• Salt Typhoon: US cybersec

    From Mike Powell@1:2320/105 to All on Fri Dec 20 09:37:00 2024
    Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging apps

    Date:
    Thu, 19 Dec 2024 17:15:53 +0000

    FULL STORY ======================================================================

    The US cybersecurity watchdog is urging citizens to use only secure
    end-to-end encrypted messaging apps like Signal to secure mobile communications.

    The Cybersecurity and Infrastructure Security Agency (CISA) shared a series
    of best practices on Wednesday, December 18, 2024, in the wake of the Salt Typhoon attack. This " unprecedented cyberattack " is thought to be the
    biggest intelligence compromise in US history, hacking at least eight US telecom companies to spy on citizens.

    While the latest CISA announcement is aimed at highly targeted individuals
    who possess information of interest to Chinese hackers, everyone can benefit from these security tips. These tips include avoiding unsecured virtual
    private network (VPN) apps.

    Signal and more security tips

    "Highly targeted individuals should assume that all communications between mobile devices including government and personal devices and internet
    services are at risk of interception or manipulation," wrote the US cybersecurity watchdog.

    With this in mind, the experts urge switching to Signal -like communications apps. These services encrypt all the data in transit to ensure your messages remain private between the sender and the receiver (end to end).

    CISA recommends finding a service compatible with both Android and iPhone, allowing text message interoperability across platforms. These may also
    include features like disappearing messages and images, which can enhance privacy even further.

    Most importantly, "When selecting an end-to-end encrypted messaging app, evaluate the extent to which the app and associated services collect and
    store metadata," said CISA.

    Metadata refers to all the information that is not the content, such as IP address, timestamps, data file size, and more. Metadata collection, for instance, is one of the reasons why the likes of Signal or Session are considered more secure than WhatsApp .

    CISA also suggests enabling phishing-resistant forms of two-factor authentication to ensure hackers cannot bypass this extra layer of
    protection. Experts recommend enabling Fast Identity Online (FIDO), which includes biometrics (like fingerprints or facial recognition) and physical security keys.

    As a rule of thumb, you should avoid using SMS as a second factor for authentication as these aren't phishing-resistant. "SMS messages are not encrypted a threat actor with access to a telecommunication providers
    network who intercepts these messages can read them," explain the experts.

    US citizens are also urged to use strong password manager tools to store all login details and find strong combinations. The likes of LastPass, Apple Passwords App, and Google Password Manager Proton Pass are all free to use
    and automatically alert on weak, reused, or leaked passwords.

    Experts also recommend regularly updating devices' operating system software
    to patch any vulnerabilities. They also advise against the use of unsecured commercial VPN services as "many free and commercial VPN providers have questionable security and privacy policies."

    This is why it's important to choose the best VPN apps with a reputable reputation, strict no-log policy, and strong security features even better when independently audited.

    ======================================================================
    Link to news story: https://www.techradar.com/computing/cyber-security/salt-typhoon-us-cybersecuri ty-watchdog-urges-switch-to-signal-like-messaging-apps

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)