Subterms
Image: Getty/Jay Yuno Businesses should be prepared for an extended period of heightened cyber threats and they need to take action to prevent their cybersecurity staff from being overworked, the National Cyber Security Centre (NCSC) has warned. While the UK’s cybersecurity body says the UK hasn’t experienced severe cyberattacks in relation to Russia’s invasion of […] More
Image: wacomka/Shutterstock The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms for general encryption and digital signatures. NIST, a US standards setting body and research organization within the Department of Commerce, announced the four algorithms after a six-year period assessing potential quantum-resistant (QR) alternatives to today’s […] More
Image: Getty Cybersecurity is hard. Technology is continually changing, cyber criminals’ tools and techniques are always evolving and maintaining the security of a network with users who each want to do their own thing without being restricted by security is a constant challenge. Special Feature Ransomware remains a significant problem, as cyber criminals threaten to […] More
Image: Getty Ransomware has been a cybersecurity issue for a long time, but last year it went mainstream. Special Feature Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyberattacks disrupted people’s lives. What was once a small cyber-criminal industry based […] More
Image: Getty/Bloom Productions Keeping on top of cybersecurity risks is a constant challenge. Threats including phishing, malware and ransomware are continually evolving and adapting, as cyber criminals regularly find new, innovative ways to conduct malicious hacking campaigns, break into computer systems and find a way to stay there. Special Feature This combination is proving difficult […] More
Google says it will automatically delete location logs when it detects visits to abortion clinics and domestic violence shelters. In a blog post, Jen Fitzpatrick, senior vice president of Google Core Systems & Experiences, said the changes would be rolling out in the coming weeks.Following the overturning of the landmark Roe v. Wade ruling, which enshrined the right to legal abortion in the United States, there are fears that data collected through search histories, medical tracking apps, and GPS location data, among other technologies, could be used in prosecutions. According to Fitzpatrick, while many privacy controls are on offer for users, the tech giant will also contribute by ensuring that some datasets are automatically wiped before such a future becomes a reality. “Given that these issues apply to healthcare providers, telecommunications companies, banks, tech platforms, and many more, we know privacy protections cannot be solely up to individual companies or states acting individually,” the executive says. Location history on your Google account is off by default, but some users may find it useful for personalized recommendations. However, if location history is enabled and a user visits a sensitive area, Google will now delete these logs automatically. Suppose the company’s systems detect a visit to places including medical facilities, counseling centers, domestic violence shelters, abortion and fertility clinics, or addiction treatment centers. In that case, Fitzpatrick says, “we will delete these entries from Location History soon after they visit.” Period tracking apps and software are also of concern. At the moment, the logs of menstruation trackers in Google Fit and Fitbit can be deleted one record at a time, but the company intends to expand this to allow multiple logs to be removed at once. Google has also reiterated its stance on law enforcement data demands. In some cases, the company is legally obligated to hand over user information. Still, users are informed when their data is shared unless Google is barred from doing so or a situation is considered an emergency. The company also publishes a regular transparency report that shares the number of law enforcement requests it receives and how many are successful. Google may push back against over-broad requests or object to providing records at all. “We remain committed to protecting our users against improper government demands for data, and we will continue to oppose demands that are overly broad or otherwise legally objectionable,” Fitzpatrick commented. “We also will continue to support bipartisan legislation, such as the NDO Fairness Act recently passed by the House of Representatives, to reduce secrecy and increase transparency around government data demands.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More
It’s not often that I say you absolutely need to buy something. But this is something you need to buy.Two-factor authentication — a combination of something you remember (such as a password) and something you have (a smartphone or a token) — offers far better security than relying on passwords alone. And while SMS-based authentication is better than nothing, what’s even better is hardware-based authentication.I’ve tested dozens of hardware-based security keys, and the one that I use to secure my online accounts is the Yubikey 5C NFC More
The Cybersecurity & Infrastructure Security Agency (CISA) is now advising federal agencies and others to patch a Windows flaw from Microsoft’s May Patch Tuesday. CISA has re-added the Windows flaw CVE-2022-26925 to its Known Exploited Vulnerabilities (KEV) Catalog and has told federal agencies to patch it by 22 July. The bug is in Windows Local Security Authority (LSA), which “contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.”NTLM or NT Lan Manager (NTLM) is a legacy Microsoft authentication protocol for Active Directory that was implemented in Windows 2000. LSA allows applications to authenticate and log users on to a local system. CISA on May 15 temporarily removed CVE-2022-26925 from the KEV catalog because of login issues customers faced after applying the update on Windows Servers used as domain controllers, that is, Windows servers used for user authentication. Besides potentially breaking logins for users at many federal agencies, it’s also a complicated fix to roll out. CISA on July 1 noted in separate guidance for applying the patch for CVE-2022-26925 that it contains fixes for two related flaws addressed in the May Patch Tuesday update: CVE-2022-26923, an Active Directory domain services elevation of privilege flaw; and CVE-2022-26931, a Windows Kerberos elevation of privilege vulnerability. (Kerberos is the successor to NTLM for authentication in Active Directory). But as CISA explains, these updates caused logins failures at “many federal agencies” that use Personal Identity Verification (PIV)/Common Access Card (CAC) certificates for authentication. The breakage stems from Active Directory, after the May 2022 update, looks for “strong mapping between the certificate and account”. To avoid these login issues, CISA now recommends following its steps for setting two registry keys on domain controllers.The registry key settings allow admins to control whether the domain controller is in “Compatibility Mode” or “Full Enforcement Mode”. Microsoft explains the reason for tighter checks on certificates in Compatibility Mode is that prior to May 2022 security update, certificate-based authentication would not account for a dollar sign ($) at the end of a machine name, allowing for spoofing attacks. Applying the May 2022 security update puts devices in Compatibility Mode. And next year, on May 9, 2023, Microsoft will update all devices to Full Enforcement Mode if they are not already in it. “Once you have installed the May 10, 2022 Windows updates, devices will be in Compatibility mode. If a certificate can be strongly mapped to a user, authentication will occur as expected. If a certificate can only be weakly mapped to a user, authentication will occur as expected,” Microsoft explains in an FAQ. “However, a warning message will be logged unless the certificate is older than the user. If the certificate is older than the user and Certificate Backdating registry key is not present or the range is outside the backdating compensation, authentication will fail, and an error message will be logged. If the Certificate Backdating registry key is configured, it will log a warning message in the event log if the dates falls within the backdating compensation.”After you install the May 10, 2022 Windows updates, watch for any warning message that might appear after a month or more. If there are no warning messages, we strongly recommend that you enable Full Enforcement mode on all domain controllers using certificate-based authentication. You can use the KDC registry key to enable Full Enforcement mode.” But CISA says agencies should not migrate to strong certificate-user mapping yet, partly because it could conflict with some valid use cases in the Federal PKI ecosystem. CISA says it is in discussions with Microsoft to find a less disruptive solution. CISA says that Microsoft pushing Windows Server devices to ‘Full Enforcement’ mode in May 2023 “will break authentication if agencies have not created a strong mapping or added SIDs to certificates.””CISA and the interagency working group are in active discussions with Microsoft for an improved path forward. At this time, CISA does not recommend agencies pursue migration to a strong mapping,” CISA says. More
