Category: New Tech

Torrance, Calif., Sept. 11, 2024, CyberNewsWire — Criminal IP, a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the internet.

Through the integration, IPLocation.io, a prominent IP address geolocation tracker platform with a substantial user base, now offers more detailed insights on IP addresses from Criminal IP’s accurate and up-to-date threat intelligence database.

Innovative data ecosystem

This is a groundbreaking advancement because Criminal IP’s database, built on a search engine framework, is more than a collection of information; it’s a refined machine learning ecosystem honed through extensive scanning and detection of malicious IP addresses. The system continuously enhances its accuracy by transforming self-collected threat data, particularly behavioral patterns for IP address evasion, into actionable intelligence using AI and machine learning techniques.

Comprehensive IP tracking

Unlike traditional IP tracking methods, which only provide the geographic location of IP addresses, Criminal IP data in IPLocation.io now delivers information from ‘Snort’, a network intrusion detection system, and vulnerability scanners on open ports.

This, along with newly provided inbound and outbound scores of IP addresses, enables the comprehensive identification of threat information related to IP addresses. Users can now compile the information themselves to assess the risk of an IP address, supported by a variety of fact-based evidence.

Among IP Location Lookup data sources, Criminal IP provides the most comprehensive data, offering 25 distinct data points for a single IP address.

Unveiling attack scenarios

Users can also detect IP address obfuscation and protect their assets with new VPN, Proxy, and Tor data in IP Location. The aforementioned data helps identify discrepancies between actual and reported locations of an IP address, as well as traffic routed through multiple servers, thus revealing potential threats. The system goes beyond a mere review of past records; it offers predictive insights into future risks by analyzing behavioral patterns and potential attack scenarios. This underscores the CTI database’s distinctive capability to continuously learn and analyze attack patterns executed online.

About AI SPERA: AI SPERA equips cybersecurity professionals with advanced tools and insights to protect digital assets. Its flagship products include Criminal IP, renowned for its AI-based search engine, as well as attack surface management and fraud detection for enterprise solutions. The firm’s established presence in major marketplaces like AWS and Snowflake further underscores its credibility and the trust placed in its services by leading industry players. Recently, AI SPERA achieved Level 1 certification under PCI DSS v4.0, overseen by the six leading global card issuers, showcasing its commitment to top-tier data security.

 Media contact: Michael Sena, AI SPERA, support@aispera.com

The post News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion first appeared on The Last Watchdog.

Cary, NC, Sept. 10, 2024, CyberNewsWire —  As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted.

According to the recent Hiscox annual cyber readiness report, 41% of SMBs in the US fell victim to a cyberattack in 2023, a figure that has nearly doubled since 2021. INE Security, a global leader in cybersecurity training and certifications, recognizes this as a critical issue and is leading an initiative for change by working with SMBs to bridge the IT/IS skills gap and bolster proactive cybersecurity measures.

Warn

“The skills shortage remains a significant challenge for small and mid-sized businesses, as many do not feel they have the resources to invest in cybersecurity,” said Dara Warn, the CEO of INE Security. “We know that cybersecurity training is no longer optional for businesses – it is essential. Our mission is to provide accessible, effective, and affordable training to these businesses so they can close the gap, ultimately enhancing their defensive capabilities.”

A Corvus study found 47% of businesses with fewer than 50 employees have no cybersecurity budget at all, even as a majority call cybersecurity a “top concern.” As SMBs consider implementing or enhancing a cybersecurity strategy, INE Security is highlighting the keys to successful rollout, including:

•Choosing the right training provider: When selecting a training provider, SMBs should look for expertise in cutting-edge technologies and strategies, including real-world, hands-on cyber ranges. Providers should offer courses that are current, utilize the newest technologies, and include the use of Artificial Intelligence (AI). 

•Crafting a proactive cybersecurity strategy: Incorporating AI and machine learning technical skills into cybersecurity strategies allows SMBs to predict threats and automate responses, which is essential for maintaining resilience against attacks. IT/IS training should therefore include modules on configuring and maintaining these advanced systems to ensure that small businesses are not only reactive but also proactive in their cybersecurity efforts.

