Tag Archive for: Evolution

The Logical Evolution Of Data Security

/in


Manny Rivelo is the CEO of Forcepoint.

Recently, I received a notification from a big hotel chain in Las Vegas of a recent data hacking incident. I’ve only stayed at that hotel once or twice in my life, but my personally identifiable information (PII)—my driver’s license and my credit card information—was now at risk of being spread all over the internet or dark web. It’s a letter no company wants to send to its customers. Data breaches like these are costly and the reputational harm is incalculable. And it does cause me to pause in considering if I will ever stay there again.

Managing an unprecedented volume of data spread across numerous devices is the data management challenge that organizations across industries, such as hospitality, healthcare, financial services and more, face today. The fundamental question that arises for these businesses is: How can they accurately track their data—determine its location, manage access and control user interactions? Addressing these concerns requires an evolution in data security practices that I believe must occur in three crucial areas.

The Modern Convergence Of Data Security And Networking

In the contemporary business environment, most organizations entrust their infrastructure and software management to cloud, SaaS and PaaS providers. However, they’re realizing they need to retain control of their data. Everyone has their own motivations and business reasons for protecting different types of sensitive and critical data, which is dispersed in multiple clouds—in various public clouds, traditional data centers and personal devices far from corporate headquarters.

The theft of intellectual property is a competitive issue, whereas breaches of regulated data like PII, in my case, or personal health information (PHI) trigger compliance mandates and financial penalties. All types of data loss are rapidly becoming board-level, existential threats.

Consequently, data and network security are increasingly intertwined as the network has become key to how sensitive data is accessed. Success in this context hinges on implementing consistent security policies across diverse networks and clouds, supported by robust…

Source…

The Evolution of Authentication with OIDC4VP and FIDO2

/in


When was the last time you struggled to remember a password? The answer is perhaps one too many times. In today’s digital age, our data consumption is skyrocketing, bringing with it increased risks. Traditional password-based authentication systems are falling short against sophisticated cyber threats. That’s why the move to passwordless authentication options like OID4VP and FIDO2 is critical for both businesses and users.

Let’s dive into understanding how these new authentication solutions tackle the vulnerabilities of traditional password systems and provide a comparison between them.

Passwordless Authentication: A Paradigm Shift with OID4VP and FIDO2

The inconvenience and risks associated with passwords, including phishing attacks and stolen credentials, are well-known. Hence, passwordless authentication emerges as a relief for consumers, who now do not have to bother with remembering and storing hundreds of account credentials. This approach enables users to verify their identity seamlessly and securely through biometric factors or one-time codes, eliminating the reliance on traditional passwords. One important protocol in this domain is OpenID for Verifiable Presentations (OID4VP), which offers a standardised method for secure verification, thereby reducing the risks.

image

OpenID for Verifiable Presentations (OID4VP) functions by extending the OpenID Connect protocol, supporting the presentation of claims through Verifiable Credentials. This extension enables the secure and verifiable presentation of identity data within the protocol flow.

With OID4VP, users can present their digital proofs of identity, attributes, or qualifications to verifiers, using a wallet. OID4VP uses Verifiable Presentations (VPs) which are cryptographic confirmations of digital identity based on well-known standards for authentication and authorisation on the web, such as OAuth 2.0 and OpenID Connect.

Apart from OID4VP, FIDO2 (Fast Identity Online) also presents developers with an alternative for securing users’ digital interactions.

FIDO2 is a collaborative initiative by the FIDO Alliance and the World Wide Web Consortium (W3C) aimed at…

Source…

MoqHao Evolution Poses Immense Threat to Android Users

/in


Cybersecurity threat experts have recently discovered a new variant of the malware named XLoader, commonly known as MoqHao, that has the ability to automatically infect devices without any user interaction. Being termed the MoqHao evolution, this is a new version of the infamous android malware that has been long linked with Roaming Mantis, a financially motivated group of hackers based in China.

In this article, we will explore the background of MoqHao Evolution in detail and see how it operates differently from its earlier variants.

 

MoqHao Evolution – A Timeline


MoqHao is a mobile-based android threat that is used for phishing purposes and first appeared as a cybersecurity threat in 2015. Threat actors behind the malware-initiated attacks based on phishing activities through SMS, also referred to as “smishing,” in Asia. The major locations that were the target of MoqHao were Japan, South Korea, and Bangladesh. 

However, it later moved to European countries as well, like France and Germany. This received the attention of many cybersecurity threat experts. They deemed it as a serious threat to users because this notorious Android malware had robbed thousands of users by tricking them. 

Recent reports have mentioned that this Android malware now operates in 27 regional languages. This is a considerable increase from the 4 regional languages at the start, and highlights the widespread nature of the target users.


What Has Changed In MoqHao?


The biggest difference between the previous variants of this Android malware and the latest one is that it now does not need user interaction to infect the device. The earlier variants needed the user to launch this malware manually. After the user clicks on the installation link that is received through their phone’s SMS app, this new cybersecurity threat leads to the automatic execution of malicious code.


How The Evolved MoqHao Operates?


Understanding how the malware operates is essential for developing cybersecurity strategies. It masks itself as legitimate apps like the Chrome web browser by employing Unicode strings. However, if users are careful enough, they can identify it as the name of the software appears slightly…

Source…

AI, Hybrid Cloud, Ransomware Detection, and the Enduring Role of Hard Disk Drives in Data Storage Evolution

/in


Scality, a global leader in reliable, secure, and sustainable data storage software, shared its annual data storage predictions for 2024. With the use of generative AI skyrocketing and cyberattacks continuing to infect organizations, ongoing demands to decrease IT complexity with secure, efficient solutions will dominate IT budgets into the new year. In addition, perennial data storage management challenges — growing data volumes, tight budgets, skills shortages, complicated IT installations, and increasing cyber threats — will persist.

While these are standard assumptions, this year, Scality focused its predictions on the ongoing conversations led by customers and thought leaders in the data storage industry.

Giorgio Regni, CTO at Scality, said, “We’ve had some interesting industry debates with thought leaders this past year, including the potential death of the hard disk drive (HDD), the role on-premises data storage can play to help advance data management and AI, and, finally, what it really takes to protect data from ransomware. This year’s predictions play off all of these themes.”

Recommended AI News: Riding on the Generative AI Hype, CDP Needs a New Definition in 2024

AIThority Predictions Series 2024 bannerHDDs will live on, despite predictions of a premature death
Some all-flash vendors prognosticate the end of spinning disk (HDD) media in the coming years. While flash media and solid state drives (SSDs) have clear benefits when it comes to latency, are making major strides in density, and the cost per GB is declining, we see HDDs holding a 3-5x density/cost advantage over high-density SSDs through 2028.

Therefore, the current call for HDD end-of-life is akin to the tape-is-dead arguments from 20 years ago. In a similar way, HDDs will likely survive for the foreseeable future as they continue to provide workload-specific value.  

End users will discover the value of unstructured data for AI
The meteoric rise of large language models (LLMs) over the past year highlights the incredible potential they hold for organizations of all sizes and industries. They primarily leverage structured, or text-based, training data. In the coming year, businesses will discover the value of their vast troves…

Source…