Cybersecurity has too many distractions and can the White House fix BGP? – ESW #375
This week, in the enterprise security news,
- Cribl, Zafran, and US states raise funding
- Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups
- AI Security products are picking up steam
- You probably shouldn’t be too worried about Yubikey cloning
- Instead, you should be more worried about malicious npm packages!
- The White House wants to fix BGP
- SolarWinds has shady stuff in its source code, AGAIN
- The challenge of bringing security to small business
- Scams are getting quicker and more effective
- how not to run a phishing test
- and AI assistants rickroll paying customers!
Hosts
Adrian Sanabria
Principal Researcher at The Defenders Initiative
- 1. FUNDINGS: Cribl, Zafran, and US States (wut?) raise funding
- 2. ACQUISITIONS: Cisco/Robust Intelligence, Check Point/Cyberint, Salesforce/Own, Absolute/Syxsense
This week's acquisitions:
- Mastercard just spent $2.65 billion to beef up security
- Fortifying the future of Security for AI: Cisco Announces intent to acquire Robust Intelligence
- Check Point Software to Acquire Cyberint to Transform Security Operations and Expand Managed Threat Intelligence Solutions
- Salesforce Signs Definitive Agreement to Acquire Own Company
- Absolute Security to Acquire Syxsense
- 3. NEW PRODUCTS: Prompt Security helps organizations monitor data shared with Microsoft 365 Copilot – Help Net Security
- 4. NEW PRODUCTS: Wiz moves into securing CI/CD pipelines
As mentioned by Tyler on the show
- 5. ATTACKS: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low. Roche said that two-factor-authentication and one-time password functionalities aren't affected: because they don't use the vulnerable part of the library.
- 6. ATTACKS: Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
- 7. INTERNET WORLD POLICE: White House publishes roadmap to secure internet routing
- 8. VULNS: SolarWinds left hardcoded credentials in helpdesk product
- 9. REPORTS: TL;DR: Every AI Talk from BSidesLV, Black Hat, and DEF CON 2024
- 10. ESSAYS: Lifting the world out of the cybersecurity poverty
As Darwin mentioned during the podcast - Bitdefender's Security for Content Creators
- 11. TRENDS: Online scam cycles are getting shorter and more effective, Chainalysis finds
- 12. WHOOPSIES: Uni phishing test based on fake Ebola scare prompts apology
- 13. SQUIRREL: Lindy, a commercial AI assistant, rickrolls its customers
Tyler Shields
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures
