Radical Simplicity for Cybersecurity. Apple shows us the way. Microsoft users benefit: https://t.co/RW5F6SiNMC #ZKI #PostPKI #ZeroKnowledge #ZeroKnowledgeInfrastructure

Let's not make life easy for them 😉 Use post-quantum encryption 🔒 👉 https://t.co/Nq7ePZ2ctb

For anyone worrying about this, I’d like to hear how you were already handling a near identical attack that didn’t require this vuln: - steal Yubikey - login - returns key WITHOUT cloning it, because 1 session is enough for most objectives Same attack flow. If that wasn’t

In October I will be trying to "sell" the Keccak instruction at RISC-V Summit😁 Those who know the PQC standards know why (it is relatively even more of a bottleneck when you have vector registers, which speed up NTT tremendously, but SHAKE hardly at all.)

Exciting news from the White House! wolfSSL attended the announcement of the new #PostQuantum standards, now officially endorsed by the US Federal Government 🎉 Standardized: - FIPS-203 ML-KEM - FIPS-204 ML-DSA - FIPS-205 SLH-DSA Learn more: https://t.co/aZRN4gXvaW #PQC

The new Post Quantum Cryptography standards were just released by @NIST. Today marks a major milestone in keeping information on the Internet secure and confidential! See how @Google is using #PQC, and how organizations can adopt these new standards.

It’s here! After 9 years of work, the National Institute of Standards and Technology (NIST) has published its first three standards for post-quantum cryptography. Meet the standards: FIPS 203: ML-KEM, intended as the primary standard for general encryption FIPS 204: ML-DSA,

NIST publishes standards for next-generation cryptography (cipher, digital signature) understood as resistant to attacks with future quantum computers. Migration will not be a piece of cake, but there’s time. https://t.co/2uebDrTeJT https://t.co/XxWmDhXxM7 https://t.co/XxWmDhXxM7

.@Volexity shares #threatintel on how #StormBamboo compromised an ISP to conduct DNS poisoning attacks on targeted organizations & abuse insecure HTTP software updates, delivering custom malware on both macOS + Windows. Read the full analysis: https://t.co/iqAH1PgVVz #dfir

Reminder if you are on a board of an organisation please ensure that you are discussing, planning and preparing on how to both PROTECT and RESPOND to cyber threats: There's loads of guidance from the @NCSC and cool toolset like Exercise in a Box https://t.co/qGXtR2gCp7

@MalwareJake @googlechrome We love this concept @AutoPilotCyber so much, we're extending it beyond browsers to your entire network, with post-PKI Zero Knowledge Infrastructure. More here: https://t.co/Q49FIFXHPs

Many people know SSH is encrypted, but this doesn’t mean using a password with it is safe. The encryption only protects a password in transit from an eavesdropper. It does not protect your password if the remote system is compromised. It can be saved off in cleartext.

"To this day," Thompson notes, "we still do not know how the threat actor accessed the signing key."

Re: the stolen signing key, Thompson says, "Microsoft's explanations about why the key was still active in 2023 and why it worked for both consumer and enterprise accounts have not been competent."

What happens when devs forget to modify the secret key... This is from a recent pentest for a client. This misconfiguration compromised the password reset feature. #pentesting #appsec #cybersecurity #infosec

Basic Cryptography Cheat Sheet

"ASML reassured officials about its ability to remotely disable the machines when the Dutch government met with the company on the threat, two others said."

The hacker group Cyber Army of Russia has sabotaged multiple US water utilities, and has ties to the GRU’s notorious Sandworm unit. They also talk a lot. So I asked for an interview and spent two weeks chatting with their spokesperson “Julia.” https://t.co/6n5g5o68d9

Thx Richard w/ @AirCanada & @caseyjohnellis w/ @Bugcrowd for joining me to share insights on keeping bugs (vulns) off planes. Cooperation + collaboration across teams w/in airlines = results. @SecureAerospace #RSAC

@KimZetter Looks like an important AI privacy and security option for every organization in a regulated industry.