Security Boulevard

Learn How Kaseya is Changing the Game for MSPs

The post Transform Your MSP’s Financial Future appeared first on Kaseya.

The post Transform Your MSP’s Financial Future appeared first on Security Boulevard.

The FBI and law enforcement agencies from the UK and Germany seized servers and domains belonging to the Dispossessor ransomware gang, which had emerged into the spotlight following a similar operation against the notorious LockBit gang in February.

The post FBI Disrupts Operations of the Dispossessor Ransomware Group appeared first on Security Boulevard.

Authors/Presenters:Chao Wang, Yue Zhang, Zhiqiang Lin

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat appeared first on Security Boulevard.

By Deb Radcliff, DevSecOps analyst and editor of CodeSecure’s TalkSecure educational content (syndicated at Security Boulevard & YouTube)LAS VEGAS – One day before the Black Hat Briefings started in Vegas last week, a group of experts met at the Wynn Las Vegas to talk about SBOMs (software bills of materials) during the Software Supply Chain Security Summit hosted by Lineage. Despite…

The post SBOMs Critical to Software Supply Chain Security appeared first on CodeSecure.

The post SBOMs Critical to Software Supply Chain Security appeared first on Security Boulevard.

Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's®  2024 Market Guide for API Protection offers clear guidance:

"Start using API protection products to discover and categorize your organization's APIs. Identify critical APIs that are publicly exposed and provide access to sensitive data."

Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations. This might involve deploying an API protection product, implementing security best practices, and conducting regular security assessments.  It also becomes critical to design and develop APIs from the start that meet your organization’s governance standards.

The API protection market is undergoing a period of rapid evolution, with consolidation and new entrants from various sectors. According to one of the findings in the 2024 Gartner® Market Guide for API Protection,

"While the early adopters of API protection have been acquiring products from specialized vendors, the market is rapidly consolidating with offerings from web application and API protection (WAAP), API management and cloud infrastructure and platform service (CIPS) providers competing with stand-alone API protection providers."

While these traditional application security providers offer some API security capabilities, they often don’t have the depth and specialization of dedicated API security vendors such as Salt Security.

Salt Security is a specialized API security vendor uniquely positioned to address the evolving API threat landscape. Our platform is purpose-built for API security, leveraging deep API expertise and cutting-edge AI-infused technology to provide comprehensive visibility and protection for all APIs. We are committed to staying ahead of the curve, ensuring our customers have the best API security solution.

Salt Security's API Protection Platform makes it easy to get started with API protection. Our platform quickly and easily discovers all your APIs, giving you the visibility you need to secure them. We also offer comprehensive security posture governance and runtime protection capabilities to help you mitigate API risks and prevent attacks. Take action now to protect your APIs and safeguard your sensitive data before it's too late.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management and run time threat protection, please contact us, schedule a demo, or check out our website.

*Gartner, Market Guide for API Protection, Dionisio Zumerle, Aaron Lord, et al., 29 May 2024 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Gartner® Insights: Navigating the Evolving API Protection Market and Taking Action appeared first on Security Boulevard.

North Korean army of remote IT workers enabled by Matthew Isaac Knoot, alleges DoJ.

The post WTH? DPRK WFH Ransomware Redux: 3rd Person Charged appeared first on Security Boulevard.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Meteor Shower PSA’ appeared first on Security Boulevard.

Hackers, possibly from Iran, sent phishing emails to the Biden-Harris campaign and Trump operative Roger Stone hoping to gain access into the systems of both presidential campaigns. It worked with Stone, who compromised email account opened the door to the Trump campaign infrastructure.

The post Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers appeared first on Security Boulevard.

Learn how to minimize the impact of vulnerabilities like social media use, private jet tracking, and more As an executive protection (EP) professional, you’re likely experiencing a rise in physical threats against your principal(s). You’re not alone. According to Ontic’s State of Protective Intelligence Report, 8 out of 9 EPs say their companies are experiencing…

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Ontic.

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Security Boulevard.

