By Karla Reffold

In the past few weeks there has been a number of positive vendor updates focused on improving security for their users.

Apple unveiled PQ3 protection for their iMessages. PQ3 protects messages from quantum computing threats. There is a concern amongst security professionals that encrypted data being stolen now may be decrypted in the future as quantum computing becomes available. iMessages will now be protected from this. According to Apple, this makes iMessage the most secure messaging technology available, above Signal and other messaging tools with higher levels of encryption.

GitHub has made “push protection” the default setting to help companies from accidentally leaking data. This feature has been tested for the past two years and has been available for users to turn on themselves since May of last year. The tool scans company repositories and alerts users when sensitive data may be included, such as API keys. Companies can choose to publish the data if they deem it necessary or keep these from being made public. The impact of this data leaking can be significant and this automated setting is a tremendous benefit.

GlobalBlock is now available to help companies protect themselves from typo squatting attacks. Cyber criminals can register similar domain names to trick users into entering their credentials for legitimate businesses. The current solutions are for companies to buy all possible domain names or use a typo squatting service to be alerted when a similar domain name is registered. Some domain registrars have been using the GlobalBlock solution, but now it is available to corporations. While there are some concerns over how this affects trademarks and even freedom of speech, this is a positive move to prevent typo squatting attacks.

PayPal has patented a new method for preventing the theft and use of super cookies in cyber attacks. PayPal will assign a risk level that is determined by the vulnerability of the storage location and the likelihood of it being targeted by hackers. Each device may have multiple storage locations, with each super-cookie’s value depending on the previous location’s value. Risk scores for each cookie-location pair are compared to a threshold, and if surpassed, it is flagged as fraudulent. Cookie theft has increasingly been used in cyber attacks and this evolution may prove helpful in preventing this.

While we are inundated with news of cyber attacks and the evolving techniques of threat actors, being reminded of advancements in cyber defense are positive and helpful. It is important for insurance companies to be updated on these advancements, especially as more companies adopt new technologies.