CyberSecurity news
FlagThis - #encryption
|
Siôn Geschwindt@The Next Web
//
References:
The Next Web
, medium.com
,
Quantum computing is rapidly advancing, presenting both opportunities and challenges. Researchers at Toshiba Europe have achieved a significant milestone by transmitting quantum-encrypted messages over a record distance of 254km using standard fiber optic cables. This breakthrough, facilitated by quantum key distribution (QKD) cryptography, marks the first instance of coherent quantum communication via existing telecom infrastructure. QKD leverages the principles of quantum mechanics to securely share encryption keys, making eavesdropping virtually impossible, as any attempt to intercept the message would immediately alert both parties involved.
This advance addresses growing concerns among European IT professionals, with 67% fearing that quantum computing could compromise current encryption standards. Unlike classical computers, which would take an impractical amount of time to break modern encryption, quantum computers can exploit phenomena like superposition and entanglement to potentially crack even the most secure classical encryptions within minutes. This has prompted global governments and organizations to accelerate the development of robust cryptographic algorithms capable of withstanding quantum attacks. Efforts are underway to build quantum-secure communication infrastructure. Heriot-Watt University recently inaugurated a £2.5 million Optical Ground Station (HOGS) to promote satellite-based quantum-secure communication. In July 2024, Toshiba Europe, GÉANT, PSNC, and Anglia Ruskin University demonstrated cryogenics-free QKD over a 254 km fiber link, using standard telecom racks and room temperature detectors. Initiatives such as Europe’s EuroQCI and ESA’s Eagle-1 satellite further underscore the commitment to developing and deploying quantum-resistant technologies, mitigating the silent threat that quantum computing poses to cybersecurity. Recommended read:
References :
@thequantuminsider.com
//
Project Eleven has launched the QDay Prize, an open competition offering one Bitcoin, currently valued around $84,000 to $85,000, to anyone who can break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer. This initiative aims to evaluate the proximity of quantum computing to undermining ECC, a widely used encryption scheme. Participants must demonstrate the ability to break ECC using Shor's algorithm, without classical shortcuts or hybrid methods and submissions must include gate-level code and system specifications, all made publicly available for transparency.
The competition is structured around progressively larger ECC key sizes, starting from 1-bit keys, with an emphasis on demonstrating generalizable techniques that can scale to full cryptographic key lengths. The challenge, running until April 5, 2026, seeks to rigorously benchmark the real-world quantum threat to Bitcoin’s core security system. Project Eleven emphasizes that even successful attacks on small keys would be significant milestones, offering valuable insights into the security risks in modern cryptographic systems. Participants can use publicly accessible quantum hardware or private systems, and are expected to handle error-prone qubit environments realistically, given current hardware fidelities. Breaking even a few bits of a private key would be considered a significant achievement, according to Project Eleven. The QDay Prize hopes to establish a verifiable and open marker of when practical quantum attacks against widely used encryption systems may emerge, highlighting the urgency of understanding how close current technologies are to threatening ECC security. Recommended read:
References :
@The Cryptography Caffe? ?
//
The UK's National Cyber Security Centre (NCSC) has released a roadmap for transitioning to post-quantum cryptography (PQC), establishing key dates for organizations to assess risks, define strategies, and fully transition by 2035. This initiative aims to mitigate the future threat of quantum computers, which could potentially break today's widely used encryption methods. The NCSC’s guidance recognizes that PQC migration is a complex and lengthy process requiring significant planning and investment.
By 2028, organizations are expected to complete a discovery phase, identifying systems and services reliant on cryptography that need upgrades, and draft a migration plan. High-priority migration activities should be completed by 2031, with infrastructure prepared for a full transition. The NCSC emphasizes that these steps are essential for addressing quantum threats and improving overall cyber resilience. Ali El Kaafarani, CEO of PQShield, noted that these timelines give clear instructions to protect the UK’s digital future. Researchers have also introduced ZKPyTorch, a compiler that integrates ML frameworks with ZKP engines to simplify the development of zero-knowledge machine learning (ZKML). ZKPyTorch automates the translation of ML operations into optimized ZKP circuits and improves proof generation efficiency. Through case studies, ZKPyTorch successfully converted VGG-16 and Llama-3 models into ZKP-compatible circuits. Recommended read:
References :
Kirsten Doyle@informationsecuritybuzz.com
//
References:
Information Security Buzz
, Davey Winder
,
Millions of RSA encryption keys are vulnerable to attack due to a significant security flaw. New research indicates that roughly 1 in 172 online certificates are susceptible to compromise via a mathematical attack. This vulnerability primarily affects Internet of Things (IoT) devices, but it can pose a risk to any system utilizing improperly generated RSA keys. The root cause lies in poor random number generation during the key creation process.
The flaw occurs because keys sometimes share prime factors with other keys. If two keys share a prime factor, both can be broken by computing the Greatest Common Divisor (GCD). According to researchers, with modest resources, hundreds of millions of RSA keys used to protect real-world internet traffic can be obtained. Using a single cloud-hosted virtual machine and a well-studied algorithm, over one in 200 certificates can be compromised within days. Recommended read:
References :
John Engates@The Cloudflare Blog
//
Cloudflare has announced an expansion of its Zero Trust platform to protect organizations against emerging quantum computing threats. The upgrade focuses on enabling post-quantum cryptography for corporate network traffic, allowing secure routing of communications from web browsers to corporate web applications. This provides immediate, end-to-end quantum-safe connectivity, addressing the increasing vulnerability of conventional cryptography to quantum computer attacks. Cloudflare has been actively developing and implementing post-quantum cryptography since 2017 and are already making post-quantum security free, by default, for all of its customers.
Organizations can tunnel their corporate network traffic through Cloudflare’s Zero Trust platform, thereby shielding sensitive data from potential quantum breaches. Over 35% of non-bot HTTPS traffic that touches Cloudflare is already post-quantum secure, with the expectation that this percentage will grow as more browsers and clients support post-quantum cryptography. The National Institute of Standards and Technology (NIST) is also encouraging this transition, setting a timeline to phase out conventional cryptographic algorithms like RSA and Elliptic Curve Cryptography (ECC) by 2030 and completely disallowing them by 2035. Cloudflare's CEO Matthew Prince states "Cloudflare has long committed to making post-quantum security the new baseline for Internet security, delivering it to all customers so we can bolster defenses against future quantum threats. Now, we’re offering that protection built directly into our Zero Trust solutions". He continues "We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.” Recommended read:
References :
Bill Toulas@BleepingComputer
//
A new ransomware campaign is underway, leveraging critical vulnerabilities in Fortinet's FortiOS and FortiProxy systems. The SuperBlack ransomware, deployed by the cybercriminal group Mora_001, targets Fortinet firewalls by exploiting authentication bypass flaws, specifically CVE-2024-55591 and CVE-2025-24472. Once inside, attackers escalate privileges to super-admin and create new administrator accounts, modifying automation tasks to ensure persistent access, even if initially removed.
The vulnerabilities, disclosed in January and February of 2025, allow attackers to gain unauthorized access and encrypt devices after the initial compromise, attackers map the network and attempt lateral movement using stolen VPN credentials and newly added VPN accounts. They utilize Windows Management Instrumentation (WMIC), SSH, and TACACS+/RADIUS authentication, which are protocols for managing and authenticating network access. Organizations are urged to patch their Fortinet systems to mitigate the risk of SuperBlack ransomware attacks. Recommended read:
References :
|