Sept. 21, 2023

GEN Nakasone Offers Insight into Future of Cybersecurity and SIGINT

GEN Paul M. Nakasone, Commander of U.S. Cyber Command (USCYBERCOM), Director of NSA, and Chief of the Central Security Service (CSS), offered insight into what the future of cybersecurity and signals intelligence may look like during a conference in Washington earlier this month.

Sept. 12, 2023

NSA, U.S. Federal Agencies Advise on Deepfake Threats

The National Security Agency (NSA) and U.S. federal agency partners have issued new advice on a synthetic media threat known as deepfakes. This emerging threat could present a cybersecurity challenge for National Security Systems (NSS), the Department of Defense (DoD), and DIB organizations.

Aug. 31, 2023

Government Agencies Report New Russian Malware Targets Ukrainian Military

U.S. federal agencies and international partners published a report warning of a new malware campaign from Russian military cyber actors known publicly as Sandworm.

Aug. 21, 2023

Post-Quantum Cryptography: CISA, NIST, and NSA Recommend How to Prepare Now

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) warned that cyber actors could target our nation’s most sensitive information now and leverage future quantum computing technology to break traditional non-quantum-resistant cryptographic algorithms. This could be particularly devastating to sensitive information with long-term secrecy requirements.

Aug. 3, 2023

CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022

The “2022 Top Routinely Exploited Vulnerabilities” CSA provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors who continue targeting unpatched systems and applications – all known vulnerabilities from 2017 to 2022 that have not been mitigated.

Aug. 2, 2023

NSA Releases Guide to Harden Cisco Next Generation Firewalls

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR) “Cisco Firepower Hardening Guide,” to assist network and system administrators with configuring these next generation firewalls (NGFWs).

July 27, 2023

New Cybersecurity Advisory Warns About Web Application Vulnerabilities

The National Security Agency (NSA) has partnered with U.S. and international cyber agencies to release the Cybersecurity Advisory (CSA), “Preventing Web Application Access Control Abuse,” warning that vulnerabilities in web applications, including application programming interfaces (APIs), can allow malicious actors to manipulate and access sensitive data.

June 28, 2023

NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are publicly releasing a Cybersecurity Information Sheet (CSI) - “Defending Continuous Integration/Continuous Delivery (CI/CD) Environments” to provide recommendations for integrating security best practices into typical software development and operations (DevOps) CI/CD environments. The agencies encourage organizations to use the best practices to harden their CI/CD cloud deployments.

June 22, 2023

NSA Releases Guide to Mitigate BlackLotus Threat

To guide system administrators and network defenders on how to mitigate this threat, the National Security Agency (NSA) is publicly releasing the “BlackLotus Mitigation Guide” Cybersecurity Information Sheet (CSI). The guide provides an overview of recommended actions to detect and prevent malicious activities associated with BlackLotus.

June 14, 2023

NSA and CISA Release Guide To Protect Baseboard Management Controllers

Organizations need to take action to secure servers with Baseboard management controllers (BMCs). To assist network defenders in this, NSA and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released the Cybersecurity Information Sheet, “Harden Baseboard Management Controllers.” The guidance includes recommendations and mitigations for network defenders to secure their systems.