Category Archives: NSA

FT. MEADE, Md. --

October is National Cybersecurity Awareness Month (NCSAM), so we have been celebrating cybersecurity all month long!

The Science of Security (SoS) & Privacy program recently sponsored the Hot Topics in Science of Security (HoTSoS) Conference. This premier event brings NSA and other researchers together in an unclassified environment along with practitioners and thought leaders from government, industry, and academia, to discuss scientific foundations of cybersecurity.

HoTSoS was created as a public venue to grow and enhance the cybersecurity mission value from NSAs unclassified research engagements and partnerships with academia and private industry. While this year marked the 7th HoTSoS, it was the first to be held virtually and recorded the highest-ever attendance!

Originally scheduled to be held in-person this past spring at the University of Kansas, which is one of six universities in the country hosting a Lablet*, the HoTSoS conference was rescheduled to the fall. Ongoing COVID-19 restrictions led to reconfiguring the conference for virtual attendance and waiving registration fees for attendees. These changes, along with the new ability for participants to log in from the comfort of their homes, led to record participation.

Going virtual has had some benefits even as people missed face-to-face interactions, said Dr. Adam Tagert, SoS Technical Lead at NSA. Anyone interested could participate without a need to travel and payment of registration fees. This enabled far greater participation than in past years.

Key presentations at this years conference included: Public Trust in 5G (fifth generation wireless technology for digital cellular networks); Amazon Web Services (AWS) Amazons on-demand cloud computing platform; and Evaluating Fuzz Testing (techniques used to discover coding errors and security loopholes).

*What is a Lablet?

Funded by NSA, Lablets are small university laboratories that conduct cybersecurity research on a variety of topics ranging from governance of Big Data to Internet of Things security and predictions on the ability of hackers to compromise systems.

There are currently six universities hosting Lablets: Carnegie Mellon University, University of California, Berkeley (The International Computer Science Institute), University of Kansas, North Carolina State University, University of Illinois at Urbana-Champaign, and Vanderbilt University.

To support engagement with additional schools with wide-ranging cybersecurity researcher talent, the SoS team recently designated some schools from within the Ivy League, Historically Black Colleges/Universities (HBCUs), womens colleges, and military colleges as Associate Lablets. Although not funded by the agency, professors and students from Associate Lablets present and discuss research at SoS meetings and collaborate with NSA and Lablet researchers to solve the SoSs 5 Hard Cybersecurity Problems Scalability & Composability, Metrics, Human Behavior, Policy, and Resilient Architectures.

The 8th Annual HoTSoS Conference is scheduled for April 13-15, 2021. It will again be virtual and registration fees will be waived. Proposals for presentation are being accepted by the SoS team through January 8, 2021. Registration to attend the event will open early next year.

Visit https://sos-vo.org to learn how to engage with the SoS research program.

Read more here:
Science of Security's Annual Security Conference Goes Virtual and Gets Record Attendance - 62nd Airlift Wing

Text Size:A- A+

The US and India are seizing the moment with the 2+2 dialogue between their external affairs and defence ministers in the hope that the growing partnership will outlast a possible change in the US administration next week. But back here in South Asia, a visit by the head of Indias external intelligence agency, R&AW, to meet Prime Minister K.P. Oli of Nepal last week tells us interesting new things.

First things first, the person picked to break the ice with Nepal since the political row over Nepals map was the head of Research and Analysis Wing (R&AW) and not a political person. This speaks reams of the foreign policy power structure in New Delhi. Increasingly, it seems as if National Security Advisor Ajit Doval and his secretariat are asserting themselves in Indias neighbourhood, leaving large parts of the rest of the world the US, for example, and therefore the 2+2 dialogue to the responsibility of the Ministry of External Affairs (MEA).

Remember that Indias most difficult foreign policy question, the unsettled border with China, is run by Doval, who isIndias Special Representative on the boundary talks although, on Chinas side, foreign minister Wang Yi is his interlocutor.

