APT actors are targeting certain ICS/SCADA devices and could gain full system access if undetected. We urge organizations to apply the detection and mitigation recommendations in our joint advisory to thwart this activity. nsa.gov/Press-Room/New
Follow
NSA Cyber
@NSACyber
We protect our nation’s most sensitive systems against cyber threats. Likes, retweets, and follows ≠ endorsement
nsa.gov/Cybersecurity/Joined November 2019
NSA Cyber’s Tweets
Quote Tweet
With the @FBI and @DOE_CESER, we issued an advisory on energy sector facility intrusions from 2011-2018: go.usa.gov/xzwBe
This historical info highlights the need to go Shields Up against this & other potential Russian state-sponsored activity: cisa.gov/shields-up
10
81
123
#WiCyS2022 is in-person and we’ll be there! NSA is proud to be a sponsor this year. Check us out at Booth 300 and mark your schedules to hear from our speakers during the conference. Read more here: nsa.gov/Press-Room/New #WomenInCybersecurity #SeeHerAsEqual
21
74
180
🛡 Shields Up! Russian state-sponsored actors have exploited default Multi-Factor Authentication (MFA) protocols. Make sure your MFA protocols are configured properly! Read our latest advisory w/ to defend your networks against this attack: go.usa.gov/xz5dc
read image description
ALT
9
184
222
Show this thread
Updates to our #Kubernetes Hardening Guide with are live! Thanks to all who reached out with feedback to help make the guidance more comprehensive — including more detailed info on logging and threat detection in addition to other clarifications.
18
140
200
⚠️ 's Conti #Ransomware advisory has recently been updated with new #IOCs! Review the latest information from our partners at go.usa.gov/xz87x. #Cybersecurity #InfoSec
5
119
129
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
In our latest #NSACyberSpeakerSeries video, host Dr. Josiah Dykstra speaks with #Ghidra developer Brian Knighton about the release of Ghidra and its journey over the past three years. Be sure to check out the video here:
28
37
82
On March 8th, our Cybersecurity Collaboration Center will release a new #NSACyberSpeakerSeries video featuring the open source #SRE tool. Find more episodes in the series here:
1
28
68
Show this thread
Thousands of cybersecurity students and network defenders have used #Ghidra to build and research current technologies since its release — head over to ghidra-sre.org to check it out.
44
93
253
Show this thread
Network infrastructure security is critical. Administrators can leverage our technical report to help prioritize next steps in their work to strengthen networks against adversary targeting attempts. nsa.gov/Press-Room/New
8
183
331
We issued an advisory with to help combat the WhisperGate and HermeticWiper malware which are being used to target organizations in Ukraine. Learn more about these threats and how to mitigate your risk: go.usa.gov/xzCGN #ShieldsUp
12
252
317
. and release advisory on destructive malware affecting organizations in Ukraine, along with recommendations and strategies to prepare for and respond to destructive malware. For more information see go.usa.gov/xzCG9. #ShieldsUp
6
243
382
Iranian MOIS cyber actors use various CVEs and open-source tools when targeting networks. Use the IOCs and top mitigations in the joint advisory from , , , and to hunt down and harden your networks. cisa.gov/uscert/ncas/cu
6
89
137
Quote Tweet
In a time of growing #cyber threats, do you know which steps to take against malicious actors? On 2/24 join the DoD CISO for the final Town Hall to discuss the critical actions your #DIB organization can take to protect itself. Join here: zoomgov.com/j/1602948310
read image description
ALT
4
18
53
25
183
269
Congratulations to for winning the 2021 NSA #CodebreakerChallenge! Great job to the 5,465 participants from 631 schools who participated in this year's challenge.nsa.gov/Press-Room/New
32
35
117
Cisco device admins should use password protection Type 8 whenever possible to keep their passwords secure. For details on the types available and issues with using weak encryption, read our best practices guide nsa.gov/Press-Room/New
22
188
374
A key pillar of our #cybersecurity mission is preventing and eradicating threats to both the Defense Industrial Base and National Security Systems — we encourage #DIB partners to join us and discuss cyber best practices at the upcoming town hall.
