AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/22/2024

Post-Quantum Cryptography set to revolutionise digital security

Post-Quantum Cryptography (PQC) is poised to redefine the very foundation of digital security by addressing threats posed by advancements in quantum computing. Recently, the National Institute of Standards and Technology (NIST) finalised a principal set of encryption algorithms designed to withstand cyberattacks from quantum computers. This significant step prompts organisations to reconsider their approaches to cybersecurity. According to the Australian Signals Directorate (ASD), which monitors NIST developments to inform Australian standards, PQC is dedicated to creating and analysing cryptographic algorithms that derive their security from mathematical problems that are challenging for both classical and quantum computers to solve. The ASD describes PQC as offering a low-cost, practical path to maintaining secure communications.

 

Data leak affecting everyone in the US, UK, and Canada was even worse than we thought

Hard as it may be to imagine, the massive data leak – which appears to include the personal data of everyone in the US, UK, and Canada – was even worse than we thought. In a truly epic security fail, the same data was hosted by a partner company which managed to publish its own passwords, enabling absolutely anyone to access the data. We learned last week of the leak of around 2.7 billion records.

 

Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: “As each of us has indicated in prior public statements, Iran seeks to stoke discord and undermine confidence in our democratic institutions. Iran has furthermore demonstrated a longstanding interest in exploiting societal tensions through various means, including through the use of cyber operations to attempt to gain access to sensitive information related to U.S. elections. In addition to these sustained efforts to complicate the ability of any U.S. administration to pursue a foreign policy at odds with Iran’s interests, the IC has previously reported that Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome. We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting Presidential campaigns. 

 

Cisco calls for United Nations to revisit cyber crime Convention

Networking giant Cisco has suggested the United Nations’ first-ever convention against cyber crime is dangerously flawed and should be revised before being put to a formal vote. The document that Cisco dislikes is the United Nations convention against cyber crime [PDF]. The convention took five years to create and was drafted by a body called the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.

 

Extortion Campaign Targets 110,000 Domains Using Exposed AWS Files

A sophisticated cloud extortion campaign has compromised over 110,000 domains by exploiting misconfigured Amazon Web Services (AWS) environment variable (.env) files. By scanning for exposed .env files on unsecured web applications, threat actors were able to obtain AWS Identity and Access Management (IAM) access keys. According to Cyble’s threat intelligence platform, these .env exposures might be more prevalent than anticipated. The platform has detected nearly 1.5 million publicly exposed .env files since January 2024, indicating a systemic issue. From the 110,000 domains, the attackers managed to extract over 90,000 unique variables from the compromised .env files, with 7,000 linked to cloud services and 1,500 to social media accounts.

Related Posts