Skip to main content

PinnacleOne ExecBrief | Deep Tech In The Crosshairs

Last week, PinnacleOne highlighted how a new turn of phrase by China’s leader will spark efforts across the country to make scientific breakthroughs occur out of thin air (or steal them from the west).

This week, we flag three emerging threats to the “deep tech” venture ecosystem underpinning western technological and strategic advantage.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Deep Tech in The Crosshairs

Throughout the 20th century, most strategic technologies were incubated or directly invented by the Federal Government or by contractors and academic institutions under its protective umbrella. Not anymore.

Continue reading

The Good, the Bad and the Ugly in Cybersecurity – Week 24

The Good | Ukrainian Police Arrest Cryptor Specialist Helping Conti & LockBit Ransomware Operations

A Russian national was arrested this week for allegedly working with Conti and LockBit ransomware groups, helping to make their malware undetectable and also conducting at least one attack himself. Ukrainian cyber police apprehended the 28-year-old man in Kyiv during Operation Endgame, a major operation carried out two weeks ago to dismantle an extensive ecosystem of malware droppers.

(Source: Cyber Police of Ukraine)

According to Ukrainian law enforcement, the arrested had expertise in developing custom crypters that encrypted and obfuscated ransomware payloads into what looked like innocuous files. This made them fully undetectable (FUD) to legacy antivirus software. His services were sold to both Conti and LockBit syndicates, which bolstered their success rates in infiltrating networks.

Reports from Dutch police confirm that the man orchestrated at least one of his own attacks using a Conti payload in 2021, indicating his involvement as an affiliate and goals to gain maximum profits from the relationship. His arrest includes seizure of computer equipment, mobile phones, and handwritten notes, all being held for ongoing examination. As it stands, the Russian suspect has already been charged under Part 5 of Article 361 of the Criminal Code of Ukraine for unauthorized interference with information systems. He faces up to 15 years in prison.

This arrest is the latest in a string of actions against LockBit operations, most recently following the distribution of 7000 decryption keys to all affected victims of the Ransomware-as-a-Service (RaaS). Earlier last month, the DoJ unveiled the identity of LockBit’s developer, placing a reward up to $10 million for his arrest or conviction.

The Bad | Hamas-Linked Threat Group Spies on Android Users in Egypt & the Palestinian Territories

An espionage-focused threat actor known as Arid Viper has been linked to an ongoing mobile-based campaign, involving trojanized Android apps delivering ‘AridSpy’ spyware. Based on a recent report, the Hamas-aligned actor is distributing malware through websites that mimic legitimate messaging, job search, and civil registry applications.

Continue reading

Building a Defense Posture | Top 5 Cybersecurity Tips For Small & Medium Businesses (SMBs)

Verizon’s annual Data Breach Investigations Report has historically compared and contrasted small and medium businesses (SMB) against large organizations. Not this year. The reason: Both SMBs and large enterprises are increasingly sharing similar attack surfaces. With much of the same services and infrastructures, the difference between the two boils down to the available resources.

Where larger companies may have entire teams of cybersecurity analysts or full-fledged security operation centers (SOCs), many SMBs rely on a single IT person to manage their security. Or, companies may outsource cybersecurity to managed service providers (MSPs) who may not yet have the required skills or services in place to plan, build out, and manage a full cyber program.

In this blog post, we examine the most common types of cybersecurity threats SMBs face today and share a list of top 5 cybersecurity tips that SMBs can follow to start building a more robust cyber posture against modern threats.

Types of Cybersecurity Threats for Small Businesses

In a 2023 Data Breach Investigations Report, researchers found that the top patterns of cybersecurity threats for small businesses (less than 1,000 employees) were system intrusion, social engineering, and basic web application attacks – representing 92% of breaches. Several types of attacks including, phishing, malware, watering hole attacks, and drive-by downloads drive these categories of threats.

Phishing

Phishing attacks continue to grow year-over-year and remain one of the main methods threat actors use to gain entry into their victims’ systems alongside vulnerability exploitation and stolen credentials.

Continue reading

Tiffany Tye | A 2024 Top 25 Women In Technology Winner

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Tiffany Tye.


Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

Navigating the NVD Backlog | How to Stay Ahead in Vulnerability Management

The National Vulnerability Database (NVD) is a critical – yet often overlooked – element of an organization’s security defenses. Established to provide a catalog of known software vulnerabilities, it has become an authoritative source of vulnerability intelligence. However, the NVD faces a troubling backlog of vulnerabilities raising existential concerns about its efficacy.

This blog post takes a dive into what this means for organizations, what actions the industry leaders are taking to mitigate the challenges, and how solutions like Singularity Vulnerability Management are set to help businesses identify and prioritize all types of risk across their attack surfaces.

A Brief History of the NVD

Launched in 2005 by the National Institute of Standards and Technology (NIST), the NVD was created as a repository for the U.S. government to standardize and communicate information on publicly disclosed vulnerabilities. Utilizing the Common Vulnerabilities and Exposures (CVE) system, the NVD provides a centralized source for identifying and evaluating security flaws. Over the years, the NVD has evolved, integrating additional metrics such as the Common Vulnerability Scoring System (CVSS) to assess vulnerabilities’ severity and prioritize remediation efforts.

