Randall Munroe’s XKCD ‘Helium Synthesis’
via the comic & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Helium Synthesis’ appeared first on Security Boulevard.
via the comic & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Helium Synthesis’ appeared first on Security Boulevard.
A recent study found that chief information security officers (CISOs) are significantly more anxious about the growing complexity of cybersecurity than their chief information officer (CIO) and chief technology officer (CTO) counterparts. Nearly three-quarters of CISOs worry that cybersecurity management is becoming difficult to manage, forcing them to make risky compromises: a concern shared by less than 60% of CIOs and CTOs.
The post Cybersecurity Insights with Contrast CISO David Lindner | 8/16/24 appeared first on Security Boulevard.
Find out how your peers are managing application security challenges.
The post ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams appeared first on Security Boulevard.
In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant...
The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Strobes Security.
The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Security Boulevard.
Trust is vital to upholding the entire ecosystem in which all businesses operate, and the erosion of trust has considerable consequences for everyone.
The post Holding Trust for Ransom: What’s at Stake as Business Trust Erodes appeared first on Security Boulevard.
Some recommendations and best practices to help organizations strike a balance between business growth, risk management and cybersecurity.
The post Striking a Balance Between Business Growth, Risk Management and Cybersecurity appeared first on Security Boulevard.
Combining multiple Linux security tools to protect against various threats is crucial for a robust security posture. Effective use of security tools requires knowledge of their capabilities, configurations, and how to integrate them into a comprehensive security strategy. Implementing modern security practices like live patching helps to apply critical security updates without system downtime. Linux […]
The post Essential Linux Security Tools: A Comprehensive Overview for Security Professionals appeared first on TuxCare.
The post Essential Linux Security Tools: A Comprehensive Overview for Security Professionals appeared first on Security Boulevard.
In the world of cybercrime, over 1 million domains now face a risk of threat actor-initiated takeover as the Sitting Ducks attack comes to light. As per recent reports, the attack is conducted via an exploitation of a domain name system (DNS) vulnerability and is carried out by Russian cybercriminals. In this article, we’ll dive […]
The post Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! appeared first on TuxCare.
The post Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! appeared first on Security Boulevard.
As cybersecurity, data protection, and personal information security regulations become increasingly stringent, regulatory bodies are taking robust measures to enhance oversight. However, organizations continue to face significant challenges in risk management, particularly in the unified discovery and management of internet assets, where considerable gaps remain. “Attack surfaces are expanding and vulnerability management processes are failing. […]
The post Elevate Your Risk Management Strategy with NSFOCUS CTEM appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Elevate Your Risk Management Strategy with NSFOCUS CTEM appeared first on Security Boulevard.
In 2019, most organizations already had digital transformation plans in place. These plans included migrating workloads to modern cloud architectures. However, the Covid-19 pandemic compelled organizations to expedite their modernization efforts due to practical reasons. For instance, setting up a kit (or pod) for an application using a legacy system requires a complex process involving […]
The post What’s Different About Data Security in the Cloud? Almost Everything. appeared first on Blog.
The post What’s Different About Data Security in the Cloud? Almost Everything. appeared first on Security Boulevard.
Authors/Presenters:Zheng Yang, Joey Allen, Matthew Landen, Roberto Perdisci, Wenke Lee
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks appeared first on Security Boulevard.
This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team. The Playbook […]
The post How to Align Infosec to Business Operations: Sam Curry’s Cybersecurity Playbook for Executives appeared first on OX Security.
The post How to Align Infosec to Business Operations: Sam Curry’s Cybersecurity Playbook for Executives appeared first on Security Boulevard.
Click fraud artificially inflates the number of ad clicks, skewing campaign results. Skewed results can blind you to the areas that need improvement, focusing ad spend on fake engagement.
The post The Hidden Cost of Click Fraud: Why Data You Can Trust, Matters appeared first on Security Boulevard.
ReliaQuest ranked LummaC2 and SocGholish among the top malware seen in Q2 and rounded out the top five list with AsyncRat, Oyster, and the growing numbers of info-stealers that were built using the Rust programming language.
The post ReliaQuest: Watch Out for Info-Stealers and RATs appeared first on Security Boulevard.
Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations
josh.pearson@t…
Thu, 08/15/2024 - 17:28
As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and applications within the world’s digital security infrastructure. This is because today’s digital infrastructures are profoundly reliant on traditional asymmetric cryptography based on RSA or ECC schemes. However, to protect sensitive data against the looming threat of quantum computing, several government agencies such as NIST, CSA, and NSA are urging moving to quantum-safe algorithms. These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST.
Data Security Encryption Key Management Blair Canavan | Director of Business Development Digital Identity and Security, Thales
More About This Author >
As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem.
The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and applications within the world’s digital security infrastructure. This is because today’s digital infrastructures are profoundly reliant on traditional asymmetric cryptography based on RSA or ECC schemes. However, to protect sensitive data against the looming threat of quantum computing, several government agencies such as NIST, CSA, and NSA are urging moving to quantum-safe algorithms. These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST.
According to a recent Gartner report, companies must immediately start their PQC readiness plans given the complicated and extensive nature of these migratory endeavors. This considerable undertaking includes the need for crypto-discovery, prioritization, remediation, and testing. The report also cites several leading Technology and Consulting companies with PQC-relevant solutions.
With the rise of Harvest Now Decrypt Later attacks, Thales is committed to helping customers succeed and supports a crypto-agile strategy that preserves the current security offered by traditional cryptography while adding in needed PQC protections.
About the Thales PQC EcosystemTo facilitate and accelerate quantum-safe readiness, Thales is also committed to fostering a collaborative PQC ecosystem to ensure successful PQC-ready migration outcomes for everyone. This includes working with a variety of Consulting, Implementation, and Technology partners across both the private and public sectors most recently showcased during the RSAC2024 “Thales PQC Palooza” thought leadership forum which featured 12 panelists and industry experts with over 250 attendees.
Customers reap the benefits of building their quantum-safe infrastructures with a vetted, world-class ecosystem that includes market leaders in their respective segments to ensure a success PQC transformation while also helping reduce risk, cost, and complexity.
Sample services provided by Thales PQC Ecosystem partners can include iterative and phased advisory services, skilled implementations, Centers of Excellence for testing, Quantum Random Number Generation (QRNG), Quantum Resistant PKI, and Crypto Discovery, among many others.
Early advisory partners participating in the Thales PQC Ecosystem include Accenture, Capgemini, Deloitte, DXC, Kyndryl, Encryption Consulting and IBM Consulting. Technology Partners also include: DigiCert, Keyfactor, InfoSec Global, PQ Shield, Quantinuum, SandboxAQ, Senetas, and IDQ.
About Thales PQC InitiativesAs a leading global technology and security provider, Thales is committed to ensuring a quantum-safe future even contributing to the development of the NIST Falcon algorithm. Through continuous innovations and investment across its portfolio, the company offers several quantum-ready and crypto-agile data security solutions to meet customer needs. These include encryption key protections with Luna HSMs, High Speed Encryptors, and the CipherTrust Data Security Platform.
Thales PQC Starter KitsIn conjunction with one of our PQC Ecosystem members, Thales together with Quantinuum has created a first-of-its-kind offering to help organizations test and prepare for post-quantum cryptography. The Luna PQC Starter Kit incorporates Luna HSMs and Quantinuum’s quantum random number generation (QRNG) technology through which customers can ensure their keys are securely generated and stored while testing the PQC algorithms.
To protect vulnerable data in motion a Thales PQC Starter Kit for Network Encryption is now available.
ConclusionWhile PQC migratory endeavors are a lengthy and years-long process, Thales is proud to facilitate customer success with the Thales PQC Partner Ecosystem. To learn more about our PQC initiatives and partnerships, click here.
Schema {August 15, 2024
The post Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations appeared first on Security Boulevard.
Chris Clements, VP of Solutions Architecture at CISO Global High-Tech Pest Control = Threat Detection & Response Imagine for a moment that your home has a rodent problem. To address this, you install a fancy system designed to automatically detect and trap animals before they can roam around your house and cause any damage. The […]
The post The Polar Bear in Your Kitchen: A Cybersecurity Analogy appeared first on CISO Global.
