Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Authentication. Show all posts
Online Security
Authentication Cyber Phishing Data Breach ISO MOAB Online Security

Massive Data Breach Sends Shockwaves Through Businesses

 



A colossal breach of data has rattled the digital world affecting billions of users across various platforms and organisations. This vile breach, dubbed the "mother of all breaches" (MOAB), has exposed a staggering 26 billion entries, including those from LinkedIn, Twitter, Dropbox, and others. Government agencies in several countries have also been hit.

The implications for businesses are imminent. The leaked data, totaling 12 terabytes, poses an ongoing threat to personal information and corporate security. It not only comprises information from past breaches but also includes new data, providing cybercriminals with a comprehensive toolkit for orchestrating various cyberattacks, including identity theft.

In response to this unprecedented threat, businesses are urged to adopt a proactive stance in monitoring their infrastructure. Key signals to watch for include unusual access scenarios, suspicious account activity, a surge in phishing attempts, abnormal network traffic, an increase in helpdesk requests, and customer complaints about unauthorised access or suspicious transactions.

This incident underscores the need for a new security paradigm, where companies prioritise user security over user experience. While some may resist this shift, it is essential for long-term protection against cyber threats. Implementing global security standards such as ISO/IEC 27001 and enhancing authentication policies are crucial steps in fortifying defences.

Authentication measures like multi-factor authentication and liveness detection technology are rapidly gaining traction as the go-to standards across industries. These methods not only reinforce security but also seamlessly integrate into user experiences, striking a delicate balance between safeguarding sensitive data and ensuring user convenience. By embracing these sophisticated authentication techniques, businesses can erect formidable defences against cyber threats while enhancing overall user satisfaction.

The recent MOAB incident serves as a sign of trouble for businesses worldwide to bolster their defence mechanisms and hone their cyber acumen. While the paramountcy of data security cannot be overstated, it is equally crucial for companies, particularly those engaging with consumers directly, to uphold user-friendly processes. By harmonising stringent security measures with intuitive and accessible procedures, businesses can adeptly traverse the complex system of cybersecurity, instilling trust among stakeholders and effectively mitigating potential risks in a rampant semblance of digital development.

To get a hold of the events, the MOAB data breach underlines the exponential need for businesses to invest in robust security measures while ensuring a smooth user experience. By staying a step ahead and proactive, companies can mitigate the risks posed by cyber threats and safeguard their customers' sensitive information.


Read more »
WhatsApp updates
Authentication Mobile Security user data security WhatsApp WhatsApp security features WhatsApp updates

WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

 

In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further emphasizing its commitment to safeguarding user conversations. 

Additionally, WhatsApp has released utilities such as chat lock and app lock to enhance chat security and privacy. One notable feature is chat lock, which allows users to hide private conversations from the main chat lists. By enabling chat lock on a per-conversation basis, users can ensure that sensitive chats remain secure. When activated, users are prompted for biometric authentication, either through face or fingerprint recognition, before accessing locked chats. For users who require comprehensive protection for all their chats, WhatsApp offers app lock functionality. 

This feature, available at a device level on certain Android skins by major OEMs, allows users to secure the entire app with biometric authentication or device passcodes. Recently, in the latest WhatsApp beta version 2.24.6.20, the app's app lock feature underwent significant enhancements. According to findings by WABetaInfo, app lock is expanding to include additional authentication methods beyond just biometric fingerprint recognition. 

The update will introduce options such as face unlock and device passcodes, providing users with more flexibility in securing their chats. The inclusion of multiple authentication methods serves as a backup for fingerprint authentication, ensuring accessibility even in scenarios where fingerprint recognition may not be feasible. 

For example, users wearing gloves can still unlock the app using alternative methods. Moreover, the expansion of authentication options enhances accessibility for users who may face limitations with certain authentication methods. While the introduction of new authentication methods represents a significant improvement to WhatsApp's app lock feature, users are advised to exercise caution when installing the latest beta version. The current beta release may be prone to crashes, potentially compromising the app's core functionality. 

