Cybersecurity Innovation Pulse #40: Who's Devin?; NIST NVD GG; Wiz Road to IPO; ASCII Art FTW; MSFT Security Copilot and Tons of Product News!
Covering Mar. 7th - Mar. 14th
Welcome to Issue 40 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products, attacker techniques, and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
Industry🛰
Devin - The Engineer She Told You Not To Worry About
Cognition recently unveiled Devin. The world’s fully autonomous AI software engineer (SWE). It can perform SWE tasks including building apps from scratch. It performs nearly 3x better than any of the LLMs that are publicly available today. The video above and their blog release has tons more insight.
Would love to see what Cognition is doing on the security front for Devin.
Source: Cognition Labs
Red Canary’s 2024 Threat Detection Report is Live
Out of the hundreds of security vendor reports published every year, Red Canary's Threat Detection report is easily my #1.
They cover emerging attack trends and techniques, detection opportunities, and even provide the detection logic itself with ideas for testing and fine-tuning. Everything is mapped to the MITRE ATT&CK framework making it more digestible for SecOps teams. If you're a blue teamer, security leader or someone looking to get into security, this report is worth dissecting.
Some of the key takeaways from this year's report:
Cloud account compromise detections saw a 16x increase which is in-line with the findings (+110% YoY) of Crowdstrike's recent 2024 Global Threat Report.
Detections of malicious email forwarding rules increased by almost 600%. Business email compromise (BEC) attacks are still on the rise.
Unprecedented increase in MacOS threats. Including more info stealer activity than ever before.
Executive Summary here.
Full 161 page report here.
Source: Red Canary
What’s Going On With NIST NVD?
The NIST National Vulnerability Database (NVD) is a CORE component for most vulnerability management programs and security solutions. It’s the longest standing and most widely used vulnerability database.
As noted in this Anchore post, NIST has been backlogged on submitted vulnerabilities since Feb. 12th, 2024 which means they haven’t performed an analysis of over 2.5K vulns. This is bad due to the over-reliance on NIST NVD.
Source: Resilient Cyber + Anchore
Takeaways from 600K+ Prompt Injection Attacks
Researchers recently ran a global scale prompt hacking competition targeting LLMs. The competition registered over 600K prompts from more than 2.8K people and highlighted the many ways LLMs are still susceptible to prompt injection attacks. Pretty interesting paper for anyone interested in GenAI security.
Source: arXiv
Google AI Eng. Indicted for Stealing Trade Secrets
The U.S. DOJ recently indicted a Chinese national for stealing AI-related trade secrets from Google including the chip architecture and software design for tensor processors, and the “complete” technical details of Google’s supercomputing data centers.. Wild.
A reminder that insider threats are a thing and that there’s a big need for proper UEBA solutions.
Source: DarkReading
AI-Powered Threats Deep Dive
This TripWire article takes a look at the various types of attacks that GenAI is helping enable including more sophisticated business email compromise, ransomware and social engineering (i.e., deepfakes) attacks. The article also covers the various malicious GPTs that have been seen in the wild including Worm, Fraud, and PoisonGPT. They also provide recommendations on how to defend against these threats.
First post I’ve come across that comprehensively encapsulates how AI is aiding attackers.
Source: Tripwire
HiddenLayer’s AI Threat Landscape Report
HiddenLayer, last year’s RSAC Sandbox Innovation award winner, recently launched their AI Threat Landscape Report which peels back the curtain on how 150 IT and Security leaders are handling AI security and accompanying threats. I’ll spare you the numbers, this is worthy of a deep dive. Full report here.
Source: HiddenLayer
Product🛸
Microsoft Security Copilot Set For GA
Microsoft’s Security Copilot will be generally available starting April 1st, 2024. The copilot was open in private preview mode since October. Since then, they’ve bolted on more capabilities, integrations, have built out an ecosystem of over 100 partners.
Out of all the product innovation we’ve covered in the past year, this one has got me most excited given Microsoft’s extensive security portfolio and partnerships. They’ve got a moat that nobody can catch up to, in my opinion. Then again, they’re Microsoft and they’ve been negligent on the security front, especially recently.
Source: Microsoft
ZeroFox Launches EASM..
ZeroFox recently launched its External Attack Surface Management (EASM) solution.
Source: Help Net Security
..Microsoft Also Launches Exposure Management Solution
Microsoft launched their exposure management solution a day after ZeroFox announced availability of theirs. Microsoft’s integrates with their endpoint, identity, OT/IoT, and cloud solutions making it more robust (for Microsoft shops at least).
Source: Microsoft
Wiz's Road To IPO
News recently came through that Wiz acquiring Gem Security, a bleeding edge startup in the cloud detection and incident response space, for $350M. News also came through that they’re seeking an additional $800M in funding at a valuation of $10B.
All of this is par for the course, as they expand their global presence and product capabilities and seek to go public in the next 1-2 years.
Source: SiliconANGLE + Bloomberg
KSOC is Now RAD Security!
The team at KSOC have long been key contributors to the cloud-native, especially K8s, security space. They’ve recently rebranded and have expanded their scope to focus on cloud-native detection and response. It seems like they’re zooming out and addressing threats and risks across the software supply chain which makes tons of sense given their strong foothold on Kubernetes security.
Kudos and best of luck to the RAD team!
Source: RAD Security
Tradecraft🤺
Using ASCII Art to Circumvent LLM Guardrails
Researchers recently exhibited that they can jailbreak the most widely used LLMs, including GPT-4, Llama2, and Claude, using ASCII art. Lulz.
Source: arXiv
Extras🎬
Introducing Data Engineering For Cybersecurity Series!
I’m working on a comprehensive guide on data engineering for cybersecurity. Part one launched earlier this week. I rip through 22 different security data types, their formats, and what they can be used for.
More to come in the next few months! I think this will actually end up being a 9 part series which gives me room to go in-depth where needed. Give it a dig and subscribe to Monad’s email list to be notified when the next post in the series drops!
Bye For Now!
Nos vemos la próxima semana! 🚀