Displaying items by tag: NSA

ANALYSIS A detailed security report from Microsoft somewhat predictably claims that 58% of state-sponsored network attacks in 2020-21 came from Russia.

Telecommunications company Telstra and networking hardware firm Cisco has entered into a five-year agreement to provide advanced connectivity management for IoT services.

Three former American intelligence operatives have agreed to pay a fine of US$1.685 million (A$2.3 million) as part of a deferred prosecution agreement that places conditions on their future employment, after they were found to be working for a hacking company that carried out operations for the UAE Government.

Global networking products manufacturer Juniper Networks in 2008 incorporated a flawed algorithm from the NSA in its NetScreen devices, even though the company was aware of the flaw that was suspected to provide a backdoor.

Promising its “compact indoor solution” delivers dedicated connectivity and capacity, it has a future-proofed modular design that supports both 4G and 5G networks in NSA or SA, with its secure plug and play solution based on a 5G-ready flexible design that “supports evolving consumer and small enterprise applications”.

The head of security firm Kaspersky's Global Research and Analysis Team, Costin Raiu, says in 2019 more than 70 security companies were given samples of malware that was created by the CIA.

The use of infrastructure based in the US by the attackers in the first stage of the SolarWinds supply chain compromise is one factor which has inhibited the investigation into the incident, as this meant it was effectively blocked from being pursued by the NSA, the security firm RiskIQ says.

Once more, the unsupported allegation that Chinese telecoms provider Huawei Technologies was up to no good in some country's network has been aired, this time, by the Guardian.

Microsoft has issued patches for four remotely-exploitable vulnerabilities in its Exchange Server product, a little more than a month after the company warned of four zero-day exploits being used to attack the application.

A former American intelligence analyst and member of the armed forces has pleaded guilty to illegally obtaining classified national defence information and giving it to a reporter.

Most people in the infosec industry are adamant that attribution is the most difficult part of the process, but Romanian security firm Bitdefender's Daniel Clayton is an exception. The vice-president of global services and support said this was not really the case.

Google has caused an anti-terrorist operation being run by a Western Government which is an ally of the US to be shut down by revealing details about the use of zero-day exploits in the campaign.

Industrial control systems security specialist Dragos has gained a well-known investor as it expands its presence in Australia and New Zealand, with former prime minister Malcolm Turnbull having ploughed some of his hard-earned into the firm.

Whenever one picks up a book with an eye to writing about it, one necessarily needs to know the subject matter therein. The recent book This Is How They Tell Me The World Ends — an ungrammatical title if anything — claims to be a book about the zero-day "industry" as per the author, Nicole Perlroth, a staff reporter for the New York Times, who covers cyber security. (I dislike that word "cyber" and will use infosec right through this piece.)

CIA-backed threat intelligence firm Recorded Future has issued a document in which it claims that a China-linked group named RedEcho is targeting the Indian power industry. That's the meaning from the headline which is very definitive.

Comments made by Microsoft president Brad Smith to the US Senate Select Committee on Intelligence, which held a hearing on the SolarWinds attacks last week, claiming that there is more security in the cloud than in on-premises servers, have met a tough response from former NSA hacker Jake Williams, who characterised them as having caused more harm to security than the SolarWinds attackers did in the first place.

A second case of NSA exploits being customised and used for attacks, before they were leaked on the Web by a group known as the Shadow Brokers in 2017, has come to light, this time following research by the Israel-based cyber security firm Check Point Research.

Claims that servers, built by US company Super Micro Computer — known as Supermicro — have been tampered with and found to be sending data to China for many years, have been aired again by the news agency Bloomberg, more than two years after it made similar claims that were short on proof.

UPDATED 11 February: Ex-NSA hacker and former owner of security company Immunity, Dave Aitel, has launched a fresh salvo of tweets against a book published by New York Times cyber security reporter Nicole Perlroth, after securing and reading a copy of the tome which was published on Tuesday US time.

Former NSA hacker and ex-owner of security company Immunity, Dave Aitel, has once again criticised New York Times' cyber security reporter Nicole Perlroth, claiming that nearly every detail in a piece the journalist wrote to promote an upcoming book of hers is wrong.