NSA News & Highlights

NSA SPOTLIGHT

May 13, 2024

U.S. Military Academy Wins First Place at the 2024 NSA Cyber Exercise

After months of preparation and three days of elaborate and challenging cyber operations, the U.S. Military Academy has emerged as the champion of the sixth annual NSA Cyber Exercise (NCX).

NSA Partners with National Cryptologic Foundation on new Engagement and Education Center

Urgent Warning from Multiple Cybersecurity Organizations on Current Threat to OT Systems

NSA/CSS Employees Donate More Than $2M for 2023 Combined Federal Campaign

Tag: Cyber

Managing Risk from Software Defined Networking Controllers

Dec. 12, 2023

NSA Issues Recommendations to Protect Software Defined Networking Controllers

The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI), “Managing Risk from Software Defined Networking Controllers.” The report provides recommendations to help National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators mitigate the risks associated with software driven network management solutions, such as Software Defined Networking Controllers (SDNC).

Phishing Guidance: Stopping the Attack Cycle at Phase One. Cybersecurity Information Sheet.

Oct. 18, 2023

How to Protect Against Evolving Phishing Attacks

The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them.

CSI: Quantum-Readiness: Migration to Post-Quantum Cryptography

Aug. 21, 2023

Post-Quantum Cryptography: CISA, NIST, and NSA Recommend How to Prepare Now

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) warned that cyber actors could target our nation’s most sensitive information now and leverage future quantum computing technology to break traditional non-quantum-resistant cryptographic algorithms. This could be particularly devastating to sensitive information with long-term secrecy requirements.

CSA: 2022 Top Routinely Exploited Vulnerabilities

Aug. 3, 2023

CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022

The “2022 Top Routinely Exploited Vulnerabilities” CSA provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors who continue targeting unpatched systems and applications – all known vulnerabilities from 2017 to 2022 that have not been mitigated.

Aug. 2, 2023

NSA Releases Guide to Harden Cisco Next Generation Firewalls

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR) “Cisco Firepower Hardening Guide,” to assist network and system administrators with configuring these next generation firewalls (NGFWs).

Preventing Web Application Access Control Abuse

July 27, 2023

New Cybersecurity Advisory Warns About Web Application Vulnerabilities

The National Security Agency (NSA) has partnered with U.S. and international cyber agencies to release the Cybersecurity Advisory (CSA), “Preventing Web Application Access Control Abuse,” warning that vulnerabilities in web applications, including application programming interfaces (APIs), can allow malicious actors to manipulate and access sensitive data.

CSI: Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

June 28, 2023

NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are publicly releasing a Cybersecurity Information Sheet (CSI) - “Defending Continuous Integration/Continuous Delivery (CI/CD) Environments” to provide recommendations for integrating security best practices into typical software development and operations (DevOps) CI/CD environments. The agencies encourage organizations to use the best practices to harden their CI/CD cloud deployments.

CSI: Harden Baseboard Management Controllers

June 14, 2023

NSA and CISA Release Guide To Protect Baseboard Management Controllers

Organizations need to take action to secure servers with Baseboard management controllers (BMCs). To assist network defenders in this, NSA and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released the Cybersecurity Information Sheet, “Harden Baseboard Management Controllers.” The guidance includes recommendations and mitigations for network defenders to secure their systems.

North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academic, and Media

June 1, 2023

U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence

The National Security Agency (NSA) is partnering with several organizations to highlight the Democratic People’s Republic of Korea’s (DPRK) use of social engineering and malware to target think tanks, academia, and news media sectors.

Hunting Russian Intelligence “Snake” Malware. Cybersecurity Advisory

May 9, 2023

U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide

The National Security Agency (NSA) and several partner agencies have identified infrastructure for Snake malware—a sophisticated Russian cyberespionage tool—in over 50 countries worldwide.

NSA News & Highlights

NSA SPOTLIGHT

U.S. Military Academy Wins First Place at the 2024 NSA Cyber Exercise

NSA.GOV

CULTURE

HELPFUL LINKS

RESOURCES

RELATED LINKS