Aggregator

A vulnerability, which was classified as critical, was found in Tenda FH1201 1.2.0.14(408). This affects the function fromqossetting of the component POST Handler. The manipulation of the argument qos leads to denial of service. This vulnerability is uniquely identified as CVE-2024-42949. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14(408). Affected by this vulnerability is the function fromAddressNat of the component POST Handler. The manipulation of the argument page leads to denial of service. This vulnerability is known as CVE-2024-42945. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda FH1201 1.2.0.14(408). Affected by this issue is the function fromVirtualSer of the component POST Handler. The manipulation of the argument page leads to denial of service. This vulnerability is handled as CVE-2024-42946. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). Affected is the function frmL7ImForm of the component POST Handler. The manipulation of the argument page leads to denial of service. This vulnerability is traded as CVE-2024-42942. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the component POST Handler. The manipulation of the argument PPPOEPassword leads to denial of service. The identification of this vulnerability is CVE-2024-42943. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function fromAdvSetWan of the component POST Handler. The manipulation of the argument wanmode leads to denial of service. This vulnerability was named CVE-2024-42941. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. This affects the function fromP2pListFilter of the component POST Handler. The manipulation of the argument page leads to denial of service. This vulnerability is uniquely identified as CVE-2024-42940. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function fromNatlimit of the component HTTP POST Request Handler. The manipulation of the argument page leads to denial of service. This vulnerability is handled as CVE-2024-42985. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in IBM QRadar Network Packet Capture 7.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Network Packet Handler. The manipulation leads to missing encryption of sensitive data. This vulnerability is known as CVE-2024-31905. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in projectworlds Online Examination System 1.0. Affected is an unknown function of the file feed.php. The manipulation of the argument subject leads to sql injection. This vulnerability is traded as CVE-2024-42843. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM InfoSphere Information Server 11.7. This issue affects some unknown processing of the component Authentication Request Header Handler. The manipulation leads to insufficiently protected credentials. The identification of this vulnerability is CVE-2024-40704. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IBM InfoSphere Information Server 11.7. This vulnerability affects unknown code. The manipulation leads to asymmetric resource consumption. This vulnerability was named CVE-2024-40705. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects the function fromWizardHandle of the component POST Handler. The manipulation of the argument mit_pptpusrpw leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-42951. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda FH1206 02.03.01.35. It has been rated as problematic. Affected by this issue is the function fromSetlpBind of the component POST Handler. The manipulation of the argument page leads to denial of service. This vulnerability is handled as CVE-2024-42973. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromNatlimit of the component POST Handler. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-42944. The attack can be launched remotely. There is no exploit available.

Google disrupted a hacking campaign carried out by the Iran-linked APT group APT42 targeting the US presidential election. Google announced that it disrupted a hacking campaign carried out by Iran-linked group APT42 (Calanque, UNC788) that targeted the personal email accounts of individuals associated with the US elections. APT42 focuses on highly targeted spear-phishing and social […]

Google disrupted hacking campaigns carried out by Iran-linked APT42Google disrupted a hacking

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations
josh.pearson@t…
Thu, 08/15/2024 - 17:28

As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem. The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and applications within the world’s digital security infrastructure. This is because today’s digital infrastructures are profoundly reliant on traditional asymmetric cryptography based on RSA or ECC schemes. However, to protect sensitive data against the looming threat of quantum computing, several government agencies such as NIST, CSA, and NSA are urging moving to quantum-safe algorithms. These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST.

Data Security Encryption Key Management

Blair Canavan | Director of Business Development Digital Identity and Security, Thales
More About This Author >

As many organizations begin to embark on their journey toward Post-Quantum Cryptography (PQC) resilience, Thales can facilitate and perhaps accelerate these migrations with its rapidly expanding Thales PQC Partner Ecosystem.

The PQC migration process will be a highly significant transformation in the public-key cryptography landscape to date, impacting billions of devices and applications within the world’s digital security infrastructure. This is because today’s digital infrastructures are profoundly reliant on traditional asymmetric cryptography based on RSA or ECC schemes. However, to protect sensitive data against the looming threat of quantum computing, several government agencies such as NIST, CSA, and NSA are urging moving to quantum-safe algorithms. These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST.

