Archive for the ‘NSA’ Category

CISA, FBI and NSA issue joint advisory on Log4j with international security agencies – SC Magazine

Major government security agencies around the world have issued a joint advisory on the Apache Log4j vulnerability that offers technical details, mitigations and resources on what top security officials are calling one of the most severe vulnerabilities ever discovered.

The agencies taking the lead in the United States include the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI. Other nations involved include Australia, Canada, New Zealand, and the United Kingdom.

The joint advisory is a response to the active, worldwide exploitationby numerous threat actors including two ransomware groups thus far of vulnerabilities foundinthewidely-used Java-based logging package Log4j. The security world has been on edge since Log4j was first reported publicly last week. The first attack on a government agency was sustained earlier this week by the Ministry of Defense in Belgium when its email servers went down.

Log4j vulnerabilities present a severe and ongoing threat to organizations and governments around the world, said CISA Director Jen Easterly. We implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks. CISA is working shoulder-to-shoulder with our interagency, private sector, and international partners to understand the severe risks associated with Log4j vulnerabilities and provide actionable information for all organizations to promptly implement appropriate mitigations.

FBI Cyber Division Assistant Director Bryan Vorndran, urged any organization impacted by the Log4j vulnerability to apply all the mitigations recommended by CISA and visit fbi.gov/log4j to report details of any suspected compromises.

CISAhas created a dedicatedLog4j webpageto offer an authoritative, up-to-date resource withmitigation guidance andresources for network defenders, as well as a community-sourcedGitHubrepositoryof affected devices and services.Organizational leaders should also review the blog post by the UK's National Cyber Security Centre: Log4j vulnerability: what should boards be asking?, for information on Log4Shells possible impact on their organization as well as response recommendations.

CISA today also notified the industry in a tweet about #HackDHS, Homeland Securitys expanded bug bounty program to find and patch Log4j-related vulnerabilities in DHS systems. CISA Director Jen Easterly said the hacker community plays a strong role in keeping the government safe, and looks forward to working more closely.

Here is the original post:
CISA, FBI and NSA issue joint advisory on Log4j with international security agencies - SC Magazine

Agra: 10 held in connection with attack on Seva Bharati office; NSA invoked against accused – India Today

Following the incident, the BJP workers raised slogans outside the Lohamandi Police station, demanding the arrest of all accused. (Image: India Today)

Ten people have been arrested in connection with an attack on Seva Bharati office in Agras Motikunj on Sunday night. The police are also trying to identify other miscreants who were reportedly involved in the attack.

The incident took place on December 26 when some youths, who were reportedly under the influence of alcohol, created a ruckus near the Seva Bharati office in Agra. When they were asked to stop, the youths started pelting stones at the office.

The police reached the spot soon after getting information about the incident and a case was registered.

ALSO READ: Chandigarh: Auto driver throws stones at cop after being pulled up over parking

BJP MLA Yogendra Upadhyay, along with supporters, also reached the spot and demanded the arrest of the youths involved. The BJP workers created a ruckus for hours at the Lohamandi Police station. They raised slogans and demanded the arrest of all accused.

Senior Superintendent of Police Sudhir Kumar Singh pacified the matter and assured that strict action would be taken.

Speaking to India Today, Sudhir Kumar Singh said that action is being taken against the accused under the Gangster Act and National Security Act (NSA). He said that five workers, including office in-charge Shivam, were injured in an attack by antisocial elements on the Seva Bharati office in Moti Kunj last night, following which a case was registered against two known and 40-50 unidentified assailants.

Shivam and Vikas, who sustained injuries in the attack, reside in the Seva Bharati office. Both are residents of Fatehabad.

Sami Aghai, president of the Bharatiya Muslim Development Council, said that no culprit should be spared, but innocents should not be harassed. Aghai claimed that some people are unnecessarily trying to pollute the environment and appealed to the administrative officers to keep an eye on such elements and take strict action.

ALSO READ: Uttar Pradesh: Body found in Kanpur, police suspect doctor accused of killing wife, kids killed self

Click here for IndiaToday.ins complete coverage of the coronavirus pandemic.

More:
Agra: 10 held in connection with attack on Seva Bharati office; NSA invoked against accused - India Today

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers – The Hacker News

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.

DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among others, under a dispatch titled "Lost in Translation." Also included in the leaks was EternalBlue, a cyberattack exploit developed by the U.S. National Security Agency (NSA) that enabled threat actors to carry out the NotPetya ransomware attack on unpatched Windows computers.

The tool is a modular, stealthy, and fully functional framework that relies on dozens of plugins for post-exploitation activities on Windows and Linux hosts. DoubleFeature is one among them, which functions as a "diagnostic tool for victim machines carrying DanderSpritz," researchers from Check Point said in a new report published Monday.

"DoubleFeature could be used as a sort of Rosetta Stone for better understanding DanderSpritz modules, and systems compromised by them," the Israeli cybersecurity firm added. "It's an incident response team's pipe dream."

Designed to maintain a log of the types of tools that could be deployed on a target machine, DoubleFeature is a Python-based dashboard that also doubles up as a reporting utility to exfiltrate the logging information from the infected machine to an attacker-controlled server. The output is interpreted using a specialized executable named "DoubleFeatureReader.exe."

Some of the plugins monitored by DoubleFeature include remote access tools called UnitedRake (aka EquationDrug) and PeddleCheap, a stealthy data exfiltration backdoor dubbed StraitBizarre, an espionage platform called KillSuit (aka GrayFish), a persistence toolset named DiveBar, a covert network access driver called FlewAvenue, and a validator implant named MistyVeal that verifies if the compromised system is indeed an authentic victim machine and not a research environment.

"Sometimes, the world of high-tier APT tools and the world of ordinary malware can seem like two parallel universes," the researchers said. "Nation-state actors tend to [maintain] clandestine, gigantic codebases, sporting a huge gamut of features that have been cultivated over decades due to practical need. It turns out we too are still slowly chewing on the 4-year-old leak that revealed DanderSpritz to us, and gaining new insights."

More here:
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers - The Hacker News

What NSA Ajit Doval Recently Said About New Forms Of Warfare – Swarajya

The new frontiers of war is civil society, which can be manipulated to hurt a nations interests, National Security Advisor (NSA) Ajit Doval said at the passing out parade of the 73rd batch of IPS probationers at the Sardar Vallabhbhai Patel National Police Academy (SVP NPA) in Hyderabad on 12 November.

Doval was the chief guest at the Dikshant Parade, which is the culmination of the 46-week long phase-1 basic course training. He said:

The new frontiers of war, what you call the fourth-generation warfare, is the civil society.. [conventional] wars have ceased to become an effective instrument for achieving political or military objectives. They are too expensive or unaffordable and, at the same time, there is uncertainty about their outcome. But civil society can be subverted, suborned, divided, manipulated to hurt the interests of a nation."

The fourth generation warfare is characterised by the blurring of lines between war and politics, combatants and civilians. The enemy power uses tactics of education or propaganda, building social movements, etc.

Short of a defeat, fourth generation warfare tries simply to disorganise and delegitimise the state, force it to expend resources on maintaining internal law and order, etc. It combines the elements of psychological manipulation, disinformation, cyberwarfare, using proxies like terror groups, etc.

An example of fourth generation warfare is visible in China's long-term policy of strategic containment of India. It is not only assisting Pakistan to develop and deploy nuclear weapons and ballistic missiles; backing political parties and individuals in Indias neighbouring South Asian countries to undermine their relations with India, but also supporting anti-national groups in India, giving them funds, arms, etc.

Also read: Indian Lefts Fall From Grace: Those Who Criticised Global Capitalism Are Now Taking Orders From Foreign Masters

NSA To IPS Probationers

The NSA, who graduated from the National Police Academy 52 years ago, gave his wisdom to the young probationers. Stating that people are the most important, Doval told the future IPS officers, "You are there to see they stand fully protected.

He asked the young probationers to develop a national perspective. You are for India and India is for you. Every other identity gets subsumed to this Indian identity, he was quoted as saying by IE.

The service of people is the greatest service, not only from the point of view of nation-building but also from the point of national security, he told the new batch of officers, and asked them to not only think of reforms to avoid repeating mistakes of the past but also be transformative to look at future challenges and find solutions in advance.

He also told the IPS probationers that success of democracy depends on the enforcement of laws:

Quintessence of democracy does not lie in the ballot box. It lies in the laws which are made by the people who are elected through these ballot boxes. You are the ones who are the enforcers of the law Laws are only as good as they are executed and implemented and the service that people can get out of it.. people cannot feel safe and secure where law enforcers are weak, corrupt, and partisan."

No nation can be built where the rule of law has failed, he added.

He reminded them that their responsibility includes not only the safety and security of 130 crore human beings but also the 32 lakh square kilometres of land area across the country.

He asked them to be trained and prepared for border management as well as challenges of highly specialised investigations in agencies like the NIA or CBI. He said that some of the officers will work for intelligence units within or outside the country, and they will have the responsibility to see that governments can make informed decisions and that these decisions are enforced in the countrys best interests.

He said that the officers today need to excel in the challenges of technology as a frontier. Without your success, the nation cannot succeed. If internal security fails, no country can be great. If the people are not safe and secure, they cannot rise to their potential, and probably, the country can never grow, he said.

Also read: Outrage Over IPS Officer Seeking Ban On NGOs Foreign Funding: CPMs Prakash Karat Had Proposed The Same In 1984

Read the original post:
What NSA Ajit Doval Recently Said About New Forms Of Warfare - Swarajya

Hyundai Mobis develops automated system for parking in tight spaces – Autocar Professional

Drivers no longer have to worry about passing a narrow street or facing a car ahead at a dead end even when they are inexperienced. Hyundai Mobis says it has developed the worlds first urban Advanced Driver Assistance System (ADAS) called the Mobis Parking System (MPS).

The Mobis Parking System integrates Narrow Space Assistance (NSA), Reverse Assistance (RA), and Remote Smart Parking Assistance (RSPA). Researchers are testing related technologies at the Hyundai Mobis Seosan Proving Ground.

With the Mobis Parking System, the car is able to drive itself through a narrow street by avoiding obstructions, drive through the revolving gate of an underground parking lot, or drive backwards at a dead end where two cars are facing each other. All this at the press of a button.

Hyundai Mobis says it developed this technology using its own software logic and mass-produced ultrasonic sensors. This technology is based on the fact that, while RADAR and LiDAR sensors are useful for recognising objects located far away or in high-speed driving, ultrasonic sensors are rather more suitable for narrow streets or underground parking lots. The ultrasonic sensors recognize objects over a short distance, while the software logic and the control system perform self-driving.Core technologies usedOne of the core technologies of this system is Narrow Space Assistance (NSA). The car needs only 16 inches of extra space on both sides to drive through a narrow street by itself.

There is also Reverse Assistance (RA) which records the cars travel route on a real-time basis and creates the reverse route by itself at the press of a button. The steering wheel and vehicle speed are controlled automatically.Aside from the Mobis Parking System, various other technologies for safety and convenience have been integrated into the system, thereby further enhancing the competitiveness of the driver assistance solution.

The Remote Smart Parking Assistance (RSPA) system is capable of parking a car at a right angle or in parallel by finding an empty space when the driver is out of the car and presses the remote. 3D Surround View Monitor (SVM) provides a better parking experience by showing the area 360 degrees around the car three-dimensionally. Rear-autonomous Emergency Braking (R-AEB) is also noticeable.Hyundai Mobis says it will pre-emptively suggest global automakers to apply related technologies. The application scope will be expanded to purpose-built vehicles (PBV) as well as large SUVs whose popularity is now growing rapidly.ALSO READHyundai Mobis develops foldable steering system

Hyundai Mobis develops path-breaking brainwaves-based ADAS tech

Hyundai Mobis develops world-first clusterless HUD

Hyundai Mobis develops new lighting and moving grille tech

Hyundai Mobis' innovative HLED integrates tail and stop light in a single LED

/news-international/hyundai-mobis-develops-automated-system-for-parking-in-tight-spaces-80542 Hyundai Mobis develops automated system for parking in tight spaces Operates even with just 16 inches on both sides in a narrow street, with autonomous driving tech specialised for urban areas with many side streets https://www.autocarpro.in/Utils/ImageResizer.ashx?n=http://img.haymarketsac.in/autocarpro/844b2fd9-35f0-4849-929b-968a89149556.jpg

Read this article:
Hyundai Mobis develops automated system for parking in tight spaces - Autocar Professional