The Post-Quantum Cryptography Algorithms are finalized! Now what?
josh.pearson@t…
Tue, 08/13/2024 - 16:11

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

Encryption Data Security

Todd Moore | Vice President, Data Security Products, Thales
More About This Author >

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

To help our customers unravel this massive undertaking, Thales has been preparing for this moment for well over a decade. In this time, while learning to harness the power of Quantum computers, we recognize and are preparing for the new risks and dangers to guard against, particularly when it comes to data and identities, the core of our global digital society.

With great research, comes great responsibilities…

Thales researchers are playing a central role in the quantum revolution and are now developing the next generation of quantum solutions that will shape the Post-Quantum world. Broadly speaking this research can be grouped into 3 different categories: 1) quantum sensors, 2) quantum communications, and 3) post-quantum cryptography.

1) Quantum Sensors

Sensors have long been used but most recently they can be found in devices such as smart homes, self-driving cars, medical devices, etc. They also play a vital role in our defense and security systems, for land, sea, and air. New Quantum sensors, based off the principles of Quantum mechanics and principles, have been found to augment and expand the human senses so that we may better understand the environment around us. The principles of Quantum physics allow for devices to understand data inputs much faster and compute multiple different types of logic at the same time ensuring more efficient and more accurate sensing capabilities. From Superconducting devices to solid-state sensors to cold atom technology, Thales is at the forefront of imagining and designing new Quantum sensors that will impact everything from the medical world to military applications.

2) Quantum Communications

Quantum technologies are set to directly impact the speed and scale of digital communications. By harnessing the quantum properties of light, quantum technologies will make it possible to secure communications with Quantum-safe cryptographic keys across large-scale networks and the Internet of the future. Thales is pioneering the design of these future network architectures, both for ground-based network elements and for the space-based components needed to share cryptographic keys over long distances. To put this into practice, Thales is part of EuroQCI, a large-scale European project working to deploy a quantum secured Europe-wide network for sharing sensitive data.

3) Post-Quantum Cryptography

To assist our customers with their transformation to PQC, Thales is a participant in NIST’s National Cybersecurity Center of Excellence (NCCoE)’s Migration to PQC Project. By submitting our products to the NCCoE lab, Thales is helping to develop practices that will ease migration from current algorithms to replacement post-quantum algorithms, while also providing platforms for PQC interoperability testing. Of critical importance is crypto agility, which allows our customers to deploy flexible, upgradeable solutions that support classic crypto, emerging quantum-resistant crypto standards, and approved hybrid techniques.

Simultaneously, Thales is actively involved in Post-Quantum Cryptography (PQC) Research & Development, as well as participating in various standardization efforts with many industry regulatory bodies. The company is engaged in multiple research projects in the United States, France (RISQ) and across Europe, and is also financing numerous doctoral theses on the subject. Thales also co-authored the Falcon digital signature algorithm which was selected by NIST in 2022 as a candidate for PQC standardization. Additionally, Thales sits on several PQC Consortiums in North America and Europe, including RESQUE, the Post-Quantum Cryptography Alliance, PKI Consortium, CFDIR Quantum-Readiness Working Group, among others.

Strengthening Trust

With crypto agility implemented across its product lines, Thales has also actively prototyped NIST PQC algorithm finalists within its products and is now focusing on the selected PQC algorithms. With Quantum-safe network encryption solutions and Hardware Security Modules that are already available for purchase, with starter kits ready now for testing the impacts across applications and devices. In addition to the quantum resistant algorithms, Thales High Speed Encryptors are compatible with ESTI standard QKD devices and support QRNG, while our Hardware Security Modules have several partner integrations that can facilitate these additional capabilities. Thales is also accelerating practical Proof of Concepts with customers and partners, notably for hybrid algorithms in digital signatures and key exchange mechanisms.

Whether you are looking to strengthen and future-proof digital identities, such as with government electronic documents or solutions that facilitate, manage, and provide security for cellular connectivity with products such as SIM cards / eSIM, which are integral to the Internet of Things, or if you are needing a cybersecurity solution that will protect your data and applications – Thales is dedicated to supporting our customers today to protect against “Harvest Now, Decrypt Later (HNDL)” attacks, right through the Quantum revolution.

After all, as stewards of trust, Thales is right there alongside you as you evaluate risks and anticipate threats in a Post-Quantum era.

