The Cybersecurity and Infrastructure Security Agency (CISA) has released updated security recommendations for U.S. officials following revelations about Salt Typhoon’s infiltration of U.S. networks. The guidance emphasizes the use of end-to-end encrypted communication platforms like Signal, robust multi-factor authentication (MFA) utilizing FIDO phishing-resistant methods, and stringent device security measures. CISA specifically advises against using SMS-based MFA and recommends hardware security keys for enhanced protection.
revelations around Salt Typhoon ’s infiltration of U.S. networkshas now followed up with deeper guidance for U.S. officials that—as ever with CISA —should be followed more widely.
Unsurprisingly, the advice leads with a mandate to “use only end-to-end encrypted communications… such as Signal or similar apps.” Users are urged to use apps that are “compatible with both iPhone and Android operating systems, allowing for text message interoperability across platform,”2FA/MFA is clearly an absolute as well. This needs to be “FIDO phishing-resistant authentication,” which means something linked to authenticated user hardware allowing for some physical form of authentication.
Other advice includes locking phones, SIMs and carrier services with a PIN wherever available. “This PIN is required for logging into your account or completing sensitive operations, such as porting your phone number—a critical step in countering SIM-swapping techniques.”The Android and iPhone specific advice is more acute. In addition to ensuring that your OS is always updates when such updates are released, CISA also advises senior officials to adopt iPhone’s Lockdown Mode and iCloud Relay.
SMS has long been decried as an insecure form of 2FA/MFA, albeit better than nothing. The accelerated deployment of passkeys, as seen with Microsoft’s latest push to delete passwords altogether will address this problem. Meantime, using an authenticator app on your device is getting ever easier, and Apple’s new Passwords app has added advanced password management into the OS itself.Our community is about connecting people through open and thoughtful conversations.
CYBERSECURITY CISA SALT TYPHOON MFA END-TO-END ENCRYPTION
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The Departure Of Jen Easterly: What’s Next For CISA Under TrumpEmil Sayegh is a serial Tech CEO with over 12 years of experience as a Private Equity backed CEO and more than 25 years in the IT and tech industry.
Read more »
FBI and CISA issue urgent warning to use encrypted apps amidst growing cyber threatsExplore the urgency of switching to encrypted communications as the U.S. grapples with cyber espionage and RCS security concerns.
Read more »
CISA Confirms 271 New Critical Security Warnings—From Android To ZyxelIn just seven days, covering the week starting Dec. 02, America’s cyber defense agency has confirmed 271 critical security vulnerabilities—here’s what you need to know.
Read more »
New Microsoft Windows Security Deadline—CISA Says Update Before Jan. 6America’s Cyber Defense Agency, CISA, has warned a Microsoft Windows kernel vulnerability is now being exploited in the wild —here’s what you need to know and do.
Read more »
CrowdStrike Seeks to Dismiss Delta Lawsuit Over July Cybersecurity OutageCrowdStrike is fighting back against Delta Air Lines' lawsuit stemming from a July cybersecurity incident that caused flight cancellations and stranded passengers. CrowdStrike argues that Delta's lawsuit attempts to circumvent their contract and that Georgia law prevents Delta from converting breach of contract claims into tort claims.
Read more »
CrowdStrike Moves to Dismiss Delta Lawsuit Over July Cybersecurity OutageCrowdStrike seeks to dismiss Delta Air Lines' lawsuit regarding a July cybersecurity incident that triggered flight cancellations. The cybersecurity company argues that Delta's legal action aims to circumvent their contractual terms and that Georgia law prevents Delta from converting a breach of contract into tort claims.
Read more »