Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital Identity. Show all posts
trending news
Digital Identity digital identity protection online threats Privacy trending news

Age Checks Online: Privacy at Risk?

 

Across the internet, the question of proving age is no longer optional, it’s becoming a requirement. Governments are tightening rules to keep children away from harmful content, and platforms are under pressure to comply. 

From social media apps and online games to streaming services and even search engines, users are now being asked to show they are over 18 before they can continue. Whether in the UK, US, EU, or Australia, more and more websites now demand proof that users are over 18. In Britain, the Online Safety Act introduced strict rules from July 25, 2025.

People must now verify their age by scanning their face, uploading an official ID, or using a credit card. The aim is to keep children away from harmful content, but experts warn these steps could create serious risks by collecting and storing large amounts of sensitive information. 

A Possible Fix

To reduce these risks, governments and companies are exploring digital ID wallets. These apps could confirm a user’s age without exposing full identity details. 

Evin McMullen, Co-Founder of Privado ID, argues that current UK rules are flawed. She warns they build “a centralised honey pot of data” that hackers could exploit. Instead, she believes age checks should be quick, safe, and forgetful." 

Different Approaches Across Regions The European Union is already running pilot projects in five countries. This forms part of the upcoming European Digital Identity Wallet, expected to roll out by 2026. Supporters say it could protect both children and privacy. 

However, concerns remain because EU lawmakers are also debating rules that might weaken encryption, the very technology that keeps data safe. In the United States, there is no single standard. Instead, several states have passed their own age-verification laws. 

This patchwork has left companies struggling to adapt. Some, such as Bluesky, have even withdrawn services from states where rules were too complex or costly to follow. 

What We Should Expect ? 

Technology exists to make age checks secure and private, but trust depends on how governments implement the laws. If privacy protections are weakened, digital ID wallets could end up being more of a surveillance tool than a safety solution. For now, the debate continues, will these wallets safeguard users or become another risk to online privacy?
Read more »
Technology
Artificial Intelligence Digital Identity Hackers Technology

AI-Powered Tools Now Facing Higher Risk of Cyberattacks

 



As artificial intelligence becomes more common in business settings, experts are warning that these tools could be the next major target for online criminals.

Some of the biggest software companies, like Microsoft and SAP, have recently started using AI systems that can handle office tasks such as finance and data management. But these digital programs also come with new security risks.


What Are These Digital Identities?

In today’s automated world, many apps and devices run tasks on their own. To do this, they use something called digital identities — known in tech terms as non-human identities, or NHIs. These are like virtual badges that allow machines to connect and work together without human help.

The problem is that every one of these digital identities could become a door for hackers to enter a company’s system.


Why Are They Being Ignored?

Modern businesses now rely on large numbers of these machine profiles. Because there are so many, they often go unnoticed during security checks. This makes them easy targets for cybercriminals.

A recent report found that nearly one out of every five companies had already dealt with a security problem involving one of these digital identities.


Unsafe Habits Increase the Risk

Many companies fail to change or update the credentials of these identities in a timely manner. This is a basic safety step that should be done often. However, studies show that more than 70% of these identities are left unchanged for long periods, which leaves them vulnerable to attacks.

Another issue is that nearly all organizations allow outside vendors to access their digital identities. When third parties are involved, there is a bigger chance that something could go wrong, especially if those vendors don’t have strong security systems of their own.

Experts say that keeping old login details in use while also giving access to outsiders creates serious weak spots in a company's defense.


What Needs to Be Done

As businesses begin using AI agents more widely, the number of digital identities is growing quickly. If they are not protected, hackers could use them to gain control over company data and systems.

Experts suggest that companies should treat these machine profiles just like human accounts. That means regularly updating passwords, limiting who has access, and monitoring their use closely.

With the rise of AI in workplaces, keeping these tools safe is now more important than ever.


Read more »
Technology
Authentication Cybersecurity Digital Identity Encryption Passkeys Passwordless Technology

Hawcx Aims to Solve Passkey Challenges with Passwordless Authentication

 


Passwords remain a staple of online security, despite their vulnerabilities. According to Verizon, nearly one-third of all reported data breaches in the past decade resulted from stolen credentials, including some of the largest cyberattacks in history.  

