Page 11234..1020..»

Category Archives: NSA

NSA fears quantum computing surprise: ‘If this black swan event happens, then we’re really screwed’ – Washington Times

Posted: March 27, 2024 at 1:09 am

A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.

The National Security Agency fears a quantum computing breakthrough by Americas adversaries would jeopardize the security of the global economy and allow foes to peer inside top-secret communications systems.

The agencys concern is that an unforeseen advance in quantum technology would crack encryption systems used to protect everything from financial transactions to sensitive communications involving nuclear weapons, according to NSA Director of Research Gil Herrera.

Speaking at an Intelligence and National Security Alliance event last week, Mr. Herrera said no country has a quantum computer that he would consider useful yet.

He said there are a lot of teams around the world building with different technologies and someone could achieve a development representing a black swan event, an extremely unexpected occurrence with profound and dangerous consequences for U.S. national security.

If this black swan event happens, then were really screwed, Mr. Herrera said.

Americans could suffer consequences from such a quantum leap in several ways. Mr. Herrera said the world economy, and the U.S. market in particular, are vulnerable because most financial transactions are secured by encryption systems that cant be cracked by non-quantum means.

If quantum tech weakens or eliminates such encryption walls, then financial institutions may have to resort to older transaction methods and banks would look for other means to protect their dealings with other banks, according to Mr. Herrera.

And, he warned, other industries may be even less resilient in the face of the threat. Mr. Herrera said the threat of a quantum computer is not limited to its immediate potential damage, but to the fallout from obtaining encrypted information that was previously recorded.

Drawing on his decades of experience at Sandia National Laboratories, Mr. Herrera said a quantum advance may be able to help people find information on weapons systems that have been in the U.S. arsenal for a significant period of time.

There are ways that we can communicate with our various partners in nuclear weapon production where public key encryption is utilized to share keys, Mr. Herrera said. And now, what if somebodys recorded that information and they crack it?

Details on foreign adversaries advanced computing capabilities are closely guarded, Federal policymakers are worried in particular about Chinas efforts to achieve computing breakthroughs.

Reflecting on supercomputers at a House Armed Services Committee hearing last year, Rep. Morgan Luttrell said he worried Beijing may have already surpassed the U.S. in its supercomputing prowess.

China should have on board or online another computer that would have trumped us and pushed us back some, the Texas Republican said at the March 2023 hearing. So the amount of money theyre spending in that space as compared to us would make me think that theyre ahead of us.

Retired Gen. Paul Nakasone, then in charge of U.S. Cyber Command, cautioned Mr. Luttrell against assuming that outspending America would guarantee an adversarys technological success.

Spending money doesnt necessarily mean that youre the best in what you do and being able to integrate that kind of capability is what really matters, Gen. Nakasone said at the hearing. So being able to take the intelligence, integrate it within maneuver force to have an outcome is where I clearly see United States has the lead.

But experts agree that quantum computing breakthroughs would dramatically outdo existing supercomputers. The NSA is not waiting to find out.

Mr. Herrera said the NSA believes the algorithms it is deploying will withstand a quantum attack.

One thing NSA has done about it is we actually started research in quantum-resistant algorithms not too long after we started funding academic programs to come up with what a quantum computer would look like, Mr. Herrera said. So we have a lot of maturity within the NSA, we have been deploying quantum-resistant encryption in certain key national security applications for a while now.

Efforts to better understand the quantum capabilities of Americas adversaries are underway as well. The congressionally chartered U.S.-China Economic and Security Review Commission is scrutinizing the communist countrys push to transform its military through the application of quantum and emerging technologies to its weapons systems and logistics.

Last month, the commission conducted a hearing that included an examination of Chinas quest for teleportation technology.

Read the original here:
NSA fears quantum computing surprise: 'If this black swan event happens, then we're really screwed' - Washington Times

Posted in NSA | Comments Off on NSA fears quantum computing surprise: ‘If this black swan event happens, then we’re really screwed’ – Washington Times

The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge – WIRED

Posted: at 1:09 am

Electrical engineer Gilbert Herrera was appointed research director of the US National Security Agency in late 2021, just as an AI revolution was brewing inside the US tech industry.

The NSA, sometimes jokingly said to stand for No Such Agency, has long hired top math and computer science talent. Its technical leaders have been early and avid users of advanced computing and AI. And yet when Herrera spoke with me by phone about the implications of the latest AI boom from NSA headquarters in Fort Meade, Maryland, it seemed that, like many others, the agency has been stunned by the recent success of the large language models behind ChatGPT and other hit AI products. The conversation has been lightly edited for clarity and length.

Gilbert HerreraCourtesy of National Security Agency

How big of a surprise was the ChatGPT moment to the NSA?

Oh, I thought your first question was going to be what did the NSA learn from the Ark of the Covenant? Thats been a recurring one since about 1939. Id love to tell you, but I cant.

What I think everybody learned from the ChatGPT moment is that if you throw enough data and enough computing resources at AI, these emergent properties appear.

The NSA really views artificial intelligence as at the frontier of a long history of using automation to perform our missions with computing. AI has long been viewed as ways that we could operate smarter and faster and at scale. And so we've been involved in research leading to this moment for well over 20 years.

Large language models have been around long before generative pretrained (GPT) models. But this ChatGPT momentonce you could ask it to write a joke, or once you can engage in a conversationthat really differentiates it from other work that we and others have done.

The NSA and its counterparts among US allies have occasionally developed important technologies before anyone else but kept it a secret, like public key cryptography in the 1970s. Did the same thing perhaps happen with large language models?

At the NSA we couldnt have created these big transformer models, because we could not use the data. We cannot use US citizens data. Another thing is the budget. I listened to a podcast where someone shared a Microsoft earnings call, and they said they were spending $10 billion a quarter on platform costs. [The total US intelligence budget in 2023 was $100 billion.]

It really has to be people that have enough money for capital investment that is tens of billions and [who] have access to the kind of data that can produce these emergent properties. And so it really is the hyperscalers [largest cloud companies] and potentially governments that don't care about personal privacy, don't have to follow personal privacy laws, and don't have an issue with stealing data. And Ill leave it to your imagination as to who that may be.

Doesnt that put the NSAand the United Statesat a disadvantage in intelligence gathering and processing?

II'll push back a little bit: It doesn't put us at a big disadvantage. We kind of need to work around it, and Ill come to that.

It's not a huge disadvantage for our responsibility, which is dealing with nation-state targets. If you look at other applications, it may make it more difficult for some of our colleagues that deal with domestic intelligence. But the intelligence community is going to need to find a path to using commercial language models and respecting privacy and personal liberties. [The NSA is prohibited from collecting domestic intelligence, although multiple whistleblowers have warned that it does scoop up US data.]

See the original post here:
The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge - WIRED

Posted in NSA | Comments Off on The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge – WIRED

Five ways to implement zero-trust based on NSA’s latest guidance – SC Media

Posted: at 1:09 am

Organizations across all industries experienced a surge of ransomware attacks last year as cybercriminals extracted $1.1 billion in payments from victims. To thwart these bad actors and improve network security, the National Security Agency (NSA) released a new cybersecurity information sheet: Advancing Zero-Trust Maturity Throughout the Network and Environment Pillar.

As the creator of zero-trust, Im pleased to see the NSAs document emphasizes a paramount, yet frequently overlooked element of zero-trust security: segmentation.

I have long advocated that segmentation stands as the fundamental essence of zero-trust. However, in recent years, there has been a noticeable tilt toward the Identity pillar of zero-trust, leaving network security controls vulnerable both on-premises and in the cloud.

As the attack surface expands and the digital landscape grows increasingly interconnected, segmentation of on-premise networks, cloud, multi-cloud, and hybrid environments becomes imperative for organizations to fortify resilience and establish enduring zero-trust architectures.

The NSA also recognizes the importance of "data flow mapping." Flow mapping has been a focal point of my zero-trust advocacy since its early days. Understanding system interconnections is essential for successfully architecting zero-trust environments.

NSAs document also underscores the significance of network security technologies in establishing a zero-trust environment. Organizations, whether on-premise or in various cloud environments have largely overlooked the importance of network security controls. I think of network security as the cornerstone of zero-trust, particularly in combating ransomware attacks that jeopardize essential services and disrupt everyday life.

