national security agency – Computer Security Articles

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

February 2, 2022 admin cve-2021-22947, cve-2021-36976, cve-2022-21846, cve-2022-21907, dustin childs, Exchange Server, http protocol stack, Latest Warnings, microsoft patch tuesday january 2022, national security agency, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Trend Micro, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Independent Krebs

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

January 13, 2020 admin anne neuberger, cert coordination center, cert-cc, crypt32.dll, microsoft, microsoft cryptoapi, national security agency, NSA, patch tuesday january 2020, Time to Patch, will dormann, windows

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 22:17:47 +0000

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

MalwareBytes Security

Backdoors are a security vulnerability

August 9, 2019 admin apple, Attorney General, backdoor, Clipper Chip, Department of Justice, encryption, FBI, golden key, google, iMessage, iOS 8, iPhone, lawful intercept, luggage, national security agency, NSA, privacy, signal, Transportation Security Administration, TSA, WhatsApp, William Barr

Credit to Author: David Ruiz| Date: Fri, 09 Aug 2019 16:10:27 +0000

Upset by their inability to access potentially vital evidence for criminal investigations, the federal government has, for years, pushed to convince tech companies to build backdoors that will, allegedly, only be used by law enforcement agencies. The problem, cybersecurity researchers say, is that those backdoors can easily be exploited by criminals.

Categories:

Privacy

Tags: Apple Attorney General backdoor Clipper Chip Department of Justice encryption fbi golden key Google iMessage iOS 8 iPhone lawful intercept luggage National Security Agency NSA signal Transportation Security Administration TSA whatsapp William Barr

(Read more…)

The post Backdoors are a security vulnerability appeared first on Malwarebytes Labs.

Independent Krebs

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

June 3, 2019 admin A Little Sunshine, Armor, Eternal Blue, gandcrab, Joe Stewart, microsoft windows, national security agency, PCRisk.com, Robbinhood ransomware, robinhkjn, The New York Times, Twitter, Valery

Credit to Author: BrianKrebs| Date: Tue, 04 Jun 2019 00:16:11 +0000

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.

MalwareBytes Security

A week in security (March 4 – 11)

March 11, 2019 admin apple, Baby Boomer, Baby Boomers, chrome, data privacy laws, dev-fuse, Gen Zed, Google Chrome, iPhone, machine learning, millennial, millennials, national security agency, NSA, ransom.troldesh, ransomware, RSA, RSA conference, Security world, shade, study, SURVEILLANCE, survey, Tim Apple, tim cook, Troldesh, Troldesh ransomware, ultrasound, ultrasound scanning, US data privacy laws, Verizon, Vulnerability, Week in security, Zero-Day, zombie email

Credit to Author: Malwarebytes Labs| Date: Mon, 11 Mar 2019 15:47:27 +0000

A roundup of cybersecurity news from March 4–11, including a Chrome zero-day, Labs’ data privacy report, news from RSA, and more.

Categories:

Tags: Apple Baby Boomer Baby Boomers chrome data privacy laws dev-fuse Gen Zed Google Chrome iPhone machine learning Millennial Millennials National Security Agency NSA ransom.troldesh ransomware RSA RSA Conference shade study surveillance survey Tim Apple Tim Cook Troldesh Troldesh ransomware ultrasound ultrasound scanning US data privacy laws Verizon vulnerability week in security zero day zombie email

(Read more…)

The post A week in security (March 4 – 11) appeared first on Malwarebytes Labs.

Independent Krebs

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

November 27, 2017 admin A Little Sunshine, Breadcrumbs, Central Security Service, Edward Snowden, Gennadiy Sidelnikov, Glen Sidelnikov, Goodfellow Air Force Base, Independent Software, InGuardians, Kaspersky Antivirus, kaspersky lab, Kishinev University, Lackland Air Force Base, Michael A. Pecoraro, Mike Poor, Nathan S. Heidbreder, national security agency, NSA hack, NSA-FTS32 USA, Operation Jeepflea Market, Rob Curtinseufert, Service Cryptologic Elements, Society for Worldwide Interbank Financial Telecommunication, SWIFT, tailored access operations, TAO, Texas Cryptologic Center, The Shadow Brokers

Credit to Author: BrianKrebs| Date: Mon, 27 Nov 2017 17:01:26 +0000

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

Independent Krebs

R.I.P. root9B? We Hardly Knew Ya!

November 15, 2017 admin Fancy Bear, national security agency, NSA, Other, root9B Holdings, root9B Technologies, RTNB, seekingalpha.com, Sofacy, tracker capital management llc

Credit to Author: BrianKrebs| Date: Wed, 15 Nov 2017 14:25:58 +0000

root9B, a company that many in the security industry considered little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year. Founded in 2011, Colorado Springs, Colo. based root9B Technologies touted itself as an IT security training firm staffed by an impressive list of ex-military leaders with many years of cybersecurity experience at the Department of Defense and National Security Agency (NSA). As it began to attract more attention from investors, root9B’s focus shifted to helping organizations hunt for cyber intruders within their networks.

Independent Krebs

R.I.P. root9B, We Hardly Knew Ya!

November 15, 2017 admin Fancy Bear, national security agency, NSA, Other, root9B Holdings, root9B Technologies, RTNB, seekingalpha.com, Sofacy, tracker capital management llc

Credit to Author: BrianKrebs| Date: Wed, 15 Nov 2017 14:25:58 +0000

← Previous