Tons o’ funding, Black Hat Edition! Acquisitions! Remove your Google results! – ESW #327
This week, we discuss Kubernetes attacks and CPU attacks. We also have a better idea of what valuation losses might be for security startups, thanks to the Check Point/Perimeter 81 acquisition. MITRE releases, ATLAS, an ATT&CK-style framework for machine learning models. Bloodhound's new rearchitected Community Edition is out, and Las Vegas's Sphere hasn't been hacked... yet.
Announcements
Security Weekly listeners: Now is your chance to join the infosec community as they come together at InfoSec World 2023, September 23 – 28, 2023 at Disney's Coronado Spring Resort in Lake Buena Vista, FL. Hear keynotes from Scott Shapiro, Founding Director at Yale CyberSecurity Lab’s and Rachel Wilson, Managing Director and Head of Cybersecurity at Morgan Stanley.
As a Security Weekly community member, you’re able to receive 20% off your InfoSec World 2023 tickets using code ISW23-SECWEEK20! Register today: securityweekly.com/infosecworld2023
Hosts
- 1. FUNDING: Nile Raises $175M Series C Funding to Propel Its Vision to Redefine Enterprise Networks
This is a little outside our normal coverage, but it's an important market trend. Old school networks are finally starting to fade a bit. NaaS (network as a service) gets $175M in funding, while Fortinet stock got hammered. While I don't think stock performance is remotely connected to actual market trends in any reliable way, it's a reminder that the sellers of physical and virtual firewalls and switches must prepare for the software-defined end times.
It will be a tricky balancing act to fully fund the latest SASE/SSE trends, while also still supporting sales of more traditional technologies. Fortinet has a lot of SMB/SME customers that have little to no need for SSE/SASE in its current enterprise-focused and bundled form.
- 2. FUNDING: Cyber Insurer Resilience Secures $100 Million in Funding
- 3. FUNDING: Endor Labs raises $70M in series A funding to reform application security
- 4. FUNDING: Horizon3.ai Raises $40M Series C to Confront Attackers with Proactive, Continuous Security Testing
- 5. FUNDING: Cyble Secures $24M in Series B Funding to Further Advance its AI-Powered Threat Intelligence Solutions
- 6. FUNDING: Converge Insurance Announces $15 Million Series A Funding from Forgepoint Capital
- 7. FUNDING: Silk raises $12.5m in seed funding, launches from stealth
- 8. FUNDING: Tromzo Raises $8M to Bring Deep Environmental Context to Application Security Posture Management
- 9. FUNDING: Abbey Labs Secures $5.25 Million Seed Round led by Point72 Ventures to Automate Access Management
- 10. FUNDING: Hushmesh Raises $5.2M to Fix the Web’s Foundational Security Flaws
- 11. FUNDING: Tenzir Concludes Final Closing of €3 Million Seed Financing Round with G+D Ventures and eCAPITAL to Accelerate Market Expansion
- 12. FUNDING: Jericho Security secures $3M to counter AI-powered phishing attacks – SiliconANGLE
- 13. ACQUISITIONS: Rubrik acquires Laminar to expand in data security across public clouds
- 14. ACQUISITIONS: We Hack Purple Joins Forces with Semgrep!
- 15. ACQUISITIONS: Dynatrace acquires cloud-native debugging platform Rookout
- 16. ACQUISITIONS: Check Point buys Perimeter 81 for $490M to enhance its security tools for hybrid and remote workers
- 17. ATTACKS: Researchers find active campaigns exploiting two Kubernetes misconfigurations
- 18. VULNERABILITIES: New Downfall attacks on Intel CPUs steal encryption keys, data
Similar to Meltdown/Spectre, this vulnerability requires the ability to execute code locally, so shouldn't be a huge priority for most folks, but anyone running multi-tenant services within physical computing boundaries should be taking a close look at this one to see how they might be impacted.
- 19. FRAMEWORKS: MITRE ATLAS
MITRE ATT&CK, but for AI/ML attacks
- 20. TOOLS: BloodHound Community Edition: A New Era
- 21. TOOLS: Daniel Miessler – Google tool to manage search results about YOU
"Google has a new feature that lets you view, and remove, results about you on Google." https://myactivity.google.com/results-about-you?pli=1
- 22. TOOLS: GitHub – utkusen/promptmap: automatically tests prompt injection attacks on ChatGPT instances
- 23. SQUIRREL: Las Vegas Spherewatch results!
"They turned it off. Smart"
