Google prepares for the rise of quantum computing
Plus, over a dozen alleged cyber criminals arrested in Africa
Google’s Quantum Resistant Security Key
Considering the rapid development of quantum computing in recent years, Google has announced its new quantum-resistant FIDO2 security key as part of its OpenSK security keys initiative. The open-source project that supports both FIDO U2F and FIDO2 standards is written in Rust and is part of a larger initiative from Google to switch to encryption algorithms that can withstand quantum attacks in the future. The tech giant has plans to add support for these new algorithms to Chrome 116 to set up symmetric keys in TLS connections. The new security key uses an EDD/Dilithium hybrid signature schema that offers security from standard attacks through the ECC technology (specifically Elliptic Curve Digital Signature Algorithm or ECDSA), and quantum attacks from the Dilithium technology. It is able to achieve this by nesting the standard security signature within the quantum-resistant one, as shown below.
This new hybrid signature schema that won the ACNS Secure Cryptographic Implementation Workshop best paper was developed by Google in partnership with ETH Zurich, a prestigious Swiss polytechnic university. Google says that it’s "hoping to see this implementation (or a variant of it), being standardized as part of the FIDO2 key specification and supported by major web browsers so that users' credentials can be protected against quantum attacks."
Coordinated Crackdown On African Cybercriminals
A coordinated effort between 25 African nations has led to the arrest of 14 alleged cybercriminals all across the continent. This crackdown is part of the larger initiative called the Africa Cyber Surge Operation, whose purpose is to secure compromised infrastructure and combat cybercrime all across Africa. This operation managed to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. Among those cyber networks were the IP addresses of 14,134 victims, 3,786 command-and-control servers, 1,415 phishing links, 939 scam IP addresses, and over 400 malicious URLs, IPs, and botnets. The arrests consisted of 11 individuals who are accused of running a dark web market for hacking tools and CaaS (cybercrime-as-a-service). 3 others were arrested in Cameroon for selling fraudulent artwork worth $850,000, along with another suspect based in Nigeria who is accused of defrauding a Gambian victim.
Jobs/Internships
Abnormal Security - Engineering Manager - Back End Detection - Remote USA
Lacework - Product Manager - Code Security - NYC USA
Orca Security - Cloud Threat Researcher - Tel Aviv Israel
Hoxhunt - Junior Threat Analyst - Helsinki Finland
Quside - Senior Hardware Engineer - Barcelona Spain
Veriff - Senior Data Scientist (Biometrics) - Barcelona, Tallinn, Tartu
SandboxAQ - Lead Cryptography Software Engineer - Remote USA Canada Europe
Tesla - Security Engineer Intern - Fremont/Austin
CertiK - Security Research Intern - NYC Seattle SF Remote
Abbot - Cybersecurity Intern - Plymouth MN
MIT Lincoln Lab - Cybersecurity Co-Op - Lexington MA