• EDUCATE
    EDUCATE

    ...our citizens to be cyber smart, and develop pathways for the future cyber workforce.

  • ENGAGE
    ENGAGE

    ...and convene partners to address emerging cyber and cryptologic issues.

  • COMMEMORATE
    COMMEMORATE

    ...our cryptologic history & those who served within the cryptologic community.

THE NCF VISION

Advance the nation’s interest in cyber and cryptology through leadership, education, and partnerships.

UPCOMING EVENTS

*** Remember to check out our "On This Date in History" calendar. See link below.

Saturday, May 4, 2024
8:30 am2:00 pm
TAC's TheLink, 7000 Columbia Gateway
Suite 150
Columbia, MD 21046
US

Thursday, October 3, 2024
Waverly Woods Golf Course
2100 Warwick Way
Mariottsville, MD 21104
US

Cybersecurity News (Week Ending 5 Jan 2018): Microchip Vulnerabilities Have Global Impact; Espionage Capabilities in Antivirus Software, DHS Data Breach, & more.

Cybersecurity News Bytes for the Week Ending 5 Jan 2018

Microprocessor Vulnerabilities Discovered; Major Impacts Worldwide

According to a 3 January report in Wired magazine and multiple media sources, security researchers have discovered a long-standing vulnerability in microprocessor chips which causes memory leaks outside running processes. That vulnerability in turn allows access to other items in core memory (e.g. passwords) leading to a potential compromise of system security. The vulnerability has existed for at least a decade, and resulted from the microprocessor industry’s efforts to increase processor speed. The vulnerability affects any computer, mobile device, server, or cloud architecture containing microprocessor chips from Intel, AMD and Arm Holdings, whose chips are found in most mobile phones. The hardware flaws are dubbed Meltdown and Spectre. Meltdown seems to be limited to Intel chips and allows access to the operating system’s core memory. This flaw can potentially be fixed with a software patch. Spectre, in contrast, can access running programs without a call to the operating system. This flaw will be harder to fix and may require equipment to be replaced. Nevertheless, Microsoft, Google, Apple, and Amazon have all applied patches to address the new vulnerabilities. SANS Institute has issued a helpful list of security guidance links. Wired, 3 Jan 2018; SANS ; and multiple media sources 3-5 Jan 2018.

Iran Blocks Social Media to Stifle Protests

The Iranian leadership has responded to recent nationwide protests by blocking access to the Internet on mobile networks. Starting on 30 December, the blocks have been primarily targeted at social media and messaging apps. Desktop connectivity and apps do not appear to be affected. Blocking mobile networks is a popular tool used by authoritarian governments whenever large public protests occur. The government of the Democratic Republic of Congo recently blocked mobile services ahead of anticipated protests, and similar efforts have been reported in Kashmir and Gabon. Motherboard

Ukrainian Security Service Foils Russian Cyber Attacks

Ukrainian press on 30 December described a recent report by the SBU (Ukrainian Security Service) concerning the large number of cyber attacks against Ukrainian government entities stopped by the SBU over the past year. The attacks, attributed to Russia, included phishing attacks, social engineering, and ransomware. Unian Information Agency

Security Researcher Demonstrates Espionage Capabilities in Antivirus Software

Cybersecurity researcher Patrick Wardle of Digita Security demonstrated how Kaspersky antivirus software can be tweaked to scan for and flag sensitive documents. Wardle’s approach takes advantage of a vulnerability in Microsoft Windows to manipulate Kaspersky’s AV software by adding a rule that scans documents for words or phrases associated with classified documents. He demonstrated the capability by inserting the classification caveat “TS/SCI” into a text of Winnie the Pooh. The tweaked AV software identified and quarantined the document as soon as Wardle saved it to his hard drive. New York Times, 1 Jan 2018

Cybersecurity May be Getting Better

A thought-provoking article in Infosecurity Magazine discusses trends in cyber threats over the past 20+ years and states that, despite the still-serious threats in cyberspace, enterprise security has actually improved. Cybersecurity professionals over the years have employed Security Operations Centers, improved business plans, and improved technology to deal with threats to operating systems, web browsers, and software plugins. The industry for the most part is now focused on the “smash and grab” tactics seen in ransomware attacks over the past couple of years. Author Gary Golomb of Awake Security points out that focusing on the positive trends in security as opposed to sensationalizing the latest data breach leads to a better understanding of where cybersecurity is today and what the trend lines tell us about the future. Infosecurity Magazine, 3 Jan 2018

NIST Looking for Industry Partners to Improve IoT Security

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) is inviting industry to demonstrate products and expertise for the “Mitigating IoT-based DDOS Building Block,” an initiative to improve security of the Internet of Things. Interested companies are invited to submit letters of interest and potentially enter into a consortium Cooperative Research and Development Agreement (CRADA) for the Mitigating IoT-based DDOS Building Block. Collaborative activities will begin as soon as enough letters of interest have been submitted. NCCoE is in Rockville, Maryland. Federal News Radio, 1 Jan 2018 and Federal Register

Georgia Breaks Ground on Addition to New Cybersecurity Center

On 3 January, the Governor of Georgia broke ground for a $35 million expansion to the new $60 million cybersecurity campus in Augusta which itself is still under construction. The campus is on the Savannah River and includes the Cyber Innovation and Training Center and an incubator hub. Classroom space, a cyber range, and an area designated for classified work are also in the works. Governor Nathan Deal said to expect additional expansion of the center as Georgia “has seized the opportunity to do something about cybersecurity.” The new facilities are expected to open in 2019. Atlanta Journal-Constitution, 3 Jan 2018

DHS Data Breach Affects almost 250,000 Employees and Non-Employees

A DHS Inspector General (IG) report issued on 3 January described a 2014 breach of the department’s investigative case management system. The breach was not the result of a cyber attack, but was found in the possession of a former DHS IG employee. The data contained non-specified personal information on over 247,000 employees and an unstated number of non-employees who were either interviewed by the IG or were the subjects of IG investigations. DHS is offering free credit monitoring services to those affected by the breach. NextGov, 3 Jan 2018

Visit our HOME PAGE

THIS MONTH on the

On This Day In History

Calendar

  • The first hire at SIS was Annie Louise Newkirk, hired as a cryptographic clerk. Interesting note, when a phone call came in for someone working in the vault room, Ms. Newkirk would buzz the back room using a Morse code equivalent for the first initial of the individual's name. In honor of Women's History Month - click to learn about more female cryptologic pioneers!

About Us

The NCF's Vision is to strengthen trust in the digital ecosystem.

The NCF Mission: Advance the nation’s interest in cyber and cryptology as we:

Educate citizens to be cyber smart individuals, 

Develop pathways for the future cyber and cryptologic workforce, 

Engage and convene partners to address emerging cyber and cryptologic issues and, 

Commemorate our cryptologic history and those who served. 

The Foundation provides exceptional cryptologic programs, encourages young minds to learn about cryptology and to explore cyber-related career opportunities, hosts educational, cryptology-related exhibits at various community events, and honors the people— past and present—whose contributions to our national security protect and make possible our way of life.

The NCF also provides needed support to the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a unique and priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCF has acquired rare and invaluable artifacts for the Museum and helps to support new educational and interactive exhibits.

The NCF is a 501(c)(3) organization.

Learn more about our MISSION, VISION, and VALUES.