Alon Arvatz

Our ezJailKiosk application allows official third-party users (officers, lawyers, judges, etc.) to meet with inmates virtually within secure facilities! 👍🖥️ During the virtual meetings, the host has complete control of the inmate's kiosk, allowing them to review documents, collect electronic signatures, and manage virtual settings such as volume and screen view. Plus, it's ez for correctional staff- all they have to do is review the shared ezJailKiosk calendar and place the inmates at the appropriate kiosk. It's that ez to conduct virtual meetings. Learn more at: https://lnkd.in/gnh2bJnT #ezJailKiosk #ezSupervision #ezJustice #Correctional #Corrections #kiosks #LawTechnology #CourtTech

2

Our ezJailKiosk application allows official third-party users (officers, lawyers, judges, etc.) to meet with inmates virtually within secure facilities! 👍🖥️ During the virtual meetings, the host has complete control of the inmate's kiosk, allowing them to review documents, collect electronic signatures, and manage virtual settings such as volume and screen view. Plus, it's ez for correctional staff- all they have to do is review the shared ezJailKiosk calendar and place the inmates at the appropriate kiosk. It's that ez to conduct virtual meetings. https://lnkd.in/gnh2bJnT #ezJailKiosk #ezSupervision #ezJustice #Correctional #Corrections #kiosks

2

https://lnkd.in/eYbRzvqr #sovereign #data #vaults - how to store and recall data for #ssi beyond a #vc. - How to work with end-to-end encrypted storage? - How to turn #vc to a #database ? - How to work with non credential data in #ssi

5

A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524. "Actor240524 possesses the ability to steal secrets and modify file data, using a variety of countermeasures to avoid overexposure of attack tactics and techniques," the cybersecurity company said in an analysis published last weekThe attack chains commence with the use of phishing emails bearing Microsoft Word documents that, upon opening, urge the recipients to "Enable Content" and run a malicious macro responsible for executing an intermediate loader payload codenamed ABCloader ("MicrosoftWordUpdater.log"). In the next step, ABCloader acts as a conduit to decrypt and load a DLL malware called ABCsync ("synchronize.dll"), which then establishes contact with a remote server ("185.23.253[.]143") to receive and run commands.

8

1 Comment

Doxing the identity of an initial access broker using Hudson Rock's Infostealers AI investigation module. We've established in the past that just like regular users get infected by Infostealers, so do hackers. In this video, Leonid Rozenberg demonstrates how Hudson Rock's AI can analyze all files retrieved from the computer of an initial access hacker and identify the name, phone number, and online behavior of the hacker. This kind of intelligence is critical in identifying the identities of threat actors, extremists, pedophiles, and other types of criminals. Talk to us to learn more - https://lnkd.in/dKaEznQT

56

4 Comments

Why #Scams Are Different and What #Customer #Security Means? Scams target the #human factor directly - demanding a #paradigm #shift from protecting systems to #protecting #people. Yesterday, at the #FraudFighters IL Meetup hosted at the Team8 offices, I discussed how we can #rethink #fraud #prevention through Customer Security: 1️⃣ The #Human #Factor: Scams exploit #trust and #emotions, not systems. Understanding human #vulnerabilities and emerging scam trends is key to staying ahead. 2️⃣ #Beyond #Perimeters: Scams move across platforms — starting on #social #media and ending in a #bank transaction or #card #payment. Fighting them requires a connected view beyond any single organization. 3️⃣ #Beyond #Identity: Traditional fraud focuses on who you are. With scams, the challenge lies with the recipient, making #recipient #intelligence critical to prevention. 4️⃣ #Shattered #Trust: Scams hit people hardest - breaking trust and causing real #emotional #distress. Organizations must respond with #care, #support, and better #incident #response. Scams are not just another fraud type — they force us to rethink how we #protect people and help victims #recover. Oren Karmi - thanks for leading this #community! How do you think we can address this growing challenge together? I’d love to hear your thoughts. #FraudPrevention #ScamIntelligence #Cybersecurity #HumanFactor #CustomerSecurity #team8