The NSA has reaffirmed this pivotal role of network security, finally granting zero-trust segmentation (ZTS) the recognition it deserves. This guidance should help organizations comprehend the importance of the Network pillar within zero-trust and encourage them to pursue network security technologies as they progress toward implementing a zero-trust architecture.

As global connectivity grows, the attack surface expands. Thats why its imperative for organizations to delineate, map, and fortify their most critical Protect Surfaces within their zero-trust environments.

I hope the NSAs recommendations convince more organizations to implement zero-trust as they cope with the ever-changing cybersecurity landscape. These zero-trust principles have become mainstream across various industries and organizations of different sizes. As cyber threats evolve, more companies will recognize the need to implement a zero-trust approach to protect their digital assets.

Here are my recommendations for how to implement zero-trust effectively:

I commend the NSA for issuing its latest guidance because its a significant endorsement of the effectiveness and significance of ZTS, offering invaluable guidance for organizations seeking to fortify their cyber resilience amid the ever-changing threat landscape. Its impossible to prevent all cyberattacks, but implementing a zero-trust model will significantly reduce the potential damage and strengthen any organizations security posture.

John Kindervag, chief evangelist, Illumio

See original here:
Five ways to implement zero-trust based on NSA's latest guidance - SC Media

Posted in NSA | Comments Off on Five ways to implement zero-trust based on NSA’s latest guidance – SC Media

Intel analyst shared classified information on Discord, investigators say – The Washington Post

Posted: at 1:09 am

An Air Force intelligence analyst is alleged to have shared classified U.S. intelligence on the chat platform Discord with followers of an anti-government extremist group, according to an FBI affidavit that was unsealed this week.

Investigators said that analyst Jason Gray shared information that he likely obtained from his access to National Security Agency intelligence while he served at a base in Alaska, according to the affidavit, which was dated November 2022 and accompanied a search warrant for a Discord account that Gray said he operated.

At the time the FBI sought the warrant, Gray had already admitted to Air Force investigators that he had created a Facebook group for supporters of the loosely organized, anti-government Boogaloo movement, whose followers anticipate a second U.S. civil war. Gray, whom investigators described as unhappy with his military career, participated in several pro-Boogaloo Discord channels and shared the classified NSA intelligence with seven other individuals, possibly in furtherance of the Boogaloo ideology, the affidavit stated.

Grays case bears striking similarities to another leak of highly classified intelligence on Discord by an Air Force National Guard member, Jack Teixeira, who worked in an intelligence unit in Massachusetts that is similar to the one in which Gray worked in Alaska. Both men were in their 20s, active on Discord, espoused anti-government views and had access to huge amounts of classified information given the nature of their jobs. Teixeira also harbored conspiracy theories about law enforcement and joked with friends about killing federal agents.

Teixeira was a computer support technician who copied large amounts of classified material and shared it with friends on the Discord platform from 2022 until 2023. Subsequent investigations have shown that military officials had no idea Teixeira was removing classified information from the sensitive facility where he worked at Otis Air National Guard Base in Cape Cod, Mass. His leaks only came to public attention when classified documents that he had shared with friends began spreading across the internet in early 2023.

Teixeira has pleaded guilty and is expected to receive a prison sentence of 11 to 16 years in the wake of what officials describe as one of the biggest leaks of classified information in a decade.

It wasnt immediately clear if investigators initially suspected Gray of sharing classified information on Discord when he consented to let them examine his account. But given that he had been discovered months before Teixeira was arrested, the incident raises questions about what the Defense Department knew about personnel who were able to share highly guarded government secrets on a chat platform.

An investigation by the Air Force inspector general found that Teixeiras supervisors knew he was looking at classified information that had nothing to do with his job and failed to stop him. Working late at night with practically no supervision, Teixeira was able to copy classified information by hand or print out documents and remove them from his workplace, the inspector general found.

Like Teixeira, Gray allegedly shared images on Discord showing firearms he possessed. A separate FBI affidavit stated that agents discovered photographs uploaded on Grays account that appeared to show guns equipped with silencer or destructive devices, including one that showed someone matching the appearance of Gray brandishing a firearm that appears to be equipped with a silencer. Federal law requires silencers and similar devices to be registered, but the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) had no record of Gray doing so, the affidavit said.

