CISA: CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide . “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools.”
NSA: NSA Releases Guidance on How to Protect Against Software Memory Safety Issues. “The National Security Agency (NSA) published guidance today to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of exploitable vulnerabilities.”
Daily Beast: Congress Eyeing ‘Dumpster Fire’ of Hate Talk in Spy Agency Chat Rooms. “The House and Senate intelligence oversight committees are looking into hate speech that has flourished in spy agency chat rooms over the past five years, spokespersons there tell SpyTalk. The House Armed Services Committee is also ‘aware of these allegations and we are working with the relevant agencies to assess the claim,’ said Caleb H. Randall-Bodman, the panel’s spokesman.”
CBS News: NSA warns of new cyberattacks by Russian military hackers. “A notorious hacking team backed by the Russian government has been exploiting a serious flaw in commonly used email software, the National Security Agency (NSA) warned Thursday, issuing a rare advisory that publicly attributed attempts to utilize the software flaw to a nation-state actor.”
Wired: Inside the NSA’s Secret Tool for Mapping Your Social Network. “IN THE SUMMER of 2013, I spent my days sifting through the most extensive archive of top-secret files that had ever reached the hands of an American journalist. In a spectacular act of transgression against the National Security Agency, where he worked as a contractor, Edward Snowden had transmitted tens of thousands of classified documents to me, the columnist Glenn Greenwald, and the documentary filmmaker Laura Poitras. One of those documents, the first to be made public in June 2013, revealed that the NSA was tracking billions of telephone calls made by Americans inside the US. The program became notorious, but its full story has not been told.”
Techdirt: NSA Blew $100 Million On Phone Records Over Five Years, Generated Exactly One Usable Lead. “The telephone metadata program the NSA finally put out to pasture in 2019 was apparently well past its expiration date. Since the initial Snowden leak in 2013, critics have argued the program needed to die since it was obviously the sort of general warrant rummaging (only without the warrant!) the founding fathers headed off with the Fourth Amendment.”
Techdirt: FBI Asks Congress To Permanently Reauthorize The Phone Record Collection The NSA Voluntarily Shut Down. “The NSA may not need the phone records collection but it appears the FBI thinks it does. The easiest way for Congress to codify the program’s shut down would be to let it expire at the end of this year. FBI Director Chris Wray is hoping to prevent a do-nothing Congress from doing nothing and letting the clock run out on the metadata collection.”
New York Times: I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution. . “The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges. If anything, we run the risk of thinking too conventionally about the future. The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time for the National Security Agency, Central Intelligence Agency, National Geospatial-Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation and the other components of the intelligence community.”
CNET: Trump administration reportedly wants to extend NSA phone surveillance program. “The Trump administration has reportedly asked Congress to permanently reauthorize all provisions of the USA Freedom Act, including a controversial National Security Agency program that collects and analyzes records on millions of Americans’ calls and texts in an attempt to thwart terrorists.”
TechCrunch: NSA says warrantless searches of Americans’ data rose in 2018. “The intelligence community’s annual transparency report revealed a spike in the number of warrantless searches of Americans’ data in 2018. The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28 percent rise in the number of targeted search terms used to query massive databases of collected Americans’ communications.”
CNET: NSA reportedly recommends retiring phone surveillance program. “The National Security Agency has recommended the White House abandon a controversial program that collects and analyzes data on millions of Americans’ domestic calls and texts, The Wall Street Journal reported Wednesday.”
Engadget: US could soon end mass phone surveillance program exposed by Snowden. “The US government might put an end to the controversial NSA phone surveillance program Edward Snowden exposed by the end of 2019. Republican congressional national security adviser Luke Murry revealed during a Lawfare podcast that Congress might not renew the USA Freedom Act, which authorizes the agency’s call data bulk collection, when it expires later this year. He also said that the NSA hasn’t even been using the system for the past six months, putting into question the agency’s previous claim that data collection is vital to national security.”
CBR: The NSA to Release a Free Software Reverse Engineering Toolkit. “The US’s National Security Agency (NSA) is releasing a software reverse engineering tool for free public use in March, in an unusual step – although the tool had already been leaked by Wikileaks as part of its Vault 7 batch of CIA leaks.”
TechCrunch: Hackers are using leaked NSA hacking tools to quietly hijack thousands of computers . “More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable. First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.”
Ars Technica: Unpatched systems at big companies continue to fall to WannaMine worm. “In May of 2017, the WannaCry attack—a file-encrypting ransomware knock-off attributed by the US to North Korea—raised the urgency of patching vulnerabilities in the Windows operating system that had been exposed by a leak of National Security Agency exploits. WannaCry leveraged an exploit called EternalBlue, software that leveraged Windows’ Server Message Block (SMB) network file sharing protocol to move across networks, wreaking havoc as it spread quickly across affected networks.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.