Celebrity investors, creator metrics, and Chrome extension compromise - ESW #389

Celebrity investors, creator metrics, and Chrome extension compromise - ESW #389

Author: Security Weekly Productions January 14, 2025 Duration: 54:27
Enterprise Security Weekly (Video)
NewsTechnology

In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding.

A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight.

We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience.

Show Notes: https://securityweekly.com/esw-389


Hosted by Adrian Sanabria, Enterprise Security Weekly (Video) is a deep dive into the complex world of protecting large organizations. This isn't just a headline recap; it's a practical, analyst-level discussion for security professionals who need to understand the "why" behind the news. Each episode from Security Weekly Productions brings together a seasoned panel including co-hosts like Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, and Sean Metcalf to dissect emerging threats, architectural shifts, and the tools that promise to help. You'll hear candid evaluations as they put security vendors and their claims under the microscope, separating hype from genuine utility. The conversation revolves around actionable intelligence and strategic trends that empower defenders to build more resilient environments. Tuning into this podcast provides a consistent, informed perspective that cuts through the noise of the daily alert cycle, offering clarity and context that's often hard to find. It’s a video format that adds a layer of connection and detail to these technical discussions, making complex topics more accessible. If your work involves making critical decisions about enterprise security posture, this series serves as a vital resource for staying informed and ahead of the curve.
Author: Language: English Episodes: 100

Official website RSS
instagramyoutubediscordlinkedinspotifygithub
Enterprise Security Weekly (Video)
Podcast Episodes

12345...10»