https://bit.ly/3JEgv1B - 🔒 Despite US Commerce Department warnings, encryption chips sold by a subsidiary of Hualan Microelectronics, a company with suspected ties to China's military, have been integrated into Western military and intelligence networks. These chips have ended up in hardware used by organizations such as NASA, NATO, and US/UK militaries. #CyberSecurity #SupplyChainRisk 🇨🇳 The chips originate from Initio, a subsidiary of Hualan acquired in 2016. Initio primarily creates controller chips for consumer storage products, yet potential 'backdoors' in the chips could enable China to access sensitive Western information, despite no evidence of such backdoors existing to date. #NationalSecurity #DataProtection 📋 Hualan's Initio chips are used by Western digital storage manufacturers, including Lenovo and Western Digital. Particularly concerning are lesser-known manufacturers iStorage, SecureDrive, and Apricorn, who list Western government, military, and intelligence agencies as customers. #InfoSec #DataStorage 🔎 If hidden vulnerabilities or backdoors exist in these chips, it would allow anyone with physical access to the drives to defeat encryption features and access data. Even thorough inspection could fail to uncover these potential backdoors, making trust a crucial element in vendor selection. #Encryption #CyberRisk 🤔 The potential misuse of encryption chips prompts further questions about the hardware supply chain and its associated risks. Encryption chips, sold by the subsidiary of a company on the Commerce Department's trade restrictions list, show the complexity of supply chain navigation, raising potential oversight issues. #HardwareSecurity #SupplyChainManagement 🌐 Institutions such as NATO, the US Navy, and the UK Ministry of Defence affirm rigorous security vetting, yet the chips continue to be used. Cryptography experts warn of hidden backdoors even in products with cybersecurity certification, suggesting possible gaps in the regulatory environment.

Hardware cybersecurity pioneer Flexxon takes home quartet of awards at 2023 Global InfoSec Awards

🏆🌍 Flexxon, the pioneer in hardware cybersecurity solutions, has received four prestigious awards at the Global InfoSec Awards 2023! 🎉🔒

🌟 Learn more about their groundbreaking achievements! 🌟

👉 [Link to Article]: https://x-phy.com/hardware-cybersecurity-pioneer-flexxon-takes-home-quartet-of-awards-at-2023-global-infosec-awards/

🗣️ Ms Camellia Chan, Co-Founder and CEO of Flexxon, expressed her gratitude for the awards and emphasized the need for a comprehensive cybersecurity approach that combines software and hardware solutions. She urged other companies to embrace hardware-based fortification for enhanced data protection.

👉 Read the article to discover more about Flexxon's X-PHY Cybersecure SSD, its features, and how it's transforming the cybersecurity landscape. Don't miss out on the chance to explore their innovative suite of products at the RSA Conference, booth number 2441, Moscone South Expo! 🚀💻

Windows 11 Security Ebook Download

Windows 11 Security Ebook Download #windowssecurity #windows11security #cybersecurity #hardwaresecurity #operatingsystemsecurity #applicationsecurity #identity #privacy #cloudservices #virtualizationhowto #vhtforums #homelab #homeserver

Windows 11 has many security features built into its OS architecture, which helps to provide multiple layers of security. It relies on a structured approach that covers hardware security, operating system security, application security, identity, privacy, and cloud services. Take a look at some of the features and then a download link to a Windows 11 Security Ebook. Table of contents1. Hardware…

View On WordPress

JISA's Solutions For More Info contact us 9619222553 OR Mail us [email protected] www.jisasoftech.com

Once Again Physical Security Trumps Everything

If you ever heard the the old adage that “If the attacker has your machine, it is no longer yours” it still rings true today.

Even though there have been many advances in protecting data once it falls into the hands of an attacker, someone will find a way to break in. This has been shown to be true again.  Researchers Heat Up Cold-Boot Attack That Works on All Laptops

Cold Booting attacks have been around for a while, and the name is derived from the original method of getting information. With a traditional Cold Boot attack you can turn off the machine, put the machine in sleep or hibernate mode, and dump the memory. One method involves using canned air to freeze the memory, then pull the disk image from the memory. When a computer goes to sleep it basically will save the system “state”. What this means is that this state can be recovered, and the entire running system will be accessible as if the computer had been unlocked (or never locked).

Recently with the implementation of BitLocker it is possible to protect the area by making BIOS changes, through pre-boot methods of verification, as well as using volume encryption. (Although FireWire still is an issue due to the transmission standard).

This new method allows someone to configure a micro-controller (basically a circuit board with programmable instructions) to act as an intermediary between the rewrite instructions, and the where the encryption keys are stored.

Using the encryption keys allows the attacker to unlock BitLocker and any encrypted drives/data, or plant a backdoor and use the trusted device/user to gain VPN access, and use the device as a pivot. 

Luckily hibernation is not vulnerable, the reason for this is that when hibernating BitLocker will encrypt the system state (similar to post shutdown/preboot). The drive data can be recovered, but it would not contain any of the encryption keys to make sense of the data.

BitLocker has gone through a lot of improvements, there used to be MBR exploits which were pretty easy to use to bypass BitLocker and today the traditional ways of pulling keys or images of running systems is harder due to OS integration and pre-boot settings. The bad thing/good thing about hardware is there is always a way to bypass it. That means the only thing you can hope to do is add complexity, and unfortunately obfuscation does not equal secure.

IPVideo Corporation Wins Most Innovative IOT HardwareSecurity Product at Global Security Exchange 2018 for HALO .

SNNX.com http://dlvr.it/QmDyjQ

Web Events Hardwaresecured Logins Ethernet Industry 4.0 Wirelessly Charged Wearables

http://dlvr.it/QTpxqH