Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

RansomHouse, a newly established group aimed at monetizing stolen data, claims to own more than 450 Gb of data coming from AMD. The RansomHouse group is structured as the middleman and makes sure that hackers and victims negotiate to get the funds to hackers and data back to victims. It is claimed that the leaked AMD data contains network files, system information, and AMD passwords. This could be a very dangerous data breach, as inter-company passwords are used to access confidential files and personal information. The group notes that they own 450 Gb or gigabits of data, which translates into 56.25 GB or gigabytes of stolen data. We are not yet sure if the Gb notation is misspelled. It is claimed that AMD's poor security practices like using "password" passwords lead to the data breach, and no special ransomware software was used.

Tom's Hardware reached out to AMD for a statement, and got the following response:

AMD Representative for Tom's HardwareAMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.

DataLocker, Inc., a leading provider of encryption solutions, today announced that the company's recently announced DataLocker Sentry K350 encrypted flash drive is in stock and now available for order with expanded storage capacities up to 512 GB. The company first introduced the K350 in Q4 of 2021 as an expansion of the product line aimed at bridging the gap of managing encrypted USB devices with the flexibility to connect to any machine that supports USB Mass Storage regardless of the operating system, all developed around DataLocker's "Simply Secure" design principles.

The new firmware release for K350 enables boot of operating systems while keeping the device under full management control, critical functionality for administrators of air gapped and microsegmented machines across industries. The Sentry K350 is the industry's only platform-independent and OS agnostic keypad flash drive which incorporates an OLED display and represents the next generation of encrypted data storage products. In addition to the display's true alpha-numeric password-based authentication, the Sentry K350 offers users a full-featured, visual-based menu-driven system to easily change passwords, set password policy and enable other security features without needing to consult a user manual. Further enhancing the feature set is the achievement of the FIPS 140-2 Level 3 certification, the MIL-Std810G, and an IP67 rating making it both secure and rugged enough for any environment.

In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.

Underscoring its mission to enable the world to solve its biggest data challenges by building a data infrastructure with next-gen security, Western Digital (NASDAQ: WDC) today introduced the ArmorLock Security Platform. A data encryption platform that rethinks how data security should be done, the ArmorLock Security Platform was created to help with the diverse security demands of data-centric and content-critical storage use cases in industries as varied as finance, government, healthcare, IT enterprise, legal, and media and entertainment. As data security concerns continue to rise in visibility, Western Digital plans to apply the platform across a range of storage solutions.

The first product to leverage this advanced technology, the new G-Technology ArmorLock encrypted NVMe SSD, is designed to deliver an easy-to-use, high-performance, high-grade security storage solution for creators in the media and entertainment industry. Facing the threat of hijacked media files and leaked films, studios, agencies, and especially investors are demanding a better way to protect critical content. While much of the industry's focus has been on cloud security, data often remains vulnerable on the portable storage devices holding critical commercial content.

If you have your Raspberry Pi setup and have never changed the default password on the standard "pi" user, it's probably time to do so. A new malware has come out that exploits the simple fact several users apparently have never changed this password. Once it installs itself, it exploits the recent rise in value on cryptocurrency (Bitcoin recently topped $3000 per BTC) to mine cryptocoins for the authors benefit. This not only uses almost 100% of your poor Raspberry Pi's limited CPU, but also makes it part of a "mining botnet" that nets the controller money, adding insult to injury. The malware also makes an anonymous proxy on your box, which needless to say is probably not a good thing.

Nok Nok Labs, a company founded to transform online authentication for modern computing announced today a partnership with Lenovo, the world's largest PC vendor. Lenovo is working with Nok Nok Labs to develop a joint solution to the ongoing problems created by the reliance on weak or complex passwords. The companies will deliver a FIDO-ready solution to the market in early 2014 that meets the dual user demands of ease of use and increased security.

Launched in February 2013, the FIDO Alliance is developing a new industry open standard to address the lack of interoperability of existing authentication solutions and the problems users face with multiple usernames and passwords. This new open standard for strong authentication will enable websites and cloud applications to interface with a wide variety of existing and future FIDO-enabled devices and technologies.

Buffalo Inc. has today announced the RUF3-PV Series Flash Drives which offer enhanced data and virus protection through the use of built-in password protection and anti-malware software (namely Trend Micro USB Security 2.0). Coming in black and red, these new drives measure 65 x 23 x 9 mm, they have a retractable connector, USB 3.0 support, and deliver read speeds of up to 70 MB/s.

The RUF3-PV line includes 8 GB, 16 GB and 32 GB models and is set to hit stores in mid-September.

Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

Identity theft is something many students take for granted until it happens to them. Laptops and notebook computers are a potential gold mine for thieves unless you encrypt your data, according to Addonics Technologies. The CipherUSB from Addonics provides a simple and inexpensive way to encrypt data stored on flash drives, flash media, USB hard drives as well as Blu-ray, DVD or CD media.

A student's mobile device may include your resume, transcripts, school or internship applications, or financial records? Equally, administrators who use a laptop for their job, may have files such as human resources records, student applications, transcripts, research data or payroll information stored on their system. Should your laptop be lost or stolen, you want the data inside to be electronically inaccessible.

A group of hackers that claimed responsibility for hacking NVIDIA forums (forums.nvidia.com), which goes by the name "Team Apollo," posted the first piece of its exploits on Pastebin (find it here). The user data dump contains details of every fifth user of the forums. From what we can tell looking at the pasted data (which is now very much in the public domain), the passwords found in the user tables are not salted. NVIDIA was less than honest about that part.

The passwords are stored as raw MD5 hashes, which can be fairly-easily decrypted (when compared to hashes with salt values). To make matters worse, certain MD5 decryption websites have large databases of pre-decrypted MD5 phrases, potentially making decryption these hashes easy. Or you could just use a CUDA-accelerated MD5 decryption tool, which munches through unsalted MD5 hash values at the speed of a small supercomputer. If you have an NVIDIA Forums account, and your passwords on other websites (forums, email accounts, banks) even remotely resemble that of your NVIDIA forums account, it is strongly recommended that you change your passwords on each of those other websites.

Western Digital, the world's leader in external storage solutions and maker of the popular WD TV media player family, today unveils its first line of wireless home networking products, designed specifically to accelerate movies, video and gaming, delivering a premium high-definition entertainment experience. With the My Net family of powerful and easy-to-use home networking products, WD debuts its exclusive FasTrack technology that instantly detects entertainment traffic on the network and fast-forwards it to gaming consoles, media players, smart TVs, tablets, smartphones, computers and other Wi-Fi connected devices.

The Fifth Amendment rules that nobody may be "compelled in any criminal case to be a witness against himself." Or, in other words, one has a right to avoid self-incrimination. Therefore, it's highly significant that Judge Robert Blackburn ordered a Peyton, Colorado woman accused of a being involved in a mortgage scam, to decrypt the hard disc drive of her Toshiba laptop no later than February 21. If not, she would face the consequences, including contempt of court. In a 10-page opinion, the judge wrote, "I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer."

Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways:

If you're buying an Electronic Arts game, be prepared for the Online Pass that came with it to have already expired. This was the recent experience of a NeoGAF member who bought a brand new copy of Need for Speed: Hot Pursuit from Amazon, only to find that he got an error message saying that the code was either incorrect or no longer valid. Gaming website Joystick picked up on this and asked an EA advisor about this situation. It turns out that it's EA's corporate policy to have some of these codes expire, but that no one should be faced with this, as a rule. However, if they are, then they can get a new one for free, by either downloading it or getting it from EA directly. Checking the EULA shows that at the moment, there is only one game with this restriction. It's only Dragon Age 2 (packaged) which has a time-limited an Online Pass code and that it expires on March 31, 2012:

We have brought you the potential perils of the upcoming UEFI Forum-implemented - www.uefi.org - Windows 8 secure boot feature here, here and here. However, it appears that it may not be so 'secure' after all, since there appears to be a surefire way to circumvent it, at least for the moment, while it's in development.

Softpedia has scored an exclusive interview with security researcher Peter Kleissner, who has created various Windows (XP, Server 2003 etc) "bootkits", which allow OS infection at the highest privilege level, giving unrestricted access to the whole of the PC. His latest one, called Stoned Lite, shows how the Windows 8 secure boot process, still in development, can be subverted, as it stands. He is planning to release details of how the code works at the upcoming International Malware Conference (MalCon) - malcon.org - that will take place in India on November 25th. It appears that the real vulnerability exists in the legacy BIOS boot procedure, not in Microsoft's implementation of secure boot, as Kleissner said:

The problem with the legacy startup is that no one verifies the MBR, which makes it the vulnerable point. With UEFI and secure boot, all the boot applications and drivers have to be signed (otherwise they won't be loaded). You can compare it to TPM, although Arie van der Hoeven from Microsoft announced that the secure boot feature is mandatory for OEMs who want to be UEFI certified. It is a good message that security is not an option.

Gabe Newell of Valve has issued a statement that the forum hack they experienced over the weekend actually goes much deeper than they thought. The criminals accessed the main database containing such goodies as user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. Apparently, no personally identifying information was taken - but we await the result of the full investigation before breathing a sigh of relief. Due to this serious breach, TechPowerUp advises all Steam users to change their account password immediately. People starting up their Steam client will now see the following message from Gabe Newell about this: