A bit of a downer week – not much funding, layoffs, company shutdowns, AI snitches! – ESW #321
This week, in the news segment, we discuss the user-facing security trend, bad ideas in company naming/branding, and why you might not want to be on a list of the top 200 most secure companies. We also discuss the right way to treat employees when doing layoffs, and the future for companies that probably shouldn't have received funding before the market downturn. Finally, France uses AI to discover untaxed pools.
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Hosts
- 1. FUNDING: Blackpoint Cyber Secures $190 Million Growth Investment from Bain Capital Tech Opportunities and Accel
What? In this market?
- 2. FUNDING: Shift5 Raises $33M in Funding
- 3. FUNDING: Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
Probably competing with Push Security and Nudge Security.
- 4. ACQUISITIONS: Outpost24 Acquires External Attack Surface Management Provider Sweepatic to Reduce Risk Exposure of Internet-Facing Assets
- 5. NEW COMPANIES: Start Left™ Security: Application Security Posture Management (ASPM)
I think they announced some seed funding as well.
- 6. NEW COMPANIES: Company with ridiculous name, Private Tech, is launched.
Just try to Google "Private tech funding" and see what you get.
- 7. NEW FEATURES: Apple announces powerful new privacy and security features
There are many features here. The one that caught my eye though, was the sensitive content warning. Quote:
"Sensitive Content Warning helps adult users avoid seeing unwanted nude images and videos..."
I can read between those lines. FFS guys, this is why we can't have nice things.
- 8. NEW FEATURES: Valence Security brings AI to SaaS risk analysis and remediation – SiliconANGLE
My day job has added GenAI to our product! There are some very obvious places GenAI can make security easier, and one of them is assisting with remediation. Many security products have that moment where you need to open an extra tab (or 10) to research a finding. This is an attempt to use GenAI to save you that extra time and trouble.
- 9. LAYOFFS: A message from Expel’s co-founders
- 10. LAYOFFS: Dragos CEO’s Email to Employees on Layoff
- 11. SHUTDOWNS: Former Shin Bet director’s cyber startup Opora is shutting down
- 12. SHUTDOWNS: Company with ridiculous name, [redacted] shuts down
Was anyone aware they were open for business? Or just annoyed that they refused to reveal the name of the company?
- 13. HOT TAKES: Forbes just created a top 200 list of the most secure companies
What could go wrong?
- 14. HOT TAKES: The Price of Crypto
Last week, we had "RIP Metaverse", this week, it's crypto. This is a scathing book review, but it really reads as a scathing review of cryptocurrency and blockchain. H/T Kelly Shortridge for pointing us to this one.
- 15. REPORTS: List of Startups that Failed in 2023
This list is gonna grow.
- 16. REPORTS: Orange Cyber Defense Ransomware Ecosystem Map
- 17. REPORTS: Just 14% of CISOs possess desired traits for cybersecurity-expert board positions
Interesting report that's a collab between IANS and others. TL;DR - most of them ain't ready. This pairs nicely with the study we discussed a few weeks ago where 80%+ of boards said that they had plenty of cybersecurity expertise. Hmmm...
- 18. ESSAYS: Why your MTTR is Probably Bogus
- 19. ESSAYS: A startup ‘mass extinction event’ has begun. You can’t see it clearly yet, but it’s going to be bad.
- 20. AI ESSAYS: Why AI Will Save The World
This could be Marc Andreessen's next "software is eating the world" essay.
- 21. AI TOOLS: Meet “ZipPy”, a fast AI LLM text detector
- 22. AI USE CASES: Threat Modeling Example with ChatGPT
- 23. AI TOOLS: Introducing Google’s Secure AI Framework
- 24. RESEARCH: Can you trust ChatGPT’s package recommendations?
Some VERY cool thinking and researching here by the folks at Vulcan Cyber. TL;DR - if ChatGPT hallucinates package dependencies consistently, attackers can use that to their advantages by making these hallucinations a reality and getting people to run their malicious code!
- 25. AI SQUIRREL: French tax officials use AI to spot 20,000 undeclared pools
