Displaying items by tag: NSA

The Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI and "international partners" have jointly published a guide that details best practices for defence against cyber attacks perpetrated by Chinese state actors.

A state-level actor, suspected to be from Russia and known as APT28 or Forest Blizzard, has been using malware known as GooseEgg to exploit a vulnerability within the Windows Print Spooler service.

The director of the Australian Strategic Policy Institute, a lobby group for big tech and foreign agencies, claims that China's alleged targeting of the agency "should be of concern to all Australians".

Security firm Malwarebytes has been one of the few companies or individuals that refused to swallow a bogus report about three million smart toothbrushes being used in a DDoS attack.

What has the Australian Government achieved by placing sanctions on Russian attacker Aleksandr Ermakov for allegedly being the main person behind the intrusion into health insurer Medibank?

COMPANY NEWS: The world has changed considerably in the last 12 months.

China has resurrected charges that go back more than a decade, accusing the NSA of hacking into the servers of telecommunications equipment vendor Huawei Technologies from 2009 onwards.

A pro-government Chinese newspaper claims malicious software, that appears to be from US intelligence agencies, has been discovered during a probe into an attack on the Wuhan Earthquake Monitoring Centre which is affiliated to the city's Emergency Management Bureau.

Three days after reports of the Google-owned VirusTotal database leaking subscriber information surfaced, its tech lead Emiliano Martinez has apologised for the incident.

A Google-owned virus information database has leaked a list of its users, the German weekly news magazine Der Spiegel reports, adding that among the 5600 names are NSA employees and employees of German intelligence services.

A British journalist who has, in the past, blown the whistle on WikiLeaks' own ethical lapses, claims the US Department of Justice and the FBI are leaning on his fellow scribes to back the prosecution of WikiLeaks founder and publisher Julian Assange.

Apple has issued fixes for two flaws in its iOS and iPadOS operating systems that were used to attack employees of Russian cyber security firm Kaspersky.

Russian cyber security firm Kaspersky has revealed it has been hit by an attack that injects spyware into iPhones used by its employees, an attack that has been going on since 2019 and has been named Operation Triangulation.

It's highly unusual for any American website to write about the downsides posed by using Microsoft's innumerable products. One could extend that to tech sites in toto (iTWire is an exception: 1,2.).

COMPANY NEWS: Aqua Security, the pioneer in cloud native security, today announced that Aqua Trivy, the world’s most popular unified security scanner, now provides full compliance scanning for CIS Kubernetes Benchmarks. With one comprehensive tool for security and compliance scanning, companies can eliminate friction and more confidently build and maintain secure cloud native applications.

From time to time, people from Microsoft come up with stupid takes to divert attention from the fact that the products put out by their company are full of security holes. The tech world is chock-full of spin and Microsoft is not reluctant to indulge in it.

Nine vulnerabilities in Microsoft products were among the top 15 routinely exploited flaws in 2021 listed by government security agencies in the Five Eyes countries.

Security firm Mandiant says it has not mentioned any zero-day exploit usage by Western government agencies in a report about incidents in 2021 because it did not find any exploits which it could identify with reasonable confidence as coming from these sources.

Patching of vulnerabilities is the security industry's equivalent of thoughts and prayers, a prominent American security expert has said during a debate on the topic "Patching is useless" at a recent online conference named Hack At The Harbor.

Microsoft has issued patches for 117 CVEs in its April Patch Tuesday release, with nine rated critical and 108 as important, the most it has ever released for a single month since September 2020. Included among these were two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the NSA.