Teixeira was able to take advantage of Discords data retention policies, which automatically render most material impossible to recover upon deletion, to remove a record of some of his activity on the platform. It is unclear what if anything Gray deleted from Discord before authorities accessed his account.

It also was not immediately clear if the Air Force conducted an investigation into the security protocols at Joint Base Elmendorf-Richardson, in Anchorage, where Gray was assigned and worked for an office of the National Security Agency, which collects electronic information and conducts computer network surveillance around the world.

Gray was never charged with sharing the classified information and appears to have disclosed far less than Teixeira. The FBI affidavit described the information only as an image that appeared to be classified. The affidavit does not say whether the suspected classified information was originally contained in an image that Gray uploaded, or if Gray photographed it himself and subsequently shared it.

Based on court records, in the course of investigating Gray for possession of classified material, authorities discovered a large amount of child pornography on his personal devices. He pleaded guilty to distributing child pornography and received a 60-month prison sentence.

Officials at the Alaska air base didnt respond to a request for comment. A public defender who represented Gray declined to comment. Grays plea agreement with the Justice Department doesnt indicate whether he faced potential charges at some point for leaking classified information.

A spokesperson for Discord said in a statement to The Washington Post that the company cooperated with the law enforcement investigation once notified, including by producing data that was lawfully requested.

The sharing of classified documents poses a significant, complex challenge for Discord as it does for any online platform, the statement continued, noting that only government personnel can determine what material is actually classified. And currently, there is no structured process for the government to communicate their determinations to online platforms.

Discord prohibits using the platform for illegal activity, which includes the unauthorized disclosure of classified documents, the statement added.

The Boogaloo ideology allegedly embraced by Gray has fueled a string of crimes, including the murder by a former Air Force Sergeant of a guard at a federal courthouse in Oakland, Calif. In June 2020, Facebook banned hundreds of accounts, pages and groups associated with the movement. The same month, Discord banned a large server affiliated with Boogaloo adherents following a report by VICE News.

Grays Facebook group was one of several that adopted the names and logos of news outlets, part of the movements trolling campaign against journalists and the mainstream media, but presumably also a way to disguise the groups activities from content monitors.

The private group, called CNN Journalist Support Group, first appeared after Facebooks June ban, and contained about 2,200 members, according to screenshots recorded by researchers with the Tech Transparency Project. Katie Paul, director of the TTP, said that in the summer of 2020 the organization sent the FBI records it had documented from the group.

This is an extremist movement that was born online and facilitated the behavior of otherwise lone wolfs, Paul said. Facebook was the central organizing hub, she said, but users also shifted conversations to other platforms, including Discord.

Grays former wife, Brieayna Geib, said she recalled his involvement with a Facebook group and the Boogaloo scene.

He was kicked off Facebook, she said.

Gray was assigned to the 301st Intelligence Squadron at Joint Base Elmendorf-Richardson in February 2021, according to court filings. He later told Air Force investigators that he grew disgruntled with his posting. Geib said she lived with Gray for part of the time he was stationed in Alaska. Gray first drew the attention of investigators in late 2022, Geib said.

In November 2022, the FBI searched Grays desktop computer, finding what appeared to be child sexual abuse images. A search of Grays phone showed he had exchanged child sexual abuse material with another user on the chat app Kik, according to a criminal complaint.

The Post reviewed messages that appeared under an account, notimeforlife, on a pornographic website. Some mentioned the same Kik account, donttacoboutit, that authorities alleged Gray used to share and discuss child sexual abuse material. The website hosts nonconsensual pornographic material, which victims have struggled to have removed, and posts with descriptions of rape and violent fantasies targeting women and girls.

Hannah Allam and Devlin Barrett contributed to this report.

Excerpt from:
Intel analyst shared classified information on Discord, investigators say - The Washington Post

Posted in NSA | Comments Off on Intel analyst shared classified information on Discord, investigators say – The Washington Post

Rob Joyce leaving NSA at the end of March – CyberScoop

Posted: February 24, 2024 at 12:01 pm

Rob Joyce, the veteran National Security Agency official, is retiring at the end of March after 34 years at the spy agency, leaving the federal government without one of its most experienced cybersecurity experts going into a critical election year and amid warnings that China is carrying out unprecedented cyber operations against U.S. critical infrastructure.

