chinese hackers

The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of targeted attacks by Chinese state-sponsored Read More …

Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601

Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) Read More …

Intelligence Agencies Warn Of Flaw With VPN Products

Both the US NSA and UK NCSC warn hackers are actively exploiting vulnerabilities in VPN products Both the US National Security Agency (NSA) and a GQHC agency in the United Kingdom have issued warnings about “multiple vulnerabilities in Virtual Private Network (VPN) Read More …