Posts

Twitter employees required to use security keys after 2020 hack


Twitter employees required to use security keys after 2020 hack

Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack.

The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter’s Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

“Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks,” they said.

“We’ve also implemented security keys internally across our workforce to help prevent security incidents like the one Twitter suffered last year.”

After the July 2020 hack, Twitter revealed that the attackers took control of dozens of high-profile accounts after stealing Twitter employees’ credentials following a phone spear-phishing attack on July 15, 2020.

Graham Clark, the 17-year-old who pleaded guilty to fraud charges after coordinating the hack, sold access to those accounts and, later, used verified Twitter accounts of companies, politicians, executives, and celebrities he took over to run a cryptocurrency scam.

He was arrested following a joint operation coordinated by the FBI, the IRS, and the Secret Service (court documents here).

Security keys and 2FA on Twitter

Twitter continuously upgraded and improved the platform’s 2FA support throughout the last few years, with a clear focus on security keys as the primary 2FA method.

It first added security keys as one of several 2FA methods on the web in 2018 and included support for using them by 2FA-enabled accounts when logging into mobile apps two years later, in December 2020.

Support for security key was later upgraded to the WebAuthn standard, which delivers secure authentication over the web and makes it possible to use 2FA without a phone number.

In 2021, Twitter added support for using multiple…

Source…

Yubico Security Key C NFC offers more secure authentication


Yubico Security C NFC

Yubico isn’t exactly a new name when it comes to security but the company has just released a new security key. The Yubico Security Key C NFC follows the YubiKey 5C NFC but is more affordable. It offers the same security access to your Windows 10 computer, Android phone, or even iPhone if want peace of mind all the time. It’s a physical key that makes it difficult or almost impossible for hackers to get into. This tap-and-go product works via NFC connectivity and with some apps that may require secure and private access.

This Yubico Security Key C NFC is portable and durable. Carry it anywhere or put on a keyring. It’s durable as the body is made of Fiberglass. It’s also compatible and can fit any standard USB-C port. This thing works with most popular apps and web services.

The Yubico Security Key C NFC is a security key that offers hardware-based authentication solution. It’s best protection again phishing, hacking, and account takeovers. It asks for compliance requirements as a promise of strong authentication.

As described, it combines hardware-based authentication and public key cryptography. This way, a device is well-protected. It also offers FIDO U2F and FIDO 2 support.

A passwordless future may be possible with this security key. Authentication is also simple and intuitive. Using it is faster up to 4X than SMS based authentication or OTP.

This is what modern authentication is all about. It’s reliable and effective. The Yubico Security Key C NFC can also help reduce IT operational costs as it reduces password support cases by about 92%.

You can purchase the Security Key C NFC by Yubico from HERE. A piece costs $29 but you can get more: two for $58, ten for $290, or a tray of 50 for $1,450.

Source…

Experts offer tips for improving election security | News


Political candidates and elections are increasingly being targeted by foreign and domestic adversaries, according to presenters at the virtual USC Election Cybersecurity Initiative Regional Workshop on Thursday.

The symposium — which was hosted by the University of Southern California with a regional focus on Montana, North and South Dakota, Utah and Wyoming — discussed the impact of disinformation and misinformation, as well as threats to state and federal elections. Cybersecurity experts offered tips to candidates and election officials for improving election security.

Citing recent attacks and ransom demands on a growing list of businesses, hospitals and other institutions, Clifford Newman, professor and director of the USC Center for Computer System Security, said there are four ways that bad actors attempt to disrupt elections: voter manipulation, discouraging or preventing voting, manipulating vote tallies and creating distrustful outcomes, such as with the 2020 election.

Newman said manipulating vote tallies is actually very hard to do, and despite claims to the contrary that outside influences had hacked some of the electronic voting systems, the Department of Justice and Homeland Security found no evidence that foreign adversaries had prevented voting, changed votes or disrupted the ability to tally votes or to transmit election results in a timely manner.

However, Newman pointed out that they did find evidence of “Russian, Chinese and Iranian government-affiliated actors materially impacted the security of networks associated with or pertaining to U.S. political organizations, candidates and campaigns during the 2020 federal elections.”

Despite the general consensus by these agencies that no votes were manipulated through the hacking of electronic voting machines in Wyoming or elsewhere, many voters pushed back on this assertion, particularly in the wake of My Pillow CEO Mike Lindell’s 72-hour symposium in August that asserted voting machines were responsible for stealing the election from former President Donald Trump. To date, there has been no conclusive proof to support these claims, although there are legal challenges still…

Source…

“Unified Technology Solution” – An InfoNetworks Service that Delivers Managed IT & Network Security Plus Voice and Internet Solutions


LOS ANGELES–(BUSINESS WIRE)–InfoNetworks today announced a new and unique service called “Unified Technology Solution.” Promoted as the answer to fill an existing void in the marketplace, InfoNetworks’ Unified Technology Solution offers businesses managed IT services, complete network security, voice and telephony services, and connectivity via a complete package from a single provider.

For more than a year, businesses worldwide have faced unprecedented global events that are dictating policies and procedures. Companies have necessarily cut key budget items, face new challenges, and manage their businesses with reduced workforce. Many of these organizations have been tasked with creating remote infrastructure to help mitigate the ever-changing landscape and support work-from-home or hybrid work environments.

InfoNetworks’ Unified Technology Solution is designed to address these challenges with an all-inclusive platform that allows employees, managers, and executives to stay connected and secure both in the office and remotely. InfoNetworks’ data connections support the added influx of traffic to the office while the included cloud-based PBX allows for extensions to be accessible via mobile device or laptop. The Unified Technology Solution network supports a mix of Desktop, Softphones, Teams, SIP and PRI interfaces. All technologies are managed by InfoNetworks’ experienced Technical Support and Network Engineering Teams and are monitored 24 hours a day, seven days a week by the watchful eye of CyberSecure(SM), an advanced Network Security Software capable of locking-down up to 500,000 end points.

“Our Unified Technology Solution is a four-pronged approach,” said Bruce Hakimi, Senior Executive at InfoNetworks. “By delivering Managed IT, Network Security, Voice and Data under one source, we can maximize the efficiency and productivity of any organization.” He further explained: “By being able to oversee all network elements from the data connection to internal Local or Cloud based Network, InfoNetworks has the advantage of acting and resolving issues quickly without having to wait for other vendors.”

Although some data carriers may offer a…

Source…