Uber breaches, security awareness saturation, cybercrime P&L, sad acquisitions and AI – ESW #319
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos. What's even real anymore? We might not be able to tell for long...
Announcements
Our teams from Security Weekly and SC Media were onsite at RSA Conference 2023 delivering in-depth reporting, analysis and interviews from the conference. If you were unable to join us in person, or didn't manage to catch our video livestream from Broadcast Alley, you can access all of our RSAC 2023 coverage at https://securityweekly.com/rsac.
Hosts
- 1. FUNDING: Kubernetes and sigstore founders raise $17.5M to launch software supply chain startup Stacklok
- 2. FUNDING: Exclusive: Manifest Cyber raises $6M, unveils new government contracts
- 3. FUNDING: SpiderOak Secures Investment from Accenture, Raytheon Technologies & Stellar Ventures
- 4. FUNDING: Visibility-First Zero Trust Networking Platform Lumeus.ai Launches With $6M Seed
Really not seeing how they're working AI/ML into this...
- 5. FUNDING: Entro raises $6M for its end-to-end secrets security solution
- 6. FUNDING: Cork Raises $6M in Seed Funding
- 7. FUNDING: Lakeland cyber startup closes $5.5M in oversubscribed round
An oversubscribed round for security awareness training? Either there's something unique here, or I'm missing something. Kinda late to be bringing security awareness to the market now.
- 8. FUNDING: CISO Global Inc. Announces Pricing of $4.0 Million Registered Direct Offering
- 9. ACQUISITIONS: Data443 Expands Its Global Customer, Technology Base with Transformative Acquisition of Select Israel-based Cyren Ltd. Assets
Threat intel assets only - we talked about Cyren going under earlier this year. Good news is that they were able to sell off some of their assets. Bad news is that the assets were only worth $3.5M.
- 10. ACQUISITIONS: Curity Secures Investment to Scale Growth in API-Driven Identity Management
Article describes it as an "investment" from a PE firm, but Mike Privette describes it as an acquisition.
- 11. ACQUISITIONS: Amsterdam’s EclecticIQ sells its agent software and engineering assets to US-based ReliaQuest
Talent and assets acquisition
- 12. TRENDS: Ransomware resurgence after ‘strange year’ in 2022, insurance data shows
- 13. TRENDS: Concerns around the new .zip gTLD, from @_sn0ww
I’ve seen a lot of concern around the new .zip gTLD.
Let’s look a little deeper into what this means, from my (attacker) perspective.
- 14. AI TRENDS: Drag Your GAN: Interactive Point-based Manipulation on the Generative Image Manifold
- 15. STANDARDS: Equifax Controls Framework
Did we really need another standards framework?
- 16. STANDARDS: OWASP Top 10 for Large Language Model Applications
- 17. ESSAY: Understanding the RSA Conference iceberg: revealing the unknown truths and explaining the well-known concepts
- 18. ESSAY: The AI Attack Surface Map v1.0
- 19. CYBERCRIME: Suspicion stalks Genesis Market’s competitors following FBI takedown
Is VAPEMASTER3000 really a fellow cybercriminal, or is he an FBI mole? #BadGuyProblems
- 20. BREACHES: Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
- 21. BREACHES: Uber Data Breaches: Full Timeline Through 2023
- 22. SQUIRREL: Montana governor bans TikTok
- 23. SQUIRREL: AN ACT BANNING TIKTOK IN MONTANA
I'm quoting directly from the law here: WHEREAS, TikTok fails to remove, and may even promote, dangerous content that directs minors to engage in dangerous activities, including but not limited to:
- throwing objects at moving automobiles
- taking excessive amounts of medication
- lighting a mirror on fire and then attempting to extinguish it using only one's body parts
- inducing unconsciousness through oxygen deprivation
- cooking chicken in NyQuil
- pouring hot wax on a user's face
- attempting to break an unsuspecting passerby's skull by tripping him or her into landing face first into a hard surface
- placing metal objects in electrical outlets
- swerving cars at high rates of speed
- smearing human feces on toddlers
- licking doorknobs and toilet seats to place oneself at risk of contracting coronavirus
- attempting to climb stacks of milk crates
- shooting passersby with air rifles
- loosening lug nuts on vehicles
- stealing utilities from public places
