Oct. 4, 2022

NSA, CISA, FBI Warn of Custom Exfiltration Tools Being Used Against Defense Industrial Base Organization

FORT MEADE, Md. — The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI released a Cybersecurity Advisory today that details the tactics, techniques and procedures (TTPs) that likely multiple advanced persistent threat (APT) groups recently used to steal sensitive information from a Defense Industrial Base organization.

Sept. 22, 2022

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory today that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.

Sept. 7, 2022

NSA Releases Future Quantum-Resistant (QR) Algorithm Requirements for National Security Systems

The National Security Agency (NSA) released the “Announcing Commercial National Security Algorithm Suite 2.0” (CNSA 2.0) Cybersecurity Advisory (CSA) today to notify National Security Systems (NSS) owners, operators and vendors of the future quantum-resistant (QR) algorithms requirements for NSS — networks that contain classified information or are otherwise critical to military and intelligence activities.

May 17, 2022

NSA, Allies Issue Cybersecurity Advisory on Weaknesses that Allow Initial Access

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI, along with allied nations, published a Cybersecurity Advisory today to raise awareness about the poor security configurations, weak controls and other poor network hygiene practices malicious cyber actors use to gain initial access to a victim’s system.

May 11, 2022

NSA, Partners Issue Guidance to Secure Managed Service Providers, Their Customers

In anticipation of increased malicious cyber targeting of managed service providers (MSPs), NSA joined cybersecurity authorities from the U.S., Australia, Canada, New Zealand, and the United Kingdom to release the “Protecting Against Cyber Threats to Managed Service Providers and their Customers” Cybersecurity Advisory.

May 10, 2022

NSA Issues Recommendations to Protect VSAT Communications

The National Security Agency (NSA) updated its Cybersecurity Advisory (CSA)today for securing very small aperture terminal (VSAT) networks, “Protecting VSAT Communications.” The advisory aims to help organizations understand how communications may be at risk of compromise and how they can act to reduce risk.

April 27, 2022

CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory on the top 15 common vulnerabilities and exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

April 20, 2022

CISA, FBI, NSA, and International Partners Issue Advisory on Demonstrated Threats and Capabilities of Russian State-Sponsored and Cyber Criminal Actors

WASHINGTON – The United States and allied cybersecurity authorities issued a joint Cybersecurity Advisory today on the increased threat of Russian cyber groups targeting critical infrastructure that could impact organizations both within and beyond the Ukraine region. The Cybersecurity and Infrastructure Security Agency (CISA) authored “Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure” in partnership with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), and with contributions from industry members of CISA’s Joint Cyber Defense Collaborative.

April 13, 2022

NSA partners with DOE, CISA, and FBI to release advisory on APT Cyber Tools Targeting ICS/SCADA devices

FORT MEADE, Md. — The Department of Energy (DOE), along with the Cybersecurity and Infrastructure Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), issued a joint cybersecurity advisory, “APT Cyber Tools Targeting ICS/SCADA Devices,” to warn that certain advanced persistent threat (APT) actors have the capability to gain full system access to multiple industrial control system/supervisory control and data acquisition (ICS/SCADA) devices.

Feb. 17, 2022

NSA Publishes Best Practices for Selecting Cisco Password Types

The National Security Agency published guidance today to help administrators secure network infrastructure devices and their credentials. The “Cisco Password Types: Best Practices” Cybersecurity Information Sheet analyzes Cisco’s wide variety of password encryption and hashing schemes to secure passwords stored in configuration files. NSA provides recommendations based on each password type and best practices to help administrators secure sensitive credentials.