- Forging Trust
- Posts
- AI Compliance Officers, Mass Text Hijack in NY, and Post-Quantum Encryption
AI Compliance Officers, Mass Text Hijack in NY, and Post-Quantum Encryption
IT channel and business news with a focus on regulatory compliance.
Blacksmith Team
November 19, 2025
🤔 MSPs: Are You Prepared to Be AI Compliance Officers?
The rise of the AI compliance officer stands as a defining trend in the intersection of technology and regulatory management — and MSPs are at the heart of this transformation. By expanding their capabilities to embrace AI governance, MSPs are not only addressing urgent client needs but are also charting a new course as strategic leaders for responsible digital innovation…
🎙️The Get NIST-y Podcast!
 | Subscribe on Spotify!Jared and Mike talk all things compliance and IT channel while answering your burning questions! |
📋 New York: Mass SMS Scam via Hijacked Alert Service
On November 10th, hackers exploited a legitimate mass texting service to send hundreds of thousands of scam messages — including to New York State’s official alert subscribers. This incident, which leveraged public trust in emergency messaging channels, marks an evolution in SMS phishing (“smishing”) scams and raises pressing concerns for individuals and organizations alike...
❔ Which current encryption algorithms are most at risk from quantum attacks?
Quantum computing is poised to dramatically reshape encryption by potentially breaking the cryptographic algorithms that protect today’s digital data. Researchers predict that by the early 2030s, sufficiently powerful quantum computers could crack widely used standards like RSA-2048 and ECC, which underpin secure communications worldwide.
Current cryptographic algorithms most at risk from quantum attacks include:
RSA (Rivest-Shamir-Adleman): The most common public-key encryption method for securing websites, email, and VPNs. Quantum computers using Shor’s algorithm could efficiently factor the large numbers that RSA relies on, making it vulnerable.
Diffie-Hellman (DH): Used for secure key exchange; quantum algorithms could break DH by solving the discrete logarithm problem exponentially faster than classical computers.
Elliptic Curve Cryptography (ECC): ECC is commonly used for encrypted communications, including TLS/SSL; quantum computers could defeat ECC via Shor’s algorithm, just as with RSA.
Symmetric encryption algorithms like AES and hash functions such as SHA-2 are less affected, though quantum computing (using Grover’s algorithm) does threaten to halve their effective security strength, requiring larger key sizes for continued protection.
Organizations should prioritize migrating away from RSA, DH, and ECC to post-quantum algorithms, which are specifically designed to resist quantum attacks.
⚠️ Threat Updates
🔴 Critical Lynx+ Gateway Flaws Put Global Manufacturing at Risk (11/16/25)
Homeland Security and CISA issued a severe alert on four vulnerabilities in General Industrial Controls Lynx+ Gateway devices, used in manufacturing networks worldwide. Attackers can reset devices remotely, steal credentials sent in cleartext, and retrieve sensitive information with simple HTTP requests. With no vendor patches and widespread deployment, experts urge immediate network isolation and direct vendor contact for custom mitigation. » More Info
🔴 Trending Scam: ‘Grey Area’ AI Shopping Sites Flood Holiday Market (11/19/25)
Scammers are launching sophisticated AI-generated online stores this fall, posing as small, family-run boutiques to lure shoppers. Many are linked to Temu drop-shipping schemes and feature entirely fabricated owners and backstories. Experts warn that AI enables scammers to quickly spin up convincing fake shops, complete with professional branding, reviews, and shopkeeper personas. To reduce risk, consumers should verify unfamiliar stores using independent review platforms like Trustpilot. » More Info
🗨️ Parting Words
“There are two major products that come out of Berkeley: LSD and UNIX. We don’t believe this to be a coincidence.” — Jeremy S. Anderson, Programmer
Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!