Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Authentication. Show all posts
SMTP servers
Authentication Cyber Security Cyber Threats Cybersecurity Dark Web Data Privacy email encryption email security Malware Distribution Phishing Attacks SMTP servers

New SMTP Cracking Tool for 2024 Sold on Dark Web Sparks Email Security Alarm

 

A new method targeting SMTP (Simple Mail Transfer Protocol) servers, specifically updated for 2024, has surfaced for sale on the dark web, sparking significant concerns about email security and data privacy.

This cracking technique is engineered to bypass protective measures, enabling unauthorized access to email servers. Such breaches risk compromising personal, business, and government communications.

The availability of this tool showcases the growing sophistication of cybercriminals and their ability to exploit weaknesses in email defenses. Unauthorized access to SMTP servers not only exposes private correspondence but also facilitates phishing, spam campaigns, and cyber-espionage.

Experts caution that widespread use of this method could result in increased phishing attacks, credential theft, and malware distribution. "Organizations and individuals must prioritize strengthening email security protocols, implementing strong authentication, and closely monitoring for unusual server activity," they advise.

Mitigating these risks requires consistent updates to security patches, enforcing multi-factor authentication, and using email encryption. The emergence of this dark web listing highlights the ongoing threats cybercriminals pose to critical communication systems.

As attackers continue to innovate, the cybersecurity community emphasizes vigilance and proactive defense strategies to safeguard sensitive information. This development underscores the urgent need for robust email security measures in the face of evolving cyber threats.
Read more »
Windows
Authentication CVE-2024-8260 Cyber Security NTLM OPA Patch relay Tenable Vulnerability Windows

Critical Flaw in Open Policy Agent Exposed NTLM Credentials, Patch Released

 

A now-resolved security vulnerability in Styra's Open Policy Agent (OPA) could have exposed New Technology LAN Manager (NTLM) hashes, potentially leading to credential leakage. If exploited, the flaw allowed attackers to capture the NTLM credentials of the OPA server’s local user account and send them to a remote server. From there, they could either crack the password or relay the authentication, according to a report by cybersecurity firm Tenable, shared with The Hacker News.

The vulnerability, identified as CVE-2024-8260 and classified as a Server Message Block (SMB) force-authentication flaw, affected both the Command Line Interface (CLI) and the Go software development kit (SDK) on Windows. The issue arose from improper input validation, enabling unauthorized access by leaking the Net-NTLMv2 hash of the logged-in user on the Windows device running OPA.

Exploiting this vulnerability required specific conditions: the victim had to initiate outbound SMB traffic over port 445, gain an initial foothold through social engineering, or run the OPA CLI using a Universal Naming Convention (UNC) path rather than a Rego rule file.

Tenable security researcher Shelly Raban explained that when a Windows machine accesses a remote share, it sends the NTLM hash of the local user to authenticate to the remote server. Attackers can capture these credentials to perform relay attacks or crack the password offline. Following the responsible disclosure in June 2024, the issue was patched in version 0.68.0, released on August 29, 2024.

Tenable emphasized the importance of securing open-source projects to avoid exposing vendors and users to potential threats. The disclosure of this vulnerability coincides with Akamai's revelation of a privilege escalation flaw (CVE-2024-43532) in Microsoft's Remote Registry Service, which also involved NTLM relay attacks.

Microsoft, in response to NTLM vulnerabilities, reiterated its commitment to replace NTLM with Kerberos in Windows 11 to enhance authentication security.
Read more »
Threat Detection
2024 Authentication Cyber Fraud CyberCrime Cybersecurity Mamba 2FA MFA phishing phishing-as-a-service SEKOIA Telegram Threat Detection

Mamba 2FA Emerges as a New Threat in Phishing Landscape

 

In the ever-changing landscape of phishing attacks, a new threat has emerged: Mamba 2FA. Discovered in late May 2024 by the Threat Detection & Research (TDR) team at Sekoia, this adversary-in-the-middle (AiTM) phishing kit specifically targets multi-factor authentication (MFA) systems. Mamba 2FA has rapidly gained popularity in the phishing-as-a-service (PhaaS) market, facilitating attackers in circumventing non-phishing-resistant MFA methods such as one-time passwords and app notifications.

Initially detected during a phishing campaign that imitated Microsoft 365 login pages, Mamba 2FA functions by relaying MFA credentials through phishing sites, utilizing the Socket.IO JavaScript library to communicate with a backend server. According to Sekoia's report, “At first, these characteristics appeared similar to the Tycoon 2FA phishing-as-a-service platform, but a closer examination revealed that the campaign utilized a previously unknown AiTM phishing kit tracked by Sekoia as Mamba 2FA.” 

The infrastructure of Mamba 2FA has been observed targeting Entra ID, third-party single sign-on providers, and consumer Microsoft accounts, with stolen credentials transmitted directly to attackers via Telegram for near-instant access to compromised accounts.

A notable feature of Mamba 2FA is its capacity to adapt to its targets dynamically. For instance, in cases involving enterprise accounts, the phishing page can mirror an organization’s specific branding, including logos and background images, enhancing the believability of the attack. The report noted, “For enterprise accounts, it dynamically reflects the organization’s custom login page branding.”

Mamba 2FA goes beyond simple MFA interception, handling various MFA methods and updating the phishing page based on user interactions. This flexibility makes it an appealing tool for cybercriminals aiming to exploit even the most advanced MFA implementations.