3
29
58
Over the last several years, Russian state-sponsored cyber actors have been targeting U.S. cleared defense contractors. Apply the mitigations in our joint cybersecurity guidance with & to reduce the risk of compromise by these threat actors. nsa.gov/Press-Room/New
32
190
291
It takes collaboration to secure Operational Technology. Morgan Adamski, Director of 's #Cybersecurity Collaboration Center, spoke with , , and about threats to these systems and how #Partnerships play a key role in securing them.
11
69
168
Ransomware incidents targeting critical infrastructure were on the rise in 2021. Protect against the threat using the joint cybersecurity guidance from , , , and to help reduce the risk of compromise. Read more here: nsa.gov/Press-Room/New
27
167
281
Great news! A new version of D3FEND is now available at d3fend.mitre.org. D3FEND enables other cyber professionals to tailor defenses against specific cyber threats and reduce a system's potential attack surface. Learn more about D3FEND here:
20
471
1,098
Last year showed we are committed to building and recruiting the next generation of cyber warriors! This year, we'll continue to build a diverse workforce with the skills to tackle our most complex issues. Learn more by reading our Year in Review: nsa.gov/Press-Room/Pre
0:23
2.4K views
6
30
53
Take a look at our 2021 NSA Cybersecurity Year in Review to learn more about our impact and what we have in store for the future: nsa.gov/Press-Room/Pre
0:29
9.3K views
13
86
166
VSATs may be targeted just like other networking tech. Keep your information secure by enabling transmission security, segmenting and encrypting communications, and keeping your VSAT hardware and firmware updated. nsa.gov/Press-Room/New
13
69
125
Minimize the risk of malicious PDFs affecting your environments. Our latest technical report includes updated #configuration recommendations for #Adobe Acrobat Reader—including for the newer cloud features. nsa.gov/Press-Room/New
20
107
186
We’re expanding our mission and authorities to better secure National Security Systems. Learn more:
43
132
261
⚠️ recommends network defenders review the Microsoft blog on destructive malware targeting Ukrainian organizations. go.usa.gov/xtWm2 #Cybersecurity #InfoSec
13
264
454
Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC. Attributed through
26
385
520
Show this thread
Take steps now to protect against the Russia cyber threat: Invest in logs and monitoring so you can hunt out malicious activity & minimize impacts if compromise occurs. Strengthen your networks by taking actions in our joint advisory with & . media.defense.gov/2022/Jan/11/20
13
169
286
Today is our Cybersecurity Collaboration Center’s one-year anniversary! We’ve accomplished so much over the past year, and we’re just getting started.
57
37
81
#1 Inventory your assets now, so you can stay on top of patches coming out. Start with internet exposed assets, but mitigate and update everything.
#2 Monitor and follow up. Malicious actors have been observed patching software they compromise to help retain control of the assets
Quote Tweet
Today, in partnership with industry & international partners, we issued a Joint Cybersecurity Advisory in response to #Log4j vulnerabilities. The advisory provides guidance to critical infrastructure, businesses, & governments to mitigate ongoing risk: go.usa.gov/xeuaf
14
104
196
Log4j vulnerabilities continue to be exploited–keep watch for updates from vendors. Read the advisory with , , , , & for a summary of the threats and mitigations to defend your IT and OT assets. media.defense.gov/2021/Dec/22/20
36
156
272
DNSA Neuberger and I published a message today with actions business leaders and IT managers can take to help promote a cyber incident-free holiday season. Read it here:
16
100
140
🚨 We issued Emergency Directive (ED) 22-02 in response to the Apache Log4j vulnerabilities. The ED requires action for federal civilian agencies to mitigate these vulnerabilities. We encourage all organizations to take similar steps: cisa.gov/emergency-dire
27
294
342
A secure 5G core infrastructure is only as strong as its foundation. Read Part IV of our 5G Cloud guidance with , through the Enduring Security Framework (ESF), for necessary mitigations to ensure 5G cloud infrastructure integrity. nsa.gov/Press-Room/New
20
68
108
#CodebreakerTechTip: Bugs, bugs, bugs! NIST’s National Vulnerability Database tracks CVEs and groups them by class. Check out the Common Weakness Enumeration Specification (CWE) for ideas, and then tackle Task 10.
22
25
68
We are working closely with our public and private sector partners and the #JCDC to proactively address a critical vulnerability in Log4J that is being widely exploited by a growing set of threat actors.
3
31
68
Show this thread