Therefore, it is recommended to await a wider release before attempting to access the new features. In conclusion, WhatsApp's dedication to user privacy and security is evident through its continuous efforts to enhance encryption and introduce innovative security features. The expansion of authentication methods for the app lock feature underscores WhatsApp's commitment to providing users with robust security options while maintaining accessibility and ease of use.
Read more »
Zero Trust
Active Directory Authentication Compromised Passwords Cyber Security Cybersecurity Least Privilege Multi-factor authentication Network Security Password Security Security Zero Trust

Implementing Zero Trust Principles in Your Active Directory

 

In the past, many organizations relied on secure perimeters to trust users and devices. However, this approach is no longer viable with the geographical dispersion of workers and the need for access from various locations and devices. End-users now require access to corporate systems and cloud applications outside traditional work boundaries, expecting seamless and fast authentication processes.

Consequently, numerous organizations have adopted a zero-trust model to verify users accessing their data, recognizing Active Directory as a critical component of network authentication. Ensuring the security of credentials stored within Active Directory is paramount, prompting the question of how zero trust principles can be applied to maintain security.

The zero trust model, characterized by the principle of "never trust, always verify," requires authentication and authorization of every user, device, and network component before accessing resources or data. Implementing this model involves constructing a multi-layered security framework encompassing various technologies, processes, and policies.

One fundamental step in securing Active Directory environments is enforcing the principle of least privilege, which restricts privileges to the minimum necessary for individuals or entities to perform their tasks. This mitigates the risks associated with privileged accounts, reducing the potential impact of security breaches or insider threats.

Implementing a zero trust model also entails granting elevated privileges, such as admin rights, only when necessary and for limited durations. Techniques for achieving "just-in-time" privilege escalation include the ESAE (Red Forest) model and temporary admin accounts.

Additionally, employing multi-factor authentication (MFA) for password resets enhances security by adding extra layers of authentication beyond passwords. This mitigates vulnerabilities in password reset processes, which are often targeted by hackers through social engineering tactics.

Moreover, scanning for compromised passwords is crucial for enhancing password security. Despite the implementation of zero trust principles, passwords remain vulnerable to various attacks such as phishing and data breaches. Continuous scanning for compromised passwords and promptly blocking them in Active Directory helps prevent unauthorized access to sensitive data and systems.

Specops Password Policy offers a solution for scanning and blocking compromised passwords, ensuring network protection from real-world password attacks. By integrating such services, organizations can enhance their password security measures and adapt them to their specific needs.

Solutions like Specops Software provide valuable tools and support through demos or free trials for organisations seeking to bolster their Active Directory security and password policies.
Read more »
Vulnerabilities and Exploits
Authentication Data security software Financial Loss MFA Microsoft OAuth Third Party Apps Vulnerabilities and Exploits

OAuth App Abuse: A Growing Cybersecurity Threat

User data security has grown critical in an era of digital transactions and networked apps. The misuse of OAuth applications is a serious danger that has recently attracted attention in the cybersecurity field.

OAuth (Open Authorization) is a widely used authentication protocol that allows users to grant third-party applications limited access to their resources without exposing their credentials. While this technology streamlines user experiences and enhances efficiency, cybercriminals are finding innovative ways to exploit its vulnerabilities.

Recent reports from security experts shed light on the alarming surge in OAuth application abuse attacks. Money-grubbing cybercriminals increasingly leverage these attacks to compromise user accounts, with potentially devastating consequences. The attackers often weaponize OAuth apps to gain unauthorized access to sensitive information, leading to financial losses and privacy breaches.

One significant event that underscores the severity of this threat is the widespread targeting of Microsoft accounts. Cyber attackers have honed in on the popularity and ubiquity of Microsoft services, using OAuth app abuse as a vector for their malicious activities. This trend poses a serious challenge to both individual users and organizations relying on Microsoft's suite of applications.

According to a report, the attackers exploit vulnerabilities in OAuth applications to manipulate the authorization process. This allows them to masquerade as legitimate users, granting them access to sensitive data and resources. The consequences of such attacks extend beyond financial losses, potentially compromising personal and corporate data integrity.

