2024-08-21
I'm afraid he is right. If SRE folks have taught me anything, I continue to advocate for building systems that are resilient. Outages and breaches can't be avoided but you could invest in a system and a program that help you to be resilient and recover fast.
Financial Times
After rivals' criticism, CrowdStrike President Michael Sentonas says no vendor can “technically” guarantee their software won't cause an incident akin to July's
Botched update that hit millions of computers leads to claims of ‘ambulance chasing’ by competitors
2024-08-06
This is a good first step by @MicrosoftSec to shift left by decentralizing security at the product level and centralizing the incentives. It's hard to cultivate a security-first culture but I hope they do it. It's a long road to regain customers' trust. #CyberSecurity
GeekWire
A memo from Microsoft Chief People Officer Kathleen Hogan: “everyone at Microsoft” now has “security” as a “Core Priority”, used in performance reviews
“The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to … X: Justin Elze / @hackinglz : I have heard securit...
2024-07-15
Google has been on a journey to unify cloud security and enterprise security operations in single fabric. By combining threat intelligence from Mandiant, SecOps from Chronicle, and CNAPP from Wiz, Google could become a dominant security solutions player in a fast-growing market.
Wall Street Journal
Sources: Alphabet is in advanced talks to acquire cybersecurity startup Wiz for roughly $23B; Wiz raised $1B at a $12B valuation in May 2024
Deal would be tech giant's largest acquisition ever.
2024-07-11
Using RADIUS over UDP (plaintext) is not a desired approach regardless of a potential MD5 collision concern. I hope the industry moves towards RADIUS over TLS or use RADIUS alternatives. This is what makes legacy systems so vulnerable. Hard to fix and hard to patch.
Ars Technica
Researchers detail the Blast-RADIUS MD5-based vulnerability affecting RADIUS, a widely used network access authentication protocol first developed in 1991
AWAITING ANALYSIS — This vulnerability is currently awaiting analysis. Microsoft Support : KB5040268: How to manage the Access-Request packets attack vulnerability associated wit...
2024-07-03
SEC incident reporting regulation is not a good example. It's one of those regulations that is vague and a pressure to challenge it might actually improve the regulation and hence cybersecurity in general.
CSO
SCOTUS' Chevron ruling could weaken US federal cybersecurity regulations, as FCC data breach reporting requirements and other rules are likely to be challenged
The ruling could weaken almost all US federal cybersecurity regulations, including SEC incident reporting, FCC data breach reporting …
2024-06-11
With Lacework's acquisition, Fortinet now has a much broader portfolio from SASE to CNAPP. This will also include Lacework's recent work on software supply chain security. Fortinet now looks a lot like $PANW. #Cybersecurity consolidation continues. https://www.fortinet.com/...
CRN
Fortinet reaches an agreement to acquire cloud security company Lacework for an undisclosed sum; Lacework had raised $1.8B and was valued at $8.3B in 2021
Kyle Alspach / CRN :
2024-05-22
Too bad the monk didn't help [image]
Bloomberg
Sources: Humane is seeking a buyer for its business, after the rocky launch of its Ai Pin; a source says the startup, founded in 2018, is seeking $750M to $1B
- Humane's AI pin was billed as an alternative to smartphones — AI hardware product received poor reviews after its launch
2024-04-23
As more details comes out, this story gets worse. Stolen credentials are one of the most popular attack vectors, but not the most difficult to secure against. This is where blast radius matters, too; how far attackers can go once they are in. This seems to be one of the worst. [image]
Wall Street Journal
Source: ALPHV breached UnitedHealth's Change Healthcare network on February 12, nine days before the ransomware attack; the company paid a ransom to the hackers
UnitedHealth Group paid ransom to hackers, person familiar with the cyber investigation said
2024-03-29
Risk-based cybersecurity approach is gaining momentum. One of the most pressing challenges for organizations is to identify the risk as a clear signal. Multiple tools and signals create more noise. You can't defend if you can't understand or if you're overwhelmed.
CTech
Cybersecurity startup Zafran, which develops risk mitigation services, emerges from stealth with a $25M Series A co-led by Sequoia Capital and Cyberstarts
We built Zafran to transform risk mitigation by mobilizing security controls against evolving threats … Zafran Security : Exciting news! 🏹 We are proud to announce that Zafran is ...
