Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Secure Data. Show all posts
Technology
Communication Encryption Computing Encryption Quantum communication Quantum computing Quantum Technology Secure Data Technology

Quantum Key Distribution Achieves Breakthrough with Semiconductor Quantum Dots

 

In the face of emerging quantum computing threats, traditional encryption methods are becoming increasingly vulnerable. This has spurred the development of quantum key distribution (QKD), a technology that uses the principles of quantum mechanics to secure data transmission. While QKD has seen significant advancements, establishing large-scale networks has been hindered by the limitations of current quantum light sources. However, a recent breakthrough by a team of German scientists may change this landscape. 

The research, published in Light Science and Applications, marks a significant milestone in quantum communication technology. The core of this breakthrough lies in the use of semiconductor quantum dots (QDs), often referred to as artificial atoms. These QDs have shown great potential for generating quantum light, which is crucial for quantum information technologies. In their experiment, the researchers connected Hannover and Braunschweig via an optical fiber network, a setup they called the “Niedersachsen Quantum Link.” This intercity experiment involved a fiber optic cable approximately 79 kilometers long that linked the Leibniz University of Hannover and Physikalisch-Technische Bundesanstalt Braunschweig. Alice, located at LUH, prepared single photons encrypted in polarization. Bob, stationed at PTB, used a passive polarization decoder to decrypt the polarization states of the received photons. 

This setup represents the first quantum communication link in Lower Saxony, Germany. The team achieved stable and rapid transmission of secret keys, demonstrating that positive secret key rates (SKRs) are feasible for distances up to 144 kilometers, corresponding to a 28.11 dB loss in the laboratory. They ensured a high-rate secret key transmission with a low quantum bit error ratio (QBER) for 35 hours based on this deployed fiber link. Dr. Jingzhong Yang, the first author of the study, highlighted that their achieved SKR surpasses all current single-photon source (SPS) based implementations. Even without further optimization, their results approach the levels attained by established decoy state QKD protocols using weak coherent pulses. Beyond QKD, quantum dots offer significant potential for other quantum internet applications, such as quantum repeaters and distributed quantum sensing. These applications benefit from the inherent ability of QDs to store quantum information and emit photonic cluster states. This work underscores the feasibility of integrating semiconductor single-photon sources into large-scale, high-capacity quantum communication networks. 

Quantum communication leverages the quantum characteristics of light to ensure messages cannot be intercepted. “Quantum dot devices emit single photons, which we control and send to Braunschweig for measurement. This process is fundamental to quantum key distribution,” explained Professor Ding. He expressed excitement about the collaborative effort’s outcome, noting, “Some years ago, we only dreamt of using quantum dots in real-world quantum communication scenarios. Today, we are thrilled to demonstrate their potential for many more fascinating experiments and applications in the future, moving towards a ‘quantum internet.’” 

The advancement of QKD with semiconductor quantum dots represents a major step forward in the quest for secure communication in the age of quantum computing. This breakthrough holds promise for more robust and expansive quantum networks, ensuring the confidentiality and security of sensitive information against the evolving landscape of cyber threats. 

As the world continues to advance towards more interconnected digital environments, the necessity for secure communication becomes ever more critical. The pioneering work of these scientists not only showcases the potential of QKD but also paves the way for future innovations in quantum communication and beyond.
Read more »
Security
attackers Cyber Attacks Data Safety data security EvilProxy Hackers Microsoft Microsoft 365 Microsoft Office Safety Secure Data Security

EvilProxy Phishing Campaign Targets Microsoft 365 Executives Worldwide

 

Cybercriminals have launched an EvilProxy phishing campaign with the aim of infiltrating thousands of Microsoft 365 user accounts across the globe. 

Over a span of three months from March to June, the attackers distributed a barrage of 120,000 phishing emails targeting more than 100 organizations worldwide. The primary objective of this operation was to compromise high-ranking executive accounts, paving the way for subsequent, deeper attacks within these enterprises.

Researchers from Proofpoint have shed light on the ongoing campaign, revealing that it employs a range of phishing strategies, including brand impersonation, scan blocking, and a multi-step infection process. 