The financial motivation behind these cybercrimes, emphasizes the lucrative nature of exploiting OAuth vulnerabilities. Criminals are driven by the potential gains from unauthorized access to user accounts, emphasizing the need for heightened vigilance and proactive security measures.

Dark Reading further delves into the evolving tactics of these attackers, emphasizing the need for a comprehensive cybersecurity strategy. Organizations and users must prioritize measures such as multi-factor authentication, continuous monitoring, and regular security updates to mitigate the risks associated with OAuth application abuse.

The increasing misuse of OAuth applications is a turning point in the continuous fight against cyberattacks. The strategies used by cybercriminals also change as technology does. People and institutions must remain knowledgeable, implement strong security procedures, and work together to protect the digital environment from these new dangers. According to the proverb, "An ounce of prevention is worth a pound of cure."
Read more »
Overheating
Ads Authentication Cyber Security Data Privacy Data Usage Google Pixel Phones iPhone NordVPN Overheating

Detecting Mobile Hacks: Signs and Solutions

The possibility of getting hacked is a worrying reality in a time when our lives are inextricably linked to our smartphones. Hackers' strategies, which are always looking for ways to take advantage of weaknesses, also evolve along with technology. Thankfully, it is possible to determine whether unauthorized access has been gained to your phone.

1. Unusual Behavior:

If your phone starts exhibiting unusual behavior, such as sudden battery drains, sluggish performance, or unexpected shutdowns, it could be a sign of a breach. According to Tom's Guide, these anomalies may indicate the presence of malware or spyware on your device, compromising its functionality.

2. Data Usage Spikes:

Excessive data usage is another red flag. A sudden spike in data consumption without any change in your usage patterns could signify a compromise. NordVPN emphasizes that certain malware operates in the background, quietly sending your data to unauthorized sources, leading to increased data usage.

3. Strange Pop-ups and Ads:

Pop-ups and ads that appear out of the blue, especially when your phone is idle, may be indicative of a hack. Business Insider notes that these intrusions often result from malicious software attempting to generate revenue for hackers through ad clicks.

4. Unrecognized Apps and Permissions:

TechPP advises users to regularly check for unfamiliar apps on their phones. If you notice apps that you didn't download or don't remember installing, it's a clear sign that your phone's security may have been compromised. Additionally, scrutinize app permissions to ensure they align with the app's functionality.

5. Overheating:

An overheating phone can be a symptom of hacking. Unexplained overheating may indicate that malicious processes are running in the background. If your phone feels unusually hot, it's worth investigating further.

6. Sudden Password Changes:

If you find that your passwords have been changed without your knowledge, it's a serious cause for concern. This could signify a hacker gaining unauthorized access to your accounts. NordVPN emphasizes the importance of immediate action to secure your accounts and change passwords if you suspect foul play.

It's essential to be watchful and proactive to protect your phone from any hackers. Observe the recommendations given by reliable sources regularly. Recall that reducing the effect of a security compromise requires quick identification and action. Our knowledge of and protections against the constant threat of mobile phone hacking should advance along with technology.


Read more »
Windows
Authentication BlackWing Experience Fingerprint Google Microsoft Hello Fingerprint ID Password Laptops Privacy Tools Social Media Vulnerabilities and Exploit Windows

Laptops with Windows Hello Fingerprint Authentication Vulnerable

 


Microsoft’s Windows Hello security, which offers a passwordless method of logging into Windows-powered machines may not be as secure as users think. Microsoft Windows Hello fingerprint authentication was evaluated for security over its fingerprint sensors embedded in laptops. This led to the discovery of multiple vulnerabilities that would allow a threat actor to bypass Windows Hello Authentication completely. 

As reported by Blackwing Intelligence in a blog post, Microsoft's Offensive Research and Security Engineering (MORSE) had asked them to conduct an assessment of the security of the three top fingerprint sensors embedded in laptops, in response to a recent request. 