The post The Polar Bear in Your Kitchen: A Cybersecurity Analogy appeared first on Security Boulevard.
via the comic & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Celestial Event’ appeared first on Security Boulevard.
Along with 30,000+ of my closest friends, HYAS participated in both the Black Hat 2024 cyber security conference and others last week in Las Vegas. There have been a lot of articles published on the main themes, focus, and top keywords of BlackHat 2024; Chris Needs, the VP of Product Management at HYAS, published a HYAS view on the conference, so I didn’t see a reason to publish yet another one.
Instead, let me talk more about what I think is vitally important but didn’t see. While everyone is talking about AI, both the applications of it and risk from it, ransomware and the latest techniques to detect and stop it, cloud security and other related topics, I unfortunately saw very little about a topic I am passionate about – cyber resiliency. The White House and the US Government are talking about it, other foreign governments are talking about it, key clients around the world are deploying it, why isn’t it a more obvious, front-and-center conversation?
Yes, Crowdstrike had a key message on the walk to the business hall about how we all need more resiliency, but even still it was not a major focus of their marketing messages at their booth. And I do need to give a special shout-out to World Wide Technology who does have people openly talking about this topic.
Nevertheless, we continue to talk too much in general about stopping attacks at the four walls and “preventing breaches.” It’s time to admit that attackers will continue to innovate and adapt their techniques and tactics, that the attack surface will constantly be changing and updating, that people will always be susceptible to deception and social engineering. That doesn’t mean we give up – we clearly need to continue to focus on training employees to be observant and aware; we clearly need to do our best to protect organizations and their assets by keeping criminals out through the deployment of existing and new software solutions. But we also need to recognize that it’s likely never going to be enough. A complete cyber security approach includes the acknowledgement and recognition that one needs to prepare for the eventual breach. If we assume that a bad actor is already inside the network – what visibility exists to detect this and stop it, what controls will be able to prevent the attack from rapidly expanding and causing damage?
While some bad actors are laying low inside organizations for months, increasingly there are reports of data exfiltration and damage within hours of the initial breach. Despite the ever-increasing dollars poured into keeping criminals out of the network and detecting their attempts to break in, they still are – who is talking about this and, more importantly, who is doing something about it?
There are many ways to achieve cyber resilience – one of them is through the deployment of Protective DNS. That’s just one of the reasons it’s recommended by CISA and the NSA, it’s a recommended part of a SASE architecture, and is being asked about in cyber insurance attestation questionnaires. Furthermore, when it’s integrated into other components, like integrated directly into your EDR or XDR solution, the combination is more powerful than either component by itself and combines the ability to stop the criminal on the way in with an assurance you can still stop them in time if they break through.
At HYAS we tested this hypothesis, and simulated attacks and traffic to 492 malicious domains in real actual use from recent campaigns. While EDR and XDR solutions in general excel at detecting errant behavior on the device or at the point of entry, HYAS Protect protective DNS excels at detecting the beaconing behavior and outbound communication to adversary infrastructure, the telltale signs or “digital exhaust” of a breach.
(HYAS internal study and results; EDR/XDR vendors anonymized)
We as an industry need to be talking more about this – the integration of various solutions to form a more complete and resilient approach. Yes, there is obvious competition and not every vendor can or wants to integrate with every other vendor. But only through the right partner integrations can we collectively add value to the end customer and client; only through the right integrations will we develop more complete solutions vs point products; only in this way will we actually be able to turn the tide or at least hold back the onslaught of attacks a bit, and change the game on the criminals.
This is what we need to be talking about more as an industry. And this is, what I fear, was unfortunately lacking this year at BlackHat.
Ready to step up your defensive game? We'd love to connect with you to transform your cybersecurity strategy from reactive to proactive.
The post A Gap in the Armor: What Was Missing from Black Hat 2024 appeared first on Security Boulevard.
KP♡TX PII: “General Motors has engaged in egregious business practices that violated Texans’ privacy … in unthinkable ways,” rants state attorney general Ken Paxton (pictured).
The post Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION appeared first on Security Boulevard.
From the Federal Register:
After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.
These algorithms are part of three NIST standards that have been finalized:
The post NIST Releases First Post-Quantum Encryption Algorithms appeared first on Security Boulevard.