•Empowering employees through continuous learning: Continuous education and training are pivotal in keeping up with evolving cyber threats. Regular updates and refresher courses ensure that employees stay sharp and aware of the latest tactics employed by cybercriminals.

By investing in comprehensive IT/IS training and fostering a proactive cybersecurity culture, SMBs can not only protect themselves from cyber threats but also gain a competitive edge in their respective industries. Users are invited to partner with INE Security to transform their cybersecurity practices and ensure a safer future for their business.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security launches initiative to help SMBs foster a proactive cybersecurity culture first appeared on The Last Watchdog.

San Francisco, Calif. — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.

Related: GenAi empowers business

I had the chance to attend NTT Research’s Upgrade Reality 2024 conference here  last week to get a glimpse at some of what’s coming next.

My big takeaway: GenAI is hyper-accelerating advancements in upcoming digital systems – and current ones too. This is about to become very apparent as the software tools and services we’re familiar with become GenAI-enabled in the weeks and months ahead.

And by the same token, GenAI, or more specifically Large Language Model (LLM,) has added a turbo boost to the pet projects that R&D teams across the technology and telecom sectors have in the works.

The ramifications are staggering. The ability for any human to extract value from a large cache of data – using conversational language opens up a whole new universe of possibilities.

The power of conversations

One small example is a souped-up Jibo smart home assistant — a prototype — that can do much more than lock the doors, turn out the lights and set the thermostat. Thanks to GenAI, users can engage this prototype in conversations that get steadily richer over time.

Heidbrink

NTT Research is testing its Jibo protype as a chatty, mindful digital companion oriented to assisting the elderly in multifaceted ways. Sensors scattered around a home keep track of motion, temperature, CO2 levels, light levels and sound. A baseline gets established, deviations get analyzed and responses automatically get fine-tuned.

This all gets done leveraging well-established AI algorithms — but  GenAI takes it to another level, says Chris Heidbrink, NTT Research senior vice president of AI & Innovation.

By factoring in human language cues, Jibo over time can start to detect sentiment and potentially identify health conditions based on conversations. “What we’re doing is combining traditional AI with quality data —  and then bringing in GenAI is like adding polish to it,” Heidbrink  told me. “GenAI allows us to plug in many different things, combine them together and have really deep conversations about them.”

Tech giants out front

Jibo is a microcosm of how GenAI is turbo boosting R&D prototypes of all kinds. Meanwhile, the dust storm clouding the tech horizon is being kicked up by enterprises in all sectors racing to deploy GenAI in support of their entrenched business models.

This GenAI gold rush is being led by the marquee tech giants. Like me, you may be beta testing Adobe’s “Ai Assistant” prototype for Acrobat that allows you to type conversational commands directly into PDF documents. On my SEA to SFO flight, I sat next to a Meta software engineer and we chatted about how Microsoft’s $10 billion  investment in OpenAI/ChatGPT is all about integrating ChatGPT into Windows and Office, while Google’s Gemini services is all about infusing GenAI into Google Search, Google Docs and YouTube.

Likewise, Facebook LLaMA is Meta’s attempt to extract more value from its core asset, Facebook users’ digital footprints. This, of course, raises profound privacy and cybersecurity questions that are just starting to heat up with the rising tide of GenAI-infused deep fake attacks.

Cybersecurity conundrum

Somewhat ironically, the cybersecurity industry itself is scrambling to integrate LLM into emerging security platforms and frameworks to mitigate deep fakes, as well as to get in a better position to address sure-to-come iterations of cyber attacks enhanced by GenAi. (Stay tuned for Last Watchdog’s RSAC Insights podcasts from RSAC 2024, just around the corner.)

I broached this topic at Upgrade Reality 2024 with Moshe Karako, CTO of NTT Innovation Laboratory in Israel. On a whim, while waiting for a flight to Tokyo, Karako was able to persuade Microsoft’s Copilot chat tool to violate Microsoft policy and solve a  captcha to gain him access to a secured website page.

Karako

Moshe used tried-and-true social engineering tactics, such as misspelling words and using persuasive language, to lower Copilot’s guard and manipulate the conversation in his favor. “All it took was playing with prompts to convince it to do what I needed,” Karako says. “And there’s no active solution today that can prevent this.”

Here we go again. Remember how email spam, evolved into phishing attacks, ransomware and advanced persistent threats? This transpired over the past 20 years as business networks advanced from on-premises data centers to hybrid cloud. Along the way, cyber exposures mushroomed. Now GenAI has set us up for a repeat of that cycle — only at a breakneck pace of change.

The hype over the impact of GenAI is just getting started. I heard Vab Goel, founding partner of NTTVC, declare that GenAI will trigger 100X change 100 times faster the we saw in the Internet revolution. Another executive, Rajeev Shah, founder and CEO of Celona.io, I thought, put it best. Speaking on a panel discussion about the transformative potential of GenAI, Shah said this:

Shah

“Actually, I think, as a Silicon Valley (company) founder that it is very rare, and it’s actually the first time in my entire career, that I have been confronted with a technology that neither can I fully understand, nor can I fully grasp the potential. I don’t think any of us have fully internalized yet how transformative AI can be.”

So where will this democratization of AI take us over the next few months and in next couple of years? That’s the turbo-boosted digital revolution we’re all about to experience. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

 

SINGAPORE – Feb. 29, 2024.  In the modern age, large companies are wrestling to leverage their customers’ data to provide ever-better AI-enhanced experiences.

But a key barrier to leveraging this opportunity is mounting public concern around data privacy, as ever-greater data processing poses risks of data leaks by hackers and malicious insiders.

Silence Laboratories is on a mission to create infrastructure to enable complex data collaborations between enterprises and entities, without any sensitive information being exposed to the other engaging parties. Silence Laboratories today announces it has raised an additional $4.1 million funding round led by Pi Ventures and Kira Studio, along with several prominent angel investors.

Leveraging modern cryptography, the company already has one of the fastest distributed signature (authorization) libraries in production (Silent Shard), which has been audited by some of the best security auditing companies like Trail of Bits. These libraries have led to the establishment of strong partnerships with leading digital asset infrastructure and protocol companies like BitGo, MetaMaskEigenLayer, Biconomy, and EasyCrypto.

Products on offer by the company include Silent Shard which allows enterprises and users to limit the risk of exposing sensitive private keys and allows advanced authorisation rules to be put in place. Additionally, the newly launched Silent Compute product allows different organisations to collaborate on processing information without needing to expose their secrets and data to third parties and enrich insights while maintaining compliance and trust. Both the products uses multi-party computation (MPC) as its core cryptographic primitives.

Commenting on the announcement, Silence Laboratories CEO and founder Dr. Jay Prakash said: “In today’s digital ecosystem, trust, and privacy are not merely options but imperatives for sustainable growth. With this new injection of funds, Silence Laboratories is poised to redefine privacy by enabling businesses to fully embrace the power of AI while rigorously protecting their most vital asset – customer trust. Our privacy-enhancing technologies assure that collaboration and innovation can flourish in an environment where the confidentiality and integrity of data are uncompromised.”

Prakash

With the market for privacy-enhancing technologies (PETs) growing globally at a compound annual growth rate of 26.6%, there is growing demand for Silence Laboratories offering to provide mathematical guarantees for techno-legal expectations. This would allow companies to work together on processing data, without needing to share data with the other party – allowing more sectors to benefit from new technology, with less risk.

Shubham Sandeep, Managing Director at Pi Ventures, commented: “Secure data collaboration to enable privacy preserving compute is an ever growing problem especially in highly regulated domains such as finance and healthcare. This requires solutions based on zero trust cryptographic guarantees instead of relying on third party data vendors who are prone to security breaches. The MPC infrastructure developed by the world class team at Silence Laboratories is the fastest in the world, easily configurable, application agnostic and provides full control to the user. We are excited to double down on our investment as we have seen the fantastic progress of the company over the last 18 months.”

The funding will be used to scale the company’s tech & business teams and enrich the company’s robust R&D pipeline. Founded in 2021 by Dr. Jay Prakash (CEO), Dr. Andrei Bytes (CTO) and Dr. Tony Quek; the firm has also recently been expanding its global leadership team across cryptography, infrastructure business and engineering.