2024-03-19
I like that DHS is embracing AI but this seems over the top. How do you use AI to combat creation of biological weapons? DHS is also the first federal agency to have a plan to use Gen AI. That tells you how far behind the federal government is with AI adoption. [image]
New York Times
In partnerships with OpenAI, Anthropic, and Meta, the US DHS rolls out pilot programs to test AI tech to help combat drug and human trafficking crimes, and more
2024-03-15
Flow, Talon, Dig, and now Avalor. The consolidation continues in the cybersecurity domain with @zscaler @CrowdStrike and @PaloAltoNtwks leading the pack. Mapping an organization's dynamic virtual perimeter to assess the overall risk is a necessary step to defend against attacks.
Globes Online
US cybersecurity company Zscaler acquires Israel-based cybersecurity startup Avalor for $350M; Avalor was founded in 2022 and has raised just $30M to date
2024-03-14
It was refreshing to hear @vasujakkal at the event describing the end user feedback from their private access program. When surveyed, 97% of end users said that they actually got joy out of using the Copilot. She also said, “after three years of its inception, security is no...
Neowin
Microsoft replaces GPT-4 with GPT-4 Turbo in Copilot's free tier; Copilot Pro subscribers got GPT-4 Turbo in December 2023 and can still use the older GPT-4
John Callaham / Neowin :
It was refreshing to hear @vasujakkal at the event describing the end user feedback from their private access program. When surveyed, 97% of end users said that they actually got joy out of using the Copilot. She also said, “after three years of its inception, security is no...
CNBC
Microsoft announces Microsoft Copilot for Security will be generally available on April 1, payable via a new Security Compute Unit that costs $4 per hour
2024-03-12
For many organizations, NIS 2 directive, an EU-wide legislation on cybersecurity, has accelerated their cybersecurity investment. Investors and operators recognize the European market as a strategic equal must-have, and not just a potential expansion opportunity.
Wall Street Journal
Eye Security, which provides cyber protection, incident response, and cyber insurance tools, raised a €36M Series B led by JP Morgan Growth Equity Partners
Isaac Taylor / Wall Street Journal :
2024-03-09
This doesn't look good. Downstream impact of a breach could be devastating, and can last for a long period of time. Even if the breach itself is not that material, it could enable multiple future breaches. Attacks, or cybersecurity, are not a one-off concept.
The Record
CISA confirms it took down two systems in February, after discovering signs of exploitation via vulnerabilities in Ivanti products that the agency used
The agency wouldn't say who was behind the attack or if data was stolen. — https://therecord.media/... X: Chirag Mehta / @chirag_mehta : This doesn't look good. Downstream impact...
2024-03-08
Good to see energy in the SOAR domain. As networks and security converge, AI is going to turbocharge #CyberSecurity. SMB customers neither have required skills nor large investment in security; glad to see these customers getting some attention.
SiliconANGLE
Denver-based Todyl, a cybersecurity startup focused on SMBs, raised a $50M Series B led by Base10 Partners, bringing its total funding to $83.8M
2024-03-01
ML models = software code trained against data. Any software code can have vulnerabilities. Despite Hugging Face's efforts to scan them for malicious intent, bad actors will find a way to get through. No customers should be blindly trusting 3P code. Do your own testing.
BleepingComputer
JFrog finds ~100 malicious PyTorch and Tensorflow Keras models on Hugging Face, some of which can execute code on users' machines to give attackers a backdoor
Good to see Microsoft leveraging the fact that everyone eventually uses Excel for things they can't get easily done elsewhere. If this works well it's a boon for finance folks working on tedious but important calculations such as variance and reconciliation.
CNBC
Microsoft launches Copilot for Finance in public preview, helping users reconcile data in Excel, speed up the collections process in Outlook, and more
https://www.cnbc.com/... X: Yusuf Mehdi / @yusuf_i_mehdi : Starting today, we introduce plugins from your favorite apps like @OpenTable, @Shopify, and @KAYAK, as well as new skills...
2024-02-28
Moore's law is still relevant but 14A is almost 4 years out. CapEx and getting fabs ready takes time. For comparison, NVIDIA's CapEx this year is down by more than 40%. It's all fabless. If you want rapid progress you want others to build on your design.
Tom's Hardware
Leaked presentation: Intel's 14A process is slated for production in 2026, and its previously unannounced Intel 10A, its first 1nm chip, is set for late 2027
Paul Alcorn / Tom's Hardware :
2024-02-27
BlackCat strikes again! The repeat attacks tend to be more sophisticated and sustained. While some threat vectors remain the same, there are constantly new vectors being exploited. For a company, that doesn't take cybersecurity seriously, it's more about when and not if.
Reuters
Sources: the BlackCat ransomware gang is behind the outage at UnitedHealth's technology unit that has disrupted services at pharmacies in the US for six days
Figurines with computers and smartphones are seen in front of the words “Cyber Attack” in this illustration taken, February 19, 2024.