Also read: Nepalese PM Oli faces flak for not visible Indian areas in tiny Dussehra greeting map

Interestingly, R&AW seems to have quite a few Nepal specialists. So, along with chief Samant Goel on the Nepal trip was Arun Jain, earlier posted there as an intelligence officer. In the MEA, however, several Nepal hands have moved on. Slowly, Vinay Kwatra, Indias newest ambassador to the Himalayan republic, who knows Modi better than most diplomats having served as his unofficial interpreter in the early years, is getting to know this hugely complex and multi-layered country.He is now believed to be meeting all the players, who his predecessor had pointedly ignored.

Its not been easy. The last several years have been shaped by one folly or another. First, New Delhi decided to support the Madhesis in their fight towards egalitarianism, which led to the informal blockade of goods, thereby upsetting the Kathmandu elite. When then-Foreign Secretary S. Jaishankar visited Nepal at the time, seeking to broadbase the Constitution, he was roundly snubbed, including by the erstwhile pro-India president Ram Baran Yadav. Oli went on to decisively win the elections on an anti-India platform.

Alongside, the Rashtriya Swayamsevak Sangh (RSS) tried to run the Nepal policy, because the country remains a Hindu-majority republic, but it soon burnt its fingers too. After the 2017 election in Nepal, New Delhi swallowed its pride and reached out to Oli but tilted so much in his direction that it forgot that in a democracy other key players co-exist and play equally important, balancing roles.

So the Nepali Congress whose early democratic aspirations were forged in the hot plains of India as well as the Madhesi leaders, who until recently had been the darlings of Delhi, were pretty much ignored. Calls werent returned. Old friends first turned indifferent, then hostile. Oli, of course, was not above manipulating New Delhi.

Meanwhile, in the flush of its romance with Donald Trump in the US, roller-coaster ties with China and the race to the bottom with the Pakistan relationship India, sort of, forgot Nepal. Indias diplomats have become so used to being feted in Western capitals or enjoy its cushy comforts, that prickly nations like Nepal are almost shunned.

That, of course, suited the Chinese just fine. As Chinas ambassador Hou Yanqi feted the Kathmandu elite, India stared at the vast abyss of lost ground. And when the Chinese made aggressive moves into Ladakh, Army chief M.M. Naravane responded with an undiplomatic statement of his own.

Also read: R&AW chief on hurricane tour to Nepal, to meet PM Oli as trouble brews in ruling party

It is in this context of India trying to make amends that the Samant Goel visit to Nepal should be seen. Nevertheless, the question remains: Why was Goel picked to go to Nepal and not a political personality? If Jaishankar was busy with 2+2 and China, couldnt someone else be sent? Theres an entire Cabinet of options.

The circumstances of Goels visit are equally intriguing. The man took an Indian Air Force special aircraft to Kathmandu, an unsual act bound to attract notice. Then there was that splashy, public landing in the broad light of day at Kathmandus Tribhuvan airport, in full glare of Nepals intrepid reporters.

Its not as if R&AW chiefs have never taken special aircraft to Kathmandu, or that they havent met its top political leadership not accompanied by the ambassador remember, Vinay Kwatra was in Delhi when Goel was in Kathmandu, preparing the Army chief for his own November visit to Kathmandu, where he will be honoured with the rank of General in the Nepal army. When a R&AW chief wants to do anything secretly, lets be clear, he isnt leaving a trail of crumbs in his wake.

Of course, the story got leaked. Probably someone wanted the story leaked, so as to send several messages, to Oli, the Nepali political elite and opposition as well as to the foreign policy elite back home in India.

Also read: New Delhi must warn Oli govt. Allowing China to use Nepal for anti-India activities has costs

The message to Oli is that New Delhi is well aware of his attempts to fan anti-India rhetoric by unilaterally redrawing an international map that expands Nepals borders into Indian territory. The message is also that India is not going to accept the move, even if the Chinese fete him or anyone else all the way to Beijing.

Goels meeting with Baburam Bhattarai is a second message to Oli no one should forget that Bhattarai, a former JNU student and avowed Communist, lived incognito in Delhi for many years until the repressive monarchy in Nepal gave way to the JanAndolan in 2006 and he returned home a victor.