“The Silence team is an amazing team with deep cryptography expertise and is working on a set of groundbreaking products in privacy and authentication infrastructure and I am really excited to support their journey. Privacy-preserving infrastructure combined with blockchain and fintech rails is going to be huge!” shared Anurag Arjun, from Kira Studio and Ex Co-founder of Polygon.

For further information please contact the Silence Laboratories press office: Bilal Mahmood on b.mahmood@stockwoodstrategy.com or +44 (0) 771 400 7257

About Silence Laboratories: Started in 2021 by Dr. Jay Prakash (CEO) and Dr. Andrei Bytes (CTO), Silence Laboratories is a privacy tech company that enables enterprises to adopt privacy-enhancing technologies through a unique fusion of cryptography and security engineering. Their mission is to enable a global privacy-compliant collaboration infrastructure that would enable enterprises to collaborate, and exchange inferences while removing all single points of failure.

The company has been founded by a strong technical and business team including PhDs and researchers with previous affiliations at the Massachusetts Institute of Technology (MIT), USA; Singapore University of Technology & Design (SUTD) & National University of Singapore (NUS); University of Illinois Urbana-Champaign (UIUC), globally top-ranked Capture The Flag (CTF) teams, and leading tech companies. Learn more about their work: https://silencelaboratories.com

Media contact: Bilal Mahmood, Stockwood Strategy, Mob: +44 (0) 771 400 7257

 

Zurich, Switzerland, Feb. 27, 2024 — Chipmaking has become one of the world’s most critical technologies in the last two decades. The main driver of this explosive growth has been the continuous scaling of silicon technology (widely known as the Moore’s Law).

But these advances in silicon technology are slowing down, as we reach the physical limits of silicon. For this reason, the industry has been investing heavily in nanomaterials like carbon nanotube, graphene and TMDs, which are expected to enable chips with unprecedented functionality. However, making electronic devices with these extremely small materials at speed, with precision, and without compromising on quality has been a long-standing obstacle.

Nanotechnology company Chiral is today announcing a $3.8m funding round to address this challenge head on, innovating the way nanomaterials are integrated into devices. Its expertise in nanotechnology, automation, and high-precision robotics will be pivotal in the industry’s move beyond silicon to the next generation of electronics. The pre-seed funding round was co-led by Founderful (formerly Wingman Ventures) and HCVC and includes grants from ETH Zurich and Venture Kick.

Research has evidenced the use case and impact of nanomaterials across a range of electronics including high-performance transistors, low-power sensors, quantum devices, and many more. However, existing production methods, mostly based on chemistry, are not controllable, which has thus far prevented commercialization of these devices.

Chiral has built high-speed, automated, robotic machines that integrate nanomaterials into devices. These machines can robotically place micrometer-sized (or even nanometer-sized) materials on small chips. Repeating these motions in a fast and automated manner requires a very high level of engineering, which, when done right, ensures the precision and control that conventional chemistry-based methods lack.

The development of Chiral’s technology started as a national research project conducted at the Swiss Federal Institutes of Technology (ETH Zurich, EPFL, and Empa), in which the company’s co-founders, Seoho Jung, Natanael Lanz, and Andre Butzerin participated as PhD students. After 4 years of R&D, the research team finished its first prototype machine, which was 100 times faster than the other systems available at the time. The immediate reaction of the market to the prototype, which quickly led to the company’s first batch of pilot customers, convinced the co-founders that they should continue their activity as a company. They incorporated Chiral in June 2023 as a result.

Jung

Seoho Jung, Co-founder and CEO at Chiral commented“At Chiral, we are pioneering the next generation of electronic devices across industry. Chipmakers are aware of the potential of nanomaterials and we’re bringing that potential to life. This funding will accelerate the development of our next machine, which will unlock new market opportunities with its versatility and performance. We are also excited to scale our team to keep up with the growing demand and customer base.”

The global nanotechnology market size is projected to grow from $79.14 billion in 2023 to $248.56 billion by 2030, at a CAGR of 17.8% (Fortune business insights research). One of the largest chipmakers in the world, Taiwan Semiconductor Manufacturing Company (TSMC) presented its development roadmap showing nanomaterial-based transistors as its future architecture.

