Rockyou2024 is a scam, Google has a whoopsie, and AI is giving folks indigestion – ESW #367
In this week's enterprise security news,
- Seed rounds are getting huge
- Lots of funding for niche security vendors
- Rapid7 acquires Noetic Cyber
- but Rapid7 is also rumored to sell itself!
- Slack battles infostealers
- The loss of Chevron deference impacts cyber
- Should cybersecurity put up a no vacancy sign?
- Figma and Google both make some embarrassing mistakes
- The RockYou2024 file does NOT contain 10 billion passwords
- I introduce a new news category: AI indegestion
All that and more, on this episode of Enterprise Security Weekly!
Announcements
You're invited to InfoSec World 2024 at Disney’s Coronado Springs Resort in Lake Buena Vista, FL, from September 23-25. Join top cybersecurity experts for this premier event! Save 25% on your pass by using code ISW24-SW25 when you register at securityweekly.com/infosecworld2024. Don’t miss out on this exclusive opportunity!
Hosts
- 1. FUNDING: AI startup Abnormal Security is set to be valued at $5 billion in new funding round, sources say
- 2. FUNDING: Portswigger – Investing to deliver more
- 3. FUNDING: Cider Security founder nets $28M in Seed funding for stealth cyber startup
Holy crap, that's a big seed round!
- 4. FUNDING: Command Zero Emerges from Stealth with $21 Million in Funding to Resolve the Most Significant Bottleneck in Security Operations
- 5. FUNDING: Cytactic Raises $16 Million Seed Funding Round Led by Evolution Equity Partners to Help Companies Prepare and Respond to a Cyber Crisis
- 6. FUNDING: Cybersecurity innovator Tracebit lands $5m to enhance cloud security deception
- 7. FUNDING: Security, Funded #150 – Triple The Fun(d)
The Security, Funded newsletter is one of my primary sources for funding news and you should subscribe if you're interested in cybersecurity startups, funding, or M&A!
But the reason I'm linking to it this week is to point out some oddities in the funding: why is everything is so weirdly niche???
- A data protection platform for Salesforce applications
- A data protection platform for S3 buckets
- Smart contract protection
- a mobile threat hunting platform
- a confidential computing platform
- a quantum-resistant encryption key distribution platform (how many of these do we need???)
- 8. ACQUISITIONS: Rapid7 Agrees to Acquire Cyber Asset Attack Surface Management Company, Noetic Cyber, to Give Customers More Comprehensive Visibility of Their Attack Surface
- 9. ACQUISITION RUMORS: Rapid7 looking for a buyer
- 10. NEW FEATURES: Catching Compromised Cookies – Slack Engineering
This is a HUGE step forward in preventing infostealer malware from causing more breaches.
- 11. STARTUPS: Rubén D. on LinkedIn: How to get to Product Market Fit
- 12. REGULATIONS: US Supreme Court ruling will likely cause cyber regulation chaos
And it's not just cyber that has been thrown into chaos here - throwing out Chevron deference could fundamentally change how legal cases are tried. Don't like the decision you got in Massachusetts? Find a way to retry the case in Texas, with a judge that interprets the law differently!
If you want to learn more about Chevron deference and why it's bad that it's gone, check out this video: https://www.youtube.com/watch?v=xoJZu_EaDeM
- 13. ESSAYS: “DR” Word Soup: A Long and Winding Road
- 14. WHOOPSIE: Figma Disables AI App Design Tool After It Copied Apple’s Weather App
I used to get annoyed when people referred to GenAI tools as "plagiarism generators", but they might have a point.
- 15. WHOOPSIE: Alexandre Sieira on LinkedIn: #2fa #saas #security
Google notified its Workspace customers that they would enable 2-step Verification (2SV) for all Workspace admin accounts. When this happened, the folks at Tenchi, whose product monitors security configurations in cloud and SaaS apps like Google Workspace, were surprised to find that 2FA was no longer being enforced for their admin accounts.
Isn't that kinda the opposite of what Google intended?
They contacted Google and found that this was indeed what happened, and was definitely not intended. Google Workspace admins everywhere, consider buying Tenchi's engineers a beer or two if you run into them IRL!
- 16. DUMPSTER FIRE: Rockyou2024 analysis: Mega password list or just noise?
We all saw roughly 100 headlines and social media posts breathlessly saying "10 BILLION PASSWORDS LEAKED", but it isn't true.
It is true that
wc -lwill reveal that this 146GB text file has nearly 10 billion rows, but most of it is garbage. I shared some of my own analysis of it, but this post from SpecOps is much more comprehensive. - 17. AI INDEGESTION: Vera kicks OpenAI to the curb
"Like so many in our field, v1 of the Vera platform made use of OpenAI’s GPT-series models as a part of our GenAI pipeline. As of last week, we’ve fully transitioned to open source models. Read on to find out why, and here’s a hint: it has nothing to do with ethics."
- 18. AI INDEGESTION: Gen AI: too much spend, too little benefit?
Goldman Sachs put together a whole report on how enterprise GenAI adoption is going (hint: not great)
- 19. AI INDEGESTION: Perplexity Is a Bullshit Machine
- 20. REPORTS: GitHub – jacobdjwilson/awesome-annual-security-reports: A curated list of annual cyber security reports
- 21. SQUIRREL: MOFT Snap Flow: Think, Create Anywhere
- 22. ESSAYS: Cybersecurity is full!
TL;DR - the talent shortage isn't what most people make it out to be.
