Enterprise Security WeeklySubscribe
Vulnerability Management, Malware, Supply chain

AI Can’t Stop, Won’t Stop; Early Stage Funding is Strong; YouTubers Hacked – ESW #311

In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, concerns, and predictions.

Full episode and show notes

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: LeapXpert Secures a $22 Million Series A+ to Meet Growing Demand for Its Communications Platform

    $22M Series A, but NOT a new company, as LeapXpert's savvy marketing team corrected me on Twitter earlier this week.

  2. 2. FUNDING: Britive Receives $20.5M Series B Funding to Support Surging Customer Growth

  3. 3. FUNDING: Clerk raises $15m Series A led by Madrona

  4. 4. FUNDING: Spera raises $10M for its identity security posture management platform

  5. 5. FUNDING: Security Industry Veterans Launch Oleria Out of Stealth Mode with $8M Seed Funding

    Guess the category! Identity-related? SSPM? ISPM? Very tricky to tell, and that might be intentional at this stage of the company's journey. Funded by Salesforce, who is also backing AppOmni, so seems unlikely they'd back two competitors simultaneously, right?

  6. 6. FUNDING: Backslash Security Emerges from Stealth to Fuse Code Security with Cloud-Native Context, Transforming a Decades-Long AppSec Paradigm

  7. 7. FUNDING: Private key infrastructure for crypto developers

  8. 8. FUNDING: Cerberus Cyber Sentinel Raises $5M Via Private Debt Offering, Discloses Preliminary Q4 Results – Cerberus Cyber Sentinel (NASDAQ:CISO)

  9. 9. ACQUISITIONS: Cisco acquiring Israeli startup Lightspin for $200-250 million

  10. 10. ACQUISITIONS: XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud workloads to Extend CNAPP Capabilities

    Back in January 2022, retail giant Schwarz Group acquired XM Cyber. An odd acquisition to be sure - we talked about it way back on episode 256. Then, just seven months later, XM Cyber picks up CSPM Cyber Observer.

    Now, XM Cyber is acquiring Confluera, which will add run-time security to their stack. Building a bit of a PRISM competitor here?

  11. 11. ACQUISITIONS: Mastercard Acquires Baffin Bay Networks – FinSMEs

  12. 12. BREACHES: How YouTubers are Getting Hacked by ThioJoe

    A common attack against huge YouTube channels: 1. Steal YouTube tokens using cred stealer phishing/malware 2. Revamp account to add pump & dump crypto scams 3. Profit before account owners can wrest control of their channel back

    Many of these YouTube accounts are basically startups with 7-8 digit revenue, but entirely built on YouTube, perhaps also growing into online training and merchandise sales. What's novel about this is that the entire breach works of the back of stealing a single oauth token. There's probably some work Google can do here to tighten up security. Changing MFA and the name of the channel don't require additional authentication, or even reauthentication? Come on...

  13. 13. WHOOPSIES: BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained

  14. 14. RECOVERIES: Silicon Valley Bank has a new owner. What it means for the bank crisis

  15. 15. ANNOUNCEMENTS: World Backup Day – March 31

  16. 16. ANNOUNCEMENTS: Valence resources: Valence Security is an Innovation Sandbox Finalist

    Blatant ad for my employer here. I've been a HUGE fan of Innovation Sandbox ever since I discovered it, and I'm so, so tickled that the company I'm working for is a finalist!

  17. 17. ATTACKS: AI Prompt Injection by Br⍼d Skᔱggs on Twitter

    This is absolutely brilliant. Someone realized recruiters would probably start using AI to automatically send IN messages on LinkedIN, so he created a clever trap. It worked!

  18. 18. AI TRENDS: Pause Giant AI Experiments: An Open Letter – Future of Life Institute

  19. 19. AI TRENDS: AI is Evolving Faster Than You Think by ColdFusion

    If you haven't had a chance to catch up on what's going on with the last 1-2 years of AI development (particularly large language models), this is a 25 minute YouTube video that will get you largely caught up.

  20. 20. AI TRENDS: Sparks of Artificial General Intelligence: Early experiments with GPT-4

  21. 21. AI TRENDS: GPT-4 is able to infer authorship from a passage of text based on style and content alone

    Will this lead to tools that change your writing to help anonymize it?

  22. 22. TRENDS: Companies are moving forward with zero trust, but still report challenges

  23. 23. TRENDS: Publicly traded companies aren’t moving to add cyber experts to their boards

  24. 24. TRENDS: CISOs Emerge From CIOs’ Shadow

  25. 25. TRENDS: Frankly Speaking – The rise of the technical security leader

Deputy CISO at JupiterOne
Product Marketer and Content Strategist at OX Security

Related

Fortinet, Palo Alto, VMWare – PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...