Aggregator

Учёные залезли в голову Reddit-пользователей через фальшивые исповеди.

Bugcrowd’s new service connects customers with a global network of vetted ethical hackers for a variety of red team engagements—fully managed through the Bugcrowd Platform. This release sets a new benchmark in the red team services market, enabling organizations to test their security environments with the highest level of confidence. By tapping into a global pool of experts using the latest adversarial tactics, techniques, and procedures (TTPs), customers gain unparalleled insight into how real-world attackers … More →

The post Bugcrowd enables organizations to test their security environments appeared first on Help Net Security.

A vulnerability classified as problematic was found in ZoneMinder. This vulnerability affects unknown code of the component HTTP GET Request Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2022-39290. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Bus Pass Management System 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument searchdata leads to cross site scripting. This vulnerability is handled as CVE-2022-35155. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Mozilla Thunderbird up to 91.7 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-28289. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in SolarWinds Orion Platform 2018.4 HF3 up to 2020.2.5. This vulnerability affects unknown code of the component QoE Application. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-36965. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Опыт Банка «Санкт-Петербург».

现代汽车引入了常见于流媒体服务的订阅模式，车主需要支付月费或年费才能解锁从免手动驾驶系统、加热座椅到自动记录事故摄像头等额外功能。但汽车订阅模式所需的额外网络连接可能会增加司机受到政府监控的风险，增加被警方调查的可能性。《连线（WIRED）》调查了逾二十份警方记录，显示警方定期接受如何利用联网汽车的培训，而订阅功能会大幅增加了警方调查期间可访问的数据量。文件显示，配备 OnStar 订阅服务的通用汽车传输的数据量是福特汽车的两倍，其传输的数据包括了泄漏汽车位置的信息。警方文件显示，汽车厂商经常会通过试用吸引车主使用订阅功能，即使车主没有选择订阅，车载设备仍然会与手机塔等设备进行通信。

根据 Akamai 的最新报告，2024 年Web 攻击增加了 33%，其中 API 成为主要攻击目标。

ProjectDiscovery作为2024年RSAC创新沙盒入围企业，专注于攻击面管理，以开源社区驱动的资产与漏洞发现工具著称。其明星项目Nuclei通过高效的模板扫描技术，助力企业快速识别风险，展...

根据 Akamai 的最新报告，2024 年Web 攻击增加了 33%，其中 API 成为主要攻击目标。

Kali предупреждает о критическом сбое в цепочке доверия.

2025 – The International Year of Quantum Science and Technology
divya
Tue, 04/29/2025 - 07:48

It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the race to make a quantum computer has skyrocketed over recent years, driving the cybersecurity industry en masse to begin preparations.

Industry experts who understand the complexities and challenges behind such a transformation recognize this year marks a turning point. Last year NIST announced the finalists for the Post-Quantum Cryptography algorithms (PQC), prompting many vendors to begin PQC migration plans, if they hadn’t already. While organizations are still evaluating the upcoming impact, 2025 is the ideal time to assess the next steps. Every organization needs to define their journey, and tailor it to their existing infrastructure and requirements. With Harvest Now, Decrypt Later attacks already putting long life data at risk, it’s vital to be proactive.

A good first step could be to set up a working group, consisting of various IT personnel along with an executive sponsor, in alignment with the 2025 International Year of Quantum, with a goal of educating your team about PQC as much as possible. Take the lessons learned and build out a draft migration to PQC plan and budget that is specific to your organization. Be sure to set up regular intervals to keep the project moving.

If your organization has already started its PQC journey, it is critical to stay on top of this ever-evolving topic, which continues to advance constantly as the entire industry navigates this new territory.

Wherever you are in the world, you have a variety of resources at your disposal. While there are no compliance regulations specific to PQC just yet, CNSA 2.0 in the North American region, was the first to present its timelines for compliance, with differing dates based on industry. In the UK, the government recently released its guidelines on protecting technical systems from quantum computers. In Asia Pacific, several regulatory bodies such as the Monetary Authority of Singapore (MAS) or the Australian Prudential Regulation Authority (APRA) are all calling for organizations, especially those in the financial industry, to begin their preparations for quantum readiness as soon as possible.

For those who work in areas of Code Signing or Public Key Infrastructure, be sure to check out the many resources from the recently held PKI Consortium Post-Quantum Cryptography conference in Austin, TX. Not only have the conference organizers put together a list of Key Takeaways, but they posted all the information sessions on their website, including sessions by some of Thales’ own such as with Eric Amador, Product Market Manager on the Hardware Security Module (HSM) panel, or the breakout session by Blair Canavan, Alliances Director, PQC Portfolio entitled “2025 is here – how to get your PQC Readiness Plan Underway”.

Drawing on Thales' deep expertise and customer-driven insights in PQC, our specialists offer guidance to prepare for the impact of IYQ. To facilitate this transition, Thales provides PQC starter kits for hardware security modules and network encryption.

There are many other industry events happening throughout the year. If you don’t usually attend, this year would be an essential year to visit either in-person or even virtual events.

To get you started, here are a few resources from Thales:

1) Upcoming Webinars with Thales and its PQC Partner Ecosystem: Search - BrightTALK

2) PQC e-Book: Post-Quantum Cryptography Insights - eBook

3) Risk Assessment Tool: Post-Quantum Crypto Agility Risk Assessment

4) Solutions Web page: Post-Quantum Crypto Agility

5) Begin preparing now with our PQC Starter Kits

Encryption

Jenn Nuttall | Product Marketing Manager
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/encryption/kickstart-pqc-preparation-year-of-quantum"
},
"headline": "Kickstart Your PQC Journey in the Year of Quantum",
"description": "2025 marks the Year of Quantum. Learn how to prepare for post-quantum cryptography with migration planning tips, global regulations, and Thales resources.",
"image": "",
"author": {
"@type": "Person",
"name": "Jenn Nuttall",
"url": "https://cpl.thalesgroup.com/blog/author/jnuttall"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-04-29",
"dateModified": "2025-04-29"
}

basic

The post 2025 – The International Year of Quantum Science and Technology appeared first on Security Boulevard.

AI代理能力受关注

Arctic Wolf has introduced Cipher, an AI security assistant that provides customers with self-guided access to deeper security insights directly within the Arctic Wolf Aurora Platform. Cipher enhances investigations and alert comprehension by delivering instant answers, contextual enrichment, and actionable summaries, all informed by real-world experience from Arctic Wolf’s AI-enabled global security operations centers (SOC).

The post Arctic Wolf launches Cipher to enhance security investigations with AI insights appeared first on Help Net Security.

Netwrix unveiled new solutions and capabilities across its 1Secure SaaS platform. Its new Data Security Posture Management (DSPM) solution identifies and eliminates data exposures within Microsoft 365 environments and will be available in May. Netwrix also announced new risk assessment capabilities within 1Secure, allowing organizations to quickly scan their Active Directory, Entra ID and Microsoft365 environments to gain rapid insight into security risks and misconfigurations. The risk assessments also include a new AI-assisted remediation workflow … More →

The post Netwrix boosts identity and data security for Microsoft environments appeared first on Help Net Security.

Смелая функция открывает новую эру персональных рекомендаций.

4月28日，在第八届数字中国建设峰会期间，第二届“长城杯”信息安全铁人三项赛（防护赛）总决赛在福建福州举办。

勒索软件攻击正日趋精密且无孔不入，给全球企业带来了严峻挑战。