Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.

This Report on the National Security Agency (NSA) and Department of Homeland Security (DHS) Program for the National Centers of Academic Excellence (CAE) in Information Assurance (IA) and Cyber Defense (CD) is in response to section 942 of The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2014 (Public Law 113-66).

ROSSLYN, VA. - The National Electrical Manufacturers Association (NEMA), on behalf of its Cybersecurity Council, published NEMA CPSP 1-2015 Supply Chain Best Practices, a white paper that addresses U.S. supply chain integrity throughout the product lifecycle.

Attached is the Broad Agency Announcement #BAA-004-15 for the FY 2015 Cyber Competition Awards. Proposal submissions shall be submitted via email to tmbenso@nsa.gov by the closing date & time provided in the BAA (14 May 2015, NLT 12:00 pm EST).

For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.

Recognizing our joint role in fostering best practices in Cybersecurity, we wanted to make everyone aware of the attached NSA/CSS guidelines for "Hardening Deployed Web Applications."