Tag Archive for: announces

ICANN Announces New Root Zone Key to Enhance DNS Security in 2024 Ceremony

/in


Internet security is set to receive a significant boost as the Internet Corporation for Assigned Names and Numbers (ICANN) embarks on an initiative to generate a new root zone key signing key (KSK) for the Domain Name System Security Extensions (DNSSEC). This move, scheduled for the 53rd KSK Ceremony on April 26, 2024, marks a pivotal moment in the ongoing effort to safeguard the authenticity of DNS information related to domain names across the globe.

Reviving the Key Generation Process

Following a hiatus caused by the departure of a crucial equipment supplier, ICANN has successfully identified and onboarded a replacement vendor, setting the stage for the generation of the new KSK. This development not only resumes the previously suspended plan but also reinforces ICANN’s commitment to maintaining a secure and stable DNS infrastructure. The new key is anticipated to undergo replication to an alternate facility in the third quarter of 2024, with its pre-publication in the DNS slated for January 2025, and eventual production deployment by late 2026 after a two-year standby period.

A Comprehensive Outreach for Smooth Transition

Understanding the critical importance of this transition for the global Internet community, ICANN is gearing up for an extensive outreach campaign. This campaign aims to educate and prepare stakeholders for the upcoming changes, ensuring a seamless integration of the new key into the DNSSEC framework. This proactive approach seeks to replicate the success of the key rollover exercise conducted in 2018, demonstrating ICANN’s ability to enhance DNS security without disrupting the broader Internet ecosystem.

Future-Proofing DNS Security

In addition to the KSK generation initiative, ICANN is also exploring avenues to further bolster DNS security through the modification of cryptographic algorithms used in signing the root zone. This reflects a broader strategy to adapt to evolving security challenges and maintain the integrity of DNS operations. By continuously evaluating and implementing advanced security measures, ICANN aims to stay ahead of potential threats to the DNS, ensuring its resilience and…

Source…

Apple Rushes To Fix A Vision Pro Zero Day Exploit, Announces 600 Apps For Today’s Launch

/in


The inclusion of 600 apps for Vision Pro is no surprise, as Apple has been building a massive ecosystem of apps and content for several years across its devices. On the entertainment front, apps such as Apple TV will provide unique and immersive content to users that won’t be replicated on standard devices. Having a large virtual screen in front of users is certainly appealing if executed well, along with surround sound and curated content. 

With gaming, there is a plethora of opportunity here for Apple to expand on the popularity of Apple Arcade, and gain some high-end marketshare on that front from other popular headsets. 

Productivity is a major area where Apple plans to focus its efforts, with the idea that spatial computing can replace the traditional desktop for some users. Apps such as Zoom, popular with work-from-home, can be a starting point for those dipping their feet into this immersive world that Apple is aiming for. 

If users will ultimately buy into the idea of Vision Pro as a replacement or supplemental device for work and play remains to be seen. While there is no killer app available yet, the Apple ecosystem is robust and the technology is sufficiently capable to provide an experience not available elsewhere yet. 

apple webkit

While new apps are always needed to prove a products seaworthiness upon its maiden voyage, security is just as important. Apple has quickly released a security update addressing “maliciously crafted web content which may lead to arbitrary code execution.” This update is part of visionOS 1.0.1 for developers, and visionOS1.0.2 for those with visionOS1.0. 

While Vision Pro won’t have the same number of users as Apple’s iPhone, there will be a sufficient user base that makes security updates like this vital. Apple products have a reputation for being less likely to have issues such as malware, so keeping that reputation on a halo product such as Vision Pro is certainly in Apple’s best interest. 

Source…

Yugabyte announces CIS benchmark for YugabyteDB to elevate data security standards

/in


Member Article

First Distributed SQL Database Vendor to Complete the Benchmark

Yugabyte, the distributed PostgreSQL database company for cloud native applications, today announced that the Center for Internet Security (CIS) has published a security benchmark for the YugabyteDB database in collaboration with the Yugabyte security team. The new YugabyteDB CIS Benchmark introduces users of the open source database to security configuration and operational best practices to better protect their business-critical data, reduce the probability of data compromise, and enhance their cybersecurity posture. 

CIS benchmarks provide globally recognized best practices to guide security practitioners in effectively configuring, implementing and managing their cybersecurity defenses. Publishing the CIS Benchmark for YugabyteDB underscores Yugabyte’s commitment to enabling our customers to define, implement, and follow a comprehensive security program using their high-performance distributed PostgreSQL database solution. 

“As the digital landscape evolves, ensuring the utmost security and performance of your database is crucial,” said Maurice Olsen, Sr. Director, Information Security and Compliance at Yugabyte. “The CIS Benchmark for YugabyteDB showcases our commitment to meeting stringent industry security standards, as we provide our customers with a secure, highly performant, and resilient database, capable of safely managing a large volume of critical data.” 

CIS BenchmarksTM are consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. The CIS Benchmarks include more than 100 configuration guidelines across 25+ vendor product families. Benchmarks are created through a unique consensus-development process, where subject matter experts, security professionals, and technologists from around the world contribute to the development to help protect systems against threats more confidently. 

The CIS Benchmark for YugabyteDB was a collaborative effort between Yugabyte and the…

Source…

Kahua Announces Data Breach Following Ransomware Attack | Console and Associates, P.C.

/in


On December 15, 2023, Kahua filed a notice of data breach with the Attorney General of Vermont after discovering that the company had fallen victim to a ransomware attack. In this notice, Kahua explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Kahua began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Kahua, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Kahua data breach. For more information, please see our recent piece on the topic here.

What Caused the Kahua Data Breach?

The Kahua data breach was only recently announced, and more information is expected in the near future. However, Kahua’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, on November 13, 2023, Kahua received a ransomware note in an email. Noting that the company’s IT systems were not encrypted, Kahua started working with outside data security professionals to investigate the incident.

The Kahua investigation ultimately determined that an unauthorized party was able to access the company’s computer network between October 25, 2023 and November 13, 2023. It was also confirmed that some of the files that were accessible to the unauthorized party contained confidential consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, Kahua reviewed the compromised files to determine what information was leaked and which consumers were impacted.

On December 15, 2023, Kahua sent out data breach letters to anyone who was affected by the recent data security incident. Unfortunately, the publicly available data breach letter from Kahua does not list what type of information was subject to unauthorized access. However, the personalized data…

Source…