In recent years, Joyce has established himself as an unusually public-facing official at the historically secretive NSA. In his current role as head of the agencys Cybersecurity Directorate, Joyce has pushed a spy agency once known as No Such Agency to improve intelligence-sharing on cyberthreats and better collaborate with critical infrastructure providers and industry.

Robs leadership of the agencys critical cybersecurity mission has been exemplary, NSA Director General Timothy D. Haugh said in a statement. His vision and development of the CSD team and its capacities ensures that NSAs cybersecurity mission is healthy and will continue to be successful in protecting our allies and national systems well into the future.

David Luber, deputy director of the CSD and a 36-year NSA veteran, will take over for Joyce.

At a 2022 CyberScoop event in Washington, Joyce spoke about the need for the NSA to shift away from its historical secrecy and instead make available the insights about what we know without putting at risk how we know it. Thats really an inflection point that lets us get to more prolific, more extensive and more closely sharing for operational outcomes.

It doesnt do anybody any good if we know a thing and dont do something, Joyce continued. Doing is really the focus in the cybersecurity area. And if youve got secrets and understanding and you dont operationalize those, they dont count.

Joyce spoke frequently in recent years about the threats that Chinese hackers posed to the U.S., particularly with regard to critical infrastructure.

During an appearance last month at the International Conference on Cyber Security at Fordham University, however, Joyce sounded a relatively optimistic note on how the NSA and other agencies have successfully leveraged artificial intelligence and machine learning to better combat Chinese hacking operations that might have previously side-stepped the more tried-and-true defensive approaches.

Joyce joined the NSA in 1989 and served in multiple roles over his nearly three and a half decades at Fort Meade. He led the agencys elite hacking unit Tailored Access Operations between 2013 and 2017. During the Trump administration, he served a stint in the White House as a senior cybersecurity advisor before returning to the NSA, including as a special liaison officer at the U.S. Embassy in London.

I am honored to have served for over 34 years at the National Security Agency, Joyce said in a statement. It has been a privilege to lead the nations most talented and dedicated team of cybersecurity professionals. Making a difference in the security of the nation is truly an honor.

Read more from the original source:
Rob Joyce leaving NSA at the end of March - CyberScoop

Posted in NSA | Comments Off on Rob Joyce leaving NSA at the end of March – CyberScoop

NSA cyber director to step down after 34 years of service – Nextgov/FCW

Posted: at 12:01 pm

NSA Cybersecurity Director Rob Joyce will retire at the end of March after 34 years of service, the agency announced Tuesday.

Joyce has led NSAs Cybersecurity Directorate since 2021, working with other government and intelligence community officials on protecting U.S. critical infrastructure and other key assets amid ever growing fears about nation-state cyber threats. David Luber, the Cybersecurity Directorates second-in-command, will take his place.

An outspoken agency official who would often engage with members of the media about the state of play in cyber policy, he played a critical role in crafting a Trump-era executive order that worked to establish a greater accountability culture among U.S. cybersecurity and IT leaders.

I am honored to have served for over 34 years at the National Security Agency, Joyce said in a written announcement. It has been a privilege to lead the nations most talented and dedicated team of cybersecurity professionals. Making a difference in the security of the nation is truly an honor.

His departure comes at a time when American security officials are on high alert with a presidential election looming in November, as well as several warnings issued by NSA and other intelligence partners this year on the complex attempts from hackers backed by China, Russia and others seeking to sabotage U.S. infrastructure and other centralized economic systems.

The news also comes as the NSA and other intelligence community partners are urging Congress to reauthorize a controversial spying power known as Section 702 that the agency argues is an absolute necessity for U.S. national security, with the tool reportedly having been recently used to detect emerging Russian nuclear capabilities in space.

Joyce has also frequently warned of hackers attempts to leverage new and emerging technologies, like generative artificial intelligence chatbots that researchers have said can help enhance or optimize malware deployment.

