Mediaboss Marketing

FORT MEADE, Md. - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) are partnering with international partners cybersecurity agencies to publish cybersecurity best practices for smart cities, which integrate public services into a connected environment to increase efficiencies and improve the quality of life in various communities.Seven agencies from five countries has published the Cybersecurity Information Sheet, Cybersecurity Best Practices for Smart Cities, highlighting how the integration of operational technology into a connected environment has many benefits, but can also be an attractive target for malicious cyber actors to steal critical infrastructure data and proprietary information, conduct ransomware operations, or launch destructive cyberattacks.

The report examines risks deriving from three areas: a large interconnected attack surface, the ICT supply chain and vendors, and the automation of infrastructure operations.

The authoring agencies also provide recommendations to help organizations balance efficiency and innovation with cybersecurity, privacy protections, and national security. They recommend that organizations implement these best practices to ensure the safe and secure operation of infrastructure systems, protection of citizens private data, and security of sensitive government and business data.

Read the full report.

View CISA's resource library for this report.Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Read the original here:
NSA Part of Coalition Highlighting Cybersecurity Best Practices for ... - National Security Agency

FORT MEADE, Md. - The National Security Agency (NSA) has partnered with the UKs National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) to publish a joint Cybersecurity Advisory (CSA) report on the tactics, techniques, and procedures (TTPs) associated with APT28s exploitation of Cisco routers.

APT28 is also known as the Russian General Staff Main Intelligence Directorate (GRU) 85th Special Service Center (GTsSS) military intelligence unit 26165, Fancy Bear, STRONTIUM, Pawn Storm, the Sednit Gang, and Sofacy.

The transatlantic coalition published the APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers CSA indicating that APT28 cyber actors masqueraded Simple Network Management protocol (SNMP) to exploit CVE-2017-6742 (Cisco Bug ID: CSCve54313) and access vulnerable Cisco routers worldwide. This included U.S. Government institutions, approximately 250 Ukrainian victims, and a small number based in Europe.

These cyber actors continue to leverage a known vulnerability to exploit unpatched Cisco routers to conduct reconnaissance and deploy malware to enable unauthenticated access. See NCSCs Jaguar Tooth malware analysis report for details.

SNMP is designed to allow administrators to monitor and configure network devices remotely, but it can also be misused to obtain sensitive network information and, if vulnerable, exploit devices to penetrate a network.

The authoring agencies recommend following the mitigation advice to defend against this malicious activity and identify indicators of compromise (IoCs) to detect possible activity in networks.Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Continued here:
NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of ... - National Security Agency

Tyler Wornell and Steven Joachim

6 days ago

The National Security Agency (NSA) is shown 31 May 2006 in Fort Meade, Maryland, a suburb of Washington, DC. The National Security Agency/Central Security Service is Americas cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect US government information systems and produce foreign signals intelligence information. AFP Photo/Paul J. Richards (Photo by Paul J. RICHARDS / AFP) (Photo by PAUL J. RICHARDS/AFP via Getty Images)

(NewsNation) An Air National Guardsman has been arrested for allegedly leaking more than 100 classified documents about the war in Ukraine in whats become one of the major intelligence disclosures in recent years.

The investigation has drawn comparisons to the Edward Snowden case, but former prosecutors see greater parallels with the 2018 prosecution of defense contractor Reality Winner. She was sentenced to more than five years for leaking an intelligence report about Russias interference in the 2016 elections.

Winner shared the information with the media and served more than four years in prison before being released. The documents relating to Ukraine and other intelligence gathered by the United States was initially confined to a small online chat group on the messaging platform Discord.

Heres a brief history of major intelligence leaks over the past 15 years and what they exposed:

Read more:
Past leaks have exposed NSA surveillance, Guantanamo ops - NewsNation Now

This months Fairwinds Insights release notes offer a number of bug fixes and also details of our latest enhancements to Automated Fix Pull Requests (PRs) and our new NSA Hardening Compliance Report. Automated Fix PRs allows you to automatically fix many Kubernetes misconfigurations faster, making it easier for dev teams to make misconfiguration fixes quickly and easily.

This new feature accelerates the remediation of problems, such as security bugs and policy violations, by offering code-level fixes to common Infrastructure-as-Code (IaC) issues that often occur in Kubernetes manifests. Automated Fix PRs gives you the ability to fix multiple IaC issues with one click, then review and approve all of your changes in GitHub.To achieve this, we added permissions to our GitHub integration to write to repository contents. This only applies to repositories you connect to Insights via GitHub, and the changes will always occur on a separate branch. This enables you to review the automated fix PRs before deciding to merge.

To learn more, visit the Github permissions and Auto-Scan pages.

An analysis of IaC scans showed that this new feature can remediate at least 42% of issues automatically. Getting fixes out quickly can help your teams reduce security risks, increase reliability, and control cloud costs.

This month we also added a new NSA Hardening Compliance Report as part of our efforts to support people in implementing NSA recommendations for hardening Kubernetes clusters. This report is available on the Compliance page to help your organization comply with NSA Hardening recommendations. The Insights Agent can automatically check some of the compliance checks for NSA Hardening. For the remaining compliance checks, users can mark the state manually.

