Newsletter

open source and cybersecurity news

November 30, 2023

It's 5:05, November 30, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown:  November 30th, 1959. IBM delivers the first two IBM 7090 mainframe computers. One of the first commercially produced, fully transistorized computers, the 7090 and the Leader 7094 were notable for being used by NASA to control the Mercury and Gemini spaceflights.

Edwin Kwan: Are we sharing too much on LinkedIn? The platform’s nature allows cybercriminals to easily gather publicly available data, including full names, phone numbers, email addresses, workplace details, and more.

Katy Craig: MITRE, a government-funded research organization, is leading an ambitious project to map the security vulnerabilities in artificial intelligence (AI) systems. ATLAS tracks AI vulnerabilities such as data poisoning and machine learning model backdoors, and includes Arsenal, a plugin to assess AI systems’ vulnerability.

Ian Garrett:  Is investing in cybersecurity hot or not? It turns out it depends who you’re asking, because there’s a huge divide between the private and public markets. Despite the growing importance of cybersecurity, venture capital investment in this sector appears to be slowing.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Are We Sharing Too Much on LinkedIn?

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastAre we sharing too much on LinkedIn? Is it potentially providing cybercriminals access to your contact information?

This is Edwin Kwan from Sydney, Australia.

Daniel Barbosa from WeLiveSecurity recently published an article on the potential risks associated with the wealth of personal information shared on LinkedIn, which is the world’s largest professional social network. The platform’s nature allows cybercriminals to easily gather publicly available data, including full names, phone numbers, email addresses, workplace details, and more. Criminals can leverage web scrapers to compile contact lists with up-to-date and valuable information, posing risks such as identity theft, business email compromise scams, and social engineering attacks.

Web scrapers can perform various actions, such as creating lists of a company’s employees, or identifying supply chain targets related to a company by reviewing interactions on social media posts. The amount of information exposed depends on users’ privacy settings, and it ranges from profiles that review no contact data outside the platform to those that make email addresses and phone numbers public.

To mitigate this risk, users are advised to configure their LinkedIn privacy settings, limiting information available to those outside their network. Additionally, users should carefully manage connection requests, review the legitimacy of connections regularly, and exercise caution in broadcasting profile updates.

The analysis emphasizes the importance of striking a balance between networking and safeguarding personal information on LinkedIn to prevent unwanted contact or privacy breaches.

Resources
– We Live Security: https://www.welivesecurity.com/en/social-media/is-your-linkedin-profile-revealing-too-much/

 

Katy Craig
MITRE ATLAS: Mapping Security Vulnerabilities in AI

Katy Craig, Contributing Journalist, It's 5:05 Podcast

MITRE, a government-funded research organization, is leading an ambitious project to map the security vulnerabilities in artificial intelligence (AI) systems. Inspired by its successful 2013 ATT&CK Framework for Cybersecurity, MITRE’s initiative aims to catalog the various ways AI can be compromised.

This is Katy Craig in San Diego, California.

Called ATLAS, this effort gains urgency with the advent of large language models capable of generating complex text and imagery, highlighting new AI vulnerabilities. These models have been scrutinized for potential flaws by researchers and academics, emphasizing the need for robust security measures.

Recognizing the critical nature of AI security, international cyber defense agencies, including the NSA, have called for enhanced security practices throughout the AI system lifecycle. This includes everything from design and development to deployment and ongoing maintenance.

To address these concerns, MITRE collaborated with industry experts, including Microsoft, leveraging their extensive knowledge of AI system attacks. ATLAS tracks AI vulnerabilities such as data poisoning and machine learning model backdoors, and includes Arsenal, a plugin to assess AI systems’ vulnerability. From its initial phase with a limited number of organizations, the project has grown to include about 100 groups across various sectors. This collaborative effort marks a significant step in understanding and mitigating AI security risks vital for the safety of critical infrastructure and national defense.

This is Katy Craig. Stay safe out there.

Resources
– Mitre: https://atlas.mitre.org/
– Defense.Gov: https://media.defense.gov/2023/Nov/27/2003346994/-1/-1/0/GUIDELINES-FOR-SECURE-AI-SYSTEM-DEVELOPMENT.PDF

 

Ian Garrett
The Two Faces of Cybersecurity Investing

Ian Garrett, Contributing Journalist, It's 5:05 Podcast

Is investing in cybersecurity hot or not? It turns out it depends who you’re asking, because there’s a huge divide between the private and public markets. Venture deals and cybersecurity match a lot of what you see across other sectors, while the publicly traded cybersecurity companies are thriving.

Hey folks, this is Ian Garrett in Arlington, Virginia.

Despite the growing importance of cybersecurity, venture capital investment in this sector appears to be slowing. Cybersecurity startups raised $1.9 billion in Q3 of 2023 across 153 deals. Slightly up from Q2, but down 30 percent year over year. This is very interesting, especially considering the strong performance of the public cybersecurity companies.

On the other hand, public cybersecurity firms are thriving. For instance, Palo Alto Network’s share price nearly doubled this year, with similar gains seen in companies like Zscaler and CrowdStrike. These companies are growing rapidly, significantly outpacing the other tech sectors. However, when you look at specific companies like Microsoft and Palo Alto Networks, we see a mixed picture.

Microsoft is experiencing high demands for its security Copilot and Microsoft Sentinel, while Palo Alto Networks showed solid growth but faced investor concerns about future billings. Zscaler and CrowdStrike, on the other hand, reported impressive revenue growth and solid financial metrics.

The contrast between these robust growth indicators and the tepid venture investment in cybersecurity is striking. It raises questions about whether investment rates are lagging behind market performance or if broader trends in late stage investing are impacting the sector.

As we head into the next year, it will be interesting to see if the trend reverses and cybersecurity venture investment experiences a resurgence.

Resources
– TechCrunch: https://techcrunch.com/2023/11/29/cybersecurity-funding-q3-performance/

 

Marcel Brown
This Day, November 30, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown bringing you some technology history for November 30th.

November 30th, 1959. IBM delivers the first two IBM 7090 mainframe computers. One of the first commercially produced, fully transistorized computers, the 7090 and the Leader 7094 were notable for being used by NASA to control the Mercury and Gemini spaceflights, along with many other significant scientific and government applications in the 1960s. Some 7090s were even used through the 1970s into the 1980s.

November 30th, 2009. Book retailer Barnes Noble releases their first Nook eReader to compete with the highly successful Amazon Kindle, released two years earlier. While late to the game, and competing not only against Amazon, but Apple’s iPad for eReader market share, the Nook has competed well, likely due to Barnes Noble’s strength as one of the few remaining brick and mortar bookstores.

That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.

Resources
https://thisdayintechhistory.com/11/30

Contributors:

Comments:

Leave the first comment

Newsletter