According to a recent Gartner report, companies must immediately start their PQC readiness plans given the complicated and extensive nature of these migratory endeavors. This considerable undertaking includes the need for crypto-discovery, prioritization, remediation, and testing. The report also cites several leading Technology and Consulting companies with PQC-relevant solutions.

With the rise of Harvest Now Decrypt Later attacks, Thales is committed to helping customers succeed and supports a crypto-agile strategy that preserves the current security offered by traditional cryptography while adding in needed PQC protections.

About the Thales PQC Ecosystem

To facilitate and accelerate quantum-safe readiness, Thales is also committed to fostering a collaborative PQC ecosystem to ensure successful PQC-ready migration outcomes for everyone. This includes working with a variety of Consulting, Implementation, and Technology partners across both the private and public sectors most recently showcased during the RSAC2024 “Thales PQC Palooza” thought leadership forum which featured 12 panelists and industry experts with over 250 attendees.

Customers reap the benefits of building their quantum-safe infrastructures with a vetted, world-class ecosystem that includes market leaders in their respective segments to ensure a success PQC transformation while also helping reduce risk, cost, and complexity.

Sample services provided by Thales PQC Ecosystem partners can include iterative and phased advisory services, skilled implementations, Centers of Excellence for testing, Quantum Random Number Generation (QRNG), Quantum Resistant PKI, and Crypto Discovery, among many others.

Early advisory partners participating in the Thales PQC Ecosystem include Accenture, Capgemini, Deloitte, DXC, Kyndryl, Encryption Consulting and IBM Consulting. Technology Partners also include: DigiCert, Keyfactor, InfoSec Global, PQ Shield, Quantinuum, SandboxAQ, Senetas, and IDQ.

About Thales PQC Initiatives

As a leading global technology and security provider, Thales is committed to ensuring a quantum-safe future even contributing to the development of the NIST Falcon algorithm. Through continuous innovations and investment across its portfolio, the company offers several quantum-ready and crypto-agile data security solutions to meet customer needs. These include encryption key protections with Luna HSMs, High Speed Encryptors, and the CipherTrust Data Security Platform.

Thales PQC Starter Kits

In conjunction with one of our PQC Ecosystem members, Thales together with Quantinuum has created a first-of-its-kind offering to help organizations test and prepare for post-quantum cryptography. The Luna PQC Starter Kit incorporates Luna HSMs and Quantinuum’s quantum random number generation (QRNG) technology through which customers can ensure their keys are securely generated and stored while testing the PQC algorithms.

To protect vulnerable data in motion a Thales PQC Starter Kit for Network Encryption is now available.

Conclusion

While PQC migratory endeavors are a lengthy and years-long process, Thales is proud to facilitate customer success with the Thales PQC Partner Ecosystem. To learn more about our PQC initiatives and partnerships, click here.

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/thales-pqc-partner-ecosystem"
},
"headline": "Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations",
"description": "Discover how Thales and its PQC Partner Ecosystem are leading the way in facilitating and accelerating quantum-safe migrations to protect against future quantum threats.",
"image": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"author": {
"@type": "Person",
"name": "Blair Canavan"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": {
"@type": "ImageObject",
"url": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png"
},
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2024-08-15",
"dateModified": "2024-08-15"
} studio THALES BLOG Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

August 15, 2024

The post Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations appeared first on Security Boulevard.

On June 20, 2024, government services were knocked offline as a cyberattack rocked the Indonesian National Data Center. Investigators would attribute the outage to a new hacker group infecting targets with a novel ransomware variant: Brain Cipher. A variant of the LockBit ransomware family, Brain Cipher was created using the leaked LockBit 3.0 Builder. It […]

The post Brain Cipher Ransomware Analysis & Detection with Cynet’s All-in-One Platform appeared first on Cyber Security News.

Пользователи Windows и MacOS по ударом.