August 23, 2024 at 03:37PM The arrival of post-quantum computing in the real world means a race against the 10-year timeline set by NIST for updating vulnerable cryptography. The transition to post-quantum cryptography requires careful planning, including asset inventory, remediation, and collaboration with vendors and partners. The urgency of this shift cannot be overstated, as … Read more
August 13, 2024 at 08:06AM NIST has formally published three post-quantum cryptography standards resulting from a competition aimed at developing encryption resistant to quantum computing decryption. The standards are ML-KEM, ML-DSA, and SLH-DSA, with a fourth, FN-DSA, selected for future standardization. IBM played a significant role in their development and is actively involved in quantum-safe … Read more
June 12, 2024 at 03:43PM AWS has launched FIDO2 passkeys for multi-factor authentication, boosting account security. These passkeys use public key cryptography and resist phishing attacks. Amazon encourages users to adopt MFA, planning to make it mandatory for root account users by July 2024. The company is committed to enhancing MFA adoption via CISA’s Secure … Read more
May 7, 2024 at 12:03PM Niobium raised $5.5 million in seed funding for its hardware accelerator focused on zero trust computing. The company’s technology, based on fully homomorphic encryption (FHE), aims to process encrypted data without access to actual data. Niobium’s SoC-based PCIe card significantly accelerates FHE software solutions and plans to target various industries … Read more
February 6, 2024 at 05:32PM The Linux Foundation launches the Post-Quantum Cryptography Alliance (PQCA) to advance post-quantum cryptography and address security challenges posed by quantum computing. Supported by industry leaders, the PQCA seeks to develop high-assurance software implementations and support the adoption of post-quantum algorithms. The initiative encourages participation and collaboration. More info at PQCA … Read more
December 6, 2023 at 11:41AM At Black Hat Europe 2023, a team from Microsoft, GitHub, and Banco Santander unveiled open source tools to detect weak cryptography, urging updates for quantum computing security. Their study found widespread use of outdated algorithms like RSA and SHA-1 in open source projects. The tools enable developers to assess and … Read more
November 27, 2023 at 08:30AM Passive network attackers can obtain private RSA host keys from a vulnerable SSH server by observing computational faults during connection establishment, according to a new study. These attackers can then intercept sensitive data and conduct adversary-in-the-middle attacks. The research highlights the importance of encrypting protocol handshakes, binding authentication to sessions, … Read more
November 16, 2023 at 01:15PM Google has released updated USB-A and USB-C models of its Titan security key, which now supports passkeys. These keys are secure authentication devices that can store over 250 unique passkeys and work with various applications. Google aims to replace passwords with passkeys and plans to distribute 100,000 free security keys … Read more
November 14, 2023 at 08:09AM The Q3 ‘API Threatstats’ report reveals two main findings: API vulnerabilities are growing rapidly, necessitating a new compilation of the top ten API security threats. Wallarm’s report delves into different vulnerability categories with real-life examples, emphasizing their new approach to threat listing. They present the Top 10 API threats in … Read more
October 12, 2023 at 06:39PM In summary, the text highlights the quantum threat to cybersecurity and the need for post-quantum cryptography (PQC) to protect against it. It discusses the importance of cryptographic agility and orchestration in managing and adapting to changing cryptographic algorithms. The text also emphasizes the ongoing PQC standardization process and the need … Read more