<ciso brief/>
Tag Banner

All news with #key management tag

all tags →

Tue, July 15, 2025

Securing Cloud Identity Infrastructure Through Collaboration

#Conference #HSM #IAM #Identity Threat Detection #JWT Weakness #Key Management #OAuth Misconfig #OIDC Misuse #Secrets Management #Token Exchange

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

read more →

Fri, May 23, 2025

Cost of Quantum Factoring for RSA: Updated Estimates

#Encryption in Transit #Google #Google Cloud #Key Management #Post-Quantum Cryptography #Threat Report #Weak Cryptography

🧮 Google Quantum AI authors report that a future quantum computer with roughly one million noisy qubits running for about a week could theoretically factor a 2048-bit RSA key — a roughly 20× reduction in qubit requirements compared to their 2019 estimate. The improvement reflects both algorithmic advances (including approximate modular exponentiation and lower operation overhead) and error-correction gains. The post stresses the urgency of migrating to post-quantum cryptography (PQC) per NIST guidance, highlights deployment steps already taken in Chrome and Cloud KMS previews, and warns of “store now, decrypt later” risks for long-lived keys.

read more →

Wed, May 14, 2025

Android security and privacy updates in 2025 — protections

#Account Takeover #AI Security #AppSec #Google #Identity Threat Detection #Key Management

🔒 Google outlines a suite of Android security and privacy enhancements for 2025, focused on countering scams, fraud, and device theft. New in-call protections block risky actions during calls with unknown contacts, and a UK pilot will extend screen-sharing warnings to participating banking apps. AI-powered Scam Detection in Google Messages has been expanded and runs on-device to preserve privacy, while a new Key Verifier enables public-key verification for end-to-end encrypted messages. Additional theft protections, Advanced Protection device settings, and updates to Google Play Protect round out the release.

read more →