Available on Telegram for $250 per month, Mamba 2FA is accessible to a broad range of attackers. Users can generate phishing links and HTML attachments on demand, with the infrastructure shared among multiple users. Since its active promotion began in March 2024, the kit's ongoing development highlights a persistent threat in the cybersecurity landscape.

Research from Sekoia underscores the kit’s rapid evolution: “The phishing kit and its associated infrastructure have undergone several significant updates.” With its relay servers hosted on commercial proxy services, Mamba 2FA effectively conceals its true infrastructure, thereby minimizing the likelihood of detection.

Read more »
Vulnerabilities and Exploits
Authentication Data Management Ivanti Security Updates Vulnerabilities and Exploits

Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager


 

Ivanti, a leading company in network and security solutions, has issued urgent security updates to address a critical vulnerability in its Virtual Traffic Manager (vTM). The flaw, identified as CVE-2024-7593, carries an alarming severity with a CVSS score of 9.8 out of 10, signalling its potential risk to users.

Authentication Bypass Could Lead to Rogue Admin Access

The vulnerability arises from an incorrect implementation of the authentication algorithm in Ivanti vTM, excluding specific versions (22.2R1 and 22.7R2). This flaw allows remote attackers to bypass authentication processes, enabling them to create unauthorized administrative users. This could grant cybercriminals full control over the management interface, posing daunting risks to the affected systems.

Affected Versions and Immediate Actions

The vulnerability impacts several versions of Ivanti vTM, including 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1. Ivanti has responded by releasing patched versions—22.2R1, 22.7R2, and upcoming fixes for 22.3R3, 22.5R2, and 22.6R2, expected during the week of August 19, 2024. As a temporary measure, the company recommends that users limit admin access to the management interface or restrict it to trusted IP addresses to mitigate the risk of unauthorised access.

Despite no confirmed incidents of this vulnerability being exploited in the wild, the availability of a proof-of-concept (PoC) code increases the urgency for users to apply the latest patches to safeguard their systems.

Additional Vulnerabilities Addressed in Neurons for ITSM

In addition to the vTM flaw, Ivanti has also patched two serious vulnerabilities in its Neurons for ITSM product. The first, CVE-2024-7569, is an information disclosure vulnerability with a CVSS score of 9.6. It affects Ivanti ITSM on-premises and Neurons for ITSM versions 2023.4 and earlier, allowing attackers to obtain sensitive information, including OIDC client secrets, through debug data.

The second flaw, CVE-2024-7570, rated 8.3 on the CVSS scale, involves improper certificate validation. This vulnerability enables a remote attacker in a man-in-the-middle (MITM) position to craft a token that could grant unauthorised access to the ITSM platform as any user. These issues have been resolved in the latest patched versions of 2023.4, 2023.3, and 2023.2.

Further adding to the urgency, Ivanti has also addressed five high-severity vulnerabilities (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, and CVE-2024-37373) in its Avalanche product. These flaws could potentially lead to denial-of-service (DoS) conditions or even remote code execution if exploited. Users are strongly advised to update to version 6.4.4, which includes fixes for these issues.

These security updates highlight the critical practicality of staying current with patches and updates, especially for systems as vital as traffic management and IT service management platforms. Ivanti's quick response to these vulnerabilities is crucial in helping organisations protect their digital infrastructure from potentially devastating attacks. Users are urged to implement the recommended updates without delay to combat any risks posed by these newly discovered flaws.


Read more »
Password Hacking
Authentication Cyber Security Google security hardware vulnerabilities Passkey Security Passkeys Password Hacking

Why Passkeys Are the Future of Digital Authentication

 

Passwords have been a fundamental aspect of digital security for years, but they come with significant drawbacks. They are not only a hassle to remember but also vulnerable to various hacking techniques. Passkeys have emerged as a robust alternative, offering a more secure and user-friendly approach to account authentication. This new method utilizes your device, such as a smartphone or laptop, as an authenticator, employing either a PIN or biometric verification like fingerprint or facial recognition. 

The primary advantage of passkeys is that they eliminate the need for passwords entirely. This reduces the risk of phishing attacks, as there is no password for hackers to steal or guess. Additionally, passkeys are tied to the user’s device, making unauthorized access much more difficult. Without passwords to remember, users can enjoy a more streamlined and secure login experience. Major tech companies are already supporting the adoption of passkeys. For instance, setting up passkeys on a Google account involves visiting the Google Passkeys page and configuring the passkey with your device. Microsoft accounts can similarly be secured with Windows Hello or a PIN. Apple integrates passkeys with iCloud Keychain, making it easy for users to transition. These companies are not alone. Other platforms like Amazon, Adobe, Discord, eBay, GitHub, LinkedIn, Shopify, and WhatsApp have also embraced passkeys. 

This widespread support highlights the growing recognition of passkeys as the future of digital security. One concern with passkeys is the potential for losing access if the device is lost. Fortunately, most major tech companies allow passkeys to be synced across devices or securely stored in the cloud with end-to-end encryption. This means that users can restore their passkeys on a new device if their original one is lost. 

However, if a hardware security key is lost and not backed up, access to accounts could be permanently lost. Despite these concerns, device-based authentication is inherently secure. Modern devices are equipped with advanced security measures that make unauthorized access extremely difficult. Even if a device is stolen, the thief would need to bypass biometric or PIN verification to access sensitive information. Passkeys are stored in a Trusted Platform Module (TPM), ensuring that they are securely protected. In summary, passkeys represent a significant advancement in digital security. 

