Weekly Cyber Reports

This Week in Cyber 5th May 2023

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Written on

4th May, 2023


Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts

Google has rolled out passwordless passkeys for all Google Accounts, allowing users to sign into apps and websites without a traditional password. Passkeys are stored locally on the device and can be unlocked using biometrics or a local PIN. They are resistant to online attacks like phishing and eliminate the need for setting up two-factor authentication. Passkeys can be created for each device but are not interoperable between different operating systems. Both Google Password Manager and iCloud Keychain use end-to-end encryption to keep the passkeys private. However, Google still supports existing login methods like passwords and two-factor authentication and Google recommends users not to create passkeys on shared devices.


Android Phone Chip Provider Accused Of Secretly Collecting User Data

Qualcomm, a multinational corporation that produces wireless telecommunications hardware, has been accused of secretly collecting private user data without their consent. Research by Nitrokey claims that Qualcomm hardware uploads users' private data, including IP addresses, to a cloud attributed to the company. This potentially violates GDPR laws, as data sharing with Qualcomm is not mentioned in Sony's terms of service, Android, or /e/OS either. The researcher also noted that the data packages are not encrypted, making them vulnerable to attacks. By collecting this data, anyone on the network, including malicious actors and government agencies, could easily spy on users. The company responded by stating that the data collection was in accordance with the Qualcomm XTRA privacy policy, but the policy did not initially mention the collection of IP addresses.


World Password Day – A Quick Refresher For Passwords

The first Thursday in May was the annual world password day, which aims to keep organisations and users up to date on the current best practices. Strong passwords are crucial in today's world of cyber-attacks. Hackers use various methods to steal passwords, so it's important to use unique, complex passwords and change them regularly. Additionally, enabling two-factor authentication (2FA) adds an extra layer of security by requiring a second form of identification, such as a fingerprint or a code sent to a mobile device. 2FA significantly reduces the risk of a hacker gaining access to your account, making it an important tool in protecting your online identity and sensitive information. Password managers have also become extremely popular as they can generate strong, complex passwords for you and automatically fill them in when you log in to a website or app. This not only saves time but also ensures that you're using unique, complex passwords for each account. Password managers also help protect against phishing attacks by verifying the authenticity of websites before filling in login credentials.


‘A Month of Bank Holidays’ – How Is Your Network Being Protected?

As technology continues to advance and more businesses and organizations rely on digital systems, cybersecurity has become more important than ever. Cyber attacks can cause significant damage, including data breaches, theft of intellectual property, financial losses, and reputational damage. Cybersecurity workers play a crucial role in protecting organisations against such attacks, and their services are needed 24/7, including over bank holidays. During bank holidays, businesses and organizations may operate on reduced staff or even shut down completely, leading to a false sense of security for cyber attackers. Hackers know that bank holidays are an opportune time to launch an attack, as fewer staff are available to detect and respond to security incidents. As such, cybersecurity workers must remain vigilant during bank holidays to ensure that their organizations' systems remain secure. Telesoft's 24/7 Managed Detection and Response (MDR) service is staffed by highly skilled cybersecurity analysts who work around the clock, including during bank holidays and weekends. These analysts are capable of identifying emerging threats when a significant portion of an organization's security team may be absent, thereby providing an extra layer of protection. By implementing this service, organizations can be assured that their network always remains safeguarded.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus