Security News

Breaking RSA with a Quantum Computer
2023-01-03 17:38

We have long known from Shor's algorithm that factoring with a quantum computer is easy. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm.

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?
2022-12-29 20:45

Remember quantum computing, and the quantum computers that make it possible? Quantum computing enthusiasts claim the performance improvements will be so dramatic that encryption keys that could once comfortably have held out against even the richest and most antagonistic governments in the world for decades.

It's 2058. A quantum computer is just another decade away. Still, you curse Cloudflare
2022-10-03 18:22

Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies. Starting today all websites and APIs served through Cloudflare support post-quantum TLS based on the Kyber hybrid key agreement.

Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web
2022-09-28 17:00

Quantum Builder lets attackers to create malicious Microsoft Windows LNK shortcuts. Quantum Builder has been linked to the advanced persistent threat gang Lazarus Group, based on shared tactics, techniques, and procedures and overlaps in source code, but they can't with any confidence attribute the current campaign to Lazarus or any particular threat group.

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware
2022-09-28 12:36

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla.

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware
2022-09-19 12:42

The Emotet malware is now being leveraged by ransomware-as-a-service groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, which would allow the attacker to control it remotely.

Emotet botnet now pushes Quantum and BlackCat ransomware
2022-09-17 15:17

While monitoring the Emotet botnet's current activity, security researchers found that the Quantum and BlackCat ransomware gangs are now using the malware to deploy their payloads. "The Emotet botnet has fueled major cybercriminal groups as an initial attack vector, or precursor, for numerous ongoing attacks," security researchers at intelligence company AdvIntel said.

Q-Day doesn’t equal doomsday: Enacting an enterprise quantum security strategy
2022-09-15 04:30

Q-Day represents the day that quantum computers will reliably use the superpositioning power of multi-state qubits to break encryption algorithms that are widely used around the world to enable e-commerce, data security and secure communications. With such threats on the horizon, many organizations are facing the same challenge - implementing a strong quantum security strategy ahead of Q-Day to protect themselves and their customers from quantum attacks.

Week in review: Free online cybersec courses, Signal post-quantum upgrade, Patch Tuesday forecast
2022-09-11 08:00

Apple strengthens security and privacy in iOS 16Apple announced additional security and privacy updates for its newest mobile operating system. Government guide for supply chain security: The good, the bad and the uglyJust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.'s most prestigious security agencies dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

Researchers publish post-quantum upgrade to the Signal protocol
2022-09-07 08:04

PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography can be added to the Signal secure messaging protocol to protect it from quantum attacks. The company is offering to license its end-to-end encrypted messaging IP to the Signal Foundation pro bono - if/when they plan to upgrade their system - to support the non-profit behind the free encrypted messaging app, Signal, in its mission to make secure communication accessible to everyone.