The message to the Indian foreign policy establishment is that NSA Doval is in charge. That PM Modi wants the Nepal relationship fixed, so Doval and his boysare rising to the occasion.

But lets stop here and smell the coffee. All of the above may read very well in spy thrillers, except for one small fact: Indias very public move of showing the mirror to Oli can backfire. The Nepal PM has given himself several leases of life by successfully playing the anti-India card, but at the same time publicly greeting PM Modi on Independence Day and most recently on Dussehra with a greeting card that did not have the new map printed on it.

If the Samant Goel trip succeeds, then NSA Doval would have pulled off a risky manoeuvre. If not, New Delhi would do well to dwell, as winter closes in, on why its losing its neighbourhood. One aggressive neighbour (China) has taken territory, another (Pakistan)continues with its proxy war, a third (Bangladesh)is upset with the Citizenship (Amendment) Act, and a fourth (Nepal) is playing the Indian establishment like a tanpura.

Soon, spring will come. Soon, like Bihar, which is next door to Nepal, America will have a new administration. Question is, does India have a plan?

Views are personal.

This article has been updated to correct the news about the R&AW chief meeting Nepals opposition leader Baburam Bhattarai.

Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism

The rest is here:
Why NSA Doval and his men are asserting themselves in Nepal, rather than MEA - ThePrint

Text Size:A- A+

New Delhi: If India senses a threat, it will surely fight, on our soil and on foreign soil, National Security Adviser Ajit Doval has said.

Addressing a function at Rishikesh-based Parmarth Niketan ashram Saturday, Doval sought to discuss Indias policy towards threats to national security.

In a video clip of the address, posted to the ashrams Facebook page, he is heard saying, You said we have never attacked There are views about it, that if there was danger from somewhere, we should have done it to save the country it is important

It is not necessary that we only fight where you want to, but where the threat originates, he adds. Doval then says India fights where we feel the threat is coming.

We have never done it for selfish reasons. We will surely fight, on our soil and on foreign soil, but not for our personal interests. But in the interests of parmarth (spirituality), he says.

As the remarks come amid Indias border stand-off with China, some media reports sought to portray Dovals statement as a warning to Beijing.

However, ANI quoted government officials as saying that the NSA was speaking purely in a civilisational and spiritual context and was not referring to any country or specific situation.

Also Read: Why has Indias China policy been such a failure? Question New Delhis assumptions first

In other parts of his address at the ashram, the NSA described India as a civilisation state not based on any religion, language or sect, saying its foundation is based on its culture.

Seers (rishis and munis) founded the nation (rashtra) exclusive of the state (rajya) of India, he said.

We dont protect the nation, we secure the state. State (rajya) has definite boundaries. The nation (rashtra) is safeguarded by those who founded it. It is founded by you, he added, addressing the spiritual leaders at the ashram.

Even if the state is not around, the nation will continue to be there, he added.

You fight with spirituality, he said.

Also Read: Lesson from Ladakh India & China were both rising together until China just raced away

Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism

Read the original:
Will fight on foreign soil if there is a threat, says NSA Ajit Doval at Rishikesh ashram - ThePrint

As like so many others, the National Sheep Association (NSA) was bitterly disappointed to cancel its much enjoyed Sheep Events this summer; so with renewed enthusiasm, the association is now proceeding with plans for its line up of spring and summer 2021 events.

The NSA 2021 diary of events is already looking full with the main regional events: NSA Welsh Sheep; NSA Scotsheep; NSA North Sheep; NSA Sheep South West; and NSA Sheep Northern Ireland all set to take place between May and July offering visitors a much needed day out meeting with fellow sheep farmers and industry experts. Bookings for events will now open very soon.

NSA chief executive Phil Stocker commented:

Of course we were left with no choice but to cancel our 2020 events. Now, despite some uncertainty of the situation we will find ourselves in next year, we must proceed with optimism that our line-up of events will be able to take place once again next year.

As an organisation that acts as the voice of the UKs sheep sector, a sector likely to be considerably affected in 2021 by our imminent departure from Europe, there will never be a more important time for us to be able to meet with members and colleagues face to face to discuss the changes upon us and the steps needed for our industry to move forward into a new era for the countrys farmers.

