Central Bedfordshire Council failed to properly redact the details of ‘dozens and dozens’ of pupils with special educational needs when responding to a Freedom of Information request, publishing them on a public website.

Read More

The company announced that employees’ personally identifiable information was exposed in the breach

Read More

Microsoft advised organizations running Windows or Linux on internet-facing systems to take action

Read More

If pro-Russian hackers had had their way, the Eurovision Song Contest could have been disrupted, potentially preventing the broadcast from being seen or meddling with the vote.

Read more in my article on the Hot for Security blog.

Read More

StateRamp-authorized cloud solutions like Tenable.io meet stringent security and compliance standards.

Increasingly targeted by cyber criminals, state and local governments (SLGs) need highly-secure cloud solutions. StateRAMP authorization, which involves a rigorous security and compliance evaluation, helps SLGs reduce risk and efficiently verify the security of their cloud solutions. 

Today, we’re excited to announce that Tenable.io is StateRamp authorized, meaning our SLG customers can have peace of mind knowing that our vulnerability management solution meets the strict cybersecurity standards required by federal and SLG agencies.

Achieving this milestone is part of our continued commitment to providing secure, compliant products to help our public sector customers keep their data safe and protect against breaches.

Cybersecurity stakes keep climbing for SLGs 

SLGs are on the front lines of cybersecurity. They hold access to sensitive databases and PII, and often oversee critical infrastructure. To meet citizens’ needs, SLG agencies are embracing digital technologies from mobile to IoT to cloud. With the increased amount of sensitive data to protect and an expanded attack surface, it’s no surprise that cyber attacks against SLGs are becoming more prevalent. 

To help SLG CISOs and security leaders identify truly secure and compliant cloud solutions, the State Risk and Authorization Management Program (StateRAMP) was launched. This new program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSP) at the state level. The security verification model is based on the NIST SP 800-53 control framework and is modeled, in part, after FedRAMP. 

Tenable.io’s StateRamp authorization

Tenable is excited to be a part of StateRAMP’s effort to secure state and local governments. Our StateRAMP active solution, Tenable.io, provides risk-based vulnerability management so you can:

Get full visibility into the assets and vulnerabilities across your attack surface
Continuously track and assess known and unknown assets— and their vulnerabilities, even dynamic assets like mobile devices, virtual machines and cloud instances
Proactively identify and prioritize vulnerabilities with the highest impact to your organization
Get immediate insight and visualizations into your security posture

With both StateRAMP and FedRAMP authorizations, you can be assured that Tenable.io is a secure, effective and tested cloud-based vulnerability management solution that meets the high security and compliance standards of Federal and state and local government agencies. To learn more about how Tenable protects state and local governments read the Solutions Overview. 

For more information on StateRAMP read the StateRAMP FAQ.

Read More

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview:

The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit.

“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,” Joyce said. “We’ve worked against all of them to make sure they are solid.”

The purpose of the open, public international scrutiny of the separate NIST algorithms is “to build trust and confidence,” he said.

I believe him. This is what the NSA did with NIST’s candidate algorithms for AES and then for SHA-3. NIST’s Post-Quantum Cryptography Standardization Process looks good.

I still worry about the long-term security of the submissions, though. In 2018, in an essay titled “Cryptography After the Aliens Land,” I wrote:

…there is always the possibility that those algorithms will fall to aliens with better quantum techniques. I am less worried about symmetric cryptography, where Grover’s algorithm is basically an upper limit on quantum improvements, than I am about public-key algorithms based on number theory, which feel more fragile. It’s possible that quantum computers will someday break all of them, even those that today are quantum resistant.

It took us a couple of decades to fully understand von Neumann computer architecture. I’m sure it will take years of working with a functional quantum computer to fully understand the limits of that architecture. And some things that we think of as computationally hard today will turn out not to be.

Read More

Radcliffe will be officially inducted into the Hall of Fame during a keynote session at this year’s Infosecurity Europe 2022

Read More