Microsoft Storm, WormGPT, Century of the Linux Desktop, & IronNet’s Public Run – ESW #324
Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet’s public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
Hosts
- 1. FUNDING: Secure Code Warrior lands $50M to educate developers on best cyber practices
$50M Series C led by Paladin Capital Group.
- 2. FUNDING: Vendict raises $9.5 million for its generative AI GRC tool
$9.5M Seed Round led by NFX, Disruptive AI, and Cardumen Capital. GenAI for responding to security questionnaires.
- 3. FUNDING: SpecterOps Raises in $8.5M Series A Extension – FinSMEs
$8.5M extension to $25M Series A in April, for a total $33.5M Series A. Led by Ballistic Ventures. Kevin Mandia, the CEO and founder of Mandiant, will serve as an Observer to SpecterOps’ Board of Directors.
- 4. FUNDING: Cove, an AI-powered safety layer for the web
$5.8M Seed, led by Thrive Capital.
- 5. FUNDING: PrivacyHawk Raises $2.7 Million to Pioneer the Personal Data Protection Market
- 6. FUNDING: Teleskope Raises $2.2M in Pre-Seed Funding
- 7. ACQUISITIONS: Jamf announces its acquisition of dataJAR, a leading Apple technology managed services provider
- 8. ACQUISITIONS: Graylog Acquires Resurface.io
Reportedly an asset acquisition. 4-year old Resurface (API security) had raised $5.3M with the last round in August 2022. 11-year old, Houston-based GreyLog (Security Operations, Log mgmt) has raised $27.4M, with the last round raised in 2021.
- 9. DELISTING: IronNet Announces Intention to Voluntarily Delist Securities from New York Stock Exchange
- 10. MARKET TRENDS: Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity
- 11. BREACHES: Analysis of Storm-0558 techniques for unauthorized email access
We just released a blog on this, at my day job! https://www.valencesecurity.com/resources/microsoft-storm-0558-saas-breach
- 12. BREACHES: “Millions” of sensitive US military emails were reportedly sent to Mali due to a typo
- 13. BREACHES: Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack
- 14. BREACHES: Microsoft Bows to Pressure to Free Up Cloud Security Logs
- 15. HOWTO: How to be a security person that engineers don’t hate
- 16. HOWTO: How to securely build product features using AI APIs
are emerging capabilities, and there is time-pressure to launch transformative features. Security teams need to enable their businesses to grow and succeed in this environment. That means rapidly coming up to speed on the risks of these sorts of product features. More importantly it means awareness of the pragmatic set of controls emerging to reduce these risks.
- 17. HOWTO: How to detect suspicious activity in your AWS account by using private decoy resources
- 18. HOWTO: Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting – Rezonate
- 19. TOOLS: WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
- 20. REGULATION: National Cybersecurity Strategy Implementation Plan
- 21. REGULATION: The Biden administration is tackling smart devices with a new cybersecurity label
- 22. NEW FEATURES: AWS Fault Injection Simulator adds new actions for Amazon EKS and Amazon ECS
- 23. AI NEWS: Google plans to scrape everything you post online to train its AI
From one of my favorite researchers, Paperghost, aka Christopher Boyd!
- 24. SQUIRREL: Linux has nearly half of the desktop OS Linux market
- 25. SQUIRREL: James Cameron on AI: “I warned you guys in 1984 and you didn’t listen”