Pascal Mathis, Founding Partner at Founderful, commented: “We’re thrilled to join forces with Chiral alongside HCVC. Chiral’s AI- and robotics-based technology lets us envision a future where nanomaterial-based chips are being produced at the scale needed for commercialization – a major bottleneck up until now. We look forward to supporting Seoho, Natanael and André in their journey to introduce a new paradigm of chips beyond silicon.”

Alexis Houssou, Founding Partner at HCVC, commented: “With the current boom in AI applications, we stand at a pivotal moment where the slowdown of Moore’s law threatens to decelerate the pace of technological progress significantly. The team at Chiral has embarked on a critical mission to pave the way toward a groundbreaking post-silicon era, promising to transcend current limitations and unlock new possibilities for advancement. We couldn’t be more excited to support their mission, in collaboration with Founderful, as they build the future of computing infrastructure.”

Seoho Jung added: “In the future, it will be normal for electronic devices or chips to contain nanomaterials. The development roadmaps of the world’s leading chipmakers like TSMC, Samsung, and Intel all share our vision. We are confident that Chiral technology will empower the industry to make this transition faster.”

About Chiral: Chiral is a nanotechnology company that produces advanced electronic devices with nanomaterials. The core of the company’s technology is its robotic machines that enable the fully automated integration of clean nanomaterials with unprecedented precision and speed. Incorporated in 2023, the company is a spin-off from ETH Zurich and Empa, and is headquartered in Zurich, Switzerland. Learn more about Chiral here: https://www.chiralnano.com/ 

About Founderful: Founderful is Switzerland’s leading pre-seed fund. We give every founder our deepest understanding and highest levels of support, and together, we’re building the future of the Swiss startup ecosystem. For more information, please visit https://www.founderful.com/ or follow via LinkedIn.

About HCVC: HCVC is a venture capital firm that helps founders tackle hard problems with capital, resources and collaboration with $130m in assets under management. With offices in Paris, London and San Francisco, HCVC invests in pre-seed and seed companies that leverage breakthrough technology to digitize, automate and decarbonize the world. For more information, please visit https://www.hcvc.co/

Media contact: Bilal Mahmood, Stockwood Strategy, Mob: +44 (0) 771 400 7257

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.”

Rising data privacy regulations underscores the need for such a capability, Boyle told me. And in the long run, the capacity to analyze our online behaviors in a much more inspired, respectful way could serve a much greater good than just fostering impulsive consumer purchases. For a full drill down, please view the accompanying videocast. Here are a few key takeaways:

Rising regulations

It’s not just the tech giants that have a strategic imperative to better understand user behaviors. Companies across all industries have long sought to better understand how consumers use their product and services; this guides their product improvements and can dictate future investments, often shaping the next big innovations.

Our smartphones, wearables, vehicles and buildings have come to be saturated with sensors that collect granular information about our daily activities and provide a wellspring of information about what we prefer and how we behave. However, this intensive ingestion of personal data points — in the absence of reasonable oversight — has triggered consumer anxiety, and rightly so.

This, in turn, has led to rising data privacy regulations. Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA,) for instance, are two significant pieces of legislation aimed at protecting consumer privacy in the digital age. Both regulations have profound implications for companies seeking to collect and apply aggregate statistical analysis to consumer data.

GDPR requires companies to establish a legal basis for data processing as well as ensure that the aggregation and anonymization methods protect individual identities. Meanwhile, CCPA focuses on ensuring that personal information isn’t sold without the consumer’s knowledge or against their will.

Partitioning user data

So now the rub is this: companies yearn to extract useful insights from user data, yet many have lost sight of the fact that it’s going to become much more expensive for them to possess granular tracking details, going forward. This has led NTT Research to seek a way to enable businesses to perform aggregate data analysis on consumer data — with privacy built in, Boyle says.

Privacy preserving aggregate statistics revolves around partitioning sensitive user data into pieces, which each on their own tells nothing about the original, but we can perform meaningful computations on the pieces, which can eventually be recombined. Boyle explained how a private telemetry system can be set up to split sensitive user data into two segments in such manner.

One segment retains broad, general information, useful for tracking usage patterns; the other segment converts the individual’s private details into a  random sequence of zeros and ones. As more data pours in from other users the former gets aggregated to give shape to emerging patterns, while the latter remains incomprehensible, ensuring that individual privacy remains sacrosanct.

