Aggregator

A vulnerability was found in Rockwell Automation Micro850 and Micro870. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Modbus Communication Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-7567. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation Pavilion8 5.20. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is known as CVE-2024-40620. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix and Compact GuardLogix 5380. It has been classified as critical. Affected is an unknown function of the component PCCC Message Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-7507. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation FactoryTalk View Site Edition 13.0 and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect permission assignment. The identification of this vulnerability is CVE-2024-7513. The attack needs to be approached locally. There is no exploit available. It is recommended to change the configuration settings.

A vulnerability has been found in Rockwell Automation ControlLogix 5580 and GuardLogix 5580 34.011 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2024-40619. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Rockwell Automation DataMosaix Private Cloud. This affects an unknown part of the component Cookie Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-6078. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in AMD μProf Tool. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-31366. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Ada Web Server 20.0. Affected by this vulnerability is an unknown functionality of the component SSL/TLS. The manipulation leads to certificate with host mismatch. This vulnerability is known as CVE-2024-37015. The attack can be launched remotely. There is no exploit available.

Elon Musk claims that the livestream interview with Donald Trump on the X social media platform was impacted by a cyberattack. Elon Musk claims that a massive DDoS attack caused problems with the announced interview with Donald Trump on the X platform Monday night. “There appears to be a massive DDOS attack on 𝕏. Working on shutting […]

A vulnerability classified as problematic has been found in Symphony CMS up to 2.7.10. Affected is an unknown function of the component Comment Component. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-41614. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Symphony CMS 2.7.10. It has been rated as problematic. This issue affects some unknown processing of the component Note Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-41613. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ocean Data Systems Dream Report 2023 and AVEVA Reports for Operations 2023. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to incorrect permission assignment. This vulnerability was named CVE-2024-6619. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 7003 Processors and EPYC 9004 Processors. It has been classified as critical. This affects an unknown part of the component SEV Firmware. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-31356. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...]

Security researchers at Perception Point have uncovered a sophisticated phishing campaign, dubbed “Uncle Scam.” In this AI-powered campaign, threat actors impersonate U.S. government agencies to send fraudulent tender invitations to numerous American enterprises. The attackers employ advanced techniques, including interactive kits and large language models (LLMs), to create highly convincing phishing emails. The phishing operation […]

The post Operation Uncle Scam – AI-Powered Phishing Attack Steals Microsoft Dynamics 365 Credentials appeared first on Cyber Security News.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Meteor Shower PSA’ appeared first on Security Boulevard.

Hackers, possibly from Iran, sent phishing emails to the Biden-Harris campaign and Trump operative Roger Stone hoping to gain access into the systems of both presidential campaigns. It worked with Stone, who compromised email account opened the door to the Trump campaign infrastructure.

The post Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers appeared first on Security Boulevard.

Learn how to minimize the impact of vulnerabilities like social media use, private jet tracking, and more As an executive protection (EP) professional, you’re likely experiencing a rise in physical threats against your principal(s). You’re not alone. According to Ontic’s State of Protective Intelligence Report, 8 out of 9 EPs say their companies are experiencing…

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Ontic.

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Security Boulevard.

The Post-Quantum Cryptography Algorithms are finalized! Now what?
josh.pearson@t…
Tue, 08/13/2024 - 16:11

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

Encryption Data Security

Todd Moore | Vice President, Data Security Products, Thales
More About This Author >

With the recent release from NIST about their final, published Post-Quantum Cryptography (PQC) algorithms (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), SLH-DSA (formerly SPHINCS+) and with it the imminent end-of-life of the encryption foundations we have relied upon for decades, many organizations are left wondering exactly what they should do next.

To help our customers unravel this massive undertaking, Thales has been preparing for this moment for well over a decade. In this time, while learning to harness the power of Quantum computers, we recognize and are preparing for the new risks and dangers to guard against, particularly when it comes to data and identities, the core of our global digital society.