They offer a more secure, user-friendly alternative to traditional passwords, addressing many of the vulnerabilities associated with password-based authentication. As more services and devices adopt this technology, passkeys are poised to become the standard for secure online access. This shift not only enhances security but also simplifies the user experience, making it easier for individuals to protect their digital identities.
Read more »
Vulnerabilities and Exploits
5G networks Authentication Dos Attacks Penn State University Vulnerabilities and Exploits

5G Vulnerabilities Expose Mobile Devices to Serious Threats

 


Researchers from Penn State University have uncovered critical vulnerabilities in 5G technology that put mobile devices at risk. At the upcoming Black Hat 2024 conference in Las Vegas, they will reveal how attackers can exploit these weaknesses to steal data and launch denial of service (DoS) attacks. These findings highlight a pressing need for improved security measures in 5G networks.

Step 1: Fake Base Station Setup

The first step in the attack involves setting up a fake base station. When a mobile device attempts to connect to a network, it undergoes an authentication and key agreement (AKA) process with the base station. However, while the base station verifies the device, the device does not initially verify the base station. This oversight allows attackers to exploit the system.

Base stations continuously broadcast "sib1" messages to announce their presence. These messages are transmitted in plaintext without any security mechanisms, making it impossible for devices to distinguish between legitimate and fake towers. According to Syed Rafiul Hussain, an assistant professor at Penn State, these messages lack authentication, which is a significant security flaw.

Creating a fake tower is surprisingly easy. Attackers can use a software-defined radio (SDR) to mimic a real base station. Kai Tu, a research assistant at Penn State, notes that SDRs are readily available online for a few hundred dollars. While high-end SDRs can cost tens of thousands of dollars, inexpensive models are sufficient for setting up a fake base station. 

Step 2: Exploiting AKA Vulnerabilities

Once the fake tower attracts a device, attackers can exploit vulnerabilities in the AKA process. In one widely-used mobile processor, researchers discovered a mishandled security header that allows attackers to bypass the AKA process entirely. This processor is found in many devices produced by two major smartphone manufacturers, whose names have been withheld for confidentiality reasons.

After bypassing AKA, attackers can send a malicious "registration accept" message to establish a connection with the victim's device. This connection allows the attacker to monitor unencrypted internet activity, send spear phishing SMS messages, and redirect the victim to malicious websites. Additionally, attackers can determine the device's location and execute DoS attacks.

Securing 5G Networks

The Penn State researchers have reported these vulnerabilities to mobile vendors, who have since released patches. However, a more comprehensive solution involves securing 5G authentication. Hussain suggests using public key infrastructure (PKI) to ensure the authenticity of broadcast messages. Implementing PKI is challenging and expensive, requiring updates to all cell towers and addressing non-technical issues like establishing a root certificate authority.

Despite these challenges, the lack of authentication for initial broadcast messages remains a critical vulnerability in 5G systems. As Hussain explains, these messages are sent in milliseconds, and adding cryptographic mechanisms would increase computational overhead and potentially slow down performance. Consequently, performance incentives often outweigh security concerns.

The Penn State research deems how pivotal the need for improved security in 5G networks is. Until such measures are in place, mobile devices will remain vulnerable to data theft and DoS attacks through fake base stations and other means. As Hussain aptly puts it, the lack of authentication in initial broadcast messages is "the root of all evil" in this context.


Read more »
Online Security
Authentication Cyber Phishing Data Breach ISO MOAB Online Security

Massive Data Breach Sends Shockwaves Through Businesses

 



A colossal breach of data has rattled the digital world affecting billions of users across various platforms and organisations. This vile breach, dubbed the "mother of all breaches" (MOAB), has exposed a staggering 26 billion entries, including those from LinkedIn, Twitter, Dropbox, and others. Government agencies in several countries have also been hit.

The implications for businesses are imminent. The leaked data, totaling 12 terabytes, poses an ongoing threat to personal information and corporate security. It not only comprises information from past breaches but also includes new data, providing cybercriminals with a comprehensive toolkit for orchestrating various cyberattacks, including identity theft.

In response to this unprecedented threat, businesses are urged to adopt a proactive stance in monitoring their infrastructure. Key signals to watch for include unusual access scenarios, suspicious account activity, a surge in phishing attempts, abnormal network traffic, an increase in helpdesk requests, and customer complaints about unauthorised access or suspicious transactions.

This incident underscores the need for a new security paradigm, where companies prioritise user security over user experience. While some may resist this shift, it is essential for long-term protection against cyber threats. Implementing global security standards such as ISO/IEC 27001 and enhancing authentication policies are crucial steps in fortifying defences.

Authentication measures like multi-factor authentication and liveness detection technology are rapidly gaining traction as the go-to standards across industries. These methods not only reinforce security but also seamlessly integrate into user experiences, striking a delicate balance between safeguarding sensitive data and ensuring user convenience. By embracing these sophisticated authentication techniques, businesses can erect formidable defences against cyber threats while enhancing overall user satisfaction.

The recent MOAB incident serves as a sign of trouble for businesses worldwide to bolster their defence mechanisms and hone their cyber acumen. While the paramountcy of data security cannot be overstated, it is equally crucial for companies, particularly those engaging with consumers directly, to uphold user-friendly processes. By harmonising stringent security measures with intuitive and accessible procedures, businesses can adeptly traverse the complex system of cybersecurity, instilling trust among stakeholders and effectively mitigating potential risks in a rampant semblance of digital development.