We sincerely hope that the ongoing Covid-19 pandemic will have subsided sufficiently to allow this to happen.

The NSA is formed of nine regions that each have involvement with or organise their own regional sheep event for members residing in that area.

As business-to-business events, NSA Sheep Events offer visitors opportunity to hear from industry leaders in informative seminars, take part in practical workshops and discuss an array of products both new and existing with sheep farming trade stands.

RELATED STORIES

See the rest here:
NSA Sheep Events look forward to 2021 with enthusiasm and hope - Agriland.co.uk

NATIONAL SHEEP Association has said that its hopes are high for 2021, with a full diary of events in preparation.

With the main regional events; NSA Welsh Sheep, NSA Scotsheep, NSA North Sheep, NSA Sheep South West and NSA Sheep Northern Ireland all set to take place between May and July, the association is hoping to offer visitors a much needed day out meeting with fellow sheep farmers and industry experts. Bookings for these events will open very soon.

NSA chief executive Phil Stocker said: Of course we were left with no choice but to cancel our 2020 events. Now, despite some uncertainty of the situation we will find ourselves in next year, we must proceed with optimism that our line-up of events will be able to take place once again next year.

As an organisation that acts as the voice of the UKs sheep sector, a sector likely to be considerably affected in 2021 by our imminent departure from Europe, there will never be a more important time for us to be able to meet with members and colleagues face to face to discuss the changes upon us and the steps needed for our industry to move forward into a new era for the countrys farmers. We sincerely hope that the ongoing Covid-19 pandemic will have subsided sufficiently to allow this to happen.

NSA is formed of nine regions that each have involvement with or organise their own regional sheep event for members residing in that area. As business to business events, NSA sheep events offer visitors opportunity to hear from industry leaders in informative seminars, take part in practical workshops, discuss an array of products both new and existing with sheep farming trade stands, view competitions and much more.

NSA sheep events are planned for 2021 at the following dates and locations:

Up to date information on all events can be found on the NSA website. It is anticipated that event trade and breed society bookings will open from Monday, November 2, for exhibitors to secure their place at the 2021 events. All measures will be put in place to ensure events will be Covid safe and operate to current government guidance on the day.

Original post:
National Sheep Association looks forward to 2021 - The Scottish Farmer

On a day when RSS chief Mohan Bhagwat talked about China "encroaching" on Indian soil, a video of National Security Advisor Ajit Doval has surfaced in which he can be purportedly seen and heard asserting India's capability to fight on its own soil as well as on foreign soil.

In the video, uploaded on the Facebook page of a Rishikesh-based ashram called Parmarth Niketan, Doval can be seen sharing space with the head of the ashram, Chidanand Saraswati. The video is dated October 24 and titled Special Ashtami and Navami Navaratri Pujan and Ganga Aarti.

"You said that we have never attacked," Doval purportedly says to Saraswati. "There are views about it, that if there was danger from somewhere, we should have done it. To save the country is essential. But that we will fight only where you want to fight is not necessary.

In what could be read as a warning to China, the NSA indicated that response from India could be at a place and time of Indias choosing. We never became aggressors to serve our personal interests. We will surely fight, on our soil as well as on foreign soil, but not for our personal interests. But in the interests of Parmarth [spirituality], Doval said.

The video featuring the NSA talking about taking on China has surfaced the same day when RSS chief Bhagwat talked about China encroaching on Indian soil and being stunned by Indias response.

Ours is a civilisation state. It is not based on any religion, language or sect. What cannot be seen, what is the foundation of this nation is its culture, Doval says, complementing the spiritual leaders for keeping it alive.

Praising rishis and munis, Doval says they founded the nation of India which was separate from the state of India. We dont safeguard the nation, we secure the state. State has definite boundaries. The nation is safeguarded by those who found it. It is founded by people like you, Doval can be heard telling Chidanand Saraswati.

The soul of the Indian nation has been sparked by rishis and munis, and sages like you. If the nation was not there, then there would have been no state. Even if the state is not around, the nation will continue to be, Doval says in the video.