In response, the tech industry has championed passkeys as a superior alternative to passwords. Over 15 billion accounts now support passkey technology, with major companies such as Amazon, Apple, Google, and Microsoft driving adoption.

However, widespread adoption remains sluggish due to concerns about portability and usability. Many users find passkeys cumbersome, particularly when managing access across multiple devices.

Cybersecurity startup Hawcx is addressing these passkey limitations with its innovative authentication technology. By eliminating key storage and transmission issues, Hawcx enhances security while improving usability.

Users often struggle with passkey setup and access across devices, leading to account lockouts and costly recovery—a significant challenge for businesses. As Dan Goodin of Ars Technica highlights, while passkeys offer enhanced security, their complexity can introduce operational inefficiencies at scale.

Hawcx, founded in 2023 by Riya Shanmugam (formerly of Adobe, Google, and New Relic), along with Selva Kumaraswamy and Ravi Ramaraju, offers a platform-agnostic solution. Developers can integrate its passwordless authentication by adding just five lines of code.

Unlike traditional passkeys, Hawcx does not store or transmit private keys. Instead, it cryptographically generates private keys each time a user logs in. This method ensures compatibility with older devices that lack modern hardware for passkey support.

“We are not reinventing the wheel fundamentally in most of the processes we have built,” Shanmugam told TechCrunch.

If a user switches devices, Hawcx’s system verifies authenticity before granting access, without storing additional private keys on the new device or in the cloud. This approach differs from standard passkeys, which require syncing private keys across devices or through cloud services.

“No one is challenging beyond the foundation,” Shanmugam said. “What we are challenging is the foundation itself. We are not building on top of what passkeys as a protocol provides. We are saying this protocol comes with an insane amount of limitations for users, enterprises, and developers, and we can make it better.”

Although Hawcx has filed patents, its technology has yet to be widely deployed or independently validated—factors that could influence industry trust. However, the company recently secured $3 million in pre-seed funding from Engineering Capital and Boldcap to accelerate development and market entry.

Shanmugam revealed that Hawcx is in talks with major banks and gaming companies for pilot programs set to launch in the coming weeks. These trials, expected to run for three to six months, will help refine the technology before broader implementation. Additionally, the startup is working with cryptography experts from Stanford University to validate its approach.

“As we are rolling out passkeys, the adoption is low. It’s clear to me that as good as passkeys are and they have solved the security problem, the usability problem still remains,” Tushar Phondge, director of consumer identity at ADP, told TechCrunch.

ADP plans to pilot Hawcx’s solution to assess its effectiveness in addressing passkey-related challenges, such as device dependency and system lockups.

Looking ahead, Hawcx aims to expand its authentication platform by integrating additional security services, including document verification, live video authentication, and background checks.

Read more »
YubiKey
Cyber Security Digital Identity Eucleak Password Security YubiKey

Protecting Your Digital Identity: The Impact of EUCLEAK on FIDO Devices

Protecting Your Digital Identity: The Impact of EUCLEAK on FIDO Devices

A new vulnerability has emerged that poses a significant threat to FIDO devices, particularly those using the Infineon SLE78 security microcontroller. Thomas Roche of Ninja Labs discovered the flaw. This vulnerability, dubbed “EUCLEAK,” has raised concerns among security experts and users alike, as it allows threat actors to clone YubiKey FIDO keys.

The EUCLEAK Vulnerability

EUCLEAK is a sophisticated attack that targets the Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys stored within FIDO devices. These keys are crucial for the authentication process, ensuring that only authorized users can access certain systems and data. The ability to extract and clone these keys undermines the security of the affected devices, potentially allowing unauthorized access.

The attack requires physical access to the device, specialized equipment, and advanced knowledge in electronics and cryptography. This means that while the attack is technically feasible, it is not easily executed by the average threat actor. However, the implications of such an attack are severe, especially for high-value targets where physical access to devices is a realistic threat.