To get a hold of the events, the MOAB data breach underlines the exponential need for businesses to invest in robust security measures while ensuring a smooth user experience. By staying a step ahead and proactive, companies can mitigate the risks posed by cyber threats and safeguard their customers' sensitive information.


Read more »
WhatsApp updates
Authentication Mobile Security user data security WhatsApp WhatsApp security features WhatsApp updates

WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

 

In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further emphasizing its commitment to safeguarding user conversations. 

Additionally, WhatsApp has released utilities such as chat lock and app lock to enhance chat security and privacy. One notable feature is chat lock, which allows users to hide private conversations from the main chat lists. By enabling chat lock on a per-conversation basis, users can ensure that sensitive chats remain secure. When activated, users are prompted for biometric authentication, either through face or fingerprint recognition, before accessing locked chats. For users who require comprehensive protection for all their chats, WhatsApp offers app lock functionality. 

This feature, available at a device level on certain Android skins by major OEMs, allows users to secure the entire app with biometric authentication or device passcodes. Recently, in the latest WhatsApp beta version 2.24.6.20, the app's app lock feature underwent significant enhancements. According to findings by WABetaInfo, app lock is expanding to include additional authentication methods beyond just biometric fingerprint recognition. 

The update will introduce options such as face unlock and device passcodes, providing users with more flexibility in securing their chats. The inclusion of multiple authentication methods serves as a backup for fingerprint authentication, ensuring accessibility even in scenarios where fingerprint recognition may not be feasible. 

For example, users wearing gloves can still unlock the app using alternative methods. Moreover, the expansion of authentication options enhances accessibility for users who may face limitations with certain authentication methods. While the introduction of new authentication methods represents a significant improvement to WhatsApp's app lock feature, users are advised to exercise caution when installing the latest beta version. The current beta release may be prone to crashes, potentially compromising the app's core functionality. 

Therefore, it is recommended to await a wider release before attempting to access the new features. In conclusion, WhatsApp's dedication to user privacy and security is evident through its continuous efforts to enhance encryption and introduce innovative security features. The expansion of authentication methods for the app lock feature underscores WhatsApp's commitment to providing users with robust security options while maintaining accessibility and ease of use.
Read more »
Zero Trust
Active Directory Authentication Compromised Passwords Cyber Security Cybersecurity Least Privilege Multi-factor authentication Network Security Password Security Security Zero Trust

Implementing Zero Trust Principles in Your Active Directory

 

In the past, many organizations relied on secure perimeters to trust users and devices. However, this approach is no longer viable with the geographical dispersion of workers and the need for access from various locations and devices. End-users now require access to corporate systems and cloud applications outside traditional work boundaries, expecting seamless and fast authentication processes.

Consequently, numerous organizations have adopted a zero-trust model to verify users accessing their data, recognizing Active Directory as a critical component of network authentication. Ensuring the security of credentials stored within Active Directory is paramount, prompting the question of how zero trust principles can be applied to maintain security.

The zero trust model, characterized by the principle of "never trust, always verify," requires authentication and authorization of every user, device, and network component before accessing resources or data. Implementing this model involves constructing a multi-layered security framework encompassing various technologies, processes, and policies.

One fundamental step in securing Active Directory environments is enforcing the principle of least privilege, which restricts privileges to the minimum necessary for individuals or entities to perform their tasks. This mitigates the risks associated with privileged accounts, reducing the potential impact of security breaches or insider threats.

Implementing a zero trust model also entails granting elevated privileges, such as admin rights, only when necessary and for limited durations. Techniques for achieving "just-in-time" privilege escalation include the ESAE (Red Forest) model and temporary admin accounts.

Additionally, employing multi-factor authentication (MFA) for password resets enhances security by adding extra layers of authentication beyond passwords. This mitigates vulnerabilities in password reset processes, which are often targeted by hackers through social engineering tactics.

Moreover, scanning for compromised passwords is crucial for enhancing password security. Despite the implementation of zero trust principles, passwords remain vulnerable to various attacks such as phishing and data breaches. Continuous scanning for compromised passwords and promptly blocking them in Active Directory helps prevent unauthorized access to sensitive data and systems.

Specops Password Policy offers a solution for scanning and blocking compromised passwords, ensuring network protection from real-world password attacks. By integrating such services, organizations can enhance their password security measures and adapt them to their specific needs.

Solutions like Specops Software provide valuable tools and support through demos or free trials for organisations seeking to bolster their Active Directory security and password policies.
Read more »
Vulnerabilities and Exploits
Authentication Data security software Financial Loss MFA Microsoft OAuth Third Party Apps Vulnerabilities and Exploits

OAuth App Abuse: A Growing Cybersecurity Threat

User data security has grown critical in an era of digital transactions and networked apps. The misuse of OAuth applications is a serious danger that has recently attracted attention in the cybersecurity field.

OAuth (Open Authorization) is a widely used authentication protocol that allows users to grant third-party applications limited access to their resources without exposing their credentials. While this technology streamlines user experiences and enhances efficiency, cybercriminals are finding innovative ways to exploit its vulnerabilities.

Recent reports from security experts shed light on the alarming surge in OAuth application abuse attacks. Money-grubbing cybercriminals increasingly leverage these attacks to compromise user accounts, with potentially devastating consequences. The attackers often weaponize OAuth apps to gain unauthorized access to sensitive information, leading to financial losses and privacy breaches.

One significant event that underscores the severity of this threat is the widespread targeting of Microsoft accounts. Cyber attackers have honed in on the popularity and ubiquity of Microsoft services, using OAuth app abuse as a vector for their malicious activities. This trend poses a serious challenge to both individual users and organizations relying on Microsoft's suite of applications.

