Cybersecurity has too many distractions and can the White House fix BGP? – ESW #375
- Cribl, Zafran, and US states raise funding
- Cisco, Check Point, Salesforce, and Absolute Software acquire cybersecurity startups
- AI Security products are picking up steam
- You probably shouldn’t be too worried about Yubikey cloning
- Instead, you should be more worried about malicious npm packages!
- The White House wants to fix BGP
- SolarWinds has shady stuff in its source code, AGAIN
- The challenge of bringing security to small business
- Scams are getting quicker and more effective
- how not to run a phishing test
- and AI assistants rickroll paying customers!
Adrian Sanabria
- FUNDINGS: Cribl, Zafran, and US States (wut?) raise funding
- ACQUISITIONS: Cisco/Robust Intelligence, Check Point/Cyberint, Salesforce/Own, Absolute/Syxsense
This week's acquisitions:
- Mastercard just spent $2.65 billion to beef up security
- Fortifying the future of Security for AI: Cisco Announces intent to acquire Robust Intelligence
- Check Point Software to Acquire Cyberint to Transform Security Operations and Expand Managed Threat Intelligence Solutions
- Salesforce Signs Definitive Agreement to Acquire Own Company
- Absolute Security to Acquire Syxsense
- NEW PRODUCTS: Prompt Security helps organizations monitor data shared with Microsoft 365 Copilot – Help Net Security
- NEW PRODUCTS: Wiz moves into securing CI/CD pipelines
As mentioned by Tyler on the show
- ATTACKS: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low. Roche said that two-factor-authentication and one-time password functionalities aren't affected: because they don't use the vulnerable part of the library.
- ATTACKS: Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
- INTERNET WORLD POLICE: White House publishes roadmap to secure internet routing
- VULNS: SolarWinds left hardcoded credentials in helpdesk product
- REPORTS: TL;DR: Every AI Talk from BSidesLV, Black Hat, and DEF CON 2024
- ESSAYS: Lifting the world out of the cybersecurity poverty
As Darwin mentioned during the podcast - Bitdefender's Security for Content Creators
- TRENDS: Online scam cycles are getting shorter and more effective, Chainalysis finds
- WHOOPSIES: Uni phishing test based on fake Ebola scare prompts apology
- SQUIRREL: Lindy, a commercial AI assistant, rickrolls its customers
Oktane 2024 and the Current State of Identity Security – Harish Peri – ESW #375
Harish Peri is the Senior Vice President of Product Marketing at Okta, where he is responsible for messaging, product positioning, launches and helping evangelize Okta to the industry. He has over 20 years of experience leading teams and organizations across various industries and functions ranging from engineering to product management.
Cybersecurity at the speed of Formula One – Darren Guccione, Harry Wilson – ESW #375
- Keeper Press Release on the Partnership
- Williams Press Release on the Partnership
- Some more details from Keeper on why they chose to sponsor automotive racing
Darren Guccione is the co-founder and CEO of Keeper Security, a leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software designed to protect passwords, passkeys, secrets, connections and privileged access.
Harry is the Head of Information Security at Williams Grand Prix Engineering. He is responsible for the design, build and operation of the cybersecurity programme covering the Williams Formula 1 and E-sports teams as well as the Williams heritage department and e-commerce platform.
Before joining Williams, Harry was the Group IT Director at a global retail and manufacturing company.