79

8 Comments

📚 tl;dr sec 259 - What Sucks in Security Supply Chain Firewall AWS re:Invent Security Talks ✨ Highlights 👨‍💻 AppSec 👨‍💻 - BSidesSF 2025 Call For Participation - Stack Analyser: Extract 500+ technologies from any repository - Specfy - 35 more Semgrep rules: infrastructure, supply chain, and Ruby - Travis Peters, Trail of Bits - Access approvals considered harmful - Alex Smolen ☁ Cloud Security ☁ - AWS re:Invent 2024 Security Talks - curated by Daniel Grzelak - Exploiting Public AWS Resources - CLI Attack Playbook - Eduard Agavriloae - Securing AWS Lambda | How Misconfigurations Can Lead to Lateral Movement - Yehonatan Bitton - Terraform Provider for RCE via Statefile Poisoning - Benedikt Haußner - Uncovering New Attack Techniques in OPA and Terraform - Shelly Raban ⛓ Supply Chain ⛓ - Catalog of Supply Chain Compromises - Cloud Native Computing Foundation (CNCF) - Vanir: Open-source Security Patch Validation - Google - Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages - Ian Kretz 🛡 Blue Team 🛡 - NoDelete: A malware analysis tool that locks folders to prevent file deletion - Charles L. - Credit Card Canarytokens are now on your Consoles - Jacob T. - Automated Hunting - Censys 😈 Red Team 😈 - An offensive Rust encore - Marco Ivaldi - A book on reconnaissance, exploitation, building a modern Rust-based RAT, and more - Sylvain Kerkour - Linux LKM Persistence - Hal Pomeranz 🤖 AI + Security 🤖 - ChainReactor: Leveraging AI to uncover privilege escalation chains on Unix systems - Giulio De Pasquale et al - Agentic Security Marketmap - Brandon Dixon - Agentic AI's Intersection with Cybersecurity - Chris Hughes https://lnkd.in/gq4JZj2d #cybersecurity #infosec #security #ciso #ai

67

6 Comments

Find your models. Find the data used by the models. Reveal the access lineage between your models and data. Stay compliant with AI regulations and controls. #BiggerAI

16

1 Comment

BIgID is the first DSPM that can automatically find your data and your models and the relationship between them

9

Are you in Vegas ??? 👀 Make sure you don't gamble with your GenAI Security! 📆 Book an intro with our team there: https://lnkd.in/dFj5xcwP Not attending the conferences this week? No worries, we still got you covered. 🛡 Here are some resources to catch up on all things GenAI Security: ▶ Listen to the latest episodes of PromptCast, the podcast of AI and Security: https://lnkd.in/dBrDF383 ▶ Get a quick roundup of GenAI risks and vulnerabilities: https://lnkd.in/d6aPsRjG ▶ Test your homegrown apps with Prompt Fuzzer: https://lnkd.in/d8KVYBe8

28

1 Comment

Join Itamar Sher and I on Tuesday next week (Oct 15) at 2pm ET to learn about some of the upcoming changes in PCI 4 and how to best prepare to them

15

Great benchmarks and quite the sweet spot for most M&A in Cybersecurity. The recent Noname and Zerofox deals also reflect this "mean reversion" type of behavior~

11

WhatsApp Scores Historic Victory Against NSO Group in Long-Running Spyware Hacking Case: A U.S. judge has ruled that Israeli spyware maker NSO Group breached hacking laws by using WhatsApp to infect devices with its Pegasus spyware. From a report: In a historic ruling on Friday, a Northern California federal judge held NSO Group liable for targeting the devices of 1,400 WhatsApp users, violating state and federal hacking laws as well as WhatsApp's terms of service, which prohibit the use of the messaging platform for malicious purposes. The ruling comes five years after Meta-owned WhatsApp sued NSO Group, alleging the spyware outfit had exploited an audio-calling vulnerability in the messaging platform to install its Pegasus spyware on unsuspecting users' devices. WhatsApp said that more than 100 human rights defenders, journalists and "other members of civil society" were targeted by the malware, along with government officials and diplomats. In her ruling, Judge Phyllis Hamilton said NSO did not dispute that it "must have reverse-engineered and/or decompiled the WhatsApp software" to install its Pegasus spyware on devices, but raised questions about whether it had done so before agreeing to WhatsApp's terms of service. Read more of this story at Slashdot.