Impact on YubiKey Devices

Yubico’s YubiKey 5 Series, which is widely used for two-factor authentication (2FA) and other security purposes, is among the affected devices. Yubico has acknowledged the vulnerability and rated the risk as moderate. The company has emphasized that the attack’s complexity and the need for physical access mitigate the overall risk to users.

Despite this, the discovery of EUCLEAK highlights the importance of continuous vigilance and improvement in the field of cybersecurity. As attackers develop more sophisticated methods, security measures must evolve to stay ahead of potential threats.

Mitigation and Response

In response to the EUCLEAK vulnerability, Yubico and other manufacturers using the Infineon SLE78 microcontroller are likely to implement firmware updates and other security measures to protect their devices. Users are advised to stay informed about updates and follow best practices for device security, such as keeping their firmware up to date and being cautious about physical access to their devices.

Additionally, organizations that rely on FIDO devices for authentication should review their security policies and consider additional layers of protection. This might include using multiple forms of authentication and regularly auditing their security infrastructure to identify and address potential vulnerabilities.

Impact on Companies vs Users

The EUCLEAK vulnerability has far-reaching impact on the cybersecurity landscape. For one, it highlights the evolving nature of security threats. Even devices designed with robust security measures can be vulnerable to sophisticated attacks. This realization should prompt both manufacturers and users to adopt a mindset of continuous improvement and vigilance.

For manufacturers, this means investing in ongoing research and development to identify and mitigate potential vulnerabilities before they can be exploited. It also means being transparent with users about risks and providing timely updates and support.

For users, the EUCLEAK vulnerability says a lot about the importance of physical security. While digital threats often dominate the conversation, physical access to devices remains a critical vector for attacks. 

Users should be mindful of where and how they store their security keys and consider additional protective measures, such as using tamper-evident seals or secure storage solutions.
Read more »
Technology
China China Government Digital ID digital identification technology Digital Identity Digital system Technology

China’s National Digital ID System Trials Begin Across 80 Internet Service Applications

 

China has initiated trials for its new national digital identification system across more than 80 internet service applications. This move follows the release of draft rules on July 26, with a public review and comment period open until August 25. The proposed system marks a significant step toward enhancing digital security and privacy for Chinese internet users. Internet users can now apply for their national digital ID by logging onto a mobile app called National Web Identification Pilot Version, developed by China’s Ministry of Public Security (MPS). 

This digital ID, which displays the user’s name, a “web number,” and a QR code, requires users to complete several verification steps, including national ID card verification and facial recognition. The digital ID can currently be used on 81 different applications, encompassing 10 public service platforms and 71 commercial apps. Notable platforms participating in the trial include the popular social media provider WeChat, the online shopping service Taobao, and the online recruitment platform Zhaopin. This broad implementation aims to test the ID’s functionality across a diverse range of services, highlighting its potential to streamline user identification and enhance security across various online activities. 

The proposed digital ID, detailed in a draft provision released by the MPS and the Cyberspace Administration of China (CAC), aims to reduce the amount of personal information that internet platforms can collect from their users. The draft rules state that applying for the digital ID is voluntary, offering users the choice to opt-in to this new system. This initiative is part of a broader effort to address privacy concerns and reduce the risk of data leaks, which have been exacerbated by the misuse of the current real-name registration system by some internet platforms. The current real-name registration system has allowed internet platforms to accumulate excessive amounts of personal information, leading to heightened privacy risks. The proposed digital ID system seeks to mitigate these risks by limiting the data collected by platforms. 

By requiring only essential information for verification, the digital ID aims to provide a more secure and privacy-conscious way for users to interact online. In addition to improving privacy, the digital ID system also promises to enhance convenience for users. With a single digital ID, users can seamlessly access multiple services without repeatedly providing personal information. This streamlined process not only simplifies the user experience but also reduces the opportunities for data to be misused or leaked. The trial of the national digital ID system represents a significant step towards addressing privacy issues while streamlining the process of user identification online. By implementing a digital ID, China aims to create a more secure and privacy-conscious internet environment for its users. 

