NIST has formalized three post-quantum cryptographic algorithms, with organizations urged to start the transition to quantum-secure encryption immediately
Daily Archives: August 13, 2024
East Valley Institute of Technology Data Breach Exposes Over 200,000 Records
The EVIT breach exposed the data of 208,717 individuals, including students, faculty and parents
USN-6950-3: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– Block layer subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– FireWire subsystem;
– GPU drivers;
– InfiniBand drivers;
– Multiple devices driver;
– EEPROM drivers;
– Network drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– 9P distributed file system;
– Network file system client;
– SMB network file system;
– Socket messages infrastructure;
– Dynamic debug library;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– NSH protocol;
– Phonet protocol;
– TIPC protocol;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,
CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,
CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,
CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,
CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,
CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,
CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,
CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,
CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,
CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,
CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,
CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,
CVE-2024-36944, CVE-2024-36939)
Phishing Campaign Compromises 100+ Ukrainian Government Computers
CERT-UA has warned that a mass phishing campaign impersonating Ukraine’s Security Services has infected more than 100 government devices
Prolific Belarusian Cybercriminal Arrested in Spain
Belarusian national Maksim Silnikau, who was operating under the ‘J.P. Morgan’ moniker, is believed to be one of the world’s most prolific Russian-speaking cybercriminals
Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)
Posted by Security Explorations on Aug 13
Hello All,
There is an architectural / design issue of PlayReady, which can be
successfully exploited to gain access to license server by arbitrary
clients. The problem has its origin in flat certificate namespace /
reliance on a single root key in PlayReady along no auth at license
server end by default (deemed as no bug by Microsoft).
PlayReady client certificates encountered in Windows 10 / 11 and
CANAL+ STB device environments share a…
On the Voynich Manuscript
Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript.
No one has been able to understand the writing yet, but there are some new understandings:
Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation. If five scribes had come together to write it, the manuscript was probably the work of a community, rather than of a single deranged mind or con artist. Why the community used its own language, or code, remains a mystery. Whether it was a cloister of alchemists, or mad monks, or a group like the medieval Béguines—a secluded order of Christian women—required more study. But the marks of frequent use signaled that the manuscript served some routine, perhaps daily function.
Davis’s work brought like-minded scholars out of hiding. In just the past few years, a Yale linguist named Claire Bowern had begun performing sophisticated analyses of the text, building on the efforts of earlier scholars and on methods Bowern had used with undocumented Indigenous languages in Australia. At the University of Malta, computer scientists were figuring out how to analyze the Voynich with tools for natural-language processing. Researchers found that the manuscript’s roughly 38,000 words—and 9,000-word vocabulary—had many of the statistical hallmarks of actual language. The Voynich’s most common word, whatever it meant, appeared roughly twice as often as the second-most-common word and three times as often as the third-commonest, and so on—a touchstone of natural language known as Zipf’s law. The mix of word lengths and the ratio of unique words to total words were similarly language-like. Certain words, moreover, seemed to follow one another in predictable order, a possible sign of grammar.
Finally, each of the text’s sections—as defined by the drawings of plants, stars, bathing women, and so on—had different sets of overrepresented words, just as one would expect in a real book whose chapters focused on different subjects.
Spelling was the chief aberration. The Voynich alphabet—if that’s what it was—appeared to have a conventional 20-odd letters. But compared with known languages, too many of those letters repeated in the same order, both within words and across neighboring words, like a children’s rhyme. In some places, the spellings of adjacent words so converged that a single word repeated two or three times in a row. A rough English equivalent might be something akin to “She sells sea shells by the sea shore.” Another possibility, Bowern told me, was something like pig Latin, or the Yiddishism—known as “shm-reduplication”—that begets phrases such as fancy shmancy and rules shmules.
The State of Phishing-Resistant MFA
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In our increasingly interconnected world, the specter of cybercrime looms larger than ever, casting a shadow over people, businesses, and governments alike. Among the slew of cyber threats bombarding entities daily, phishing attacks are a particularly pernicious menace. With each day, bad actors hone their techniques, leveraging the latest tools and psychological tactics to craft sophisticated phishing campaigns that are clever enough to defy all but the closest scrutiny.
As a result, there is a need for heightened awareness, robust cybersecurity measures, and proactive defense strategies. One is phishing-resistant MFA, which is becoming mandatory in many data protection regulations.
What is Phishing-Resistant MFA?
Recent incidents exploiting gaps in MFA implementations have highlighted that traditional multi-factor authentication is susceptible to phishing and social engineering attacks. For instance, the 2024 Data Threat Report found that of IT professionals, 93% believe security threats are increasing in volume or severity, a significant rise from 47% last year. Moreover, the number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Also, the report revealed that malware, ransomware, and phishing are consistently the largest growth categories for attacks.
