Default passwords are main threat to businesses
The digital entrance to businesses is still too often open due to default passwords. This culprit is identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
Too many employees do not change the default passwords they get to use soft... Read more
Fortinet and Microsoft lead list of most abused exploits of 2022
A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits.
In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicat... Read more
NSA: cybercriminals actively exploit Citrix ADC and Gateway
US security and intelligence agency NSA warns that hackers are exploiting zero days in Citrix networking devices. The exploits abuse vulnerabilities in Citrix application delivery controller (ADC) and Citrix Gateway.
According to the NSA, cybercrime group APT5 is actively exploiting a vulnerabil... Read more
NSA warns for programming languages without integrated memory security
The US National Security Agency (NSA) urged developers to avoid programming languages that lack integrated memory security features.
According to the security agency, the memory management of applications is increasingly targeted by cybercriminals. Attackers can exploit application memory manag... Read more
Biden’s executive order allows US to review EU surveillance laws
The order establishing a new transatlantic privacy framework will allow the US to review how the EU handles surveillance.
An American executive order designed to assuage the EU’s privacy concerns will also allow the US government to review and approve European surveillance programs, according ... Read more
Biden signs executive order on US-EU privacy scheme
The new framework is designed to help US companies comply with Europe's GDPR regime.
US President Joe Biden signed an executive order on Friday that would limit the ability of American national security agencies to access people’s personal information, POLITICO reported. The order will form t... Read more
Microsoft protests awarding $10B NSA cloud contract to AWS
After going back and forth for years over the $10 billion decade-long JEDI cloud contract, Microsoft and Amazon Web Services eventually hit a wall when the former lost the deal it had initially won. There is another $10-billion cloud contract in the crosshairs.
This time, Microsoft is protesting... Read more
Four new critical vulnerabilities in Exchange
Once again, several critical Microsoft Exchange Server vulnerabilities have been found. Two of them give attackers access to a server without having to log in. Patches for the vulnerabilities are available.
Microsoft has been notified of the new Exchange vulnerabilities by the National Security ... Read more
NSA and FBI: Russia was behind SolarWinds hack
Several American security instances agree that Russia was behind the hack on SolarWinds' software. In doing so, they counter President Trump's claims that China is behind the hack.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Office of the D... Read more
SolarWinds hack infected hundreds of US government networks
As more research is conducted into the hack on SolarWinds' Orion software, the attack's apparent scale appears to be increasing. Hundreds of networks within the US government were affected.
According to The New York Times, the hack hit up to 250 networks within the US government. Initially, this... Read more