Beyond meeting compliance, this approach can improve the bottom line, she says, by significantly reducing the cost associated with collecting and storing sensitive personal data. In addition to developing and getting in position to supply the technology, Boyle says.

“The goal is to develop solutions that allow us to only learn aggregate information, while never touching the data of individuals, in some sense, by taking private information and splitting it into pieces,” she says. “The tricky part is designing this splitting procedure so that you can actually compute on these pieces separately.”

A greater good

In a world that’s becoming increasingly cautious about data privacy, this new twist to data analysis could help businesses comply with privacy regulations and temper consumer anxiety. It could also provide a means for businesses to gain data-driven insights in a more efficient, respectful, way.

Boyle

Boyle pointed out how companies across all industries — healthcare, financial services, energy and consumer goods – could immediately leverage this new approach in way that would allow them to begin to extract much more useful insights from the data lakes of consumer data swelling somewhat randomly.

They’d be able to examine the steadily rising influx of consumer data at a summarized level and discover overall patterns and trends. NTT Research, for instance, has successfully tested advanced privacy-preserving computations on common benchmarking tools like histograms, mean vs. standard deviations, maximums vs. minimums, topmost common values and more.

That’s just a starting point. As the type of advanced cryptography moves into mainstream use, it has the potential to inspire innovators to leverage our digital footprints for more than just tweaking advertisements.

In one project, for instance, social scientists in Boston applied privacy-preserving computations to wages and benefits data for employees across several companies to determine whether there was a wage gap between males and females.

It’s not hard to imagine how privacy-preserving statistical analysis could help climatologists better understand energy usage patterns, or medical researchers track the spread of a disease.

“Being able to somehow combine this information and learn something globally across it can have tremendous power,” Boyle says. “It’s very exciting to be in a position where mathematical concepts like abstract algebra actually play a role in designing logical systems that help solve big problems.”

The transformation progresses. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

Customized decryption

ABE builds upon digital certificates and the Public Key Infrastructure (PKI) that underpins secure communications across the Internet. Traditionally, PKI issues a single key to decrypt a given digital asset, which is fine, if the correct person possesses the decryption key.

However, cybercriminals have perfected numerous ways to steal or subvert decryption keys. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

For instance, ABE can correlate specific company attributes to certain user attributes. It can differentiate departments, such as HR, accounting or the executive suite, as well as keep track of user roles, such as manager, clerk or subcontractor. It can then apply policies so that only users with the proper attributes can decrypt certain assets and only in very specific ways.

Alternatively, the digital asset itself — such as an image or even a video stream — can be assigned detailed attributes, with each attribute assigned a separate decryption key. A user can decrypt specific parts of an image or video stream, but only if he or she has the correct key enabling that particular access.

“ABE enables fine-grained access control and policy setting at the data layer, so you can actually blur faces or any text shown in the image,” Goto says. “You can still get useful information from the image, but if you don’t have the correct key, you won’t be able to decrypt certain attributes, such as a face or a license plate number.”

Versatile benefits

It’s taken a while to get here. ABE has undergone significant theoretical advancements since 2005. But it has only been in the past couple of years that proof-of-concept projects have gotten underway. Today, Goto says, ABE is fully ready to validate in real world deployments.

NTT is partnering with the University of Technology Sydney to introduce an ABE service that fits with existing IT infrastructure, including cloud computing, healthcare, IoT and secure data sharing. This comes after the partners have spent the past couple of years fine tuning an architectural design that’s compatible with existing IT systems, he says.

Wu observes that ABE’s fine-grained access control capability could enhance any of the major areas of digital services that exists today, while also being future-proofed. We should soon begin to see examples of ABE being implemented in virtual computing and cloud storage scenarios — to help ensure that decryption happens only when the correct combination of attributes presents itself.

And when it comes to cloud collaboration, ABE holds promise to help improve both security and operational efficiencies — in everything from rapid software development to global supply chains to remote work scenarios.

“Attribute-based encryption can be utilized to do a number of things,” Wu noted. “It’s an advanced way to partition sensitive data into different groups and then allow the user to access only what he or she needs to access; this can play a vital role in helping to avoid large-scale data breaches.”

