SpaceChain’s Post

I read recently about the audacious hacker attack at the MGM Grand Casino. Hackers are becoming increasingly bold in the organizations they are pursuing. You lose essential services or your data is stolen...yes that is an inconvenience and in some cases could even be life threatening. But, you start messing with my money and it brings this to whole new level! To add insult to injury, the FTC is now probing MGM's response to the attack. Post-Quantum Cryptography could take this all to a new level, where Quantum computers have the potential to break public-key cryptography once they begin operating at a large scale – an event not anticipated to occur for several more years. Viavi Solutions Inc. announced the addition of performance testing capability for Post-Quantum Cryptography (PQC) system deployments. Introducing cryptographic protocols can create additional network performance overhead, ultimately affecting end-user quality of experience. TeraVM Security Test can emulate large-scale user endpoint traffic applications over secure access connections while measuring individual traffic flow performance. #cybersecurity #quantumcomputing #DoD

Multi-Factor Rapid Shutdown (MFRS) is an all new feature available with the Tigo TS4-X family of Flex MLPE. Check out or blog post on the technology and how the benefits parallel 2 factor authentication (2FA) in cybersecurity. https://hubs.la/Q02CSDRp0

CPE devices, such as routers and modems, are gateways to a digital world. If left unprotected, they can lead to personal data leakages and privacy breaches. Read our blog to learn how #PKI offers #MNOs, #ISPs, and #DeviceManufacturers a reliable means to ensure #CPE device security.

I wanted to share a recent article I came across about a new flaw called EUCLEAK that affects FIDO devices. This flaw allows attackers to clone YubiKey FIDO keys, but it requires extended physical access and is not considered a threat to general users. Yubico has released a firmware update to fix the issue, but older devices may not be able to upgrade. While this flaw is a reminder that no security system is perfect, it's important to remember that hardware tokens are still a great form of multi factor authentication (MFA). MFA adds an extra layer of security to your accounts, making it much harder for attackers to gain access. Hardware tokens are especially secure because they are physically separate from your devices and require a physical presence to use. Here's the link to the article for more details: https://lnkd.in/eKk8Fgv3 #cybersecurity #MFA #yubikey #infosec #securityawareness

Most cybersecurity measures have a trade off between convenience and security: we want our data protected, but also not so locked down that workflows are impacted. Biometric identification is one of the rare tools that improves both at the same time. Are you taking advantage of this, yet? https://lnkd.in/g7-Efc4Y

Curious how #UWB has an impact on #security technology? Our latest blog delves into the history of security technology, the unique advantages of UWB. See what secure ranging is all about: https://bit.ly/4eLNbmJ Thanks to Yuka Muto for helping to write this article with us. You were invaluable - as always!

Experience worry-free connectivity with secure, complimentary Wi-Fi. Safeguard your data with advanced encryption and reliable authentication measures. Stay connected with confidence. #WiFiSecurity #CyberSafety"

Security researchers have uncovered a vulnerability in YubiKey 5 devices that could potentially allow dedicated hackers to clone these popular hardware authentication tokens[1][4]. The flaw, discovered by NinjaLab, stems from a cryptographic weakness in the microcontroller chip used in older YubiKey models[1][3]. The vulnerability affects YubiKey 5 devices running firmware versions prior to 5.7, as well as some other Yubico products[3][4]. It exploits a side-channel attack on the Infineon cryptographic library used in these devices, potentially allowing an attacker to extract the private key[1][2]. While concerning, exploiting this vulnerability is far from trivial: 1. **Physical access**: An attacker would need to physically possess the YubiKey[2][4]. 2. **Specialized equipment**: The attack requires expensive tools, including an oscilloscope, with setup costs ranging from $11,000 to $33,000[2]. 3. **Technical expertise**: Significant technical knowledge and custom software are necessary to execute the attack[4]. 4. **Time-consuming process**: The entire cloning process could take several hours[2]. Yubico has addressed this issue in newer firmware versions and devices[3][4]. Unfortunately, affected YubiKeys cannot be patched due to their tamper-resistant design[3]. For most users, the risk remains low due to the complexity and cost of the attack[3][4]. However, individuals handling highly sensitive information, such as government officials or activists, may want to consider upgrading their devices[3]. Despite this vulnerability, security experts still recommend using a YubiKey or similar hardware token for authentication, as it provides significantly better security than relying solely on passwords[2][4]. Citations: [1] https://lnkd.in/gjfSZ7z2 [2] https://lnkd.in/gmW8VDY4 [3] https://lnkd.in/gZ3Z_Fid [4] https://lnkd.in/gtUtPy6x [5] https://lnkd.in/g8-RP7zg [6] https://lnkd.in/g_gBwNwS [7] https://lnkd.in/gv-gMzZy

Exciting news for cybersecurity professionals! Microsoft has introduced Universal Continuous Access Evaluation (CAE) for Global Secure Access (GSA), enhancing security and access control. Key features of Universal CAE: 1. Real-time access validation: Ensures GSA edge access is validated with every new application resource connection. 2. Token protection: Guards against GSA access token theft and replay. 3. Near real-time revocation: Quickly revokes and revalidates network access when Entra ID detects identity changes. 4. Wide application coverage: Extends CAE benefits to any application accessed via GSA, without requiring CAE awareness. 5. Strict Enforcement mode: Offers highest security by immediately stopping access if the IP address isn't allowed by Conditional Access policy. Universal CAE significantly reduces the risk of data exfiltration and enhances security across Private Access, Internet Access, and Microsoft Services. It's set to be available for all GSA Windows clients by December 31, 2024. #Cybersecurity #MicrosoftEntra #GlobalSecureAccess #ContinuousAccessEvaluation