One of the most important benefits of the NVD is standardization, ensuring that all stakeholders from researchers, security teams, and security vendors, are on the same page regarding how they identify and mitigate vulnerabilities. The NVD enables organizations of all sizes to improve their security posture by offering open access to vulnerability data.

This democratization of information allows smaller businesses, which may lack extensive cybersecurity resources, to leverage the same vulnerability data as larger enterprises. To support the dissemination of this information, the NVD offers integration of vulnerability data via public APIs that many vendors integrate into their IT and Security products. The NVD API has its own set of challenges at enterprise scale with API rate limiting and occasional API call failures.

Continue reading

Block Attacks with SentinelOne’s AI-Powered CNAPP

Market research soon to be published in the first annual SentinelOne Cloud Security Report shows that cloud security professionals are drowning in data, yet lacking insights. While many point-specific solutions like cloud security posture management (CSPM), cloud detection and response (CDR), and cloud workload protection platforms (CWPP) are now mainstream, organizations are struggling with data silos as they seek to derive meaning from a long list of cloud security alerts. SentinelOne’s AI-powered CNAPP, Singularity Cloud Native Security (CNS) solves each of these pain points.

In this blog post, learn how Singularity Cloud Security combines the rapid insights and value realization of an agentless CNAPP, with the stopping and forensics power of a runtime agent, to realize AI-powered protection for modern cloud operations. SentinelOne consolidates security data from native and third-party security sources into the Singularity Data Lake.

Agentless CNAPP and The Attacker’s Mindset

Singularity Cloud Native Security (CNS) from SentinelOne is an agentless CNAPP with a unique Offensive Security Engine that thinks like an attacker, to automate red-teaming of cloud security issues and present evidence-based findings. We call these Verified Exploit Paths. Going beyond simply graphing attack paths, CNS finds issues, automatically and benignly probes them, and presents its evidence.

The Offensive Security Engine might indicate something like, “We found this misconfigured Amazon EC2 instance. We were able to curl out to our dummy C2 server and install a random file. Here is the proof.” With this, cloud security practitioners can prioritize their backlog better and focus on what is truly important rather than tread water in a sea of theoretical noise.

Continue reading

New features come to Apple services this fall

With the release of iOS 18, iPadOS 18, macOS Sequoia, watchOS 18, visionOS, and tvOS 18 this fall, Apple is enhancing the services users love with all-new features.

Original author: Apple Newsroom

Brittany Taylor | A 2024 Top 25 Women In Technology Winner

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Brittany Taylor.



Original author: This email address is being protected from spambots. You need JavaScript enabled to view it. (Amy Al-Katib, CDCDP)

WWDC24 Highlights

Today Apple kicked off its 2024 Worldwide Developers Conference, revealing new technologies during a Keynote that was live-streamed from Apple Park.

Original author: Apple Newsroom

Apple extends its privacy leadership with new updates across its platforms

Apple today announced new updates across its platforms that help empower users and keep them in control of their data.

Original author: Apple Newsroom

Apple empowers developers and fuels innovation with new tools and resources

Apple unveiled new tools and resources to enable developers worldwide to create more powerful apps across iOS, iPadOS, macOS, watchOS, and visionOS.

Original author: Apple Newsroom

Introducing Apple Intelligence for iPhone, iPad, and Mac

Apple today introduced Apple Intelligence, the personal intelligence system for iPhone, iPad, and Mac.

Original author: Apple Newsroom

iOS 18 makes iPhone more personal, capable, and intelligent than ever

Apple today previewed iOS 18, which features more customization, a redesign of the Photos app, updates to Mail, Messages over satellite, and more.

Original author: Apple Newsroom

visionOS 2 brings new spatial computing experiences to Apple Vision Pro

Apple today previewed visionOS 2, a major update to Apple Vision Pro that enhances how users engage with spatial computing.

Original author: Apple Newsroom

macOS Sequoia takes productivity and intelligence on Mac to new heights

Apple today previewed macOS Sequoia, bringing entirely new ways of working and personal intelligence to the Mac.

Original author: Apple Newsroom

iPadOS 18 introduces powerful intelligence features and apps for Apple Pencil

Apple today previewed iPadOS 18, a major release that enhances the iPad experience, making it more versatile and intelligent than ever.

Original author: Apple Newsroom

watchOS 11 brings powerful health and fitness insights

Apple today previewed watchOS 11, with features that build on Apple Watch’s sensor technology, advanced algorithms, and science-based approach.

Original author: Apple Newsroom

Updates to the Home experience elevate entertainment and bring more convenience

Apple today announced software updates across its Home products that supercharge entertainment and deliver greater everyday convenience.

Original author: Apple Newsroom

AirPods introduce convenient ways to communicate and interact

This fall, AirPods software updates will transform the way users respond to Siri, take calls, and immerse themselves in their favorite games.

Original author: Apple Newsroom

Apple Vision Pro arrives in new countries and regions beginning June 28

Apple Vision Pro will be available in Australia, Canada, China mainland, France, Germany, Hong Kong, Japan, Singapore, and the U.K. in June.

Original author: Apple Newsroom