125 matches found
Malleability-Resistant Encrypted Control System with Disturbance Compensation and Real-Time Attack Detection
This study proposes an encrypted PID control system with a disturbance observer DOB using a keyed-homomorphic encryption KHE scheme, aiming to achieve control performance while providing resistance to malleability-based attacks. The controller integrates a DOB with a PID structure to compensate f...
Encrypting Files with Passkeys and age
Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...
CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment
Today, CISA, in collaboration with the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA, released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored ...
Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- a Strategic Framework for Cybersecurity
As quantum computing progresses, traditional cryptographic systems face the threat of obsolescence due to the capabilities of quantum algorithms. This paper introduces the Quantum-Ready Architecture for Security and Risk Management QUASAR, a novel framework designed to help organizations prepare...
PQS-BFL: a Post-Quantum Secure Blockchain-Based Federated Learning Framework
Federated Learning FL enables collaborative model training while preserving data privacy, but its classical cryptographic underpinnings are vulnerable to quantum attacks. This vulnerability is particularly critical in sensitive domains like healthcare. This paper introduces PQS-BFL Post-Quantum...
[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats
How Many Gaps Are Hiding in Your Identity System? It's not just about logins anymore. Today's attackers don't need to "hack" in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed...
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...
NCSC Releases Post-Quantum Cryptography Timeline
The UK's National Computer Security Center part of GCHQ released a timeline--also see their blog post--for migration to quantum-computer-resistant cryptography. It even made The Guardian...
Making sure your door access control system is secure: Top 5 things to check
Your door access control system aka a physical access control system or PACS, also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks. Here’s the thing: it’s generally possible to configure your system to be very resistant to card...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...
Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments
CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency CISA, in coordination with the FBI, issues a...
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and passwor...
CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations
Today, CISA and the Federal Bureau of Investigation FBI released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with the Iranian Government’s Islamic...
#StopRansomware: RansomHub Ransomware
Actions to take today to mitigate cyber threats from ransomware: 1. Install updates for operating systems, software, and firmware as soon as they are released. 2. Require phishing-resistant MFA i.e., non-SMS text based for as many services as possible. 3. Train users to recognize and report...
University Professors Targeted by North Korean Cyber Espionage Group
The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation...
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said...
Medium: opensc
Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud CIC is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for...
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...