This initiative reflects a growing recognition of the need for robust digital security measures in an increasingly interconnected world. As the public review and comment period progresses, feedback from users and stakeholders will be crucial in refining the digital ID system. The insights gained from this trial will help shape the final implementation, ensuring that the system effectively balances security, privacy, and user convenience. China’s commitment to enhancing digital security and privacy through this national digital ID system sets a precedent that could influence similar initiatives worldwide.
Read more »
Threat actors
Consumer Data Data Breach Digital Identity Financial Fraud Personal Information Sensitive Data Leak Server Threat actors

Mr. Cooper Data Breach: 14 Million Customers Exposed

A major data breach at mortgage giant Mr. Cooper compromised the personal data of an astounding 14 million consumers, according to a surprising disclosure. Sensitive data susceptibility in the digital age is a worry raised by the occurrence, which has shocked the cybersecurity world.

Strong cybersecurity procedures in financial institutions are vital, as demonstrated by the breach, confirmed on December 18, 2023, and have significant consequences for the impacted persons. The hackers gained access to Mr. Cooper's networks and took off with a wealth of private information, including social security numbers, names, addresses, and other private information.

TechCrunch reported on the incident, emphasizing the scale of the breach and the potential consequences for those impacted. The breach underscores the persistent and evolving threats faced by organizations that handle vast amounts of personal information. As consumers, it serves as a stark reminder of the importance of vigilance in protecting our digital identities.

Mr. Cooper has taken swift action in response to the breach, acknowledging the severity of the situation. The company is actively working to contain the fallout and assist affected customers in securing their information. In a statement to Help Net Security, Mr. Cooper reassured customers that it is implementing additional security measures to prevent future breaches.

The potential motives behind the attack, emphasize the lucrative nature of stolen personal data on the dark web. The breached information can be exploited for identity theft, financial fraud, and other malicious activities. This incident underscores the need for organizations to prioritize cybersecurity and invest in advanced threat detection and prevention mechanisms.

"The Mr. Cooper data breach is a sobering reminder of the evolving threat landscape," cybersecurity experts have stated. To safeguard their consumers' confidence and privacy, businesses need to invest heavily in cybersecurity solutions and maintain a watchful eye."

In light of the growing digital landscape, the Mr. Cooper data breach should be seen as a wake-up call for companies and individuals to prioritize cybersecurity and collaborate to create a more secure online environment.
Read more »
Vulnerability and Exploits.
2FA Apple Devices Digital Identity iPhone Mac Password Manager PDF Exploits Safari Safari Browser Apple Sensitive Information Unauthorized access Vulnerability and Exploits.

iLeakage Attack: Protecting Your Digital Security

The iLeakage exploit is a new issue that security researchers have discovered for Apple users. This clever hack may reveal private data, including passwords and emails, and it targets Macs and iPhones. It's critical to comprehend how this attack operates and take the necessary safety measures in order to stay safe.

The iLeakage attack, detailed on ileakage.com, leverages vulnerabilities in Apple's Safari browser, which is widely used across their devices. By exploiting these weaknesses, attackers can gain unauthorized access to users' email accounts and steal their passwords. This poses a significant threat to personal privacy and sensitive data.

To safeguard against this threat, it's imperative to take the following steps:

1. Update Software and Applications: Regularly updating your iPhone and Mac, along with the Safari browser, is one of the most effective ways to protect against iLeakage. These updates often contain patches for known vulnerabilities, making it harder for attackers to exploit them.

2. Enable Two-Factor Authentication (2FA): Activating 2FA adds an extra layer of security to your accounts. Even if a hacker manages to obtain your password, they won't be able to access your accounts without the secondary authentication method.

3. Avoid Clicking Suspicious Links: Be cautious when clicking on links, especially in emails or messages from unknown sources. iLeakage can be triggered through malicious links, so refrain from interacting with any that seem suspicious.

4. Use Strong, Unique Passwords: Utilize complex passwords that include a combination of letters, numbers, and special characters. Avoid using easily guessable information, such as birthdays or common words.

5. Regularly Monitor Accounts: Keep a close eye on your email and other accounts for any unusual activities. If you notice anything suspicious, change your passwords immediately and report the incident to your service provider.

