Sunnyvale-based Brevian wants to make it easier for business users to build custom AI agents.
“When I saw ChatGPT and other things, for me, it was just: how is this applicable in the enterprise?
Then he went to LinkedIn, where he headed up the AI trust team before leaving in late 2022 to join Wagh in founding Brevian as its CTO.
“Our vision was to enable business users in the enterprise to be able to use AI to simplify their daily tasks.
2024 is the year of AI apps — and we just felt like they were so far ahead,” he told me.
Well, if you ask Garrett Hamilton, they should give Reach Security a whirl.
Instead of serving as just another layer in a company’s cybersecurity stack, Reach connects to a company’s existing IT and security products, collecting data on attacks and recommending ways to combat them using security tools that the company already owns.
They’re wrong.”Prior to Reach, Hamilton worked at Palo Alto Networks, where he was director of product management.
A survey from security posture management vendor Panaseer found that organizations manage on average between 64 to 76 security tools (as of 2022).
Reach also auto-tunes security tool configurations to try to prevent attacks, prioritizing actions based on how the attacks are being carried out.
With its recently launched AI assistant, Bearer also bet on generative AI to suggest code fixes and explain vulnerabilities.
As Cycode co-founder and CEO Lior Levy told me, this acquisition now provides the company with all of the capabilities it needs to become a full-fledged application security platform.
“The missing part was a SAST tool that can be fast and connected easily to the Cycode platform.
And the Bearer team invested a lot in the brain of the SAST engine — not only the rules and stuff like that — but the engine itself.
Together, we’re set to continue redefining the standards of the complete approach to application security posture management.”
Apple has reversed its decision about blocking web apps, also known as Progressive Web Apps (PWAs), on iPhones in the EU.
Last month, Apple reduced the functionality of PWAs as mere website shortcuts with the release of the second beta of iOS 17.4, as security researcher Tommy Mysk and Open Web Advocacy had first pointed out.
The company then updated its developer page saying that because of security risks like malicious web apps reading data from other web apps and accessing cameras, it decided to end support for home screen apps.
Apple also said that PWAs had “very low user adoption” so there might not be a lot of impact on users.
Separately, the Open Web Advocacy group published an open letter addressed to Tim Cook to lift the ban on web apps, which was signed by hundreds of organizations and individuals including Mastodon, internet advocate Cory Doctorowand Vercel CTO Malte Ubl.
The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector.
Confirmation that the NSA is tracking these cyberattacks comes days after Mandiant reported that suspected Chinese espionage hackers have made “mass attempts” to exploit multiple vulnerabilities impacting Ivanti Connect Secure, the popular remote access VPN software used by thousands of corporations and large organizations worldwide.
Mandiant said earlier this week that the China-backed hackers tracked as a threat group it calls UNC5325 had targeted organizations across a variety of industries.
This includes the U.S. defense industrial base sector, a worldwide network of thousands of private sector organizations that provide equipment and services to the U.S. military, Mandiant said, citing earlier findings from security firm Volexity.
Akamai said in an analysis published last week that hackers are launching approximately 250,000 exploitation attempts each day and have targeted more than 1,000 customers.
The Asian technology and internet company YX International manufactures cellular networking equipment and provides SMS text message routing services.
YX International claims to send five million SMS text messages daily.
But codes sent over SMS text messages are not as secure as stronger forms of 2FA, such as an app-based code generator, since SMS text messages are prone to interception or exposure — or in this case, leaking from a database onto the open web.
TechCrunch found in the exposed database sets of internal email addresses and corresponding passwords associated with YX International, and alerted the company to the spilling database.
YX International would not say for how long the database was exposed.
A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior.
The good news: The data was fake and part of a series of tests to check whether the Department’s cloud infrastructure was secure.
The experiment is detailed in a new report by the Department of the Interior’s Office of the Inspector General (OIG), published last week.
The tests were conducted between March 2022 and June 2023, the OIG wrote in the report.
The Department of the Interior manages the country’s federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud.
These doorbell cameras are, however, still available elsewhere.
Consumer Reports says EKEN did not respond to their emails reporting these issues.
Despite these flaws and Consumer Reports warning online marketplaces about them, the doorbells remain available for sale on Amazon, Sears, and Shein.
But Consumer Reports claimed there are similar doorbells, likely whitelabels of EKEN doorbells, still available on Walmart.
After TechCrunch shared five listings flagged by Consumer Reports with Walmart, Forrest said the company took down three of the five, while two had already been removed.
Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round.
Pi Ventures and Kira Studio co-led the recent funding, which brings its total raised to $6 million, along with angel investors.
The startup will use the funding to scale its teams and beef up its R&D pipeline.
The outfit started as a multifactor authentication (MFA) company and pivoted its business to building a cryptographic security firm.
It also recently launched Silent Compute, which lets corporations collaborate on processing information without revealing their own private data to third parties and enrich insights while maintaining compliance and trust.
Anycubic users say their 3D printers were hacked to warn of a security flawAnycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems.
Feel free to disconnect your printer from the internet if you don’t wanna get hacked by a bad actor!
You have not been harmed in any way.”The text file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly allows the ability to “connect and control” customer 3D printers that are connected to the internet.
The person who authored the text file claimed they sent the message to 2.9 million Anycubic 3D printers.
“Disconnect your printer from the internet until anycubic patches this issue,” the text file reads.