There was research conducted on three laptops, the Dell Inspiron 15, the Lenovo ThinkPad T14, and the Microsoft Surface Pro Type Cover with Fingerprint ID, which were used in the study. It was discovered that several vulnerabilities in the Windows Hello fingerprint authentication system could be exploited by researchers working on the project.

In addition, The document also reveals that the fingerprint sensors used in Lenovo ThinkPad T14, Dell Inspiron 15, Surface Pro 8 and X tablets made by Goodix, Synaptics, and ELAN were vulnerable to man-in-the-middle attacks due to their underlying technology. 

A premier sensor enabling fingerprint authentication through Windows Hello is not as secure as manufacturers would like. It has been discovered that there are several security flaws in many fingerprint sensors used in many laptops that are compatible with the Windows Hello authentication feature due to the use of outdated firmware. 

It was discovered by researchers at Blackwing Intelligence, a company that conducts research into the security, offensive capabilities, and vulnerability of hardware and software products. The researchers found weaknesses in fingerprint sensors embedded in the devices from Goodix, Synaptics, and ELAN, all of which are manufactured by these manufacturers. 

Using fingerprint reader exploits requires users to already have fingerprint authentication set up on their targeted laptops so that the exploits can work. Three fingerprint sensors in the system are all part of a type of sensor that is known as "match on chip" (MoC), which includes all biometric management functions in the integrated circuit of the sensor itself.

Concept Of Vulnerability Match On Chip As reported by Cyber Security News, this vulnerability is due to a flaw within the concept of the "match on chip" type sensors. Microsoft removed the option of storing some fingerprint templates on the host machine and replaced it with a "match on chip" sensor.  This means that the fingerprint templates are now stored on the chip, thus potentially reducing the concern that fingerprints might be exfiltrated from the host if the host becomes compromised, which could compromise the privacy of your data. 

Despite this, this method has a downside as it does not prevent malicious sensors from spoofing the communication between the sensor and the host, so in this case, an authorized and authenticated user who is using the sensor can easily be fooled. 

There have been several successful attempts at defeating Windows Hello biometric-based authentication systems in the past, but this isn't the first time. This month, Microsoft released two patches (CVE-2021-34466, CVSS score: 6.1), aimed at patching up a security flaw that was rated medium severity in July 2021, and that could allow an adversary to hijack the login process by spoofing the target's face. 

The validity of Microsoft's statement as to whether they will be able to find a fix for the flaws is still unclear; however, this is not the first time Windows Hello, a biometric-based system, has been the victim of attacks. A proof of concept in 2021 showed that by using an infrared photo of a victim with the facial recognition feature of Windows Hello, it was possible to bypass the authentication method. Following this, Microsoft fixed the issue to prevent the problem from occurring again.
Read more »
Sensitive Information
23andMe 2FA Authentication DNA MFA Privacy Sensitive Information

Genetic Data Security Strengthened with Two-Factor Authentication

Data security is a major worry in this era of digitization, particularly with regard to sensitive data like genetic information. Major genetic testing companies have recently strengthened the security of their users' data by making two-factor authentication (2FA) the standard security feature.

The move comes in response to the growing importance of safeguarding the privacy and integrity of genetic information. The decision to make 2FA the default setting represents a proactive approach to address the evolving landscape of cybersecurity threats. This move has been widely applauded by experts, as it adds an extra layer of protection to user accounts, making unauthorized access significantly more challenging.

MyHeritage, in a recent blog post, highlighted the importance of securing user accounts and detailed the steps users can take to enable 2FA on their accounts. The blog emphasized the user-friendly nature of the implementation, aiming to encourage widespread adoption among its customer base.

Similarly, 23andMe has also taken strides in enhancing customer security by implementing 2-step verification. Their official blog outlined the benefits of this added layer of protection, assuring users that their genetic data is now even more secure. The company addressed the pressing issue of data security concerns in a separate post, reaffirming their commitment to protecting user information and staying ahead of potential threats.

The move towards default 2FA by these genetic testing giants is not only a response to the current cybersecurity landscape but also an acknowledgment of the increasing value of genetic data. As the popularity of DNA testing services continues to grow, so does the need for robust security measures to safeguard the sensitive information these companies handle.

