If you’ve like me you probably have handfuls of USB flash drives on your desk at any one time. But how many of those flash drives have built-in data encryption? How many can carry on working after exposure to water and dust? Or after being dropped from a height on concrete? Or driven over? The […] More

Kerry Wan/ZDNETIt’s World Password Day, but Google wants you to know that the days of the password are numbered.Passkeys consist of two cryptographic keys, a public key that’s registered with the online service or app, and a private key that’s stored on a device, such as a smartphone or a computer. That might sound complicated, but passkeys have been designed to be easy to use. In fact, to log in with a passkey, you use your face, a fingerprint, or a PIN in much the same way that you unlock your smartphone. In a blog post, Google VP of Security Engineering Heather Adkins announced today that since Google launched passkeys on World Password Day 2022, over 400 million Google Accounts have been secured with passkeys. Furthermore, these users have collectively logged over 1 billion authentications, demonstrating growing adoption and usage of this relatively new security feature.   Also: What are passkeys? Experience the life-changing magic of going passwordlessIn fact, the use of passkeys for Google Accounts has now surpassed traditional forms of two-step verification (2SV), including SMS-based one-time passwords (OTPs) and app-based OTPs (like those used in Authenticator apps). According to Google, passkey users experience login times that are 50% faster than those using passwords, enhancing both the security and efficiency of their authentication processes.Google has further announced plans to integrate passkeys into its Advanced Protection Program (APP), which offers enhanced security measures for high-risk Google Account users such as activists, politicians, and journalists. Users enrolled in this program will soon have the option to switch to using passkeys exclusively or to use them in conjunction with traditional passwords or hardware security keys.This integration represents a significant step in bolstering security while maintaining user convenience for those at heightened risk of targeted attacks.Also: The best password managers you can buy: Expert testedSo, what’s stopping everyone from adopting passkeys?For years, the emphasis has been on creating complex passwords as the best line of defense for securing digital accounts. Now, people are confused and wondering what’s changed. It’s hard to get across that the landscape of digital security is constantly evolving, and with it, the strategies for securing access to online information.While passkeys offer a new, more streamlined, more secure approach to security, significantly reducing the risk of phishing and eliminating the need to remember and manage multiple passwords, it’s hard to communicate that to the average user. More

VoIP giant Bandwidth.com reported its third quarter earnings on Monday, bringing in a revenue of $131 million. But the company noted in another release that a recent DDoS attack will end up costing them “between $9 million and $12 million” for the full fiscal year. While the company still beat expectations for Q3, the financial cost of the attack — which was first reported by The Record — illustrates how much damage DDoS incidents can cause. 

The company filed a document with the SEC on October 26 explaining that the attack caused a “decrease of approximately $700,000 in third quarter 2021 revenue from lost transaction volume and customer credits.” “Based on preliminary usage data and currently known information, the company estimates that the impact of the DDoS attack may reduce CPaaS revenue for the full year of 2021 by an amount between $9 million and $12 million, inclusive of the aforementioned $0.7 million revenue impact in the third quarter,” the company said in a filing. On an earnings call on Monday, Bandwidth said many of the customers who left the company after the attack have already indicated they may return, and executives noted that they did not pay a ransom to address the attack. In September, Bandwidth CEO David Morken confirmed that it was suffering from outages after reports emerged that the service was dealing with a DDoS attack.Other VoIP vendors like Accent, RingCentral, Twilio, DialPad, and Phone.com were experiencing outages and telling customers that the problems were with an “upstream provider.” 

A source, who asked to have their name withheld, told ZDNet that their customers were having major problems with their ported phone numbers and that they could not make any changes like forwarding phones. The company is a downstream reseller of products hosted by Bandwidth and said they knew of a major telecommunications company that “was in emergency mode” due to the situation with Bandwidth.While the attack caused outages for days and the company reported its expected losses, Morken said it had little impact on the company’s successful quarter. “I am proud of our team’s performance to combat a series of sophisticated DDoS attacks aimed at Bandwidth and our industry. Despite the impact from the DDoS attack at the end of September, our revenue results for the third quarter exceeded our guidance,” Morken said.”Consistent with our ethos to do the right thing for our customers, we helped some of our customers divert traffic from our platform during the attack to mitigate impacts to their businesses. While that traffic is beginning to come back, we believe we will see a top-line impact of that lost volume primarily in the fourth quarter. We believe we are now stronger than ever, and are focused on serving our customers.” Multiple VoIP companies reported DDoS attacks over the last few months, and Cloudflare researchers said they saw several “record-setting HTTP DDoS attacks,” noting the emergence of ransom DDoS attacks on VoIP service providers.Canada-based VoIP provider VoIP.ms said it battled a week-long, massive ransom DDoS attack earlier this year. The REvil ransomware group demanded a $4.5 million ransom to end the attack.  More

In 2018, Singapore suffered its worst ever data breach when inadequate cybersecurity at SingHealth saw a quarter of the population’s medical records stolen.
The subsequent official review recommended remedies that should already be basic security policies.
Two years after the SingHealth hack, Singapore’s cybersecurity is being improved by everything from the fintech-oriented @-Wise Cybersecurity Centre of Excellence to mandatory standards for home routers.

More Asian SMB focus on security More

Singapore bank DBS’ second major online service outage in just over a year is “unacceptable” and indicative of its failure to ensure system availability. It now faces supervisory actions from industry regulator, Monetary Authority of Singapore (MAS), which said it placed great emphasis on the reliability of banks’ critical IT systems. DBS on Wednesday morning said via its Facebook page that access to its digital services, including its mobile payment app PayLah, was unavailable. The bank said its systems were “secure and uncompromised”, but gave no details on what caused the disruption in its initial and subsequent updates as the outage persisted throughout the day. Some customers reported being asked to reset their PIN when they tried to log into their accounts, prompting concerns of a scam. One customer said DBS should have posted a service notification on its login page and disabled all login attempts to ease such concerns. The bank’s online services were restored in the evening, about 10 hours after they went down. Noting that the latest incident came a year after a similar service outage in November 2021, MAS said DBS had “fallen short” of the regulator’s expectations to ensure high system availability and swift recovery of its IT systems. The bank had been instructed to run a full investigation so the root cause of the disruption could be identified, MAS said, adding that it would take supervisory actions once the necessary facts were established.DBS’ November 2021 service outage lasted two days and was caused by a problem with the bank’s access control servers, resulting in customers’ inability to log into their account. For the disruption, MAS had imposed on the bank an additional regulatory capital requirement totalling SG$930 million.Singapore in recent years has implemented tighter guidelines for the financial sector, as part of efforts to boost the cyber resilience of the country’s critical information infrastructures. These include technology risk management processes, such as having “strong oversight” of partnerships with third-party service providers to ensure data confidentiality as well as security controls and stress tests.RELATED COVERAGE More