Explore how Thales can help your organization with Post-Quantum Cryptography Solutions.

Schema studio THALES BLOG The Post-Quantum Cryptography Algorithms are finalized! Now what?

August 13, 2024

The post The Post-Quantum Cryptography Algorithms are finalized! Now what? appeared first on Security Boulevard.

South Korea’s national security and intelligence agencies have recently issued a joint cybersecurity advisory highlighting a significant cyber threat. State-backed hackers from the Democratic People’s Republic of Korea (DPRK) have exploited vulnerabilities in a VPN software update to deploy sophisticated malware, aiming to breach secure networks. Read on to get the details.  Tell me more about the North Korean information ... Read More

The post North Korean Hackers Exploit VPN Update Flaw to Deploy Malware appeared first on Nuspire.

The post North Korean Hackers Exploit VPN Update Flaw to Deploy Malware appeared first on Security Boulevard.

A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% increase in the attempted use of Log4j in WANbound traffic in the first half of this year.

The post Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities appeared first on Security Boulevard.

That’s a wrap for Black Hat 2024! We had a great show and met many of you at the booth or on the show floor. I hope you were able to come by, watched a session by Jason Kent, Hacker in Residence at Cequence, or Parth Shukla, Security Engineer at Cequence, and maybe even entered […]

The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Cequence Security.

The post Cequence Storms Black Hat with API Security Testing for Generative AI Applications appeared first on Security Boulevard.

Compliance with SOC 2 assures that the company maintains a high standard of information security, and highlights it among market competitors.

The post How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins appeared first on Security Boulevard.

To stay future-proof, organizations are beginning to realize the value of adopting a new way of protecting data assets known as a cyber resilience approach.

The post Three Reasons to Take a New Cyber-Resilient Approach to Data Protection appeared first on Security Boulevard.

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript.

No one has been able to understand the writing yet, but there are some new understandings:

Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation. If five scribes had come together to write it, the manuscript was probably the work of a community, rather than of a single deranged mind or con artist. Why the community used its own language, or code, remains a mystery. Whether it was a cloister of alchemists, or mad monks, or a group like the medieval Béguines—a secluded order of Christian women—required more study. But the marks of frequent use signaled that the manuscript served some routine, perhaps daily function...

The post On the Voynich Manuscript appeared first on Security Boulevard.

One often overlooked aspect in the aftermath of a breach is the meticulous examination of firewall rule histories. These records not only reveal how an attacker gained access but can illuminate the path they took within an organization’s network.

The post The Crucial Role of Firewall Rule Histories appeared first on Security Boulevard.

Several security issues have recently been discovered in OpenSSL that could result in denial-of-service attacks. OpenSSL is widely used to secure communications across the internet, making these vulnerabilities a significant concern. In response, Canonical has released security updates to address multiple OpenSSL vulnerabilities across different releases, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Ubuntu […]

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on TuxCare.

The post Ubuntu Fixes Multiple OpenSSL Vulnerabilities appeared first on Security Boulevard.

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

Insider risk remains one of the most challenging threats for organisations to manage. The Critical Pathway to Insider Risk (CPIR) offers a structured approach to understanding and mitigating this threat by examining the pathway of events and factors leading to insider acts. This model is based on extensive research into the behaviours and characteristics of […]

This Article What is the Critical Pathway to Insider Risk (CPIR)? was first published on Signpost Six. | https://www.signpostsix.com/

The post What is the Critical Pathway to Insider Risk (CPIR)? appeared first on Security Boulevard.

PALO ALTO, Calif. – August 13, 2024 – TuxCare, a global innovator in cybersecurity for Linux, today announced the launch of its TuxCare Oracle Linux 7 Extended Lifecycle Support (ELS) that enables enterprises to confidently maintain the security of their systems for up to four years following Oracle Linux 7’s end of life that is […]

The post TuxCare Offers Four Years of Precision-Engineered Security Updates for Oracle Linux 7 appeared first on TuxCare.

The post TuxCare Offers Four Years of Precision-Engineered Security Updates for Oracle Linux 7 appeared first on Security Boulevard.