According to a report, the attackers exploit vulnerabilities in OAuth applications to manipulate the authorization process. This allows them to masquerade as legitimate users, granting them access to sensitive data and resources. The consequences of such attacks extend beyond financial losses, potentially compromising personal and corporate data integrity.

The financial motivation behind these cybercrimes, emphasizes the lucrative nature of exploiting OAuth vulnerabilities. Criminals are driven by the potential gains from unauthorized access to user accounts, emphasizing the need for heightened vigilance and proactive security measures.

Dark Reading further delves into the evolving tactics of these attackers, emphasizing the need for a comprehensive cybersecurity strategy. Organizations and users must prioritize measures such as multi-factor authentication, continuous monitoring, and regular security updates to mitigate the risks associated with OAuth application abuse.

The increasing misuse of OAuth applications is a turning point in the continuous fight against cyberattacks. The strategies used by cybercriminals also change as technology does. People and institutions must remain knowledgeable, implement strong security procedures, and work together to protect the digital environment from these new dangers. According to the proverb, "An ounce of prevention is worth a pound of cure."
Read more »
Overheating
Ads Authentication Cyber Security Data Privacy Data Usage Google Pixel Phones iPhone NordVPN Overheating

Detecting Mobile Hacks: Signs and Solutions

The possibility of getting hacked is a worrying reality in a time when our lives are inextricably linked to our smartphones. Hackers' strategies, which are always looking for ways to take advantage of weaknesses, also evolve along with technology. Thankfully, it is possible to determine whether unauthorized access has been gained to your phone.

1. Unusual Behavior:

If your phone starts exhibiting unusual behavior, such as sudden battery drains, sluggish performance, or unexpected shutdowns, it could be a sign of a breach. According to Tom's Guide, these anomalies may indicate the presence of malware or spyware on your device, compromising its functionality.

2. Data Usage Spikes:

Excessive data usage is another red flag. A sudden spike in data consumption without any change in your usage patterns could signify a compromise. NordVPN emphasizes that certain malware operates in the background, quietly sending your data to unauthorized sources, leading to increased data usage.

3. Strange Pop-ups and Ads:

Pop-ups and ads that appear out of the blue, especially when your phone is idle, may be indicative of a hack. Business Insider notes that these intrusions often result from malicious software attempting to generate revenue for hackers through ad clicks.

4. Unrecognized Apps and Permissions:

TechPP advises users to regularly check for unfamiliar apps on their phones. If you notice apps that you didn't download or don't remember installing, it's a clear sign that your phone's security may have been compromised. Additionally, scrutinize app permissions to ensure they align with the app's functionality.

5. Overheating:

An overheating phone can be a symptom of hacking. Unexplained overheating may indicate that malicious processes are running in the background. If your phone feels unusually hot, it's worth investigating further.

6. Sudden Password Changes:

If you find that your passwords have been changed without your knowledge, it's a serious cause for concern. This could signify a hacker gaining unauthorized access to your accounts. NordVPN emphasizes the importance of immediate action to secure your accounts and change passwords if you suspect foul play.

It's essential to be watchful and proactive to protect your phone from any hackers. Observe the recommendations given by reliable sources regularly. Recall that reducing the effect of a security compromise requires quick identification and action. Our knowledge of and protections against the constant threat of mobile phone hacking should advance along with technology.


Read more »
Windows
Authentication BlackWing Experience Fingerprint Google Microsoft Hello Fingerprint ID Password Laptops Privacy Tools Social Media Vulnerabilities and Exploit Windows

Laptops with Windows Hello Fingerprint Authentication Vulnerable

 


Microsoft’s Windows Hello security, which offers a passwordless method of logging into Windows-powered machines may not be as secure as users think. Microsoft Windows Hello fingerprint authentication was evaluated for security over its fingerprint sensors embedded in laptops. This led to the discovery of multiple vulnerabilities that would allow a threat actor to bypass Windows Hello Authentication completely. 

As reported by Blackwing Intelligence in a blog post, Microsoft's Offensive Research and Security Engineering (MORSE) had asked them to conduct an assessment of the security of the three top fingerprint sensors embedded in laptops, in response to a recent request. 

There was research conducted on three laptops, the Dell Inspiron 15, the Lenovo ThinkPad T14, and the Microsoft Surface Pro Type Cover with Fingerprint ID, which were used in the study. It was discovered that several vulnerabilities in the Windows Hello fingerprint authentication system could be exploited by researchers working on the project.

In addition, The document also reveals that the fingerprint sensors used in Lenovo ThinkPad T14, Dell Inspiron 15, Surface Pro 8 and X tablets made by Goodix, Synaptics, and ELAN were vulnerable to man-in-the-middle attacks due to their underlying technology. 

A premier sensor enabling fingerprint authentication through Windows Hello is not as secure as manufacturers would like. It has been discovered that there are several security flaws in many fingerprint sensors used in many laptops that are compatible with the Windows Hello authentication feature due to the use of outdated firmware. 

It was discovered by researchers at Blackwing Intelligence, a company that conducts research into the security, offensive capabilities, and vulnerability of hardware and software products. The researchers found weaknesses in fingerprint sensors embedded in the devices from Goodix, Synaptics, and ELAN, all of which are manufactured by these manufacturers. 

