Tag: cryptography
-
Granular Policy Enforcement using lattice-based cryptography for MCP security.
Discover how lattice-based cryptography enables granular policy enforcement for Model Context Protocol (MCP) security. Learn about quantum-resistant protection, parameter-level restrictions, and compliance in AI infrastructure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/granular-policy-enforcement-using-lattice-based-cryptography-for-mcp-security/
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-forge-library-gets-fix-for-signature-verification-bypass-flaw/
-
My Mathy Friends, Cybersecurity Needs You
Securing the World for the Age of Quantum-Resistant Cryptography Cybersecurity needs thinkers who can examine the logic underlying our systems, question assumptions and identify where traditional cryptography will no longer hold. The post-quantum challenge presents an opportunity for math-minded people to contribute in ways that will influence global security. First seen on govinfosecurity.com Jump to…
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Tags: access, apple, attack, crypto, cryptography, data, exploit, government, group, infrastructure, open-source, rust, vulnerabilityTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time…
-
Ransomware gangs seize a new hostage: your AWS S3 buckets
Tags: access, backup, breach, business, cloud, control, credentials, cryptography, data, encryption, exploit, least-privilege, monitoring, network, ransomware, supply-chainWeaponizing cloud encryption and key management: Trend Micro has identified five S3 ransomware variants that increasingly exploit AWS’s built-in encryption paths. One abuses default AWS-managed KMS keys (SSE-KMS) by encrypting data with an attacker-created key and scheduling that key for deletion. Another uses customer-provided keys (SSE-C), where AWS has no copy, making recovery impossible. The…
-
Zoomers are officially worse at passwords than 80-year-olds
They can probably set up a printer faster, but look elsewhere for cryptography advice First seen on theregister.com Jump to article: www.theregister.com/2025/11/18/zoomer_passwords/
-
Book Review: The Business of Secrets
The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004) From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn’t know whether the cryptography they sold was any good. The customers didn’t know whether the…
-
What is a Hash Function in Cryptography?
What Is a Hash Function? A hash function is an arithmetic function that transforms an input (or a ‘message’) into a string of a predetermined number of bytes. The output, such as a hash code or a hash value, is often an equivalent of the data inputs provided. It is used to describe hash functionsRead…
-
The PKI perfect storm: how to kill three birds with one stone (spoiler: the stone is automation)
Three major PKI challenges are converging: shorter 47-day certificate lifespans, post-quantum cryptography readiness, and the deprecation of mutual TLS. The good news? A single solution, automated Certificate Lifecycle Management (CLM), tackle them all. Learn how automation unifies discovery, renewal, and agility in one coordinated strategy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-pki-perfect-storm-how-to-kill-three-birds-with-one-stone-spoiler-the-stone-is-automation/
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
How Quantum Computing Will Transform Data Security, AI, and Cloud Systems
Quantum computing is set to redefine data security, AI, and cloud infrastructure. This in-depth research explores how post-quantum cryptography, quantum AI acceleration, and hybrid quantum-cloud systems will reshape technology by 2035″, and what developers can do to prepare. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/how-quantum-computing-will-transform-data-security-ai-and-cloud-systems/
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Security patch or self-inflicted DDoS? Microsoft update knocks out key enterprise functions
Tags: api, authentication, banking, control, cryptography, ddos, defense, flaw, government, microsoft, network, tool, update, windowsMalfunctioning devices, failed connections, and installation errors: Update KB5066835 can also cause USB devices, including keyboards and mice, to malfunction in WinRE, preventing navigation in recovery mode. However, the keyboard and mouse do continue to work normally within the Windows OS. Microsoft has now released an out-of-band update, KB5070773, to address the issue.Additionally, the security…
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
There’s no such thing as quantum incident response and that changes everything
Tags: apple, attack, china, compliance, computer, cryptography, data, dns, encryption, finance, group, healthcare, incident response, Internet, linkedin, nist, PCI, risk, serviceStep one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already…
-
There’s no such thing as quantum incident response and that changes everything
Tags: apple, attack, china, compliance, computer, cryptography, data, dns, encryption, finance, group, healthcare, incident response, Internet, linkedin, nist, PCI, risk, serviceStep one: Inventory your algorithms and data with a view towards which sensitive data ought to be protected with PQC. This is a data classification exercise where you need to add a column to track whether the datastore or application qualifies for PQC.Step two: Check your internet-facing assets to see which, if any, are already…