CyberSecurity news

FlagThis - #nationalsecurity

Sasha Ingber@HUMINT //

Firing of NSA and Cyber Command Head Raises Concerns

The Trump administration has fired Gen. Timothy Haugh, the head of the National Security Agency (NSA) and Cyber Command. The firing occurred while Haugh was overseas and shortly after he submitted cyber offense plans, raising concerns about national security and the timing of the decision. It is not immediately clear why Haugh was let go but the firing comes as the U.S. Cyber Command is trying to ramp up cyber offense, especially after China’s Volt and Salt Typhoon cyberattacks hit American infrastructure and telecommunications.

This marks another high-profile dismissal of a senior national security official by the Trump administration, following a visit to the Oval Office by political activist Laura Loomer. Loomer claimed Haugh and his deputy, Wendy Noble, were disloyal to Trump. Democratic members of Congress criticized the firing, with Rep. Jim Himes expressing deep concern and calling for an immediate explanation, fearing that Haugh's honesty and adherence to the law may have led to his dismissal.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • HUMINT: Head of NSA and Cyber Command fired while overseas.
  • DefenseScoop: Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA.
  • www.npr.org: National Security Agency chief fired as Trump ousts another top military officer.
Classification:
Bill Mann@CyberInsider //

CISA Warns of Fast Flux DNS Evasion Technique

CISA, along with the NSA, FBI, and international cybersecurity partners, has issued a joint advisory regarding the increasing use of the "fast flux" technique by cybercriminals and nation-state actors. This DNS evasion method allows attackers to rapidly change the DNS records associated with their malicious servers, making it difficult to track and block their activities. This tactic is used to obfuscate the location of malicious servers, enabling them to create resilient and highly available command and control infrastructures while concealing malicious operations.

Fast flux, characterized by quickly changing IP addresses linked to a single domain, exploits weaknesses in network defenses. The advisory, titled 'Fast Flux: A National Security Threat,' urges organizations, internet service providers (ISPs), and security firms to strengthen their defenses against these attacks. Service providers, especially Protective DNS providers (PDNS), are urged to track, share information, and block fast flux activity to safeguard critical infrastructure and national security.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberInsider: CISA Warns of ‘Fast Flux’ Technique Hackers Use for Evasion
  • The Register - Security: For flux sake: CISA, annexable allies warn of hot DNS threat
  • Industrial Cyber: Advisory warns of fast flux national security threat, urges action to protect critical infrastructure
  • Cyber Security News: Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers
  • BleepingComputer: CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs.
  • BleepingComputer: CISA warns of Fast Flux DNS evasion used by cybercrime gangs
  • The DefendOps Diaries: Understanding and Combating Fast Flux in Cybersecurity
  • bsky.app: CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs.
  • www.csoonline.com: Cybersecurity agencies urge organizations to collaborate to stop fast flux DNS attacks
  • hackread.com: NSA and Global Allies Declare Fast Flux a National Security Threat
  • : National Security Agencies Warn of Fast Flux Threat Bypassing Network Defenses
  • www.itpro.com: Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
  • Infoblox Blog: Disrupting Fast Flux with Predictive Intelligence
  • www.cybersecuritydive.com: Cybersecurity Dive on CISA FBI warn
  • Threats | CyberScoop: International intelligence agencies raise the alarm on fast flux
  • Infoblox Blog: Disrupting Fast Flux and Much More with Protective DNS
  • blogs.infoblox.com: Disrupting Fast Flux and Much More with Protective DNS
  • The Hacker News: Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel.
  • thecyberexpress.com: The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.†The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection and establish highly resilient and stealthy infrastructure for malicious activities.
  • Blog: Five Eyes warn threat actors increasing use of ‘fast flux’ technique
Classification:
  • HashTags: #FastFlux #DNS #Cybersecurity
  • Company: DNS Providers
  • Target: Organizations, ISPs
  • Product: DNS
  • Feature: DNS evasion
  • Type: HighRisk
  • Severity: Major
Dissent@DataBreaches.Net //

GCHQ Intern Pleads Guilty to Data Breach Risking National Security

A former GCHQ intern, Hasaan Arshad, has pleaded guilty to violating the Computer Misuse Act by transferring top-secret data from a secure GCHQ computer to his work phone. He then moved the data to a personal hard drive connected to his home PC. Arshad admitted to the unauthorized acts, which prosecutors say involved a "top secret" tool worth millions of pounds. The tool was developed using a "significant amount" of taxpayer money.

Arshad, a student at the University of Manchester, was arrested and his home searched in September 2022. While he claimed his actions stemmed from curiosity and a desire to further develop the software, the incident underscores the risk of insider threats. Cybersecurity experts highlight the need for organizations to implement strict access controls, restrict removable media, and manage mobile device capabilities in sensitive areas to prevent such breaches.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • DataBreaches.Net: Here’s today’s reminder of the insider threat (well, this, and the fact that U.S. government officials continue to deny any problem with discussing attack plans on Signal).
  • The Register - Security: Not exactly Snowden levels of skill A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.…
  • www.itpro.com: A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
Classification:

Posts

Blogs

Research Tools