These tactics have enabled the attackers to successfully seize control of cloud accounts belonging to top-level executives. Notably, over the past half-year, there has been an alarming surge of over 100% in these takeover incidents. These breaches occurred within organizations that collectively represent 1.5 million employees globally.

The attackers leveraged the EvilProxy phishing-as-a-service platform, utilizing reverse proxy and cookie-injection methods. These techniques allowed them to bypass multi-factor authentication (MFA), which is often touted as a defense mechanism against phishing attacks. The use of tools like EvilProxy, which operate as reverse-proxy hacker tools, is making it increasingly feasible for malicious actors to overcome MFA.

Upon obtaining credentials, the attackers wasted no time in accessing executives' cloud accounts, achieving entry in mere seconds. Subsequently, they maintained control by employing a native Microsoft 365 application to incorporate their own MFA into the "My Sign-Ins" section. The favored method for this action was the "Authenticator App with Notification and Code."

Surprisingly, the researchers noted that there has been a rise in account takeovers among tenants with MFA protection. Their data suggests that at least 35% of all compromised users over the past year had MFA enabled.

The EvilProxy attack typically commences with attackers masquerading as trusted services such as Concur, DocuSign, and Adobe. They send phishing emails from spoofed addresses, purportedly originating from these services, containing links to malicious Microsoft 365 phishing sites.

Clicking on these links initiates a multi-step infection process involving redirects to legitimate sources like YouTube, followed by further redirects utilizing malicious cookies and 404 errors. This convoluted approach is designed to scatter the traffic, minimizing the chances of detection.

Ultimately, the user traffic arrives at an EvilProxy phishing framework—a landing page functioning as a reverse proxy. This page imitates recipient branding and third-party identity providers.

Despite the large number of attacks, the cybercriminals exhibited precision, specifically targeting top-tier executives. C-level executives were the focus in approximately 39% of the attacks, with 17% targeting CFOs and 9% aimed at presidents and CEOs.

The success of this campaign in breaching MFA and its extensive scale underscore the advancing sophistication of phishing attacks. This necessitates organizations to bolster their security measures and adopt proactive cybersecurity intelligence to detect anomalous activities, emerging threats, and potential vulnerabilities.

While the effectiveness of EvilProxy as a phishing tool is acknowledged, there remains a significant gap in public awareness regarding its risks and implications. 

Proofpoint recommends a series of steps to mitigate phishing risks, including blocking and monitoring malicious email threats, identifying account takeovers, detecting unauthorized access to sensitive cloud resources, and isolating potentially malicious sessions initiated through email links.
Read more »
User Data
Cyber Firms Cyber Security Dark data Data Data Safety data security Secure Data Security User Data

Dark Data: A Crucial Concern for Security Experts

 

BigID recently released a research paper that examines the current problems that businesses face in safeguarding their most critical information. A number of important findings emerged from the research:
  • Dark data is extremely concerning to 84 per cent of businesses. This is data that businesses aren't aware of, but which accounts for more than half of all data in existence and can be extremely sensitive or vital. 
  • Unstructured data is the most difficult to manage and safeguard for eight out of ten businesses. Unstructured data generally comprises a variety of sensitive information and is challenging to scan and identify due to its inherent complexity. 
  • More than 90% of businesses have trouble implementing security standards involving sensitive or important data. Data policy reach and enforcement are crucial for proper data asset management, remediation, and security. 
Data is an organization's most valuable asset, relying on it every day to make critical strategic and operational choices. Unfortunately, most of this data is highly sensitive or critical, and it can be exposed accidentally or maliciously in some instances. 

Dimitri Sirota, CEO of BigID stated, “Data is the fuel that drives a company forward. However, a lot of this data is personal and as it accumulates, so does cyber risk. You owe it to your customers, partners, and employees to keep this data safe, let alone to keep your business running. This report reinforces the fact that most continue to struggle to confidently protect their most valuable data.” 

Sensitive or essential data is being spread throughout the environment at unprecedented rates, thanks to the rapid rise of public, private, hybrid, and multi-cloud models. As the scope of this type of data grows, so does the risk to the organisation. 

The research looks into the most significant security issues, the core causes of these problems, and practical ways to improve data security so that teams can protect their most valuable data assets.
Read more »
Subscribe to: Posts (Atom)