Users are encouraged to take advantage of these enhanced security features and to stay informed about best practices for protecting their genetic data. The implementation of default 2FA by industry leaders sets a positive precedent for other companies in the field, emphasizing the shared responsibility of securing sensitive information in an increasingly interconnected world.

Ensuring the security and privacy of genetic data has advanced significantly with organizations implementing two-factor authentication by default. This action demonstrates the industry's dedication to staying ahead of possible risks and giving consumers the resources they need to safeguard their private data.


Read more »
User Privacy
Authentication Big Tech Cyber Security Data Privacy Laws Digital Privacy E Commerce Government of India Indian Market Privacy Act Tech Companies User Privacy

India's DPDP Act: Industry's Compliance Challenges and Concerns

As India's Data Protection and Privacy Act (DPDP) transitions from proposal to legal mandate, the business community is grappling with the intricacies of compliance and its far-reaching implications. While the government maintains that companies have had a reasonable timeframe to align with the new regulations, industry insiders are voicing their apprehensions and advocating for extensions in implementation.

A new LiveMint report claims that the government claims businesses have been given a fair amount of time to adjust to the DPDP regulations. The actual situation, though, seems more nuanced. Industry insiders,emphasize the difficulties firms encounter in comprehending and complying with the complex mandate of the DPDP Act.

The Big Tech Alliance, as reported in Inc42, has proposed a 12 to 18-month extension for compliance, underscoring the intricacies involved in integrating DPDP guidelines into existing operations. The alliance contends that the complexity of data handling and the need for sophisticated infrastructure demand a more extended transition period.

An EY study, reveals that a majority of organizations express deep concerns about the impact of the data law. This highlights the need for clarity in the interpretation and application of DPDP regulations. 

In another development, the IT Minister announced that draft rules under the privacy law are nearly ready. This impending release signifies a pivotal moment in the DPDP journey, as it will provide a clearer roadmap for businesses to follow.

As the compliance deadline looms, it is evident that there is a pressing need for collaborative efforts between the government and the industry to ensure a smooth transition. This involves not only extending timelines but also providing comprehensive guidance and support to businesses navigating the intricacies of the DPDP Act.

Despite the government's claim that businesses have enough time to get ready for DPDP compliance, industry opinion suggests otherwise. The complexities of data privacy laws and the worries raised by significant groups highlight the difficulties that companies face. It is imperative that the government and industry work together to resolve these issues and enable a smooth transition to the DPDP compliance period.

Read more »
Sensitive Information
1Password Manager Authentication Data Breach Digital Landscape Multi-Factor Authentication (MFA) Okta Passwords Sensitive Information

1Password's Swift Response to Okta Data Breach

Prominent password manager provider 1Password has shown excellent reaction and transparency following the recent Okta data leak issue. The breach forced 1Password to take measures to protect its users' security after it affected multiple organizations and possibly exposed sensitive user data.

1Password, a widely trusted password manager, has detected suspicious activity related to the Okta breach. The company acted promptly to mitigate any potential risks to its users. This incident highlights the critical role password managers play in safeguarding personal information in an increasingly interconnected digital landscape.

The Okta data breach in late October exposed a substantial amount of sensitive information, including usernames, passwords, and other authentication credentials. This incident raised alarms across the cybersecurity community, as Okta serves as an identity and access management provider for numerous organizations.

1Password's swift response sets an example for other online services in handling such incidents. The company has confirmed that all logins are secure and has implemented additional security measures to fortify its users' accounts. This includes enhanced monitoring for any suspicious activity and immediate alerts for any potential compromise.

1Password has a history of prioritizing user security, and this recent incident demonstrates their commitment to upholding the trust placed in them by millions of users worldwide. It serves as a reminder of the importance of using reputable password managers to fortify one's online security.

In light of this breach, it is recommended that users take proactive steps to further secure their accounts. This may include enabling multi-factor authentication, regularly updating passwords, and monitoring accounts for any unusual activity.

