CISO Avoids Jail, Shares Rise, Steganography, & DEF CON On Large Language Models – ESW #317
In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won’t go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security’s eternal prioritization problem!
Announcements
Our teams from Security Weekly and SC Media were onsite at RSA Conference 2023 delivering in-depth reporting, analysis and interviews from the conference. If you were unable to join us in person, or didn't manage to catch our video livestream from Broadcast Alley, you can access all of our RSAC 2023 coverage at https://securityweekly.com/rsac.
Hosts
- 1. FUNDING: Sourcepass Announces $135 MM in Total Funding and Their 7th Acquisition, Proxios
Misleading title - $65M of funding raised, but they shared the total instead. Previous round was $70M, so we're not calling this a Series B or a down round - they're both just "venture rounds".
- 2. FUNDING: BioCatch, the Leading Online Fraud Detection Platform, Welcomes Permira Growth Opportunities as a Significant Shareholder
$40M in secondary market funding for a minority stake
- 3. FUNDING: Token raises $30M to fuel growth and development of biometric authentication wearable
They make a wearable authentication device called a "Token Ring".
Yes, they're very clever. Funny name. Do physical auth tokens really make sense when we all carry a phone, a face, and a fingerprint though? How many 2nd, 3rd, 4th, and 5th factors do we really need?
- 4. FUNDING: HUB Security Raises Up to $16 Million in Growth Investment from The Lind Partners
- 5. ACQUISITIONS: Databricks acquires AI-centric data governance platform Okera
- 6. MARKET TRENDS: CrowdStrike, Fortinet shares rise in broad security tech rally
- 7. NEW FEATURES: Google rolls out passkey support across accounts on all major platforms
Shortly after Apple announces support for passkeys, Google announces it as well. Everyone seems to be beating Google to the punch these days, huh?
- 8. LEGAL: Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says
Does this set a precedent? It took a while, but it looks like the whole "act of war" interpretation has been finally decided. For Merck, at least.
- 9. LEGAL: Ex-Uber security executive gets probation, no jail time for concealing 2016 data breach
A few years probation and 200 hours community service. A lot of CISOs will be relieved, but was it the right result? Were prosecutors overzealous or out-of-line?
- 10. TRENDS: Could Bartenders Close the Growing Tech Skills Gap in Cybersecurity?
TL;DR - maybe we're hiring from the wrong labor pools, or need to realize that all of security's labor needs need not match a single stereotype. It's almost like diversity is a good thing, huh?
- 11. TRENDS: Cybersecurity goes undercover to protect electric grid data
Is it just me, or is it weird they never use the term steganography when describing this? That's what this is, no?
- 12. AI TRENDS: DEF CON to set thousands of hackers loose on LLMs
LLMs are already so accessible, I'm curious if we'll see anything notable coming out of this. It makes more sense to set up these events for things that are more difficult to get access to, like voting machines.
- 13. AI TRENDS: No Business Plan? No Problem. ChatGPT Spawns an Investor Gold Rush in AI
AI Gold Rush. HUGE if true ;)
"No business plan required" <-- it's almost like we didn't learn from the cryptocurrency/blockchain rush...
- 14. AI TOOLS: EVA AI-Relational Database System
The complexity sidestepped here is breathtaking. The AI model simply makes a determination on the video data it's seeing and a simple SQL statement selects from it. Super powerful, and scary, given that we know the ML models reviewing video data are far from perfect.
- 15. ESSAYS: Security’s eternal prioritisation problem
- 16. SCIENCE: VulnU #010: Loneliness Epidemic: When Your Only Friend is Over Your VPN
Matt Johansen's latest edition of his Vulnerable U newsletter focuses on the importance of socialization to overall health.
Adrian's Take: don't be lonely, join us at BlackHat in a few months!!