Before CSD, Joyce worked in London as NSAs cytological policy lead and held positions in the National Security Council, serving as a cybersecurity coordinator to the Oval Office between 2017 and 2018. Between 2013 and 2017, he led the clandestine Tailored Access Operations unit within NSA responsible for foreign cyber warfare and intelligence gathering operations.

Robs leadership of the agencys critical cybersecurity mission has been exemplary, NSA and Cyber Command leader Gen. Timothy Haugh said. His vision and development of the CSD team and its capacities ensures that NSAs cybersecurity mission is healthy and will continue to be successful in protecting our allies and national systems well into the future.

Link:
NSA cyber director to step down after 34 years of service - Nextgov/FCW

Posted in NSA | Comments Off on NSA cyber director to step down after 34 years of service – Nextgov/FCW

Payday dispute prompts maintenance worker walkout at NSA Naples – Stars and Stripes

Posted: at 12:01 pm

Maintenance workers wave flags and slow traffic outside Naval Support Activity Naples' Support Site location Feb. 21, 2024, to protest the base's landlord. They say the company, Mirabella, does not pay them on time. Mirabella officials say they've paid the employees in accordance with the terms of their contract. (Alison Bath/Stars and Stripes)

NAPLES, Italy Workers responsible for maintaining sailor housing and other facilities at Naval Support Activity Naples protested Wednesday, saying they are getting their paychecks late from the Italian company that functions as the bases landlord.

About a dozen of the employees demonstrating outside the bases Support Site main gate said Mirabella habitually varies the date it gives them their wages.

The uncertainty of not knowing when they will receive their money causes hardship when it comes to paying bills and feeding their families, said Antonio Turino, a maintenance worker at the base.

He added that the workers were not here against the Americans but simply wanted to draw attention to their plight.

A Mirabella spokesman disputed the workers account, saying that wages consistently have been paid to employees according to their contract for at least the last five years.

The disagreement arises from a notification Mirabella recently gave to the union representing the workers that they would be paid on Feb. 22, said Armando Marino, managing director for Mirabella.

That notification came within the time prescribed by the contract, which allows the company to pay employees as many as two days before or after the stipulated payday on the 20th of each month.

For example, workers were paid last month on Jan. 18, Marino said.

We are not upset with the workers, but we do not understand the real reason they are doing this, he said.

Mirabella owns and manages the Support Site, which includes the bases housing, schools, hospital, commissary, and other facilities and services. The company employs about 125 workers on the site represented by three unions.

The smallest of those, Confederazione Unitaria di Base, or CUB, represents 16 workers involved in Wednesdays protest, according to Mirabella. CUB representatives vowed to continue the rally on Thursday.

Base officials opened a back gate Wednesday to ease any traffic congestion caused by the protest and will continue to monitor for safety, said Lt. j.g. Cody Milam, a spokesman for NSA Naples.

NSA Naples is the home of U.S. 6th Fleet and Naval Region Europe, Africa, Central as well as other Navy commands located at the bases Capodichino site, adjacent to Naples International Airport.

Its about 14 miles south of the Support Site and managed by the Navy.

Read more from the original source:
Payday dispute prompts maintenance worker walkout at NSA Naples - Stars and Stripes

Posted in NSA | Comments Off on Payday dispute prompts maintenance worker walkout at NSA Naples – Stars and Stripes

Cyber Security Headlines: Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your … – CISO Series

Posted: January 30, 2024 at 10:27 pm

Microsoft Teams takes another hit

Adding to Microsofts recent woes, on the heels of the outage on Friday that we reported on yesterday, the company has now faced yet another outage. Thats two outages across North and South America in the last three days. Microsoft confirmed that Mondays outage impacted users in North America, Canada, and Brazil, with customers experiencing connectivity issues or delays in sending and receiving messages. As of this recording, Microsoft released a statement on their X account (formerly known as Twitter), stating they are actively monitoring the situation, but all internal service telemetry is healthy.

(Bleeping Computer), Microsofts X Account

Schneider Electric continues to grapple with the aftermath of a ransomware breach that targeted their sustainability business division earlier this month. The energy management and automation giant fell victim to a Cactus ransomware attack, reportedly resulting in the theft of terabytes of corporate data. According to Bleeping Computer, the ransomware gang is now attempting to extort the company by threatening to leak the stolen data.