With ABE, encryption happens once, while decryption attributes can be amended, as needed. This adds complexity and computational overhead. But those are solvable challenges. There’s a clear path forward for ABE to improve security and help preserve privacy. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry.

Related: The security role of semiconductors

Cutting against the grain, Flexxon, a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

Flexxon recently introduced its X-PHY SSD drive which now comes embedded in certain laptop models from Lenovo, ASUS and HP. This innovation derives from security-hardened AI-powered memory and storage drives Flexxon supplies that go into medical equipment and industrial machinery.

I had the chance to get briefed about all of this by Flexxon’s founder and CEO Camellia Chan. For a full drill down give the accompanying podcast a listen.

Guest expert: Camelia Chan, CEO, Flexxon

Instead of struggling to account for innumerable attack paths, X-PHY guards just one path; it keeps an eagle eye on the read-write activities at the memory storage level, Chan told me.

It instantly recognizes —  and blocks — any rogue read-write commands, such as those favored by ransomware purveyors and other malicious actors. The system operates in the background without the need for constant updates. It alerts users to anomalous activities and can shut down storage devices to safeguard data instantly, she says.

“Cyber security is actually missing intelligent, dynamic detection sitting at the physical layer,” Chan says. “X-PHY will act as a last line of defense against potential risk and help companies better safeguard their data.”

The transformation progresses. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the checkout pages.

As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart. However, they struggle to add new security layers due to restrictions on modifying their website code to avoid impacting website performance during the peak shopping season.

Reflectiz, a unique web security tool, ensures 100% readiness for Magecart attacks before and during the Holiday Season. This is made possible by Reflectiz’s external, non-intrusive solution, requiring no code implementation or IT resources. Your website(s) will be fully protected within days, and there will be no impact on your website performance whatsoever.

Reflectiz automatically detects third-party code changes, keylogging, and communication with malicious domains to prevent Magecart web-skimming attacks. It overcomes the most sophisticated malware obfuscation techniques, lets you track changes, prioritize issues, and implement alerts according to their severity level, empowering you to act before the damage is done.

Despite being so powerful, Reflectiz does not affect website performance. It has zero impact on your IT resources, and it does not require any installation on the client. It begins protecting your web assets within days, ensuring continuous monitoring of all crucial and sensitive web pages, not just checkout pages.

“Reflectiz understands the challenges faced by online retailers during this busy time of the year. In fact, in 2023, Reflectiz detected Magecart attacks on more than 150 websites, and the count is still rising. Our advanced technology enables the automatic detection of sophisticated threats throughout your entire online environment, all with quick and easy external implementation. You will be up and running within days” – Ysrael Gurt, Co-founder & CTO, Reflectiz

Sign up for our exclusive offer today, and get the ideal head start in the war on Magecart.

Media contact: Marketing Director, Daniel Sharabi, Reflectiz, daniel.s@reflectiz.co

The world of Identity and Access Management (IAM) is rapidly evolving.

Related: Stopping IAM threats

IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge.

At the RSAC Conference 2023, I sat down with Venkat Raghavan, founder and CEO of start-up Stack Identity. As Raghavan explained, the rapid growth of data and subsequent application development in the cloud has led to a sprawling array of identities and access points. This, he warned, has created a new problem: shadow access.

Shadow access refers to ungoverned and unauthorized access that arises due to the speed and automation of cloud deployment.For a drill down, please give the accompanying podcast a listen.

Guest expert: Venkat Raghavan, CEO, Stack Identity

Stack Identity’s solution quickly onboards a customer’s cloud accounts, methodically identifies potential pathways to data and comprehensively assesses risk. Once all human and non-human access points are identified, automated remediation kicks in to eliminate shadow access.

Notably, this process happens at runtime, watching access in real-time, and looking at how access is utilized, Raghavan told me.

“We have seen that in live customer environments that over 50 percent of identities are over-permissioned and should have access permissions revoked,” he says.”This represents a substantial risk for companies.”

This risk is material; just ask Capital One or LastPass. Here’s another example of directing ML and automation at shrinking the attack surface. Stack Identity emerged from stealth just last month with $4 million in seed funding. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)