Atsign announced that NoPorts fundamentally changes how private websites are secured. Built on Atsign’s atPlatform, NoPorts provides a zero trust architecture, end-to-end encryption, and no reliance on cumbersome security layers, enabling seamless and secure communication across virtually any environment. Unlike current systems where the web entry point is visible to anyone on the internet, NoPorts makes the entire website invisible until a person is cryptographically authenticated. This eliminates a significant attack vector, ensuring only authorized individuals can access the site. “Current ‘private’ websites are fundamentally flawed. They are easily discovered by bad actors thanks to open ports and allow connections prior to authentication, enabling a variety of attacks. NoPorts flips that model, by closing all inbound network ports and demanding cryptographic proof of identity before any connection, ensuring true invisibility and security,” said Barbara Tallent, CEO of Atsign. NoPorts enhances security through: Invisibility, Cryptographic Identity Verification and End-to-End Encryption This approach strengthens security without adding complexity for authorized individuals. NoPorts simplifies security management and reduces IT overhead while providing robust protection against cyber threats.
ReliaQuest’s integrates agentic AI to speed up investigations 20x, improve accuracy by 30%, and contain threats in under five minutes
Security operations company ReliaQuest specializes in enhancing enterprise security operations. The company has as its mission to “make security possible” by providing organizations with increased visibility and the ability to confidently automate across the security lifecycle. ReliaQuest’s main product, GreyMatter integrates with more than 200 different cybersecurity and enterprise tools to deliver threat detection, investigation and response across complex information technology environments. The platform allows security teams to detect, contain, investigate and respond to cyberthreats across a variety of solutions within minutes, all while eliminating the most mundane work and delivering more value from existing investments. The agentic AI models in GreyMatter can operate and learn autonomously, addressing security challenges by automating security processes and significantly reducing the time to contain threats. ReliaQuest claims that using GreyMatter’s automation and AI capabilities, customers can perform investigations 20 times faster and with 30% greater accuracy than traditional methods, containing threats within less than five minutes and allowing security teams to focus on higher-level business needs rather than mundane tasks.
Burp AI enhances human-led security testing for web application and API security; automatically validates scanner vulnerabilities, creating proof-of-concept exploits to prioritize security issues
PortSwigger, a renowned application security software provider, announced the launch of Burp AI, the inaugural AI-powered version of Burp Suite Professional. By harnessing artificial intelligence, Burp AI enhances human-led security testing, setting a new benchmark for web application and API security. Burp Suite Professional is the industry’s gold standard toolkit for AppSec professionals and bug bounty hunters. Operating within PortSwigger’s trusted ecosystem, Burp AI guarantees that no data is retained or used for model training based on user inputs. This AI assistance is both transparent and on-demand, giving users the autonomy to decide how and when to utilize its features. By embedding AI into Burp Suite, security professionals can work smarter and faster while maintaining full control. AI-Powered Burp AI introduces cutting-edge features that accelerate testing, eliminate inefficiencies, and help security teams uncover deeper vulnerabilities: Instant AI Insights: Understand unfamiliar web technologies instantly with AI-powered explanations in Burp Repeater. Whether looking up obscure HTTP headers and cookies, or trying to decipher client-side JavaScript, Burp AI boosts efficiency by reducing manual research and context switching. Automated Issue Validation: Burp AI analyzes scanner-identified vulnerabilities with the precision of a seasoned pentester, developing proof-of-concept exploits that demonstrate impact. It also seeks ways to leverage the bug to disclose sensitive information or additional attack surface. This automation helps prioritize critical findings, reducing the risk of overlooking vital security issues. Smarter False Positive Reduction: Starting with Broken Access Control, Burp AI enhances Burp Scanner’s accuracy, significantly reducing false positives for one of the most challenging vulnerability classes to test autonomously. AI-Driven Authentication Handling: AI-generated login sequences streamline authenticated scans, improving accuracy and eliminating the hassle of manual login recording. AI-Powered Customization: Users can now integrate AI into Burp Suite extensions with minimal effort using the Montoya API, ensuring secure data handling and expanding automation capabilities.
