Tag: cryptography
-
Why federal IT leaders must act now to deliver NIST’s post-quantum cryptography transition
The NIST standards show that with one year of progress behind us, there are five years of opportunity ahead. First seen on cyberscoop.com Jump to article: cyberscoop.com/why-federal-it-leaders-must-act-now-to-deliver-nists-post-quantum-cryptography-transition-op-ed/
-
NIST explains how post-quantum cryptography push overlaps with existing security guidance
The agency published a document mapping its recommendations for PQC migration onto the advice in its landmark security publications. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-post-quantum-cryptography-guidance-mapping/760638/
-
News alert: OpenSSL 2025 kicks off in 3 weeks, global leaders to chart the future of cryptography
Newark, NJ, Sept. 16, 2025, CyberNewswire, The OpenSSL Conference 2025 will take place on October 7 9 in Prague. The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global context.”¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/news-alert-openssl-2025-kicks-off-in-3-weeks-global-leaders-to-chart-the-future-of-cryptography/
-
GitHub adds post-quantum protection for SSH access
GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/github-post-quantum-ssh-access/
-
Arqit to support NCSC’s post-quantum cryptography pilot
Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366631279/Arqit-to-support-NCSCs-post-quantum-cryptography-pilot
-
X’s New Encrypted Chat Has Major Security Flaws Experts Warn
Cryptography experts are warning that X’s current implementation of encryption should not be trusted. While the platform claims to offer end-to-end encrypted messaging through its new XChat feature, the technical details reveal significant gaps that make it far less secure than established alternatives. What we are seeing is encryption theater; the marketing sounds impressive, but…
-
Cybersecurity Snapshot: Expert Advice for Securing Critical Infrastructure’s OT and Industrial Control Systems, IoT Devices and Network Infrastructure
Tags: access, advisory, apt, attack, authentication, breach, china, cisa, cisco, cloud, compliance, computer, computing, control, credentials, cryptography, cve, cyber, cybersecurity, data, defense, detection, espionage, exploit, firmware, framework, google, government, guide, hacker, Hardware, incident response, infrastructure, international, Internet, iot, login, mfa, military, mitigation, monitoring, network, nist, organized, password, phishing, ransomware, regulation, risk, russia, sans, service, software, technology, theft, threat, tool, update, vulnerability, zero-trustDestructive cyber attacks against critical infrastructure have unfortunately become increasingly frequent. Just last week, multinational government agencies blared the alarm about a global cyber espionage campaign targeting critical infrastructure networks. With this type of cyber threat in the spotlight, we’re rounding up recent cyber advice for securing critical infrastructure. In case you missed it, here…
-
Attackers Exploit Sitecore Zero Day
Mandiant Reveals Critical Flaw Exposes Sitecore Products. Attackers exploited a now-patched zero-day vulnerability in a popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. Attackers used a cryptography key stored in some deployments to force the system into loading malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/attackers-exploit-sitecore-zero-day-a-29365
-
A Practical Approach for Post-Quantum Migration With Hybrid Clouds
This Tech Tip outlines how organizations can make the shift to post-quantum cryptography for their hybrid cloud environment with minimal disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/a-practical-approach-for-post-quantum-migration-with-hybrid-clouds
-
Quantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015?
Tags: access, ai, business, cloud, communications, compliance, computer, computing, container, crypto, cryptography, data, defense, encryption, endpoint, exploit, government, guide, Hardware, infrastructure, network, nist, privacy, regulation, resilience, risk, risk-assessment, service, software, strategy, technology, threat, tool, update, vulnerabilityQuantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015? madhav Tue, 09/02/2025 – 05:43 Not long ago, the idea that quantum computers could one day break today’s strongest encryption felt like science fiction. Today, it’s no longer about if”, but when. While real-world demonstrations of quantum algorithms like Shor’s…
-
NIST Releases Lightweight Cryptography Standard for IoT Security
The National Institute of Standards and Technology (NIST) has formally published Special Publication 800-232, “Ascon-Based Lightweight Cryptography Standards for Constrained Devices,” establishing the first U.S. government benchmark for efficient cryptographic algorithms tailored to resource-constrained environments such as the Internet of Things (IoT), embedded systems, and low-power sensors. In February 2023, NIST selected the Ascon family…
-
Defending Enterprise Data Against Quantum Encryption Attacks
Tags: attack, computer, crypto, cryptography, cybersecurity, data, encryption, linkedin, risk, technology, threat, toolThe quantum cliff is coming. Q-Day is the point in time when quantum computers become powerful enough to break most data encryption. It is inevitable that legacy algorithms will be undermined and the race is on to proactively migrate to modern tools to protect sensitive data. In our latest episode of Cybersecurity Insights, I sat…
-
Cryptoagility: the strategic pillar for digital resilience
Tags: compliance, crypto, cryptography, dora, finance, framework, google, infrastructure, PCI, regulation, resilience, risk, strategy, update, vulnerabilityA real case: the Chromecast incident: A real example I personally experienced made me appreciate this approach even more: on 9 March 2025, my second-generation Chromecast stopped working. It displayed the message “Untrusted device” when trying to cast, with no possibility of a solution. This problem was global, affecting users in several countries, and was…
-
New Quantum-Safe Alliance Aims to Accelerate PQC Implementation
The new Quantum-Safe 360 Alliance will provide road maps, technology, and services to help organizations navigate the post-quantum cryptography transition before the 2030 deadline. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/new-quantum-safe-alliance-accelerate-pqc-implementation
-
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/utilities-factories-encryption-holes-industrial-protocol
-
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
Newark, NJ, Aug. 4, 2025, CyberNewswire”, Early Bird registration is now available for the inaugural OpenSSL Conference, scheduled for October 79, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early registrants… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-openssl-conference-to-convene-experts-on-cryptograohy-compliance-and-open-source/
-
What Is the Role of Provable Randomness in Cybersecurity?
