Security Boulevard

by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a frank, practical, and sometimes surprising conversation about merchant eligibility, the limits of iframe protection, and what compliance now looks like in an eSkimming-threatened

The post What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls appeared first on Source Defense.

The post What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls appeared first on Security Boulevard.

2025 – The International Year of Quantum Science and Technology
divya
Tue, 04/29/2025 - 07:48

It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the race to make a quantum computer has skyrocketed over recent years, driving the cybersecurity industry en masse to begin preparations.

Industry experts who understand the complexities and challenges behind such a transformation recognize this year marks a turning point. Last year NIST announced the finalists for the Post-Quantum Cryptography algorithms (PQC), prompting many vendors to begin PQC migration plans, if they hadn’t already. While organizations are still evaluating the upcoming impact, 2025 is the ideal time to assess the next steps. Every organization needs to define their journey, and tailor it to their existing infrastructure and requirements. With Harvest Now, Decrypt Later attacks already putting long life data at risk, it’s vital to be proactive.

A good first step could be to set up a working group, consisting of various IT personnel along with an executive sponsor, in alignment with the 2025 International Year of Quantum, with a goal of educating your team about PQC as much as possible. Take the lessons learned and build out a draft migration to PQC plan and budget that is specific to your organization. Be sure to set up regular intervals to keep the project moving.

If your organization has already started its PQC journey, it is critical to stay on top of this ever-evolving topic, which continues to advance constantly as the entire industry navigates this new territory.

Wherever you are in the world, you have a variety of resources at your disposal. While there are no compliance regulations specific to PQC just yet, CNSA 2.0 in the North American region, was the first to present its timelines for compliance, with differing dates based on industry. In the UK, the government recently released its guidelines on protecting technical systems from quantum computers. In Asia Pacific, several regulatory bodies such as the Monetary Authority of Singapore (MAS) or the Australian Prudential Regulation Authority (APRA) are all calling for organizations, especially those in the financial industry, to begin their preparations for quantum readiness as soon as possible.

For those who work in areas of Code Signing or Public Key Infrastructure, be sure to check out the many resources from the recently held PKI Consortium Post-Quantum Cryptography conference in Austin, TX. Not only have the conference organizers put together a list of Key Takeaways, but they posted all the information sessions on their website, including sessions by some of Thales’ own such as with Eric Amador, Product Market Manager on the Hardware Security Module (HSM) panel, or the breakout session by Blair Canavan, Alliances Director, PQC Portfolio entitled “2025 is here – how to get your PQC Readiness Plan Underway”.

Drawing on Thales' deep expertise and customer-driven insights in PQC, our specialists offer guidance to prepare for the impact of IYQ. To facilitate this transition, Thales provides PQC starter kits for hardware security modules and network encryption.

There are many other industry events happening throughout the year. If you don’t usually attend, this year would be an essential year to visit either in-person or even virtual events.

To get you started, here are a few resources from Thales:

1) Upcoming Webinars with Thales and its PQC Partner Ecosystem: Search - BrightTALK

2) PQC e-Book: Post-Quantum Cryptography Insights - eBook

3) Risk Assessment Tool: Post-Quantum Crypto Agility Risk Assessment

4) Solutions Web page: Post-Quantum Crypto Agility

5) Begin preparing now with our PQC Starter Kits

Jenn Nuttall | Product Marketing Manager
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/encryption/kickstart-pqc-preparation-year-of-quantum"
},
"headline": "Kickstart Your PQC Journey in the Year of Quantum",
"description": "2025 marks the Year of Quantum. Learn how to prepare for post-quantum cryptography with migration planning tips, global regulations, and Thales resources.",
"image": "",
"author": {
"@type": "Person",
"name": "Jenn Nuttall",
"url": "https://cpl.thalesgroup.com/blog/author/jnuttall"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-04-29",
"dateModified": "2025-04-29"
}

The post 2025 – The International Year of Quantum Science and Technology appeared first on Security Boulevard.

Desired Effect, if it operates as billed, opens up a world of cutting-edge research to defenders, including zero-day vulnerability data and tailored exploit products.

The post Desired Effect Marketplace: Researchers Get Their Due, Defenders Get Realtime Info on Zero Days  appeared first on Security Boulevard.

In multicloud environments, where networks stretch beyond traditional private infrastructures and are accessible over the internet, protecting encryption keys is essential for achieving robust security. 

The post Futureproofing Enterprise Cloud Security: Navigating Cloud Key Management Complexity appeared first on Security Boulevard.

Your mobile application is not just any software. It is the face of a brand for some organizations, like e-commerce, and for some, it instills trust among its clients by bringing forth efficiency and accessibility, like BFSI. Moreover, with the growing number of mobile app users globally, it is projected to reach 7.49 billion by […]

The post Best Tool for Mobile App Pentest in 2025 appeared first on Kratikal Blogs - Information Hub For Cyber Security Experts.