Fixed an issue with the Captchas on user register

Small UI fixes in User Settings

Fixed Auto-Scan logs sometimes showing multiple runs

New look for the Add Ons page

Fixed OPA policies not being blocked by admission controller

New Total Savings Available in the Costs page

Fixed and issue where sometimes not all filters showing up in Action Items table

Removed Cost Strategy option from the Costs settings page

Selecting a team in the Action Items table now shows correct Action Items

Added a loading indicator in Reports > History

Multiple fixes to the Costs page

If youre not using Fairwinds Insights yet, try out the new tier to explore the Automated Fix PRs functionality and the NSA Hardening Compliance Report. Insights is available for free for environments up to 20 nodes, two clusters, and one repo. Read how to get started with the Insights Free Tier here. To get more details on how to use the newest features and stay up to date with Fairwinds Insights updates, view the release notes.

*** This is a Security Bloggers Network syndicated blog from Fairwinds | Blog authored by Dakoda Wogan. Read the original post at: https://www.fairwinds.com/blog/fairwinds-insights-release-notes-11.12-12.2-spotlight-on-automated-fix-prs

Read more from the original source:
Fairwinds Insights Release Notes 11.12-12.2: Spotlight on ... - Security Boulevard

AT&T Labs makes industry-first 5G SA Uplink 2-CA data connection in the U.S. to improve upload speeds, with additional speed and other upgrades in the works

AT&T is architecting tomorrows wireless network to connect people to greater possibility. As engineers, we design, build, test, refine and repeat so that you can get more out of your 5G connection and developers can build and deploy the next generation of apps and services.

A key part of this evolution is the critical transition phase we are entering in scaling from 5G non-standalone (NSA) to 5G standalone (SA).

How does Standalone take 5G to the next level? Unlike 5G NSA that still relies on a 4G LTE core, 5G SA uses a dedicated 5G core that can unlock capabilities like faster upload speeds, ultra-low latency, ultra-high reliability and edge functions. This technology will be key to business opportunities like the next generation of connected cars.

We have said that we plan to deploy Standalone 5G when the ecosystem is ready, and AT&T is charging forward to advance SA ecosystem readiness. Businesses and developers will be some of the first to take advantage of the new technologies standalone 5G enables as we continue to move from research & development to their deployment.

Uplink: where challenge meets opportunity

This new age of connectivity is not only about consuming more content but also generating more content than ever before. Demand for uplink capacity and speed continues to increase, about 30% a year in AT&Ts mobility network.

Whether you are uploading large files, on a video call with family, live streaming, cloud gaming or using extended reality applications, the network is facing surging upstream traffic demands it never has before. Our latest network innovations are complex but are all about helping meet this new demand.

Just a few weeks ago, we completed the first 5G SA Uplink 2-carrier aggregation data call in the U.S. Carrier aggregation (CA) means we are combining or aggregating different frequency bands to give you more bandwidth and capacity. For you, this means faster uplink transmission speeds. Think of this as adding more lanes in the network traffic highway.

No one in the U.S market has successfully aggregated two carriers in 5G SA uplink until now. This is part of our ongoing effort to provide greater reliability for our customers.

The test was conducted in our labs with Nokias 5G AirScale portfolio and MediaTeks 5G M80 mobile test platform. We aggregated our low-band n5 and our mid-band n77 spectrum. Compared to our low-band n5 alone, we saw a 100% increase in uplink throughput by aggregating our low-band n5 with 40MHz of our mid-band n77. Taking it a step further, we achieved a 250% increase aggregating 100MHz of n77. The bottom line? We achieved incredible upload speeds of over 70 Mbps on n5 with 40MHz of n77 and over 120 Mbps on n5 with 100MHz of n77.

While carrier aggregation is like adding more traffic lanes in the highway, adding another vehicle to carry traffic is another way we are managing surging uplink demand. We are doing this via a two-layer uplink MIMO on time division duplex (TDD) in our mid-band n77. MIMO combines signals and data streams from multiple antennas (vehicles) to improve signal quality and data rates. This feature will not only improve uplink throughput but also enhance cell capacity and spectrum efficiency.

Network design and device readiness go hand in hand

Although we continue to make progress in enhancing uplink coverage, we havent forgotten about the downlink. Enhanced downlink and uplink carrier aggregation capabilities work together to bring the 5G SA performance todays technologies need.

Last fall, we completed a 5G SA four component carrier downlink call by combining two FDD carriers and two TDD carriers. These capabilities allow AT&T devices to aggregate our mid-band n77 in the C-Band and 3.45GHz spectrum ranges. Compared with low band and mmWave spectrum, mid-band n77 provides a good balance between coverage and speed. This follows the 5G SA three component carrier downlink feature that we introduced last year to 2022 AT&T Flagship devices which combines one frequency division duplex (FDD) carrier and two TDD carriers.

In the coming months, AT&T will also enable 5G New Radio Dual Connectivity (NR-DC), aggregating our low and mid-band spectrum with our high-band mmWave spectrum on 5G SA. Our labs have achieved 5G NR-DC downlink throughput speeds of up to 5.3Gbps and uplink throughput speeds of up to 670Mbps. This technology will help provide high-speed mobile broadband for both downlink and uplink in stadiums, airports, and other high-density venues.

The 5G SA ecosystem is rapidly evolving, with new technologies and capabilities being introduced to provide differentiated experiences. Here are some features that are on the horizon for 5G SA:

AT&T is dedicated to being the best connectivity provider. The 5G SA ecosystem is rapidly evolving, with new technologies and capabilities being introduced to set the foundation for next generation applications and services.

Read this article:
AT&T is Taking 5G to the Next Level with Standalone 5G - AT&T Newsroom