Random numbers are the cornerstone of cryptographic security, cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it’s equally important to examine the randomness underpinning them First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/what-is-the-role-of-provable-randomness-in-cybersecurity-
-
Symmetric Cryptography in Practice: A Developer’s Guide to Key Management
Symmetric cryptography powers everything from HTTPS to JWT tokens, but key management remains a significant challenge. This developer guide covers three critical use cases”, session keys, self-use keys, and pre-shared keys”, with practical strategies for secure generation, rotation, and storage. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/symmetric-cryptography-in-practice-a-developers-guide-to-key-management/
-
Prepping for the quantum threat requires a phased approach to crypto agility
Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerabilityMissing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
-
PoisonSeed outsmarts FIDO keys without touching them
Tags: attack, authentication, ceo, cryptography, exploit, fido, Hardware, login, phishing, vulnerabilityFIDO isn’t broken, just outsmarted: Expel researchers called the campaign a concerning development, given that FIDO keys are often regarded as one of the pinnacles of secure MFA. “While we haven’t uncovered a vulnerability in FIDO keys, IT and SecOps folks will want to sit up and take notice,” they said. “This attack demonstrates how…
-
pqcscan: Open-source post-quantum cryptography scanner
pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/14/pqcscan-open-source-post-quantum-cryptography-scanner/
-
What EU’s PQC roadmap means on the ground
Tags: cryptographyIn this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/10/david-warburton-f5-labs-eu-pqc-roadmap/
-
U.S. House Homeland Security Appropriations Bill Seeks to Modernize Border Infrastructure Security with Proactive OT/IT Security Measures
Tags: ai, attack, awareness, cctv, cisa, cloud, control, cryptography, cyber, cybersecurity, data, defense, detection, fedramp, government, incident response, infrastructure, intelligence, Internet, iot, law, mitigation, monitoring, network, office, privacy, risk, service, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trustThe FY 2026 House Homeland Security Appropriations Bill highlights growing focus in Congress on protecting border infrastructure from cyber threats. The directive to implement continuous monitoring and real-time threat intelligence reflects a broader push toward modern, preventive cybersecurity across federal agencies. As the digital and physical worlds become increasingly intertwined, the technologies used to protect…
-
Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat
Tags: access, advisory, ai, api, attack, authentication, best-practice, cisa, computer, computing, crypto, cryptography, cyber, cybersecurity, data, defense, encryption, exploit, finance, framework, google, governance, government, group, hacker, healthcare, infrastructure, injection, intelligence, Internet, iran, login, mfa, military, mitigation, mitre, network, nist, passkey, password, programming, ransomware, risk, rust, service, software, strategy, tactics, technology, terrorism, threat, tool, training, vulnerability, warfareCheck out the U.S. government’s latest call for developers to use memory-safe programming languages, as well as its warning for cybersecurity teams regarding cyber risk from hackers tied to Iran. Plus, get the latest on ransomware trends, the quantum computing cyber threat and more! Dive into five things that are top of mind for the…
-
The ROI of moving certificate management in-house with internal CAs
Managing certificates in-house using private CAs offers enterprises greater security, compliance, and long-term cost savings. With the shift toward shorter certificate lifespans and rising complexity in modern IT environments, public CAs often fall short. Private CAs empower businesses with agility, automation, and control while supporting post-quantum cryptography and hybrid infrastructure needs. Tools like Sectigo streamline…
-
Post-Quantum World: From Research to Real-World Cryptography
MIT’s Vinod Vaikuntanathan on Post-Quantum Shift, Cryptography’s Role in AI Trust. As the race to build quantum computers intensifies, a parallel transformation is taking place in the field of cryptography. Vinod Vaikuntanathan, professor of computer science at Massachusetts Institute of Technology, believes now is the time to act. First seen on govinfosecurity.com Jump to article:…
-
Securing the Future Together: Why Thales and HPE are the Partners You Can Trust
Tags: access, ai, application-security, banking, business, cloud, compliance, computing, control, cryptography, cyber, cyberattack, data, dora, encryption, GDPR, government, Hardware, healthcare, infrastructure, network, nis-2, PCI, resilience, risk, service, software, strategy, threatSecuring the Future Together: Why Thales and HPE are the Partners You Can Trust madhav Tue, 06/17/2025 – 05:15 Across every industry, data drives decisions, innovation, and growth. As organizations modernize with hybrid cloud and AI, the risks to that data scale are just as fast. From sophisticated cyberattacks to increasingly stringent compliance demands, the…