Hold laws that allow banks to delay disbursements or hold transactions are helping stop elder financial abuse by reducing risks of intervention
A survey the American Bankers Association found that, among banks that operate in states with hold laws, half (50%) actually use the law to protect their customers, often less than once a month. Among banks that don’t operate under a hold law, a vast majority (86%) said they would find it beneficial to have one in place. The surveyed banks represented 71% of the industry’s total number of deposit accounts. A slight majority of the banks in the survey (54%) operate in a state with a hold law. Most banks surveyed (53.2%) had less than $1 billion in assets, and a large majority (63%) said they serve a local market rather than a state, a region, the whole nation or the online market. Overwhelmingly, a vast majority (94%) of banks in the survey — regardless of whether they operate in a state with a hold law — said they reported instances of suspected elder financial exploitation to adult protective services. A similar number (92%) reported suspected instances to law enforcement. In states like California, where no hold law or liability protection exists, there are risks involved in attempting to intervene, according to Laurel Sykes, executive vice president and chief risk officer at American Riviera Bank. However, these laws have tremendous upside for potential victims. In one anecdote included in the ABA’s report on the survey results, an employee at First Seacoast Bank said New Hampshire’s hold law helped the bank save a client from losing $30,000 and has been instrumental to preventing other losses.There were 42 banks in the survey that reported using the hold law that their state has in place. Among these 42, more than half (52%) said they wanted the ability to hold transactions for a longer period of time than what the law allows. Nearly half (48%) said they would prefer to have 30 days or longer.
Google Workspace enables end-to-end encrypted (E2EE) emails to any in-box using customer-controlled encryption keys, eliminating complex certificate management
Johney Burke, a senior product manager, Julien Duplant, a product manager, both with Google Workplace, have confirmed that the organization have invented an entirely new type of encryption to “enable enterprise users to send E2EE messages to any user on any email inbox with just a few clicks.” “We’re rolling this out in a phased approach, with the ability to send E2EE emails to Gmail users in your own organization,” Google said. “In the coming weeks, users will be able to send E2EE emails to any Gmail inbox, and, later this year, to any email inbox.” The encryption model claims to entirely remove any need for complex certificate requirements or administration, and enable the sending of fully encrypted messages to any user on any email platform with no overhead on either side. “The emails are protected using encryption keys controlled by the customer and not available to Google servers,” Burke and Duplant said, “providing enhanced data privacy and security.” If the recipient is a Gmail user, then Gmail will send the E2EE encrypted email which is then automatically decrypted in the recipient’s inbox. If the recipient isn’t a Gmail user, then they get an invite to view within a restricted version of Gmail as a Google Workspace guest account to interact with the email. The new E2EE bubble functionality, powered by the client-side encryption technical control in Google Workspace, adds an extra layer of protection to your communications.
Highnote’s new acquiring business will be using Feedzai’s AI-native fraud prevention and merchant monitoring; consolidating pre- and post-authorization processes under one system
Feedzai announced a partnership with Highnote to support the launch of Highnote’s new acquiring business line. By leveraging Feedzai’s AI-native, real-time fraud prevention and merchant monitoring platform, Highnote was able to swiftly bring its acquiring solution to market while meeting stringent regulatory requirements. Highnote’s acquiring business enables enterprises to seamlessly and securely process transactions by integrating comprehensive fraud detection with robust merchant monitoring capabilities. To achieve this, Highnote tapped into Feedzai’s agile platform, gaining access to real-time data insights. The partnership also streamlines Highnote’s vendor footprint, consolidating pre- and post-authorization processes under one system. “By unifying pre- and post-authorization processes, we’re delivering a seamless flow of richer data and context that powers Feedzai’s leading edge AI models, as validated by Highnote’s technical team. This innovation not only streamlines risk management but also accelerates growth in the digital economy,” said Pedro Barata, Chief Product Officer at Feedzai. Key Benefits of the Partnership: Real-Time Fraud Detection, Merchant Monitoring, Regulatory Compliance, Simplified Operations, Rapid Implementation.
Atsign’s new website security model closes all inbound network ports and demands cryptographic proof of identity before any connection, ensuring true invisibility and security
Atsign announced that NoPorts fundamentally changes how private websites are secured. Built on Atsign’s atPlatform, NoPorts provides a zero trust architecture, end-to-end encryption, and no reliance on cumbersome security layers, enabling seamless and secure communication across virtually any environment. Unlike current systems where the web entry point is visible to anyone on the internet, NoPorts makes the entire website invisible until a person is cryptographically authenticated. This eliminates a significant attack vector, ensuring only authorized individuals can access the site. “Current ‘private’ websites are fundamentally flawed. They are easily discovered by bad actors thanks to open ports and allow connections prior to authentication, enabling a variety of attacks. NoPorts flips that model, by closing all inbound network ports and demanding cryptographic proof of identity before any connection, ensuring true invisibility and security,” said Barbara Tallent, CEO of Atsign. NoPorts enhances security through: Invisibility, Cryptographic Identity Verification and End-to-End Encryption This approach strengthens security without adding complexity for authorized individuals. NoPorts simplifies security management and reduces IT overhead while providing robust protection against cyber threats.