He said that India was the only civilisation that continued to remain alive for thousands of years despite coming under attack by foreign aggressors. Doval said that the Persian civilisation was finished after one attack, as was the Egyptian civilisation.

Addressing the head of Parmarth Niketan, the National Security Advisor said, The talent and skills [we have] are not difficult to learn. They take timeWe can only give our lives. We fight for physical things, with physical things. Only you can fight with spirituality.

Continued here:
Will Fight Even on Foreign Soil to Protect India: Video of NSA Dovals Chat With Ashram Head Surf... - News18

Written by Kaunain Sheriff M | New Delhi | Updated: October 25, 2020 7:14:37 amThe Indian Express investigation, China is Watching, was published in September.

Referring to revelations in a series of investigative reports by The Indian Express and other global publications on how a private technology firm in Shenzhen, with links to the Chinese government and Communist Party of China (CPC) uses big data tools for hybrid warfare, a top US Security official has said that the Chinese foreign ministry handles a United Front, which includes powerful tech firms that gather intelligence to influence private citizens overseas.

Pointing to the database of Zhenhua Data, which targets individuals and institutions in politics, government, business, technology, media, and civil society, US Deputy National Security Advisor Matt Pottinger has said that the CPC is compiling digital dossiers on millions of foreign citizens around the world, with the aid of new tools of digital surveillance.

Pottinger made the remarks from White House on Thursday during a video conference hosted by Policy Exchange in London.

The Indian Express, using big-data tools, investigated metadata from Zhenhuas operations to extract Indian entities from the massive dump of log files that constituted what the company called Overseas Key Information Database (OKIDB). The investigation, published in September, had revealed the firm is monitoring over 10,000 Indian individuals, including President Ram Nath Kovind, Prime Minister Narendra Modi, Congress president Sonia Gandhi and their families.

The exposure last month of a Chinese database on at least 2.4 million people around the world, including many of us on this call, speaks to the Partys (CPCs) sheer ambition to wed traditional Leninist techniques with powerful new tools of digital surveillance, Pottinger said.

He claimed Chinas United Front Work system is handled by the countrys foreign ministry and gathers intelligence about, and works to influence, private citizens overseas. He said, The focus is on foreign elites and the organizations they run. Think of a United Front worker as a cross between an intelligence collector, a propagandist, and a psychologist.

Pottinger said while Zhenhua isnt a particularly large or sophisticated actor in the United Front world, it may even be acting opportunistically, because it thinks the Party will reward it.

He said, Far more powerful tech firms, including famous Chinese app developers, play a much bigger role in this kind of work. The dossiers Zhenhua is compiling include people in virtually every country, no matter how small. They include members of royal families and members of Parliament, judges and clerks, tech mavens and budding entrepreneurs, four-star admirals and crew members of warships, professors and think-tankers, and national and local officials. They also include children, who are fair game under Beijings rules of political warfare. No one is too prominent or too obscure.

Pottinger said the United Front Work is a serious business, and the focus is on foreign elites and organisations they run. He said, the United Front Work Department alone has four times as many cadres as the US State Department has foreign-service officers.the United Front gathers intelligence about, and works to influence, private citizens overseas.

Read The Indian Express investigative series China is Watching

The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest India News, download Indian Express App.

The Indian Express (P) Ltd

Original post:
China govt uses United Front to gather intel on citizens abroad, says US dy NSA - The Indian Express

In a long (long) portrait dedicated to the NSA and US Cyber Command boss General Paul Nakasone, Wired revealed that in two years, it authorized more cyber attacks than before. NSA since its inception.

The NSA has long monitored and spied on its targets abroad. Wired describes how he did not initiate what would become his cyber command responsible for defending American systems and attacking his adversaries and enemies until 2009. Russia had indeed entered its classified computer network and disconnected from the Internet, possibly via a broken USB key.

Nakasone was then appointed as the head of a group nicknamed the Four Horsemen (four horsemen including a woman), who were responsible for explaining what the NSAs Cyberdefense Division would be, but raising it from 100 to 2000 Also for cyber fighters.

