A report from Recorded Future highlights how digital cable management systems are vulnerable to nation-state attacks

Read More

Graham Cluley Security News is sponsored this week by the folks at Infoblox. Thanks to the great team there for their support! At Infoblox, we know that the most important thing to prevent potential attacks against DNS is to understand it and get the right tools and techniques to defend DNS infrastructure. Assembled by the … Continue reading “DNS can speed up response to threats and make security operations more productive”

Read More

Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows.

“Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets to new complex proprietary database formats or deploy proprietary agents.”

The search capability, Fortanix claims, doesn’t compromise data security or privacy regulations as it supports a range of regulatory compliance controls.

To read this article in full, please click here

Read More

Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications.

The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved.

“The surge in applications and shift to continuous delivery are introducing new attack surfaces and attack vectors at an unimaginable rate,” said Eyal Mamo, co-founder and chief technology officer at Bionic. “Our next-gen application security platform detects, scores, and prioritizes application risk so that teams can spend time fixing what needs to be fixed.”

To read this article in full, please click here

Read More

An ongoing malware campaign has been pushing the Android banking trojan, Anatsa, to online banking customers in the US, the UK, Germany, Austria, and Switzerland, according to research by cybersecurity firm ThreatFabric.

The threat actors are distributing their malware via the Play Store, and already had over 30,000 installations as of March. The focus of the ongoing campaign is banks from US, UK, and DACH, while the target list of the malware contains almost 600 financial applications from all over the world, ThreatFabric said in its research.

To read this article in full, please click here

Read More

The number of fileless or memory-based attacks that exploit existing software, applications, and protocols have surged 1,400% in the last year. That’s according to Aqua Security’s 2023 Cloud Native Threat Report, which summarizes research and observations of threat actors’ changing tactics, techniques, and procedures (TTPs), along with outlining strategies for protecting cloud environments.

Based on analysis by Aqua Nautilus researchers of 700,000 real-world attacks, the report covers three key areas: software supply chain, risk posture (including vulnerabilities and misconfigurations), and runtime protection. Among key findings is that threat actors are heavily investing resources to conceal campaigns and avoid detection to establish a stronger foothold in compromised systems. Meanwhile, various areas in the cloud software supply chain remain vulnerable to compromise and pose significant threats to organizations, the report stated.

To read this article in full, please click here

Read More

A new Malwarebytes survey has revealed that 81% of people are concerned about the security risks posed by ChatGPT and generative AI. The cybersecurity vendor collected a total of 1,449 responses from a survey in late May, with 51% of those polled questioning whether AI tools can improve internet safety and 63% distrusting ChatGPT information. What’s more, 52% want ChatGPT developments paused so regulations can catch up. Just 7% of respondents agreed that ChatGPT and other AI tools will improve internet safety.

In March, a raft of tech luminaries signed a letter calling for all AI labs to immediately pause the training of AI systems more powerful than GPT-4 for at least six months to allow time to “jointly develop and implement a set of shared safety protocols for advanced AI design and development that are rigorously audited and overseen by independent outside experts.” The letter cited the “profound risks” posed by “AI systems with human-competitive” intelligence.

To read this article in full, please click here

Read More