• Mon. Dec 9th, 2024

Christina Antonelli

Connecting the World, Technology in Time

Identity Management and Information Security News for the Week of August 16; NIST, DigiCert, FBI, and More

Identity Management and Information Security News for the Week of August 16; NIST, DigiCert, FBI, and More

The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of August 16. This curated list features identity management and information security vendors such as NIST, DigiCert, FBI, and more.

Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.

Identity Management and Information Security News for the Week of August 16


NIST Releases First 3 Finalized Post-Quantum Encryption Standards

This week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. Researchers around the world are racing to build quantum computers that would operate in radically different ways from ordinary computers and could break the current encryption that provides security and privacy for just about everything we do online. The algorithms announced this week are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project, and are ready for immediate use. “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”

Read on for more.

DigiCert to Acquire Vercara

DigiCert, a leading provider of digital trust, this week announced that it has entered into a definitive agreement to acquire Vercara from Golden Gate Capital and GIC. Vercara is a leading provider of cloud-based services that secure the online experience, including managed Authoritative Domain Name System (DNS) and Distributed Denial-of-Service (DDoS) security offerings that protect organizations’ networks and applications. Terms of the transaction were not disclosed. “The addition of Vercara into our portfolio further advances DigiCert’s goal of delivering digital trust for the real world,” said Amit Sinha, CEO of DigiCert. “We believe the combination of Vercara’s talent and suite of products with DigiCert’s technology, distribution and scale will help ensure customers will get a broader set of solutions that protect them at every stage and layer of online engagement, all from a single vendor. We look forward to working with the Vercara team to continue delivering digital trust to our customers.”

Read on for more.

Entrust Achieves FIPS 140-3 Certification for nShield 5 HSM Product Suite

Entrust, a global leader of cybersecurity solutions, this week announced that its next-generation nShield 5 hardware security modules (HSMs) have achieved Federal Information Processing Standards (FIPS) 140-3 certification. FIPS 140-3 is the latest version of the U.S. government computer security standard from the National Institute of Standards and Technology (NIST) used to validate cryptographic modules. By achieving FIPS 140-3 Level 3 validation, Entrust becomes one of the few vendors that can meet the very stringent data security requirements of governments, financial institutions, and enterprises globally. “Our customers seek best-in-class, high assurance hardware security modules to protect their high-value cryptographic keys. I’m delighted that the Entrust nShield family of HSMs are now validated to FIPS 140-3,” said Carl Persson, Sales Director Encryption at Verisec International AB. “Verisec is a long-standing partner of Entrust and we recognize the significance of achieving this new security validation for the nShield 5 HSM. Our joint customers will now be able to choose Entrust nShield HSMs to meet their high assurance needs knowing that they have the latest FIPS 140-3 validation in addition to Common Criteria certification and a number of other compelling features.”

Read on for more.

Resilience Report: “Threat Actors Exploit Cybersecurity Gaps from M&A, Software Consolidation to Maximize Damage & Profit”

Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, cyber risk solution company Resilience found in its Midyear 2024 Cyber Risk Report. Increasing M&A and reliance on ubiquitous software vendors created new opportunities for threat actors to unleash widespread ransomware campaigns by exploiting a single point of failure. Some of the most disruptive cyberattacks over the past year involved heavily interconnected systems or recently acquired companies, to devastating effect—even putting entire economic sectors on hold. “Major attacks like the ones on Change Healthcare, CDK Global, and AT&T have been wreaking havoc and making headlines, but they also remind us that we’re facing a new status quo. Increased vendor interdependence and M&A activity have created an unprecedented opportunity for hackers, with far more points of failure and potential for human error,” said Vishaal “V8” Hariprasad, co-founder and CEO of Resilience. “Now more than ever, we need to rethink how the C-suite approaches cyber risk. Businesses are interconnected like never before, and their resilience now depends on that of their partners and others in the industry.”

Read on for more.

FBI-Lead International Investigation Drives Shutdown of Ransomware Group

This week, FBI Cleveland announced the disruption of “Radar/Dispossessor”— the criminal ransomware group led by the online moniker “Brain” — and the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Since its inception in August 2023, Radar/Dispossessor has quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organizations from the production, development, education, healthcare, financial services, and transportation sectors. Originally focused on entities in the United States, the investigation discovered 43 companies as victims of the attacks, from countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany. During its investigation, the FBI identified a multitude of websites associated with Brain and his team. The investigation and joint takedown were conducted in conjunction with the U.K.’s National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office (BLKA), and the U.S. Attorney’s Office for the Northern District of Ohio.

Read on for more.


Expert Insights Section

Insight Jam logoWatch this space each week as our editors will share upcoming events, new thought leadership, and the best resources from Insight Jam, Solutions Review’s enterprise tech community for business software pros. The goal? To help you gain a forward-thinking analysis and remain on-trend through expert advice, best practices, trends and predictions, and vendor-neutral software evaluation tools.

The Quantum Threat is Now

We have been warned by the heads of the NSA, the FBI, and even the White House that there are active nation-state attacks stealing currently encrypted data and that we need to switch PQC algorithms. This announcement by NIST is fantastic and a positive progression for defense against a significant thread.

In the last few years, the landscape of quantum computation has dramatically changed. The potential for a cryptographic class break is much more real than most people realize. Thirty years ago, in 1994, Peter Shor demonstrated that we would need approximately 4,100 qubits to factor 2048-bit RSA, which is the most broadly deployed asymmetric encryption algorithm. At that time, we had no quantum computers available, and people questioned if we would ever develop a functional quantum computer.

Over 20 years ago, in 2001, IBM researchers used an early, extremely limited quantum computer, called a liquid-state nuclear magnetic resonance quantum computer, to show that Shor’s algorithm could run in reality. However, quantum computers were small, and factoring 15 was not particularly impressive. Five years ago, KTH and Google researchers demonstrated that while we would need over 3,500 qubits to make each stable logical qubit, a 20-million-qubit system would crack 2048-bit RSA in less than eight hours.

Time is not on our side to change to quantum-resistant ciphers. We need to address this now – it’s time to get to work and eliminate outdated cryptography.

-Karl Holmqvist, Founder and CEO of Lastwall

link

By admin