Unlike France, which refuses to attribute the attacks that identify the countries launching them and does not officially recognize its offensive computer warfare (LIO) operations, Nakasone was convinced that it It was necessary to communicate. Wanting to leave the private sector to join their units, not only to gain more resources and powers from the authorities, but to create hackers, and finally to demonstrate their expertise to reject their rivals.

Launched in 2010, USCYBERCOM today has more than 6,000 cyber-fighters, in addition to 38,000 and 20,000 private intelligence contractors working for the NSA.

Here is the original post:
How the NSA built its offensive computer warfare unit - The Market Mail

The National Security Agency issued an advisory warning that adversaries connected to China are targeting national security systems and noted specific areas and vulnerabilities defenders should focus on based on tactics theyve recently observed.

We hear loud and clear that it can be hard to prioritize patching and mitigation efforts, NSA Cybersecurity Director Anne Neuberger said in a press release Tuesday. We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.

Government officials at the Cybersecurity and Infrastructure Security Agency and the FBI have previously called attention to the use of known vulnerabilities by China and other actors. NSA officials hope that specifically calling out the tactic as one of state-sponsored adversaries from China will spur target organizations to do whats necessary to protect themselves.

We are releasing this now to emphasize the importance of mitigating these [Common Vulnerability Enumerations], Neuberger said in a statement to Nextgov. "While these vulnerabilities are already public, theyre still being successfully leveraged by malicious cyber actors, highlighting the need for [national security systems, Department of Defenseand defense industrial base] system owners and the broader community to take action.

Among 25 vulnerabilities NSA described, seven of them could be used to gain remote access to internal systems, making them priorities for mitigation.

Remote access systems serve as gateways from the internet into internal networks, often offering immediate, highly privileged access to attackers, according to an infographic the NSA released with the advisory.

Lower in the risk profile, but with just as many vulnerabilities, was a category of weaknesses that could be used to exploit internal servers. These servers typically house an organizations intellectual property or other crown jewels.

Other vulnerabilities listed could be used to exploit mobile device managementby distributing malicious apps, for example; access to directories to elevate or otherwise manipulate credentials; public facing servers, which could allow attackers to pivot to internal networks by getting around web authentications; user workstations to establish a base for further exploration; and network devices, which can be used to inject malicious links in network traffic.

Many of the vulnerabilities listed can be used to gain initial access to victim networks by exploiting products that are directly accessible from the Internet. Other vulnerabilities enable further exploitation of a network once cyber actors have a presence within the network, reads an NSA factsheet on the advisory. Exploiting a combination of these vulnerabilities can be particularly effective for cyber actors and problematic for network defenders.

Some of the vulnerabilities come with tailored mitigations, but generally, the NSAs first piece of advice is to apply patches for systems or products as soon as possible after theyre released.

However, the NSA notes, defenders should expect that data stolen or modified (including credentials, accounts, and software) before the device was patched will not be alleviated by patching. This is where it would be good to change passwords and review account access, the advisory said.

The NSA said organizations should also disable external management capabilities and set up an out-of-band management network; block obsolete or unused protocols at the network edge and disable them in device configurations; isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network; and enable robust logging of Internet-facing services and monitor the logs for signs of compromise.

Originally posted here:
NSA Warns China Is Targeting Flaws in U.S. National Security Systems - Nextgov

The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities, alerting IT professionals to 25 vulnerabilities that Chinese state-sponsored hackers are using against U.S. businesses that can be exploited to gain initial access to victim networks using products that are directly accessible from the internet and act as gateways to internal networks. The Advisory is designed to share information with security professionals to urge them to update systems to protect against the attacks.

According to the notice, [W]e hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.

The 25 vulnerabilities can be accessed here:

The Advisory further provides general mitigation steps that companies can employ:

The vulnerabilities are listed in detail in the Advisory and companies may wish to confirm that all of the vulnerabilities listed have been patched on their systems.

[View source.]

Go here to read the rest:
NSA Issues List of Vulnerabilities Used by Chinese Backed Hackers - JD Supra