AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/27/2021

Quantum computers could read all your encrypted data. This ‘quantum-safe’ VPN aims to stop that

To protect our private communications from future attacks by quantum computers, Verizon is trialing the use of next-generation cryptography keys to protect the virtual private networks (VPNs) that are used every day by companies around the world to prevent hacking. Verizon implemented what it describes as a “quantum-safe” VPN between one of the company’s labs in London in the UK and a US-based center in Ashburn, Virginia, using encryption keys that were generated thanks to post-quantum cryptography methods – meaning that they are robust enough to withstand attacks from a quantum computer. According to Verizon, the trial successfully demonstrated that it is possible to replace current security processes with protocols that are quantum-proof.  VPNs are a common security tool used to protect connections made over the internet, by creating a private network from a public internet connection. When a user browses the web with a VPN, all of their data is redirected through a specifically configured remote server run by the VPN host, which acts as a filter that encrypts the information.

 

Microsoft accidentally lowers OneDrive for Business storage limits

Microsoft is investigating an ongoing issue impacting OneDrive for Business customers and causing their storage space to shrink down to the default setting or switching them to read-only mode, forcing some to delete files to free up space to work on their projects. OneDrive for Business is a cloud storage and file sharing service for enterprise customers (part of Office 365 or SharePoint Server) that allows users to access, share, and collaborate on personal and shared work files across Microsoft 365. According to Microsoft, more than 85 percent of all Fortune 500 companies use the OneDrive for Business file storage and sharing platform. “We’re investigating an issue in which users’ OneDrive for Business storage limits are lower than expected,” the company shared via its Microsoft 365 Status Twitter account. “Additional information will be provided in the admin center under OD280960.”

 

What is GDPR and why does the UK want to reshape its data laws?

The government has announced plans to reshape the UK’s data laws such as GDPR requirements in an effort, it claims, to boost growth and increase trade post-Brexit. The digital, media and culture secretary, Oliver Dowden, says the UK wants to shape data laws based on “common sense, not box-ticking”. The General Data Protection Regulation was a replacement for the EU’s 1995 Data Protection Directive, which had until then set the minimum standards for processing data in the bloc. GDPR significantly strengthened a number of rights: individuals found themselves with more power to demand companies reveal or delete the personal data they hold; regulators were able to work in concert across the EU for the first time, rather than having to launch separate actions in each jurisdiction; and their enforcement actions had real teeth, with higher maximum fines for breaches.

 

Tech Giants Pledge Billions to Biden’s “Whole of Nation” Security Plan

Some of the world’s biggest tech companies have committed tens of billions of dollars to improving supply chain security, closing industry skills gaps and driving security awareness among the public, according to the White House. As reported by Infosecurity yesterday, the Biden administration welcomed the CEOs of Microsoft, Apple, Google, IBM and others to a meeting yesterday to discuss the “whole-of-nation” effort needed to address cybersecurity threats.” The result of that encounter has been a series of commitments from these firms, including $10bn from Google over the next five years to expand zero trust and improve supply chain and open source security. The tech giant will apparently also help 100,000 Americans earn “digital skills certificates.” IBM said it would train 150,000 people in cyber skills over the coming three years and focus on improving the diversity of the security workforce, while Microsoft has committed $20bn over five years to drive security by design, and $150m for federal, local and state governments.

 

Apple gave PC owners a full-fledged password manager. Here’s how to use it

Owning an iPhone and a Windows PC and accessing the same pool of information just got a whole lot easier. That goes for your iCloud Drive files, email, photos and the passwords stored in your iCloud Keychain. Apple recently updated the iCloud for Windows app, adding more features to the Passwords section of the app. More specifically, you can now access your iCloud stored passwords if you use the Microsoft Edge browser through a new extension, and there’s a dedicated iCloud Passwords app for Windows that lets you create and edit passwords directly on your PC. Apple still hasn’t made iMessage available outside of its own hardware, but there are alternative services you can use.

 

How Cybercriminals Weaponize Social Media

There’s no denying that social media has forever changed how we interact with one another.  Social media has been more important than ever in the past year, with many of us stuck in our homes waiting out the seemingly endless COVID-19 pandemic. Whether we’ve used our social media feeds to pass the time or connect with friends and family, it’s helped us all feel connected, informed us, or just given us a good laugh. Unfortunately, it’s also been weaponized to spread disinformation, promote scams, and, more recently, steal information from COVID vaccination cards. These examples only scratch the surface of how threat actors can take advantage of us on social media.

Related Posts