Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows.

“Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets to new complex proprietary database formats or deploy proprietary agents.”

The search capability, Fortanix claims, doesn’t compromise data security or privacy regulations as it supports a range of regulatory compliance controls.

To read this article in full, please click here

Read More

Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications.

The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved.

“The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate,” said Eyal Mamo, co-founder and chief technology officer at Bionic. “Our next-gen application security platform detects, scores, and prioritizes application risk so that teams can spend time fixing what needs to be fixed.”

To read this article in full, please click here

Read More

An ongoing malware campaign has been pushing the Android banking trojan, Anatsa, to online banking customers in the US, the UK, Germany, Austria, and Switzerland, according to research by cybersecurity firm ThreatFabric.

The threat actors are distributing their malware via the Play Store, and already had over 30,000 installations as of March. The focus of the ongoing campaign is banks from US, UK, and DACH, while the target list of the malware contains almost 600 financial applications from all over the world, ThreatFabric said in its research.

To read this article in full, please click here

Read More

The number of fileless or memory-based attacks that exploit existing software, applications, and protocols have surged 1,400% in the last year. That’s according to Aqua Security’s 2023 Cloud Native Threat Report, which summarizes research and observations of threat actors’ changing tactics, techniques, and procedures (TTPs), along with outlining strategies for protecting cloud environments.

Based on analysis by Aqua Nautilus researchers of 700,000 real-world attacks, the report covers three key areas: software supply chain, risk posture (including vulnerabilities and misconfigurations), and runtime protection. Among key findings is that threat actors are heavily investing resources to conceal campaigns and avoid detection to establish a stronger foothold in compromised systems. Meanwhile, various areas in the cloud software supply chain remain vulnerable to compromise and pose significant threats to organizations, the report stated.

To read this article in full, please click here

Read More

A new Malwarebytes survey has revealed that 81% of people are concerned about the security risks posed by ChatGPT and generative AI. The cybersecurity vendor collected a total of 1,449 responses from a survey in late May, with 51% of those polled questioning whether AI tools can improve internet safety and 63% distrusting ChatGPT information. What’s more, 52% want ChatGPT developments paused so regulations can catch up. Just 7% of respondents agreed that ChatGPT and other AI tools will improve internet safety.

In March, a raft of tech luminaries signed a letter calling for all AI labs to immediately pause the training of AI systems more powerful than GPT-4 for at least six months to allow time to “jointly develop and implement a set of shared safety protocols for advanced AI design and development that are rigorously audited and overseen by independent outside experts.” The letter cited the “profound risks” posed by “AI systems with human-competitive” intelligence.

To read this article in full, please click here

Read More

In today’s digital era, businesses actively strive to heighten network agility, boost security, and slash operational costs. Network Function Virtualization (NFV) and Secure Access Service Edge (SASE) stand at the forefront of this revolution, reshaping enterprise networking and security.

NFV breathes new life into traditional, hardware-based network functions, turning them into versatile, software-based solutions deployable on virtualized infrastructure. As a result, businesses cut hardware costs, speed up service deployment, and streamline network management and automation. When you incorporate NFV into your organization’s network architecture, you unlock these benefits:

Cut hardware costs and physical footprint: Virtual Network Functions (VNF) operate on general-purpose servers, delivering a more cost-effective solution.
Scale the edge swiftly: NFV grants networks that frequently or unpredictably change, greater flexibility and agility. You can deploy, modify, or scale them to adapt to shifting demand.
Speed up service deployment: Forget procuring, installing, and configuring specialized hardware. Instead, launch VNFs fast and hassle-free to deploy new network services.
Enhance network management and automation: NFV management and orchestration (MANO) systems allow central management and orchestration of VNFs, reducing network administration’s complexity and manual effort.
Decrease energy consumption: NFV consolidates multiple network functions onto shared infrastructure, lowering energy consumption and cooling requirements, contributing to greener and more sustainable operations.

On the flip side, SASE represents a departure from the traditional network architecture that depends on separate devices for each function. It pulls network and security services closer to the edge, providing consistent security policies, better performance, and simplified management. With its flexible, programmable, and secure networking capabilities, NFV is a critical enabler of SASE. NFV and SASE architectures also deliver these benefits:

Scalability: As a cloud-based service, SASE and NFV work in harmony to scale up or down effortlessly based on demand, helping organizations adapt quickly to evolving network conditions and requirements.
Performance and user experience: SASE and NFV draw network and security services closer to the edge, reducing latency and enhancing performance for users, especially those remote from the organization’s data centers or main offices.
Consistent security policies: SASE and NFV ensure the consistent application of security policies across the entire network, regardless of users or devices’ location. This is particularly advantageous for organizations with remote workers or multiple branches.
Cost efficiency: By merging multiple network and security functions into a single service, and on single physical servers, SASE and NFV help organizations slash costs linked to hardware procurement, installation, and maintenance.

The powerhouse duo of Network Function Virtualization (NFV) and Secure Access Service Edge (SASE) empowers modern businesses to amplify their network agility, bolster security, and curb operational costs. Their synergy keeps organizations in step with the fast-paced rhythm of today’s digital business landscape, offering a network architecture that is flexible, scalable, secure, and efficient.

Adopting NFV can fuel cost savings, expedite service deployment, enhance network management, and promote sustainability. Simultaneously, embracing SASE can deliver consistent security policies, improve performance, and simplify management, especially beneficial for businesses with a dispersed workforce or multiple branch locations. Together, NFV and SASE form a robust framework for securing and managing modern networks.

The time to integrate NFV and SASE into your network architecture is now. Considering the multitude of benefits they offer, it’s not a mere option; it’s a strategic imperative to future-proof your network infrastructure. Don’t let your current network setup hinder your business growth. Contact AT&T Cybersecurity to discover how NFV and SASE can revolutionize your network infrastructure and propel your business forward.

Read More

Recommended DMARC policy only implemented by a minority

Read More

More than half of banks incorporated in the UK are lagging on email cybersecurity measures, subjecting customers, staff, and stakeholders to increased risk of email-based impersonation attacks. That’s according to new research from cybersecurity firm Proofpoint, which analysed 150 banks incorporated in the UK as listed by the Bank of England. It found that only 47% implement the strictest and recommended level of Domain-based Message Authentication, Reporting and Conformance (DMARC) – an email validation protocol designed to protect domain names from being misused by cybercriminals.

To read this article in full, please click here

Read More

Security agency’s latest guidance refresh makes best practices more accessible

Read More