In a statement provided to Bleeping Computer, Schneider Electric confirmed the attack and clarified that only one division of the company was impacted., No word on whether the company plans to negotiate with the ransomware group. Customers of the sustainability business division include Clorox, DHL, Hilton, and Walmart.

(Bleeping Computer)

The U.S. National Security Agency (NSA) wants to know what websites and apps Americans are using. The agency has acknowledged purchasing internet browsing records without the need for a court order, as revealed in a statement from Senator Ron Wyden, a member of the Senate Intelligence Committee. In a letter to the Director of National Intelligence, Wyden stated, The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans privacy are not just unethical but also illegal. In response, the NSA stated that they are taking steps to minimize the collection of U.S. person information.

(Hacker News, Wyden Release)

The IT software firm Ivanti is officially one week behind schedule in releasing critical zero-day patches, and this delay is just the beginning. Weve been covering this story since early January when researchers at Volexity discovered a Chinese government-backed hacking team exploiting two zero-day vulnerabilities in Ivanti. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive, setting a deadline for federal agencies to deploy fixes by January 22nd. However, Ivanti has confirmed that the release of patches will be delayed. Ivanti now aims to release some patches next week for Ivanti Connect Secure (versions 9.1R17x, 9.1R18x, 22.4R2x, and 22.5R1.1), Ivanti Policy Secure (versions 9.1R17x, 9.1R18x, and 22.5R1x), and ZTA version 22.6R1x. Additional patches are still expected to be released on a staggered schedule, but the timing of those releases remains unclear.

(Security Week)

Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization.

Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk.

To learn more, go to vanta.com/ciso and watch their 3-minute product demo.

Three former Department of Homeland Security (DHS) employees have been sentenced for conspiring to steal proprietary software and sensitive law-enforcement databases from the U.S. government for commercial use. According to court documents, the stolen information included sensitive law-enforcement data and personally identifiable information of over 200,000 federal employees. The three individuals charged are Charles K. Edwards, former Acting Inspector General of the DHS Office of Inspector General, who received a 1.5-year prison sentence; Sonal Patel and Murali Y. Venkata, both from the DHS-OIGs information technology department, were sentenced to 2 years of probation and 4 months in prison, respectively. The trio had planned to use the stolen data to create a commercial software product for sale to other government agencies.

(Bleeping Computer), (U.S. Department of Justice)

SolarWinds is dismissing the SECs fraud charges against the company as unfounded as they are unprecedented. We of course, all remember that 18,000 organizations were impacted by the supply chain attack, ranging from major entities like Microsoft and Intel to government agencies such as the Pentagon and Treasury. In the aftermath, the SEC filed a lawsuit against SolarWinds, alleging the company and its CISO misled investors about their security practices. SolarWinds has filed a motion to dismiss the lawsuit, with a representative for the company telling The Register that SolarWinds took the proper steps when disclosing the incident. The company claims the SECs lawsuit is an attempt to force companies to disclose internal details about their cybersecurity programs. As of this recording, the SEC has not responded to The Registers request for comment.

(The Register)

Ukraines agency for Prisoners of War faced a weekend denial-of-service (DDoS) attack. According to The Record, the agency works with families of military personnel who were captured or missing and negotiates prison exchanges and the return of bodies of fallen soldiers. Access to the website has since been restored, the state agency claims the attack aimed at suppressing information on a planned prisoner exchange. While the hackers behind the attack have not been identified, the agency has accused Moscow as retribution for a recent Russian transportation crash.

(The Record)

Scammers beware. The FBI is warning about a government impersonation scam that is primarily targeting seniors. According to the FBI, from May to December 2023 this scam cost victims over $55 million dollars. The fraudulent scheme consists of instructing victims to liquidate their assets into cash and/or buy gold, silver, or other precious metals. Once completed, the scammers would send couriers to retrieve the items from the victim with the promise they would be put into a secure account. Needless to say, those items were never seen again.

