720-891-1663

Security News for the Week Ending August 25, 2023

US Warns Other Countries Hack Satellites Like We Do

Last week I wrote about US Space Force bragging that they set up a new team to hack adversaries satellites and ground infrastructure. This week the Air Force and NCSC published an advisory that, guess what, other countries are doing the same thing and if the space industry doesn’t improve their security, these other countries will be successful. Now that is a big surprise. Credit: Dark Reading

Preparing for Q-Day; NIST Publishes Post-Quantum Draft Crypto Standards

The US National Institute of Standards and Technology (NIST) has published draft post-quantum cryptography (PQC) standards to protect against quantum-enabled cyberattacks. The standards were selected by NIST following a seven-year process. NIST is again calling for public feedback on three draft Federal Information Processing Standards (FIPS), which are based upon four previously selected encryption algorithms: Crystals-kyber, Crystals-Dilithium, Falcon and Sphincs+. Credit: CSO Online

It’s Good to Know That Some So-Called Experts Have Crappy Cybersecurity

Kroll risk and advisory services is a billion dollar risk advisory service. A hacker convinced T-Mobile, possibly the cell phone provider with the worst security record, to swap an employee’s phone number to an attacker’s phone. Apparently, Kroll allowed an employee (probably with a personally owned phone) to use text messages as a form of two factor authentication to protect the client data of multiple cryptocurrency firms in bankruptcy – BlockFi and FTX. There are indications that the hackers are already using the stolen data. As a company, you MUST adjust your security practices to match the risk present in your environment. Kroll, of course, is blaming T-Mobile, which is fair, but I blame Kroll for allowing very valuable customer data to be protected by the weakest form of 2FA possible. I am sure that Kroll figured it was more convenient to allow the employee to use this weak form of 2FA on a personal phone rather than inconveniencing the employee. Lawsuits sure to follow. If you need help assessing your risk to security profile, contact us. Credit: Brian Krebs

Starting for Tax year 2025, IRS Will Require Reporting of Crypto Transactions

Starting with the 2025 tax year, crypto users and all intermediaries will be required to fill out a 1099-DA to report crypto transactions, NFT tokens and cash to crypto transactions greater than $10,000. Consumers who are doing peer to peer transfers could lie, but anyone who uses a crypto exchange is going to get their data reported. This will help put crypto traders on a more level playing field with all other financial transactions. Credit: Cybernews

UN Working on Final Negotiations for Cybercrime Treaty

An international cybercrime treaty would be a good thing – depending on what is in it and which countries adopt it. Apparently, this proposed treaty is not terribly ambitious, but that also might make it less controversial and possibly might not have a bunch of hidden crap in it. Too soon to tell, but if they can come to some agreement, it will be voted on next year. Credit: The Record

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *