Concealed networks: Are dark web syndicates turning to social media for cybercrime?
If you envision the dark web as a shadowy realm where cybercriminals orchestrate nefarious activities under the cover of anonymity, you’re not far from the truth. However, the dark web isn’t just as unreachable as you’d think—you likely interact with it more often than you realize. Given this reality, both businesses and individuals must ask: What are the chances that your sensitive, confidential information is present on the dark web, ready for adversaries to exploit and profit from?
Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
Snowflake continues to push forward in strengthening its users’ cybersecurity posture by making multi-factor authentication the default for all new accounts. The imposition follows a lighter-touch move in July when it enabled admins to mandate MFA across their organization’s user accounts. Incident response and threat intel specialist Mandiant investigated a spate of data thefts at Snowflake customers such as Ticketmaster and Santander Bank in May. Its experts found a commonality between all the customers that had experienced such incidents: MFA wasn’t enabled.
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). “Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC),” David Adrian, David Benjamin, Bob Beck, and Devon O’Brien of the Chrome Team said. “The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM.” The changes are expected to take effect in Chrome version 131, which is on track for release in early November 2024. Google noted that the two hybrid post-quantum key exchange approaches are essentially incompatible with each other, prompting it to abandon KYBER.
Google outlines plans to help you sort real images from fake
Google is planning to roll out a technology that will identify whether a photo was taken with a camera, edited by software like Photoshop, or produced by generative AI models. In the coming months, Google’s search results will include an updated “about this image feature” to let people know if an image was created or edited with AI tools. The system Google is using is part of the Coalition for Content Provenance and Authenticity (C2PA), one of the largest groups trying to address AI-generated imagery.
Despite Russia warnings, Western critical infrastructure remains unprepared
As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end in physical destruction and harm. “Unfortunately, if these actors are willing to carry out sabotage in the physical realm, they are likely willing to carry it out through cyber means,” John Hultquist, chief analyst at Mandiant Intelligence, told The Register. Hultquist’s comments follow news on September 5, 2024, that Unit 29155 of Russia’s GRU military intelligence agency has been targeting Western critical infrastructure facilities, looking for open internet ports and vulnerabilities to exploit.