Passkey Phishing Attack: A Security Breakthrough in Disguise

Passkey Phishing Attack Explained

• 💡 A new phishing attack exploits the cross-device authentication feature of passkeys, tricking users into authorizing account access.
• ⚠️ The attack requires users to visit a fake login site and scan a QR code, which then initiates a login process on the legitimate site.
• 🔑 Passkey security itself has not been compromised; the vulnerability lies in the user's interaction with a malicious site.

Defending Against Passkey Phishing

• 🛡️ Service providers can limit geographic login locations and create systems for travelers to verify their identity.
• 🔒 A more secure method is to limit cross-device login to Bluetooth authentication, which is not vulnerable to this QR code-based attack.
• 🚫 Users should avoid clicking on suspicious links and always verify URLs before logging in.
• 🚨 Be suspicious of unexpected cross-device login prompts or QR codes.

Passkeys vs. Passwords

• 🔑 Passkeys are still infinitely more secure than passwords, as they are encrypted and stored on the device, protected by biometrics.
• 📉 Password-based multi-factor authentication methods are easier for attackers to exploit with numerous existing attack vectors.
• 🚀 Threat actors are targeting passkeys due to their growing popularity, indicating an advancement in security.

L4S Mobile Internet Technology

• 🚀 L4S (Low Latency, Low Loss, Scalable Throughput) is a mobile internet technology designed to prioritize latency-sensitive packets.
• 📱 It aims to reduce buffering and stuttering in video calls and cloud games by marking packets that experience congestion.
• 🌐 Major carriers like T-Mobile US, Verizon, and Vodafone are implementing L4S, which will improve user experience without requiring user action.

Microsoft SharePoint Vulnerabilities

• ⚠️ Attackers are actively exploiting two vulnerabilities in on-premises Microsoft SharePoint servers.
• 💻 These vulnerabilities do not affect companies using SharePoint Online hosted by Microsoft.
• 🛠️ Microsoft has issued patches for SharePoint Subscription Edition and 2019, with a patch for 2016 in development. They also recommend configuring AMSI.

Meta's Smart Glasses

• 👓 Meta's Oakley version of smart glasses are now shipping, offering features similar to Ray-Ban smart glasses.
• 👍 Reviews suggest the Oakley design is more comfortable, and the charging case offers longer battery life (48 hours vs. 32 hours).
• 💰 The Oakley smart glasses are more expensive, starting at $499 for limited editions, with a $399 model shipping later.

UK Government and Apple's Advanced Data Protection

• 🇬🇧 The UK home office is reportedly seeking a way to back down on its demand for Apple to provide access to secure communications.
• 🔒 Apple removed its Advanced Data Protection (ADP) for iCloud in the UK, which offers end-to-end encryption for cloud-stored data.
• ⚖️ Apple has filed a legal challenge against the order, with Meta joining the case, indicating Apple is unlikely to comply with the demand.

WhatsApp Desktop App Changes

• 🔄 The latest beta version of WhatsApp for Windows is transitioning to a wrapper for the WhatsApp web version.
• 📈 This change uses more RAM and may result in less functionality compared to previous desktop versions, potentially impacting power users.

Nvidia and Risk-5 Support

• 🚀 Nvidia announced support for the Risk-5 instruction set in its CUDA platform.
• 💻 This enables open-source Risk-5 chips to be used alongside Nvidia's CUDA-based systems, potentially benefiting Chinese companies and embedded systems developers due to cost savings.

Chinese EV Sales Inflation

• 🚗 Chinese EV makers Neta and Zeer are accused of inflating sales figures by insuring cars before they were sold.
• 📈 Neta reportedly inflated over half of its reported sales, while Zeer's inflation was less significant.
• 🔍 The Chinese government is investigating these practices, which could impact the broader EV industry.

Xbox Cloud Gaming Integration

• ☁️ Microsoft is rolling out updates to Xbox apps to show cloud-based gameplay in recently played titles.
• 🎮 This allows users to access game saves and play PC games via Xbox cloud gaming on Windows, even if not available natively on PC.

Pokémon Presents Announcement

• 📅 A Pokémon Presents stream is scheduled for July 22nd, reportedly lasting 24 minutes.
• 📣 The early announcement and duration suggest potentially significant upcoming announcements for the franchise.