NSA News & Highlights

Oct. 18, 2021

CISA, FBI, and NSA Release BlackMatter Ransomware Advisory to Help Organizations Reduce Risk of Attack

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations. The advisory includes technical details, analysis, and assessment of this cyber threat, as well as several mitigation actions that can be taken to reduce the risk to this ransomware.

Oct. 14, 2021

Stop the Snowball: Protect Yourself from Phishing Scams

Technology is the commonality between everything in our daily lives. Whether you’re checking email at home or in the office, or scrolling through social media, you’re connected. That access and freedom is a staple in our country’s advancements and successes, but we can’t forget about those trying to take advantage of it.

Oct. 12, 2021

Long lost and rare Italian cipher machine found

At the outbreak of WWII in 1939, Nazi Germany’s Enigma encryption machine stood as the state-of-the art method for sending and receiving secret messages. It wasn’t until 1940 that English mathematician Alan Turing, and the team at Bletchley Park, cracked the daily changes Berlin made to its cipher system, and helped the Allied powers win the war. While the Enigma stands out as the most famous of encryption machines, Italy, set out to develop a high-end machine to rival its war partner, Germany. In 1939 Italy’s government secretly tasked a little-known photogrammetric equipment company, Ottico Meccanica Italiana (OMI), to build a device capable of rivaling its more famous cousin. Founded in 1926, OMI’s tools were used to create precision topographical maps and surveys using stereoscopic aerial photography. The technical expertise made OMI a natural fit for the job. The end result was OMI’s first cipher machine known as the Cryptograph Alpha.

Oct. 7, 2021

Avoid Dangers of Wildcard TLS Certificates, the ALPACA Technique

NSA released the Cybersecurity Information Sheet, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique” today, warning network administrators about the risks of using poorly scoped wildcard Transport Layer Security (TLS) certificates. NSA recommends several actions web administrators should take to keep their servers secure. This guidance also outlines the risks of falling victim to a web application exploitation method called Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA), which malicious cyber actors can use to access sensitive information.

Oct. 6, 2021

NSA Releases Cybersecurity Awareness Month Wallpapers for 2021

Each year, National Security Agency (NSA) partners with the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) for Cybersecurity Awareness Month. In honor of this year’s celebration, NSA offers wallpaper backgrounds for electronic devices that provide a reminder to #BeCyberSmart.

Oct. 1, 2021

Cybersecurity is a Team Sport – Be a Champion this Cybersecurity Awareness Month

NSA is proud to join the global effort to promote strong cybersecurity practices during the 18th annual Cybersecurity Awareness Month.

Oct. 1, 2021

Cybersecurity Speaker Series: Embracing a Zero Trust Mindset

NSA released the second episode in the Cybersecurity Collaboration Center Speaker Series, exploring the concept of Zero Trust, and outlining first steps organizations can take. The Cybersecurity Speaker Series highlights experts at NSA, sharing their insights, lessons learned, and contributions of their work in cybersecurity.

Sept. 28, 2021

NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs

The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet today detailing factors to consider when choosing a virtual private network (VPN) and top configurations for deploying it securely. “Selecting and Hardening Remote Access VPN Solutions” also will help leaders in the Department of Defense, National Security Systems and the Defense Industrial Base better understand the risks associated with VPNs.

Sept. 22, 2021

CISA, FBI, and NSA Release Conti Ransomware Advisory to Help Organizations Reduce Risk of Attack

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware.

Sept. 11, 2021

NSA Remembers 9/11: Twenty Years On

Twenty years ago today, our nation suffered an attack unlike anything since Pearl Harbor. We pause today to reflect on this somber event, in remembrance of those we have lost and in solidarity with those affected in a multitude of ways. We have been changed, all of us, both as a nation and as members of the intelligence community.