With great research, comes great responsibilities…

Thales researchers are playing a central role in the quantum revolution and are now developing the next generation of quantum solutions that will shape the Post-Quantum world. Broadly speaking this research can be grouped into 3 different categories: 1) quantum sensors, 2) quantum communications, and 3) post-quantum cryptography.

1) Quantum Sensors

Sensors have long been used but most recently they can be found in devices such as smart homes, self-driving cars, medical devices, etc. They also play a vital role in our defense and security systems, for land, sea, and air. New Quantum sensors, based off the principles of Quantum mechanics and principles, have been found to augment and expand the human senses so that we may better understand the environment around us. The principles of Quantum physics allow for devices to understand data inputs much faster and compute multiple different types of logic at the same time ensuring more efficient and more accurate sensing capabilities. From Superconducting devices to solid-state sensors to cold atom technology, Thales is at the forefront of imagining and designing new Quantum sensors that will impact everything from the medical world to military applications.

2) Quantum Communications

Quantum technologies are set to directly impact the speed and scale of digital communications. By harnessing the quantum properties of light, quantum technologies will make it possible to secure communications with Quantum-safe cryptographic keys across large-scale networks and the Internet of the future. Thales is pioneering the design of these future network architectures, both for ground-based network elements and for the space-based components needed to share cryptographic keys over long distances. To put this into practice, Thales is part of EuroQCI, a large-scale European project working to deploy a quantum secured Europe-wide network for sharing sensitive data.

3) Post-Quantum Cryptography

To assist our customers with their transformation to PQC, Thales is a participant in NIST’s National Cybersecurity Center of Excellence (NCCoE)’s Migration to PQC Project. By submitting our products to the NCCoE lab, Thales is helping to develop practices that will ease migration from current algorithms to replacement post-quantum algorithms, while also providing platforms for PQC interoperability testing. Of critical importance is crypto agility, which allows our customers to deploy flexible, upgradeable solutions that support classic crypto, emerging quantum-resistant crypto standards, and approved hybrid techniques.

Simultaneously, Thales is actively involved in Post-Quantum Cryptography (PQC) Research & Development, as well as participating in various standardization efforts with many industry regulatory bodies. The company is engaged in multiple research projects in the United States, France (RISQ) and across Europe, and is also financing numerous doctoral theses on the subject. Thales also co-authored the Falcon digital signature algorithm which was selected by NIST in 2022 as a candidate for PQC standardization. Additionally, Thales sits on several PQC Consortiums in North America and Europe, including RESQUE, the Post-Quantum Cryptography Alliance, PKI Consortium, CFDIR Quantum-Readiness Working Group, among others.

Strengthening Trust

With crypto agility implemented across its product lines, Thales has also actively prototyped NIST PQC algorithm finalists within its products and is now focusing on the selected PQC algorithms. With Quantum-safe network encryption solutions and Hardware Security Modules that are already available for purchase, with starter kits ready now for testing the impacts across applications and devices. In addition to the quantum resistant algorithms, Thales High Speed Encryptors are compatible with ESTI standard QKD devices and support QRNG, while our Hardware Security Modules have several partner integrations that can facilitate these additional capabilities. Thales is also accelerating practical Proof of Concepts with customers and partners, notably for hybrid algorithms in digital signatures and key exchange mechanisms.

Whether you are looking to strengthen and future-proof digital identities, such as with government electronic documents or solutions that facilitate, manage, and provide security for cellular connectivity with products such as SIM cards / eSIM, which are integral to the Internet of Things, or if you are needing a cybersecurity solution that will protect your data and applications – Thales is dedicated to supporting our customers today to protect against “Harvest Now, Decrypt Later (HNDL)” attacks, right through the Quantum revolution.

After all, as stewards of trust, Thales is right there alongside you as you evaluate risks and anticipate threats in a Post-Quantum era.

Explore how Thales can help your organization with Post-Quantum Cryptography Solutions.

Schema studio THALES BLOG The Post-Quantum Cryptography Algorithms are finalized! Now what?

August 13, 2024

The post The Post-Quantum Cryptography Algorithms are finalized! Now what? appeared first on Security Boulevard.