6. Install Security Software: Consider using reputable security software that offers additional layers of protection against cyber threats. These programs can detect and prevent various types of attacks, including iLeakage.

7. Educate Yourself and Others: Stay informed about the latest security threats and educate family members or colleagues about best practices for online safety. Awareness is a powerful defense against cyberattacks.

Apple consumers can lower their risk of being victims of the iLeakage assault greatly by implementing these preventive measures. In the current digital environment, being cautious and proactive with cybersecurity is crucial. When it comes to internet security, keep in mind that a little bit of prevention is always better than a lot of treatment.


Read more »
Technology
Biometric Authentication Digital Footprint Digital Identity Metaverse Technology

Role of Biometric Authentication in Metaverse Technology

 

As we approach a new era of virtual reality, the digital world is becoming increasingly real. Businesses will grow in this new reality as individuals and organisations soon enter a parallel reality known as the metaverse and show themselves as their avatars, or 3D versions of themselves. 

But, like with every new technology, every invention has two sides. On the one hand, you will be able to completely customise your avatar and appearance in the metaverse. But what about security, on the other hand? How do you safeguard your personal information in such an open virtual environment? How do you protect the security of your identities when connecting with individuals and businesses on a level you've never encountered before? Biometrics holds the key. 

Role of biometrics in the metaverse 

Biometrics is a subset of the larger area of digital identity management. It entails using distinguishing physical characteristics such as fingerprints or facial features to identify people. 

Biometric technology has been used in security systems around the world for years—think retina scans at airports or fingerprints on smartphones—but now we're seeing more companies use it for employee access control as well as customer service applications like digital banking services or e-commerce sites where purchasing specific items requires verification through a scan of your fingerprint or face before a purchase can be completed. 

The growing number of social engineering attacks and other security concerns has a significant impact on how firms verify and authorise their online users. And, when it comes to the metaverse, things are rapidly deteriorating as fraudsters target weak lines of authentication security. 

If a company leaves an opening in the overall authentication process, consumer-facing malware could compromise identities. Although many organisations are concerned about the metaverse's underlying security and authentication vulnerabilities, most aren't taking the necessary steps to mitigate them. 

This is where a strong identity management solution with biometric authentication comes into effect. Users can quickly and securely authenticate themselves using biometric authentication by using face recognition or fingerprint scanning. 

Because no two people have identical biological characteristics, this greatly reduces the likelihood of identity theft. Because it provides an easy means for people to authenticate their identity without having access to passwords or PIN codes, biometrics is at the heart of building safe digital identities in the metaverse. 

Biometrics, as opposed to passwords, is based on unique biological traits such as fingerprints, voice, and facial attributes. No two people can have the same biological parameters. And because it is robust, there is a very small possibility that it will be compromised. 

Biometrics challenges in the metaverse

While biometrics has the potential to improve security and user experience in the metaverse, it is not without its drawbacks and challenges: 

Concerns about privacy: Users in the metaverse may be hesitant to share sensitive biometric data, such as facial recognition or fingerprint scans, for fear of potential breaches or exploitation. Maintaining the security of this data becomes critical, posing a serious privacy concern. 

Security Risks: Biometric data in the metaverse, like in the real world, is vulnerable to hacking efforts. Cybercriminals may target biometric authentication systems, jeopardising users' identities and security. 

Accessibility Issues: Biometric authentication relies on specific physical or behavioural qualities that may not be available to everyone. Some users may require additional technology or have circumstances that make biometric detection problematic, preventing them from having a seamless metaverse experience.

False Positives and Negatives: Biometric systems are not perfect. False positives (recognising an unauthorised user as authorised) and false negatives (failing to recognise an authorised user) can occur, causing authentication challenges and potential user irritation. 

Biometrics' role in the metaverse is a two-edged sword. While technology has the potential to provide greater security, personalised experiences, and seamless interactions, it also poses privacy, security, accessibility, and ethical issues. To establish a secure and inclusive virtual environment, the successful incorporation of biometrics in the metaverse will require careful assessment of these issues as well as a commitment to addressing these challenges. 
Read more »
Subscribe to: Comments (Atom)