Emruz’s Post

How does RSA work? The option to encrypt with either the private or public key provides a multitude of services to RSA users. If the public key is used for encryption, the private key must be used to decrypt the data. This is perfect for sending sensitive information across a network or Internet connection, where the recipient of the data sends the data sender their public key. The sender of the data then encrypts the sensitive information with the public key and sends it to the recipient. Since the public key encrypted the data, only the owner of the private key can decrypt the sensitive data. Thus, only the intended recipient of the data can decrypt it, even if the data were taken in transit. Who uses RSA encryption? RSA was used with Transport Layer Security (TLS) to secure communications between two individuals. Other well-known products and algorithms, like the Pretty Good Privacy algorithm, use RSA either currently or in the past. Virtual Private Networks (VPNs), email services, web browsers, and other communication channels have used RSA as well. VPNs will use TLS to implement a handshake between the two parties in the information exchange. The TLS Handshake will use RSA as its encryption algorithm, to verify both parties are who they say who they are. RSA Vulnerabilities Though viable in many circumstances, there are still a number of vulnerabilities in RSA that can be exploited by attackers. One of these vulnerabilities is the implementation of a long key in the encryption algorithm. Algorithms like AES are unbreakable, while RSA relies on the size of its key to be difficult to break. The longer an RSA key, the more secure it is. Using prime factorization, researchers managed to crack a 768 bit key RSA algorithm, but it took them 2 years, thousands of man hours, and an absurd amount of computing power, so the currently used key lengths in RSA are still safe. The NIST recommends a minimum key length of 2048 bits now, but many organizations have been using keys of length 4096 bits. Weak Random Number Generator When organizations use weak random number generators, then the prime numbers created by them are much easier to factor, thus giving attackers an easier time of cracking the algorithm. Weak Key Generation RSA keys have certain requirements relating to their generation. If the prime numbers are too close, or if one of the numbers making up the private key is too small, then the key can be solved for much easier. Side Channel Attacks A method of attack that take advantage of the system running the encryption algorithm, as opposed to the algorithm itself. Attackers can analyze the power being used, use branch prediction analysis, or use timing attacks to find ways to ascertain the key used in the algorithm, thus compromising the data.

Security of Data Centers: How to do Kindly watch this video subscribe like comment share https://lnkd.in/dMx4K4Ps

🚨🔒 Cybersecurity Alert! 🔒🚨 In April, Cisco's Duo multi-factor authentication service was compromised after threat actors used sophisticated methods, including social engineering, to gain access to Cisco's internal systems. This breach highlights a critical vulnerability in how we manage and secure our third-party services and internal tools. 🎯 The incident underscores the need for comprehensive cybersecurity training and vigilance against all forms of attack. 🛡️🔍 Want to strengthen your team’s defenses against such threats? Let’s connect and explore how we can enhance your cybersecurity training! Drop me a message or comment below. https://lnkd.in/g_Jy4MQC #Cybersecurity #SocialEngineering #EmployeeTraining #StaySafeOnline

In this video, we delve into the alarming data breach that rocked Authy, compromising 33 million user accounts. Discover the vulnerabilities that led to this breach and how it ties in with OWASP's top 10 categories. Learn about the implications, potential attacks, and what measures you can take as an end user to safeguard your information. Join us in unraveling the repercussions of this breach and understanding the importance of secure endpoints in today's digital landscape. Don't miss out on essential tips to protect your digital life and stay vigilant against cyber threats. Share this crucial information and subscribe for more insights on cybersecurity and technology trends.

US Telecom Giant - Frontier - experiences serious data breach. Telecom copanies because of their nature, are large, the IT landscape is fractured, multiple procurment systems are involved - hence - getting answers to questions like: (1) Which 3rd party software service providers are we exchanging data with? (2) What data is being exchanged with them and who authorized it, when? (3) How can we recover from a breach when the 3rd party was responsible for losing the data? (4) How can we quantify, identify and remedy the loss of data due to a 3rd party? All these questions can be answeredtoday by #Riscosity, talk to us to learn how - https://lnkd.in/gFAW3hgs https://lnkd.in/gV-pe_7W

🚨 #DataBreach 🚨 On September 23, 2024, it was revealed that MC2 Data, a background check service, had inadvertently exposed a massive 2.2TB database containing personal information of over 100 million US citizens due to lack of password protection. The database included sensitive data such as names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family data, employment history, and data about relatives and neighbors. Researchers from Cybernews discovered 106,316,633 individual records available publicly, making this breach one of the most extensive in recent history. Among those affected were 2,319,873 users who had directly subscribed to MC2 Data’s services. The affected websites operated by MC2 Data include PrivateRecords, PrivateReports, PeopleSearcher, ThePeopleSearchers, and PeopleSearchUSA. The leak highlighted the vulnerability of data collected from various online public sources and the critical need for stringent cybersecurity measures. The exposed data could potentially be exploited by cybercriminals, posing significant risks to the affected individuals.

Here's how using multifactor authentication (MFA) helps prevent unauthorized access to your accounts, data, and resources, even if someone steals your password.

In an SEC filing, the global telecommunications giant said the stolen data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. “Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network,” the company disclosed in the filing. “These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included.” The company also explained that while the data does not include customer names, there are ways to find the name associated with a specific telephone number via publicly available online tools."

In today's world, where identity is the new security perimeter, implementing two-factor authentication as a default is essential. Just take a quick look at how a company was a victim of a threat actor.

Do you know how impossibly hard it is to add any kind of fine-grained control to Delinea, CyberArk, or Beyondtrust? If you have lived this nightmare, let me show you how stupidly easy StrongDM made it to achieve this critical security capability. Welcome to Policy of the Week, led by John Martinez. Let me know what you think in the comments. https://lnkd.in/gRT5E4iM