1Password's commitment to user security is demonstrated by its prompt and resolute reaction to the Okta data incident. It is impossible to overestimate the significance of strong password management given how quickly the digital world is changing. To protect their online identities, users are urged to exercise caution and take preventative action.

Read more »
Windows 7
2FA Authentication Bank Data Leak Cyber Security IT Network Malicious actor Microsoft Protocols Supply Chain Platform UK Government Vulnerability and Exploits. Windows 7

UK Military Data Breach via Outdated Windows 7 System

A Windows 7 machine belonging to a high-security fencing company was the stunning weak link in a shocking cybersecurity incident that exposed vital military data. This hack not only underlines the need for organizations, including those that don't seem to be in the military industry, to maintain strong digital defenses, but it also raises questions about the health of cybersecurity policies.

The attack was started by the LockBit ransomware organization, which targeted Zaun, the high-security fencing manufacturer, according to reports from TechSpot and CPO Magazine. The attackers took advantage of a flaw in the Windows 7 operating system, which Microsoft no longer officially supports and as a result, is not up to date with security patches. This emphasizes the dangers of employing old software, especially in crucial industries.

The compromised fencing company was entrusted with safeguarding the perimeters of sensitive military installations in the UK. Consequently, the breach allowed the attackers to access vital data, potentially compromising national security. This incident underscores the importance of rigorous cybersecurity measures within the defense supply chain, where vulnerabilities can have far-reaching consequences.

The breach also serves as a reminder that cybercriminals often target the weakest links in an organization's cybersecurity chain. In this case, it was a legacy system running an outdated operating system. To mitigate such risks, organizations, especially those handling sensitive data, must regularly update their systems and invest in robust cybersecurity infrastructure.

As investigations continue, the fencing company and other organizations in similar positions need to assess their cybersecurity postures. Regular security audits, employee training, and the implementation of the latest security technologies are critical steps in preventing such breaches.

Moreover, the incident reinforces the need for collaboration and information sharing between the public and private sectors. The government and military should work closely with contractors and suppliers to ensure that their cybersecurity practices meet the highest standards, as the security of one entity can impact many others in the supply chain.

The breach of military data through a high-security fencing firm's Windows 7 computer serves as a stark reminder of the ever-present and evolving cybersecurity threats. It highlights the critical importance of keeping software up to date, securing supply chains, and fostering collaboration between various stakeholders. 

Read more »
Tips
Authentication Cloud Defense Cyber Security Fraud MFA Multi-Factor Authentication (MFA) Online phishing Phishing Prevention Prevention Privacy Protection Scams Security Tips

Defend Against Phishing with Multi-Factor Authentication

 

Phishing has been a favored attack vector for threat actors for nearly three decades, and its utilization persists until it loses its effectiveness. The success of phishing largely hinges on exploiting the weakest link in an organization's cybersecurity chain—human behavior.

“Phishing is largely the same whether in the cloud or on-prem[ise], in that it’s exploiting human behavior more than it’s exploiting technology,” said Emily Phelps, director at Cyware.

These attacks primarily aim to pilfer credentials, granting threat actors unfettered access within an organization's infrastructure. Yet, successful cloud-based phishing assaults might be more intricate due to the nuanced ownership of the environment.

Phelps explained that in an on-premise scenario, a compromised ecosystem would be under the jurisdiction of an organization's security and IT team. However, in the cloud—like AWS or Azure—a breached environment is managed by respective organizations yet ultimately owned by Amazon or Microsoft.

Cloud Emerges as the Preferred Phishing Arena

As an increasing number of applications gravitate toward cloud computing, threat actors are unsurprisingly drawn to exploit this realm. Palo Alto Networks Unit 42's report unveiled a staggering 1100% surge in newly identified phishing URLs on legitimate SaaS platforms from June 2021 to June 2022.

The report delineated a tactic where visitors to legitimate web pages are enticed to click a link directing them to a credential-stealing site. By leveraging a legitimate webpage as the principal phishing site, attackers can modify the link to direct victims to a new malicious page, thereby sustaining the original campaign's efficacy.