Using fingerprint reader exploits requires users to already have fingerprint authentication set up on their targeted laptops so that the exploits can work. Three fingerprint sensors in the system are all part of a type of sensor that is known as "match on chip" (MoC), which includes all biometric management functions in the integrated circuit of the sensor itself.

Concept Of Vulnerability Match On Chip As reported by Cyber Security News, this vulnerability is due to a flaw within the concept of the "match on chip" type sensors. Microsoft removed the option of storing some fingerprint templates on the host machine and replaced it with a "match on chip" sensor.  This means that the fingerprint templates are now stored on the chip, thus potentially reducing the concern that fingerprints might be exfiltrated from the host if the host becomes compromised, which could compromise the privacy of your data. 

Despite this, this method has a downside as it does not prevent malicious sensors from spoofing the communication between the sensor and the host, so in this case, an authorized and authenticated user who is using the sensor can easily be fooled. 

There have been several successful attempts at defeating Windows Hello biometric-based authentication systems in the past, but this isn't the first time. This month, Microsoft released two patches (CVE-2021-34466, CVSS score: 6.1), aimed at patching up a security flaw that was rated medium severity in July 2021, and that could allow an adversary to hijack the login process by spoofing the target's face. 

The validity of Microsoft's statement as to whether they will be able to find a fix for the flaws is still unclear; however, this is not the first time Windows Hello, a biometric-based system, has been the victim of attacks. A proof of concept in 2021 showed that by using an infrared photo of a victim with the facial recognition feature of Windows Hello, it was possible to bypass the authentication method. Following this, Microsoft fixed the issue to prevent the problem from occurring again.
Read more »
Sensitive Information
23andMe 2FA Authentication DNA MFA Privacy Sensitive Information

Genetic Data Security Strengthened with Two-Factor Authentication

Data security is a major worry in this era of digitization, particularly with regard to sensitive data like genetic information. Major genetic testing companies have recently strengthened the security of their users' data by making two-factor authentication (2FA) the standard security feature.

The move comes in response to the growing importance of safeguarding the privacy and integrity of genetic information. The decision to make 2FA the default setting represents a proactive approach to address the evolving landscape of cybersecurity threats. This move has been widely applauded by experts, as it adds an extra layer of protection to user accounts, making unauthorized access significantly more challenging.

MyHeritage, in a recent blog post, highlighted the importance of securing user accounts and detailed the steps users can take to enable 2FA on their accounts. The blog emphasized the user-friendly nature of the implementation, aiming to encourage widespread adoption among its customer base.

Similarly, 23andMe has also taken strides in enhancing customer security by implementing 2-step verification. Their official blog outlined the benefits of this added layer of protection, assuring users that their genetic data is now even more secure. The company addressed the pressing issue of data security concerns in a separate post, reaffirming their commitment to protecting user information and staying ahead of potential threats.

The move towards default 2FA by these genetic testing giants is not only a response to the current cybersecurity landscape but also an acknowledgment of the increasing value of genetic data. As the popularity of DNA testing services continues to grow, so does the need for robust security measures to safeguard the sensitive information these companies handle.

Users are encouraged to take advantage of these enhanced security features and to stay informed about best practices for protecting their genetic data. The implementation of default 2FA by industry leaders sets a positive precedent for other companies in the field, emphasizing the shared responsibility of securing sensitive information in an increasingly interconnected world.

Ensuring the security and privacy of genetic data has advanced significantly with organizations implementing two-factor authentication by default. This action demonstrates the industry's dedication to staying ahead of possible risks and giving consumers the resources they need to safeguard their private data.


Read more »
User Privacy
Authentication Big Tech Cyber Security Data Privacy Laws Digital Privacy E Commerce Government of India Indian Market Privacy Act Tech Companies User Privacy

India's DPDP Act: Industry's Compliance Challenges and Concerns

As India's Data Protection and Privacy Act (DPDP) transitions from proposal to legal mandate, the business community is grappling with the intricacies of compliance and its far-reaching implications. While the government maintains that companies have had a reasonable timeframe to align with the new regulations, industry insiders are voicing their apprehensions and advocating for extensions in implementation.

A new LiveMint report claims that the government claims businesses have been given a fair amount of time to adjust to the DPDP regulations. The actual situation, though, seems more nuanced. Industry insiders,emphasize the difficulties firms encounter in comprehending and complying with the complex mandate of the DPDP Act.

The Big Tech Alliance, as reported in Inc42, has proposed a 12 to 18-month extension for compliance, underscoring the intricacies involved in integrating DPDP guidelines into existing operations. The alliance contends that the complexity of data handling and the need for sophisticated infrastructure demand a more extended transition period.

An EY study, reveals that a majority of organizations express deep concerns about the impact of the data law. This highlights the need for clarity in the interpretation and application of DPDP regulations. 

In another development, the IT Minister announced that draft rules under the privacy law are nearly ready. This impending release signifies a pivotal moment in the DPDP journey, as it will provide a clearer roadmap for businesses to follow.

As the compliance deadline looms, it is evident that there is a pressing need for collaborative efforts between the government and the industry to ensure a smooth transition. This involves not only extending timelines but also providing comprehensive guidance and support to businesses navigating the intricacies of the DPDP Act.

Despite the government's claim that businesses have enough time to get ready for DPDP compliance, industry opinion suggests otherwise. The complexities of data privacy laws and the worries raised by significant groups highlight the difficulties that companies face. It is imperative that the government and industry work together to resolve these issues and enable a smooth transition to the DPDP compliance period.