1

𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚 𝗡𝗘𝗪𝗦: Google said to acquire cybersecurity startup Wiz for $23 BILLION, marking its biggest acquisition ever. Here’s what you need to know… 🛡️ Wiz was founded in 2020 by the ex-Microsoft Azure security team (Assaf Rappaport, Ami Luttwak, Yinon C. & Roy R.) 💰 They had previously sold their business Adallom to Microsoft for $320Mn in 2015 after which they joined. 🔍 After seeing first hand the difficulty large companies faced to manage cloud security threats, Rappaport & co-founders raised $100Mn to start Wiz “to secure everything you Build and Run in the Cloud.” 💰Initial funding came from Cyberstarts, Sequoia Capital, Index Ventures & Insight Partners. 📈 It took Wiz 6 months to get to $2Mn in annual recurring revenue (ARR) & they reached $100Mn in ARR in 18 months - one of the fastest ever! 🔮Current revenue is estimated to be $350-400Mn, so ~ 50x multiple at $23Bn (~ 1/4 of the cash Google has on it’s balance sheet!) —— 💸 Wiz has raised a total of $1.9Bn, with the most recent round (Series E) of $1Bn earlier this year being led by Lightspeed, Andreessen Horowitz, & Thrive. 📊 The latest round was at a $12Bn valuation. (If acquired for $23Bn, this would reward the Series E invetsors with a 2x return in 6 months - not a bad IRR right?😳) 👥 Other investors include Greylock, Wellington & ex-Starbucks CEO Howard Schulz who first invested at the Series B in 2021 at a $1.7Bn valuation. —— 💰Wiz Funding timeline: ▶Series A (2020) - $100Mn (led by Index, Sequoia, Cyberstarts) ▶ Series B (2021)- $130Mn @ $1.7Bn valuation (led by Advent International) ▶ Series B extension (2021) - $120Mn (led by Salesforce / Blackstone) ▶ Series C (2021) - $250Mn @ $6Bn valuation (led by Insight & Greenoaks) ▶ Series D (2023) - $300Mn @ $10Bn valuation (led by Lightspeed, Greenoaks, Index) ▶ Series E (2024) - $1Bn @ $12Bn valuation (led by A16Z, Lightspeed & Thrive Capital) https://lnkd.in/gFykmjTy

139

CRFQ is helping many organizations evolve their Third Party Risk Mamagement programs to TPRM 2.0. Join the evolution!

2

𝐅𝐁𝐈 𝐂𝐨𝐧𝐟𝐢𝐫𝐦𝐬 𝐈𝐧𝐯𝐞𝐬𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧 𝐈𝐧𝐭𝐨 𝐋𝐞𝐚𝐤 𝐨𝐟 𝐓𝐨𝐩-𝐒𝐞𝐜𝐫𝐞𝐭 𝐃𝐨𝐜𝐮𝐦𝐞𝐧𝐭𝐬 𝐀𝐛𝐨𝐮𝐭 𝐈𝐬𝐫𝐚𝐞𝐥𝐢 𝐒𝐭𝐫𝐢𝐤𝐞 𝐏𝐥𝐚𝐧𝐬 Here's the deal: If they were using Seclore, (1) the information wouldn't have been leaked, and (2) the investigation of any deliberate leak would already be over. Seclore could have tracked the leak's source and controlled access even after the document left secure environments. Seclore's technology provides real-time visibility into who accessed the files, when, and from where. It can also revoke access immediately and apply policies that prevent unauthorized sharing or printing. These capabilities would have made it easier to mitigate damage and identify the perpetrator quickly. Four Inc. Optiv + ClearShark Trace3 GuidePoint Security https://lnkd.in/gGUqCU-t

27

2 Comments

What is the point of it all? Why are we building AI for Prometheus alerts? Why does it even MATTER for your business? Here's an overview.

33

2 Comments