Cloud applications provide an ideal launchpad for phishing assaults due to their ability to bypass conventional security systems. Cloud-based phishing is further facilitated by the ease of luring unsuspecting users into clicking malevolent email links. Beyond SaaS platforms, cloud applications such as video conferencing and workforce messaging are also being increasingly exploited for launching attacks.

The Role of Phishing-Resistant MFA

Among the most robust defenses against credential-stealing phishing attacks is multifactor authentication (MFA). This approach incorporates several security factors, including something known (like a password), something possessed (such as a phone or email for code reception), and/or something inherent (like a fingerprint). By requiring an additional code-sharing device or a biometric tool for authentication, MFA heightens the difficulty for attackers to breach these security layers.

In the event of a user falling prey to a phishing attack and credentials being compromised, MFA introduces an additional layer of verification inaccessible to threat actors. This may involve SMS verification, email confirmation, or an authenticator app, with the latter being recommended by Phelps.

However, as MFA proves effective against credential theft, threat actors have escalated their strategies to compromise MFA credentials. Phishing remains one of their favored methods, as cautioned by the Cybersecurity and Infrastructure Security Agency (CISA):

"In a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, as well as the 6-digit code from their mobile phone’s authenticator app.”

To counter this, CISA endorses phishing-resistant MFA as a strategy to enhance overall cloud security against phishing attacks. Fast ID Online/WebAuthn authentication stands out as a popular option. It operates through separate physical tokens linked to USB or NFC devices or embedded authenticators within laptops and mobile devices.

An alternative approach, albeit less common, is PKI-based phishing-resistant MFA, employing security-chip embedded smart cards linked to both an organization and the individual user. While highly secure, this method necessitates mature security and identity management systems.

While any form of MFA contributes to safeguarding cloud data against phishing, relying solely on commonly used code-sharing methods falls short. Threat actors have devised ways to manipulate users into revealing these codes, often relying on users' inconsistent MFA setup practices. Adopting phishing-resistant MFA and incorporating multiple layers of authentication offers the utmost security against this prevalent cyber threat.
Read more »
User Privacy
1Password Manager Authentication Cyber Security Data Encryption Hackers LastPass User Privacy

Upgrading Online Security with Password Managers

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to the increasing number of online accounts people use, making it challenging to remember multiple passwords.

According to TechRadar, the use of password managers has emerged as a solution to this problem. These tools generate complex and unique passwords for each account, securely store passwords, and autofill passwords, making them convenient to use. The article suggests that password managers have become essential for enhancing online security. 

Password managers not only provide a higher level of security but also make managing passwords easier. "With the ever-increasing number of accounts people hold, there is a higher risk of password reuse, which makes users more vulnerable to cyber-attacks. A password manager can help overcome this issue," says tech writer Ashwin Bhandari. 

Android Police highlights the advantages of using password managers, including the ability to generate secure passwords and store them securely. The tool also helps users avoid the risk of weak passwords or using the same password for multiple accounts, which could make them vulnerable to cyber-attacks. 

CyberNews has compiled a list of the best password managers available, including LastPass, Dashlane, and 1Password. These password managers use strong encryption methods to protect user passwords and employ multi-factor authentication to provide an additional layer of security.

"Multi-factor authentication is the best way to protect your account from unauthorized access. While a password manager can generate and store passwords, enabling multi-factor authentication can prevent hackers from gaining access to your account even if they have your password," says cybersecurity expert John Smith.

Password managers have become a crucial tool for maintaining online security, to sum up. Users can prevent the risk of using weak passwords or the same password for many accounts by utilizing them since they make it convenient to generate and save complex passwords securely. Password managers can help people and businesses increase their internet security and defend against cyberattacks.
Read more »
Passwordless
Authentication Data Breach Data Privacy Day Data Safety data security Password Passwordless

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself

 

This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.
Read more »
User Privacy
Authentication Data Breach Phishing Attacks Social Security Number Students Data User Privacy

Nelnet Servicing breach over 2.5 Million Student Loan Data

A hack on technology services supplier Nelnet Servicing affected more than 2.5 million persons with students with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority. 

The provider claims that hackers accessed its systems without authorization in June and continued to do so through July 22. There have been about 2,501,324 people who were affected by the data breach.

The information that was made public includes full name, place of residence, email address, contact details, and social security number. 

Hackers can exploit the aforementioned data by employing a number of tricks like phishing, social engineering, impersonation, and other tactics. The danger of exposure is amplified because loans are such a delicate subject.

Nelnet informed Edfinancial and OSLA that the attackers initially gained access by taking advantage of a vulnerability in its systems.

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered, but a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained.

Customers who might be impacted have already been informed by EdFinancial and OSLA, although EdFinancial made it clear that not all of its clients are affected as Nelnet Servicing is not its only technology supplier. 

It has been suggested that people use the free identity theft protection services offered by EdFinancial and OSLA if their data may have been affected by the event. Furthermore, due to the data breach, the provider of technical services could be subject to a class action lawsuit. 

The law firm "Markovits, Stock & DeMarco" yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence.

According to a letter sent to impacted borrowers, "we urge you to be alert against incidences of identity theft and fraud over the following 24 months, by examining your account statements and keeping an eye on your free credit reports for suspicious activity and to spot errors."

It is advised that those who receive the notices sign up for Experian's IdentityWorks service right once to shield themselves from fraud, and they should also keep a watch for any other incoming correspondence.
Read more »
Threat actor
AiTM Phishing Authentication Cyber Fraud Fraud phishing Proxy Server Scam Threat actor

Microsoft: Large-Scale AiTM Phishing Attacks Against 10K+Organizations

 

More than 10,000 companies were targeted in a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites. Microsoft identified a large-scale phishing effort that employed adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and circumvent authentication even when the victim had activated MFA. 

Threat actors utilise AiTM phishing to set up a proxy server between a target user and the website the user desires to access, which is the phishing site controlled by the attackers. The proxy server enables attackers to intercept communications and steal the target's password and a session cookie. 

Threat actors started business email compromise (BEC) attacks against other targets after obtaining the credentials and session cookies needed to access users' mails. Since September 2021, Microsoft specialists think the AiTM phishing effort has targeted over 10,000 companies. 

Phishing using AITM 

By impersonating the Office online authentication page, the landing sites utilised in this campaign were meant to attack the Office 365 authentication process. Microsoft researchers discovered that the campaign's operators utilise the Evilginx2 phishing kit as its AiTM infrastructure. Threat actors utilised phishing emails with an HTML file attachment in several of the attacks seen by the experts. The message alerted recipients that they had a voice message in order to deceive them into opening the file.
 
The analysis published by Microsoft states, “This redirector acted as a gatekeeper to ensure the target user was coming from the original HTML attachment. To do this, it first validated if the expected fragment value in the URL—in this case, the user’s email address encoded in Base64—exists. If the said value existed, this page concatenated the value on the phishing site’s landing page, which was also encoded in Base64 and saved in the “link” variable.”

“By combining the two values, the succeeding phishing landing page automatically filled out the sign-in page with the user’s email address, thus enhancing its social engineering lure. This technique was also the campaign’s attempt to prevent conventional anti-phishing solutions from directly accessing phishing URLs.” 

After capturing the session cookie, the attackers inserted it into their browser to bypass the authentication procedure, even if the receiver had activated MFA for his account. Microsoft advises organisations to use systems that enable Fast ID Online (FIDO) v2.0 and certificate-based authentication to make their MFA deployment "phish-resistant."

Microsoft also advises establishing conditional access controls if an attacker attempts to utilise a stolen session cookie and monitoring for suspicious or anomalous activity, such as sign-in attempts with suspicious features and odd mailbox operations. 

“This AiTM phishing campaign is another example of how threats continue to evolve in response to the security measures and policies organisations put in place to defend themselves against potential attacks. While AiTM phishing attempts to circumvent MFA, it’s important to underscore that MFA implementation remains an essential pillar in identity security. MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place," concludes the report.
Read more »
Subscribe to: Posts (Atom)