Security News

Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which, in theory, should protect data if quantum computing ever manages to break today's encryption technologies. Starting today all websites and APIs served through Cloudflare support post-quantum TLS based on the Kyber hybrid key agreement.

Quantum Builder lets attackers to create malicious Microsoft Windows LNK shortcuts. Quantum Builder has been linked to the advanced persistent threat gang Lazarus Group, based on shared tactics, techniques, and procedures and overlaps in source code, but they can't with any confidence attribute the current campaign to Lazarus or any particular threat group.

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla.

The Emotet malware is now being leveraged by ransomware-as-a-service groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, which would allow the attacker to control it remotely.

While monitoring the Emotet botnet's current activity, security researchers found that the Quantum and BlackCat ransomware gangs are now using the malware to deploy their payloads. "The Emotet botnet has fueled major cybercriminal groups as an initial attack vector, or precursor, for numerous ongoing attacks," security researchers at intelligence company AdvIntel said.

Q-Day represents the day that quantum computers will reliably use the superpositioning power of multi-state qubits to break encryption algorithms that are widely used around the world to enable e-commerce, data security and secure communications. With such threats on the horizon, many organizations are facing the same challenge - implementing a strong quantum security strategy ahead of Q-Day to protect themselves and their customers from quantum attacks.

Apple strengthens security and privacy in iOS 16Apple announced additional security and privacy updates for its newest mobile operating system. Government guide for supply chain security: The good, the bad and the uglyJust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.'s most prestigious security agencies dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography can be added to the Signal secure messaging protocol to protect it from quantum attacks. The company is offering to license its end-to-end encrypted messaging IP to the Signal Foundation pro bono - if/when they plan to upgrade their system - to support the non-profit behind the free encrypted messaging app, Signal, in its mission to make secure communication accessible to everyone.

Although quantum computing is not commercially available, CISA urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets. Quantum computers are systems that harness quantum mechanics to perform much more powerful computations than are available today on systems that rely on binary computations.

The Dominican Republic's Instituto Agrario Dominicano has suffered a Quantum ransomware attack that encrypted multiple services and workstations throughout the government agency. Local media reports that the ransomware attack occurred on August 18th, which has impacted the agency's operation.