(Federal Bureau of Investigations)

Here is the original post:
Cyber Security Headlines: Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your ... - CISO Series

Posted in NSA | Comments Off on Cyber Security Headlines: Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your … – CISO Series

India now cooperating with Nijjar probe: Canada’s NSA – IndiaTimes

Posted: at 10:27 pm

NEW DELHI: Claiming an "evolution" in India's position on Canadian probe into the killing of Khalistan separatist Hardeep Singh Nijjar, Prime Minister Justin Trudeau's NSA Jody Thomas said India is now cooperating with the investigations and her discussions with her counterpart Ajit Doval on the issue had proved fruitful, allowing things to move forward. However, while she spoke about importance of bringing the guilty to justice, Thomas also underscored the significance of ties between the two countries, saying Canada's ability to work in Indo-Pacific depends on having a healthy relationship with India.

Nijjar killing: India is actively cooperating with Canada in investigation, says PM Justin Trudeau's aide

"My discussions with my counterpart in India have been fruitful and I think they have moved things forward," she said, while calling Indian cooperation an evolution because India had been dismissive of allegations initially. When asked if this evolution was spurred on by the US Pannun case, she said the two were connected for sure. "The US judicial system is different from ours. They have sealed indictments the way we don't. They were investigating a conspiracy and we are investigating a murder. The information they revealed supported our position and our assertions with India," said Thomas. The official, however, underlined the significance of bilateral ties with India and the need for the two countries to work together in the Indo-Pacific. "We think it's important that we resolve what happened to a Canadian citizen but we have to have people to people ties. We have a huge diaspora. We have to have a trade relationship. Our ability to function in the Indo-Pacific does rely on having a healthy relationship with India and we are working back towards it," Thomas added.

Link:
India now cooperating with Nijjar probe: Canada's NSA - IndiaTimes

Posted in NSA | Comments Off on India now cooperating with Nijjar probe: Canada’s NSA – IndiaTimes

Readout of NSA Jake Sullivan’s Meetings with PM Srettha and DPM/FM Parnpree – US Embassy in Thailand – USEmbassy.gov

Posted: at 10:27 pm

Readout of National Security Advisor Jake Sullivans Meetings with the Prime Minister of the Kingdom of Thailand Srettha Thavisin and Deputy Prime Minister/Foreign Minister Parnpree Bahiddha-Nukara

National Security Advisor Jake Sullivan met today in Bangkok, Thailand with Prime Minister Srettha Thavisin of Thailand. He also met with Deputy Prime Minister/Foreign Minister Parnpree Bahiddha-Nukara. Mr. Sullivan reaffirmed the importance of the U.S.-Thailand treaty alliance and partnership, and discussed opportunities to strengthen cooperation across a range of bilateral and global issues. Mr.Sullivan emphasized U.S. commitment to expanding collaboration on trade and investment, accelerating the transition to a clean energy future, deepening our people-to-people ties, and broadening our security cooperation as we promote a free and open Indo-Pacific. Mr. Sullivan affirmed the United States unwavering commitment to ASEAN centrality, and welcomed the United States engagement with Thailand in ASEAN settings. The two sides also discussed the importance of democracy, human rights, and ensuring all citizens can freely participate in the political process.

Mr. Sullivan also discussed regional and global issues, including efforts to address the worsening crisis in Burma. They discussed the importance of providing humanitarian assistance to the people of Burma, and welcomed efforts to advance meaningful implementation of the ASEAN Five Point Consensus.Mr. Sullivan also emphasized U.S. commitment to secure the release of all remaining hostages held by Hamas. Mr. Sullivan welcomed plans to increase the pace of high-level U.S.-Thai engagement, including through the U.S.-Thailand Strategic and Defense Dialogue in February, through which U.S. and Thai officials will build on our 190 years of bilateral relations to further strengthen our alliance and partnership.

###

By U.S. Mission Thailand | 26 January, 2024 | Topics: News, U.S. & Thailand

Original post:
Readout of NSA Jake Sullivan's Meetings with PM Srettha and DPM/FM Parnpree - US Embassy in Thailand - USEmbassy.gov

Posted in NSA | Comments Off on Readout of NSA Jake Sullivan’s Meetings with PM Srettha and DPM/FM Parnpree – US Embassy in Thailand – USEmbassy.gov

Page 11234..1020..»