Read more »
Sensitive Information
1Password Manager Authentication Data Breach Digital Landscape Multi-Factor Authentication (MFA) Okta Passwords Sensitive Information

1Password's Swift Response to Okta Data Breach

Prominent password manager provider 1Password has shown excellent reaction and transparency following the recent Okta data leak issue. The breach forced 1Password to take measures to protect its users' security after it affected multiple organizations and possibly exposed sensitive user data.

1Password, a widely trusted password manager, has detected suspicious activity related to the Okta breach. The company acted promptly to mitigate any potential risks to its users. This incident highlights the critical role password managers play in safeguarding personal information in an increasingly interconnected digital landscape.

The Okta data breach in late October exposed a substantial amount of sensitive information, including usernames, passwords, and other authentication credentials. This incident raised alarms across the cybersecurity community, as Okta serves as an identity and access management provider for numerous organizations.

1Password's swift response sets an example for other online services in handling such incidents. The company has confirmed that all logins are secure and has implemented additional security measures to fortify its users' accounts. This includes enhanced monitoring for any suspicious activity and immediate alerts for any potential compromise.

1Password has a history of prioritizing user security, and this recent incident demonstrates their commitment to upholding the trust placed in them by millions of users worldwide. It serves as a reminder of the importance of using reputable password managers to fortify one's online security.

In light of this breach, it is recommended that users take proactive steps to further secure their accounts. This may include enabling multi-factor authentication, regularly updating passwords, and monitoring accounts for any unusual activity.

1Password's commitment to user security is demonstrated by its prompt and resolute reaction to the Okta data incident. It is impossible to overestimate the significance of strong password management given how quickly the digital world is changing. To protect their online identities, users are urged to exercise caution and take preventative action.

Read more »
Windows 7
2FA Authentication Bank Data Leak Cyber Security IT Network Malicious actor Microsoft Protocols Supply Chain Platform UK Government Vulnerability and Exploits. Windows 7

UK Military Data Breach via Outdated Windows 7 System

A Windows 7 machine belonging to a high-security fencing company was the stunning weak link in a shocking cybersecurity incident that exposed vital military data. This hack not only underlines the need for organizations, including those that don't seem to be in the military industry, to maintain strong digital defenses, but it also raises questions about the health of cybersecurity policies.

The attack was started by the LockBit ransomware organization, which targeted Zaun, the high-security fencing manufacturer, according to reports from TechSpot and CPO Magazine. The attackers took advantage of a flaw in the Windows 7 operating system, which Microsoft no longer officially supports and as a result, is not up to date with security patches. This emphasizes the dangers of employing old software, especially in crucial industries.

The compromised fencing company was entrusted with safeguarding the perimeters of sensitive military installations in the UK. Consequently, the breach allowed the attackers to access vital data, potentially compromising national security. This incident underscores the importance of rigorous cybersecurity measures within the defense supply chain, where vulnerabilities can have far-reaching consequences.

The breach also serves as a reminder that cybercriminals often target the weakest links in an organization's cybersecurity chain. In this case, it was a legacy system running an outdated operating system. To mitigate such risks, organizations, especially those handling sensitive data, must regularly update their systems and invest in robust cybersecurity infrastructure.

As investigations continue, the fencing company and other organizations in similar positions need to assess their cybersecurity postures. Regular security audits, employee training, and the implementation of the latest security technologies are critical steps in preventing such breaches.

Moreover, the incident reinforces the need for collaboration and information sharing between the public and private sectors. The government and military should work closely with contractors and suppliers to ensure that their cybersecurity practices meet the highest standards, as the security of one entity can impact many others in the supply chain.

The breach of military data through a high-security fencing firm's Windows 7 computer serves as a stark reminder of the ever-present and evolving cybersecurity threats. It highlights the critical importance of keeping software up to date, securing supply chains, and fostering collaboration between various stakeholders. 

Read more »
Tips
Authentication Cloud Defense Cyber Security Fraud MFA Multi-Factor Authentication (MFA) Online phishing Phishing Prevention Prevention Privacy Protection Scams Security Tips

Defend Against Phishing with Multi-Factor Authentication

 

Phishing has been a favored attack vector for threat actors for nearly three decades, and its utilization persists until it loses its effectiveness. The success of phishing largely hinges on exploiting the weakest link in an organization's cybersecurity chain—human behavior.

“Phishing is largely the same whether in the cloud or on-prem[ise], in that it’s exploiting human behavior more than it’s exploiting technology,” said Emily Phelps, director at Cyware.

These attacks primarily aim to pilfer credentials, granting threat actors unfettered access within an organization's infrastructure. Yet, successful cloud-based phishing assaults might be more intricate due to the nuanced ownership of the environment.

Phelps explained that in an on-premise scenario, a compromised ecosystem would be under the jurisdiction of an organization's security and IT team. However, in the cloud—like AWS or Azure—a breached environment is managed by respective organizations yet ultimately owned by Amazon or Microsoft.

Cloud Emerges as the Preferred Phishing Arena

As an increasing number of applications gravitate toward cloud computing, threat actors are unsurprisingly drawn to exploit this realm. Palo Alto Networks Unit 42's report unveiled a staggering 1100% surge in newly identified phishing URLs on legitimate SaaS platforms from June 2021 to June 2022.

The report delineated a tactic where visitors to legitimate web pages are enticed to click a link directing them to a credential-stealing site. By leveraging a legitimate webpage as the principal phishing site, attackers can modify the link to direct victims to a new malicious page, thereby sustaining the original campaign's efficacy.

