Dec. 14, 2023

NSA Releases Recommendations to Mitigate Software Supply Chain Risks

In response to an increase in cyberattacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain, with a focus on and some additional guidance for National Security Systems (NSS).

Dec. 13, 2023

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and in allied countries. To raise awareness and help organizations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released the Cybersecurity Advisory (CSA), “Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.”

Dec. 12, 2023

NSA Issues Recommendations to Protect Software Defined Networking Controllers

The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI), “Managing Risk from Software Defined Networking Controllers.” The report provides recommendations to help National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators mitigate the risks associated with software driven network management solutions, such as Software Defined Networking Controllers (SDNC).

Dec. 7, 2023

NSA, UK National Cyber Security Centre, and Partners Release Update About Russian ‘Star Blizzard’ Spear-phishing Campaign

he National Security Agency (NSA) has joined the UK National Cyber Security Centre (NCSC-UK) and other partners in releasing the Cybersecurity Advisory (CSA), “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-Phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by Star Blizzard to target individuals and organizations, including the U.S. government and Defense Industrial Base, and to provide guidelines to protect against the continued threat.

Dec. 6, 2023

U.S. and International Partners Issue Recommendations to Secure Software Products Through Memory Safety

FORT MEADE, Md. - The National Security Agency (NSA) joins Cybersecurity and Infrastructure Security Agency (CISA) and U.S. and international partners in releasing ”The Case for Memory Safe Roadmaps” Cybersecurity Information Sheet (CSI). Expanding on the “Software Memory Safety” CSI published by NSA in April 2023, the report provides guidance for software manufacturers and technology providers to create roadmaps tailored to eliminate memory safety vulnerabilities from their products.

Oct. 23, 2023

Cybersecurity Speaker Series: D3FEND

The National Security Agency (NSA)’s Cybersecurity Collaboration Center (CCC) has released the latest installment in its Cybersecurity Speaker Series, focused on the D3FEND framework for cybersecurity.

Oct. 19, 2023

NSA Shares Recommendations to Advance Device Security Within a Zero Trust Framework

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) to enable federal agencies, partners, and organizations to assess devices in their systems and be better poised to respond to risks associated with critical resources.

Oct. 17, 2023

NSA and Partners Issue Additional Guidance for Secure By Design Software

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners released an updated Cybersecurity Information Sheet (CSI) to provide additional guidance for technology manufacturers to ensure their products are secure by design and default.

Oct. 10, 2023

NSA and U.S. Agencies Issue Best Practices for Open Source Software in Operational Technology Environments

The National Security Agency (NSA) is joining U.S. federal partners to release cybersecurity guidance to promote understanding of open source software (OSS) implementation and provide best practices to secure operational technology (OT) and industrial control systems (ICS) environments.

Oct. 5, 2023

NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat.