NIST has issued new quantum-resistant cryptography standards, alerting cybersecurity teams to prepare for quantum threats. Quantum computing is expected to jeopardize current cryptographic methods within ten years.

The finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).

The tool will be able to determine whether video content has been artificially generated using AI technology in about five to 10 minutes. Police said the software has an 80% probability of detecting whether a video is authentic.

MITRE has released the latest version of its investigation framework, MITRE ATT&CK v14. The new version includes expanded coverage of activities adjacent to direct network interactions, such as deceptive practices and social engineering techniques.

The new version addresses criticisms of previous versions by including metrics for safety, automation, recovery, value density, vulnerability response effort, and provider urgency.

A phishing kit called 'File Archivers in the Browser' can exploit ZIP domains (introduced by Google) by presenting deceptive WinRAR or Windows File Explorer windows within the browser. The intention is to trick users into executing malicious files. According to the researcher, the phishing kit can ... Read More

CYFIRMA detected a cyberattack in Kashmir, India, linked to the DoNot APT group that used third-party file-sharing websites to spread malware disguised as chat apps named Ten Messenger and Link Chat QQ. The malware's source code was well obfuscated and protected with the Pro Guard code obfuscator u ... Read More

Powered by OpenAI’s GPT-4 generative AI and Microsoft’s security-specific model, Security Copilot looks like a simple prompt box like any other chatbot. You can ask “what are all the security incidents in my enterprise?”

Security researcher Eilon Harel created an open-source, automated scanner for the timely discovery of secrets in exposed AWS S3 buckets. It performs operations such as listing the bucket content via API queries, downloading the relevant textual files, checking for exposed textual files, forwarding ... Read More

The tool, dubbed RedEye, helps visualize command-and-control activities, allowing the teams to replay assessment actions rather than manually parsing log files to recreate events.