The post Best Tool for Mobile App Pentest in 2025 appeared first on Security Boulevard.

There must be a fundamental shift in strategy for B2B leaders, one that places artificial intelligence (AI) threat detection at the core of cyberdefense. 

The post Why B2B Leaders Must Rethink Cybersecurity Strategies With AI at the Core appeared first on Security Boulevard.

Adopting cloud computing allows organizations of all shapes and sizes to access data and collaborate in the most flexible ways imaginable. While it brings many benefits, it also brings along compliance issues in data governance, particularly when data crosses borders. Ensuring data is safe, private and organized is paramount.  The American Data Privacy Puzzle  The..

The post Compliance Challenges in Cloud Data Governance  appeared first on Security Boulevard.

RSA Conference Dispatch: Beyond the Briefings. Beneath the Buzz. John Boyle Uncovers and Shares Gems from RSAC 2025

The post RSA Conference Dispatch: Mr. NHI – Leading the Movement to Expose Cybersecurity’s Biggest Blind Spot! appeared first on Security Boulevard.

Get details on Legit's new AI capabilities.

The post Announcing New Legit ASPM AI Capabilities appeared first on Security Boulevard.

Toronto, Canada, Apr. 28, 2025, CyberNewswire — Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak … (more…)

The post News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense first appeared on The Last Watchdog.

The post News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense appeared first on Security Boulevard.

Are You Confident Your Data Safety Measures Are Up to Scratch? The rise of digital transformation is not without its pitfalls, one of which is the challenge of maintaining data safety and security. With the majority of businesses relying heavily on cloud-based environments for storing and handling data, the questions arise: are you confident that […]

The post Certain Your Data Is Safe in the Cloud? appeared first on Entro.

The post Certain Your Data Is Safe in the Cloud? appeared first on Security Boulevard.

Why Does Improving Non-Human Identity and Data Response (NHIDR) Matter? How often do we consider the impact of Non-Human Identities (NHIs) on our data security? The management of NHIs and their accompanying secrets has become an indispensable necessity for businesses. From financial services and healthcare to travel and DevOps, professionals across various domains are realizing […]

The post Your NHIDR Is Getting Better—How? appeared first on Entro.

The post Your NHIDR Is Getting Better—How? appeared first on Security Boulevard.

Capturing the Essence of Powerful Secrets Scanning Wondering how to enhance your organization’s cybersecurity measures? Among the vast spectrum of cybersecurity tools available, secrets scanning is one that holds paramount significance. Secrets scanning, as an integral part of Non-Human Identities (NHIs) management, is a powerful practice that helps mitigate security risks posed by NHIs in […]

The post Harnessing Powerful Tools for Secrets Scanning appeared first on Entro.

The post Harnessing Powerful Tools for Secrets Scanning appeared first on Security Boulevard.

Author/Presenter: Bobby Filar

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – PhishDefend: A Reinforcement Learning Framework appeared first on Security Boulevard.

Bugcrowd today at the 2025 RSA Conference announced its intent to create a red team service to test cybersecurity defenses using a global network of ethical hackers. Alistair Greaves, director of red team operations for Bugcrowd, said via a Red Team-as-a-Service (RTaaS) offering that a global pool of experts vetted by Bugcrowd will employ the..

The post Bugcrowd Launches Red Team Service to Test Cybersecurity Defenses appeared first on Security Boulevard.

Blackpoint Cyber today at the 2025 RSA Conference unveiled a unified security posture and response platform that is based on the company’s managed detection and response (MDR) service. Company CTO Manoj Srivastava said the CompassOne platform provides organizations the tool to discover assets along with the guidance needed to improve their security posture. The overall..

The post Blackpoint Cyber Extends MDR Service to Improve Cyber Resiliency appeared first on Security Boulevard.

Permalink

The post Randall Munroe’s XKCD ‘PhD Timeline’ appeared first on Security Boulevard.

The energy is electric in San Francisco as RSAC 2025 kicks off today, and we’re thrilled to bring you live updates straight from the floor. Each day, we’ll capture the cream of the conversations, the breakthrough insights, and the pivotal moments from our booth and beyond. Stay with us as we show you how ColorTokens […]

The post RSAC 2025 Begins: Live Updates & Insights from ColorTokens appeared first on ColorTokens.

The post RSAC 2025 Begins: Live Updates & Insights from ColorTokens appeared first on Security Boulevard.

Anthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects.

The post Anthropic Outlines How Bad Actors Abuse Its Claude AI Models appeared first on Security Boulevard.

Quando Skybox Security ha chiuso, ho avuto seri dubbi, non solo riguardo al mio lavoro, ma anche su come la situazione avrebbe potuto influire sulla mia credibilità professionale che ho...

The post Da bloccati a supportati: aiutare i miei clienti ad atterrare in sicurezza con FireMon appeared first on Security Boulevard.