Security Weekly
Enterprise Security WeeklySubscribe
Vulnerability Management, Malware

4 Day Work Weeks, Threathunter.ai, Microsoft 365 Ban, & Refusing to Be Fun at Work – ESW #299

Announcing Drata’s Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work

Full episode and show notes

Announcements

  • Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Announcing Drata’s Series C

    $200M Series C, co-led by ICONIQ Growth and GGV Capital. $2B valuation

  2. 2. FUNDING: HYPR, the Leader in Phishing-Resistant MFA, Raises $25M

  3. 3. FUNDING: CyVers Raises $8M in Funding

  4. 4. FUNDING: Bain Capital Crypto Co-Leads On-Chain Security Startup Nucleo’s $4M Seed Round – NFTgators

  5. 5. FUNDING: [Seed] Cybersécurité : Arsen lève 2,5 millions d’euros auprès d’Elaia et de French Founders – FrenchWeb.fr

  6. 6. REBRANDING: Milton Security announces new name, Threathunter.ai

  7. 7. REGULATION: Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy

  8. 8. VULNERABILITIES: Supply Chain Vulnerabilities Put Server Ecosystem At Risk – Eclypsium

  9. 9. NEW PRODUCTS: New Communication Protocol “Ibex” and Extended Protocol Suite

  10. 10. TRENDS: Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro

    Gepetto is a Python script which uses OpenAI's davinci-003 model to provide meaning to functions decompiled by IDA Pro

  11. 11. TRENDS: Stack Overflow bans ChatGPT

    AI has been kind of a joke for a while. Where it worked pretty well, it was invisible (e.g. smartphone soft keyboards), and where it didn't, people had a field day (look up videos of Scottish people trying to use voice assistants like the Amazon Echo). Then Dall-e 2 was released to the public. And then Midjourney. Suddenly, there are multiple paid services that auto-generate stories for children using AI to generate both the story and corresponding images based on your prompts. It's all happening more quickly than most people anticipated, I think.

    In security, anti-virus had a big win with machine learning. So much so, that it unseated the industry's largest pure play vendors (Symantec, McAfee), who didn't respond quickly enough to the trend to survive the massive customer exodus. Beyond next-gen AV, the impact of AI/ML seems like it should be massive, according to the marketing copy, but in reality seems entirely overblown.

    I've tested several products claiming to use AI/ML to better detect attacks, and the failure of these models has been complete, even in the most controlled and prepped circumstances. AI-generated images didn't offer much to security teams, but the moment OpenAI made ChatGPL available to the public, security folks started exploring what it could do.

    The quality of results I've seen has been astonishing. Ask it "why should I be a CISO" and it gives a response that, as a blog post, no one would ever guess was written by AI. It can effortlessly give remediation guidance to vulnerabilities and help reverse engineer software alongside IDA Pro. I think it might be a stretch to say that it could help with security's alleged talent shortage, but folks are definitely going to explore the limits of what it can do, and I wouldn't be surprised to see it embedded in commercial products before long.

    Perhaps AI/ML will revolutionize security products after all, but we just needed better AI/ML tech, from outside our industry to make it happen.

  12. 12. TRENDS: Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict

    Russia may consider cybersecurity firms helping Ukraine as legitimate targets for retaliation.

  13. 13. TRENDS: Discovered new BYOF technique to cryptomining with PRoot – Sysdig

  14. 14. TRENDS: Ireland sees ‘100% success rating’ with 4-day work week trial

  15. 15. SQUIRREL: French man wins compensation as judge awards him the right to refuse to be fun at work

Founder & CTO at Trimarc
VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

5G Hackathons – Casey Ellis – BTS #28

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!