Cloud applications provide an ideal launchpad for phishing assaults due to their ability to bypass conventional security systems. Cloud-based phishing is further facilitated by the ease of luring unsuspecting users into clicking malevolent email links. Beyond SaaS platforms, cloud applications such as video conferencing and workforce messaging are also being increasingly exploited for launching attacks.

The Role of Phishing-Resistant MFA

Among the most robust defenses against credential-stealing phishing attacks is multifactor authentication (MFA). This approach incorporates several security factors, including something known (like a password), something possessed (such as a phone or email for code reception), and/or something inherent (like a fingerprint). By requiring an additional code-sharing device or a biometric tool for authentication, MFA heightens the difficulty for attackers to breach these security layers.

In the event of a user falling prey to a phishing attack and credentials being compromised, MFA introduces an additional layer of verification inaccessible to threat actors. This may involve SMS verification, email confirmation, or an authenticator app, with the latter being recommended by Phelps.

However, as MFA proves effective against credential theft, threat actors have escalated their strategies to compromise MFA credentials. Phishing remains one of their favored methods, as cautioned by the Cybersecurity and Infrastructure Security Agency (CISA):

"In a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, as well as the 6-digit code from their mobile phone’s authenticator app.”

To counter this, CISA endorses phishing-resistant MFA as a strategy to enhance overall cloud security against phishing attacks. Fast ID Online/WebAuthn authentication stands out as a popular option. It operates through separate physical tokens linked to USB or NFC devices or embedded authenticators within laptops and mobile devices.

An alternative approach, albeit less common, is PKI-based phishing-resistant MFA, employing security-chip embedded smart cards linked to both an organization and the individual user. While highly secure, this method necessitates mature security and identity management systems.

While any form of MFA contributes to safeguarding cloud data against phishing, relying solely on commonly used code-sharing methods falls short. Threat actors have devised ways to manipulate users into revealing these codes, often relying on users' inconsistent MFA setup practices. Adopting phishing-resistant MFA and incorporating multiple layers of authentication offers the utmost security against this prevalent cyber threat.
Read more »
User Privacy
1Password Manager Authentication Cyber Security Data Encryption Hackers LastPass User Privacy

Upgrading Online Security with Password Managers

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to the increasing number of online accounts people use, making it challenging to remember multiple passwords.

According to TechRadar, the use of password managers has emerged as a solution to this problem. These tools generate complex and unique passwords for each account, securely store passwords, and autofill passwords, making them convenient to use. The article suggests that password managers have become essential for enhancing online security. 

Password managers not only provide a higher level of security but also make managing passwords easier. "With the ever-increasing number of accounts people hold, there is a higher risk of password reuse, which makes users more vulnerable to cyber-attacks. A password manager can help overcome this issue," says tech writer Ashwin Bhandari. 

Android Police highlights the advantages of using password managers, including the ability to generate secure passwords and store them securely. The tool also helps users avoid the risk of weak passwords or using the same password for multiple accounts, which could make them vulnerable to cyber-attacks. 

CyberNews has compiled a list of the best password managers available, including LastPass, Dashlane, and 1Password. These password managers use strong encryption methods to protect user passwords and employ multi-factor authentication to provide an additional layer of security.

"Multi-factor authentication is the best way to protect your account from unauthorized access. While a password manager can generate and store passwords, enabling multi-factor authentication can prevent hackers from gaining access to your account even if they have your password," says cybersecurity expert John Smith.

Password managers have become a crucial tool for maintaining online security, to sum up. Users can prevent the risk of using weak passwords or the same password for many accounts by utilizing them since they make it convenient to generate and save complex passwords securely. Password managers can help people and businesses increase their internet security and defend against cyberattacks.
Read more »
Passwordless
Authentication Data Breach Data Privacy Day Data Safety data security Password Passwordless

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself

 

This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.
Read more »
User Privacy
Authentication Data Breach Phishing Attacks Social Security Number Students Data User Privacy

Nelnet Servicing breach over 2.5 Million Student Loan Data

A hack on technology services supplier Nelnet Servicing affected more than 2.5 million persons with students with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority. 

The provider claims that hackers accessed its systems without authorization in June and continued to do so through July 22. There have been about 2,501,324 people who were affected by the data breach.

The information that was made public includes full name, place of residence, email address, contact details, and social security number. 

Hackers can exploit the aforementioned data by employing a number of tricks like phishing, social engineering, impersonation, and other tactics. The danger of exposure is amplified because loans are such a delicate subject.

Nelnet informed Edfinancial and OSLA that the attackers initially gained access by taking advantage of a vulnerability in its systems.

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered, but a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained.

Customers who might be impacted have already been informed by EdFinancial and OSLA, although EdFinancial made it clear that not all of its clients are affected as Nelnet Servicing is not its only technology supplier. 

It has been suggested that people use the free identity theft protection services offered by EdFinancial and OSLA if their data may have been affected by the event. Furthermore, due to the data breach, the provider of technical services could be subject to a class action lawsuit. 

The law firm "Markovits, Stock & DeMarco" yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence.

According to a letter sent to impacted borrowers, "we urge you to be alert against incidences of identity theft and fraud over the following 24 months, by examining your account statements and keeping an eye on your free credit reports for suspicious activity and to spot errors."

It is advised that those who receive the notices sign up for Experian's IdentityWorks service right once to shield themselves from fraud, and they should also keep a watch for any other incoming correspondence.
Read more »
Subscribe to: Posts (Atom)