Security News
The National Institute of Standards and Technology today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future - when quantum computers are expected to break existing cryptographic algorithms. The finalized standards include three post-quantum cryptographic algorithms.
While estimates just a few years old suggested that a quantum computer capable of running Shor's Algorithm would not be operationally available until 2029 or later, more recent research to produce fault-tolerant quantum systems, such as the 48 qubit system produced by a team at Harvard, combined with news of PsiQuantum's million qubit system slated to come online in 2027, suggest that the Q-Day horizon, however secretively or publicly it plays out, is coming faster than most anticipated. According to NIST, the "Goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks." In July 2022, NIST published four draft PQC algorithms.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution
Attackers are probing Check Point Remote Access VPN devicesAttackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. The evolution of security metrics for NIST CSF 2.0Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.
The NVD started slowing down its CVE enrichment efforts earlier this year, and NIST confirmed that they are working on a multi-pronged solution that will include improved tools and methods, as well as establishing a consortium that will help addressed various challenges. Tanya Brewer, program manager at the NVD, said in April that the NVD program is considering many changes to improve software identification, automate CVE analysis activities, make NVD data more easy to "Consume" and customize, develop capabilities to publish additional kinds of data, and more.
The program comes shortly after several recent announcements by NIST around the 180-day mark of the Executive Order on trustworthy AI and the U.S. AI Safety Institute's unveiling of its strategic vision and international safety network. "With the ARIA program, and other efforts to support Commerce's responsibilities under President Biden's Executive Order on AI, NIST and the U.S. AI Safety Institute are pulling every lever when it comes to mitigating the risks and maximizing the benefits of AI," Raimondo continued.
The NIST Cybersecurity Framework 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes. Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future....
The tech world has a problem: Security fragmentation. There's no standard set of rules or even language for mitigating cyber risk used to address the growing threats of hackers, ransomware and stolen data, and the threat to data only continues to grow.
"Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well." What is NIST NVD and why it's critical for cybersecurity?