Security News
Yubico on Wednesday announced the release of YubiKey 5C NFC, the latest YubiKey 5 series security key, which allows users to authenticate through either near-field communication or USB-C. Yubico has been offering hardware-based authentication solutions with both NFC and USB-C, but this is the first device that combines both - the company says this is one of its "Most sought-after security keys." The YubiKey 5C NFC can be used to authenticate on many email, IAM, VPN, social media, collaboration, and password management services accessed through smartphones, laptops and desktop computers running Windows, macOS, Linux, Android or iOS. The list of supported authentication protocols includes FIDO2, FIDO U2F, PIV, OATH-HOTP and OATH-TOTP, OpenPGP, YubiOTP, and challenge-response.
Security token biz Yubico has a new key out today, its latest-generation two-factor encryption authentication unit, the Yubico 5C NFC, which includes support for PCs and mobile devices using USB-C, as well as a built-in NFC radio. The last model offering USB-C lacked NFC - although it did come with a built-in Lightning plug, effectively covering all the bases of the mobile market.
Apricorn has launched the Aegis Secure Key 3NXC - the first device of its kind to have a built-in USB-C connector. "We accelerated the release of the Aegis Secure Key 3NXC to provide an efficient way of ensuring that employees using MacBooks, iPads and Android devices can securely store and move sensitive data, wherever and however they're working."
Kingston Digital, the flash memory affiliate of Kingston Technology Company, announced the addition of 128GB capacity options to three of its encrypted USB flash drives. The simple inclusion of encrypted USB flash drives into a daily workflow is a simple step to ensuring data is safe.
Such techniques and practices form a key part of endpoint security and help protect both computer systems and sensitive data assets from loss, as well as security threats that can be deployed via physical plug-in USB devices. The most authoritarian approach is to block the use of USB devices altogether, either by physically covering endpoint USB ports or by disabling USB adapters throughout the operating system.
Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems. While only 11% of the malware found on USB drives was specifically designed to target industrial systems - this represents a slight drop compared to the 14% identified in 2018 - 59% of the detected threats could cause significant disruption to industrial systems, compared to only 26% in 2018.
G Data security researchers have identified a new ransomware family that attempts to spread using infected USB drives. Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago.
A remote USB function in a software provider's code has been found to contain a significant vulnerability. "USB for Remote Desktop," works by redirecting USB devices to remote sessions over Microsoft RDP, Teradici PCoIP, or Citrix ICA Protocols.
For years, a China-linked threat actor named Cycldek has been exfiltrating data from air-gapped systems using a previously unreported, custom USB malware family, Kaspersky reports. Both malware versions were used to target diplomatic and government entities, but each was focused on a different geography, Kaspersky believes.
The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. "These documents are then transferred to USB drives connected to the system. This suggests the malware was designed to reach air-gapped machines, or those that are not directly connected to the internet or any other computer connected to internet."