For multi-factor authentication to be truly effective, it must implement secure methods such as cryptographic keys, biometrics, and device-level security checks that phishing attempts cannot compromise. Moreover, passwordless authentication and a zero-trust approach to authentication and security are crucial.
Phishing-resistant MFA depends on public key cryptography, removing the need for shared codes and dramatically lowering the possibility of threat actors intercepting and replaying access codes. Also, phishing-resistant technologies can verify the source and destination’s authenticity, ensuring that the authentication process can only happen between the intended site and the user’s device.
An Increasingly Stringent Regulatory Landscape
In response to escalating cyber threats and failing cybersecurity measures, government cybersecurity agencies worldwide have increased their requirements, advocating for adopting phishing-resistant authentication methods to safeguard sensitive data. For instance, in the US, Presidential Executive Order 14028 and an Office of Management and Budget (OMB) memo mandate using enterprise-managed identities for accessing work applications, explicitly focusing on phishing-resistant MFA to shield employees from sophisticated online attacks. Similarly, in the European Union, ENISA guidelines discourage the use of SMS and voice calls for authentication, urging entities to opt for more secure options such as smart cards and FIDO2 security keys.
PSD2, the EU directive for payment services, prioritizes online transaction security through strong customer authentication (SCA), requiring at least two authentication elements among knowledge, possession, and inherence. To combat phishing, PSD2 mandates dynamic authentication methods, like one-time codes, to deter replay attacks. It also promotes biometric authentication to resist social engineering. NIS2 and NIST CSF 2.0, which focus on enhancing cybersecurity across critical sectors, promote phishing-resistant MFA by emphasizing robust cybersecurity measures, including authentication protocols. By mandating stringent security standards and risk management practices, NIS2 encourages the adoption of dynamic authentication methods, such as one-time codes or biometrics, which are inherently more resistant to phishing attacks.
Because regulatory bodies emphasize the importance of robust cybersecurity practices, implementing phishing-resistant MFA aligns with the abovementioned regulations and helps organizations demonstrate compliance and proactive risk management.
Benefits Beyond Regulations
Moving beyond regulations, implementing phishing-resistant MFA can help companies reduce the risk of financial fraud and data breaches. More often than not, successful phishing attacks lead to financial fraud and data breaches. By insisting on multiple authentication factors and using methods that are resistant to MFA bypass attacks, including push bombing and SIM swapping, companies can significantly reduce the likelihood of unauthorized access and strengthen defenses against cyber threats.
Preventing cyberattacks and data breaches through phishing-resistant MFA can also result in substantial cost savings by avoiding the financial losses related to fraud, legal penalties, and regulatory fines. It also mitigates the costs associated with incident response, forensics, remediation, and damage to a company’s reputation. More importantly, robust authentication measures enhance trust and credibility with customers and partners. By safeguarding sensitive data and ensuring secure transactions, businesses cultivate a reputation for reliability and integrity, building stronger relationships and enhancing brand loyalty. Conversely, a successful breach can lead to an immeasurable loss of trust and customer confidence.
Enhancing the Core Principles of MFA
Phishing-resistant MFA enhances the core principles of traditional MFA. While traditional MFA relies on factors such as knowledge (password) and possession (a mobile for an SMS code), phishing-resistant versions introduce authentication elements that are inherently trickier to replicate or steal. This could involve a tangible item like a hardware token, ‘ something you are,’ or a biometric such as a fingerprint, voice pattern, or iris scan. The effectiveness of biometrics lies in its individuality, while passwords are susceptible to theft or guessing.
The industry is also shining the spotlight on FIDO as the go-to solution for implementing phishing-resistant MFA or PKI when FIDO is not supported. FIDO authentication introduces passkeys, which are resilient against phishing attempts. These passkeys can synchronize across devices or associate with a platform or security key, replacing traditional password-only logins with secure and rapid authentication experiences across various platforms and applications. Passkeys offer infinitely better security than passwords and SMS OTPs and streamline deployment and management for service providers. Importantly, they are simple and almost frictionless, so they don’t impact the customer experience. Users can enjoy a seamless, contactless login process without remembering passwords or entering PINs using a keyboard.
A Non-Negotiable for Businesses
Cyberattacks are increasingly sophisticated and prevalent, so investing in phishing-resistant MFA is becoming a non-negotiable for businesses to safeguard their sensitive data and avoid falling foul of regulators. At the same time, they can bolster their multi-factor authentication processes by using techniques that are significantly harder to compromise and enhance overall resilience.
South Korea Warns Pyongyang Has Stolen Spy Plane Details
South Korea’s People Power Party calls for new legislation after data on spy planes and tanks is hacked by North Korea
FBI Leads Effort to Dismantle Radar/Dispossessor Ransomware
The FBI and other law enforcers claim to have disrupted the Radar/Dispossessor ransomware group