Positron AI Named Top 50 Startups of 2024, 54 Million Credit Cards Exposed in Retail Breach, and Notorious Infostealer Upgraded with AI Capabilities
Frontiers of AI & Cybersecurity from the provider of seed capital to startups pushing boundaries of AI & Cybersecurity
Announcements - Oakseed AI Demo Day 12/4 4pm PST
Oakseed is proud to present a demo day for its selected AI startups for investors and friends to have a peak of how AI is and will be like in the future.
A special feature of this demo day is a panel with their enterprise customers, sharing real-life stories of how AI and these startups are improving their work, and have a healthy debate as to where AI is headed.
When: Wednesday December 4th 4:00 to 5:30 PM PST
Where: Zoom
Register here: https://lu.ma/f168vgxx
Oakseed Portfolio News
Positron AI is listed as one of The Information’s 50 Most Promising Startups for 2024! In just 18 months, it has gone from concept to shipping Atlas, making LLMs accessible and affordable to more businesses. Read more about Positron’s success here.
Atlas Cloud is available for trial for customers interested in a higher performance, lower cost solution compared to Nvidia H-100 and many other AI chip solutions. Contact the team here.
Ridge Security wins Top Infosec Innovator Award 2024. In its 12th year, Top Infosec Innovator Awards recognize the most innovative cybersecurity companies shaping the future of the industry. Ridge wins Breakthrough Award for AI in Continuous Threat Exposure Management (CTEM).
Beyond the Headlines: Our Expert Take
Infostealers have emerged this year as a powerful attack vector for data breaches. 54 million credit cards and other information was compromised in a retail data breach. The attack was made possible by first successfully attacking a third-party vendor of the retailer, demonstrating the need to protect complex, distributed systems and develop technology to create security out of insecure pieces.
CYBERSECURITY HEADLINES
Data Breach of Fashion Retailer Hot Topic Exposes 54 Million Customer Credit Cards
In one of the “largest retail breach[es] in history,” a hacker called ‘Satanic’ or ‘Dark X’ stole 680 GB of data, including 54 million credit cards, full names, addresses, phone numbers, and emails. It is believed the breach occurred after an employee at a third-party analytics firm, Robling, was infected with an infostealer. The hacker claims that this was facilitated through “a lack of MFA on Snowflake.” Infostealers have emerged this year as a powerful attack vector for data breaches; in addition to the Hot Topic breach, three of the five biggest data breaches of 2024 were accomplished using infostealers. Together, these three incidents have an estimated $137.8 bn of impact and contain 770 million leaked records. (PC Mag, Cyber News, Hudson Rock)
Security Researchers Discover Critical Vulnerabilities in Mazda Cars Leading to Arbitrary Code Execution
Researchers at Zero Day Initiative discovered six vulnerabilities associated with not sanitizing user input within the Mazda Connect Connectivity Master Unit, a computing system installed on multiple Mazda car models. They demonstrated that an attacker with a specially crafted USB can exploit these vulnerabilities to achieve “arbitrary code execution with root privileges,” one of the most severe types of exploits. The researchers demonstrated that attacks can be successfully exploited within the span of a few minutes, making affected vehicle models vulnerable to attack during the span of time it takes a valet or rideshare to take place. Mazda has released an update, so that cars with updated firmware will no longer be vulnerable to USB attacks relying on these vulnerabilities. (Zero Day Initiative, Hackread)
AI HEADLINES
$4.2 Million Startup Conflixis Uses AI to Discover Corruption in Healthcare Systems
Conflixis, a startup founded last year, raised $4.2 million in seed funding. Conflixis’s AI-powered risk engine analyzes risk factors to ensure “every financial relationship is known, contextualized, and its influence on procurement, operational, and medical decisions understood.” The startup advertises its ability for clients to “identify and manage conflicts, ensuring decisions are made in a fair and transparent manner,” assisting organizations in fulfilling compliance requirements. Conflixis’s next steps are to expand its “library of evidence-based influence models, including predictive spend capabilities powered by peer-reviewed data.” (Business Wire, Tech Crunch, Conflixis).
Austrian Company Incorporates AI Into Binoculars to Automatically Identify Animal Species
An Austrian optical products company, Swarovski Optik, has released AI-powered binoculars for species identification. The AX Visio contains an onboard computer that can identify over 9000 avian species in real-time, as well as mammal and insect species. While these smart binoculars are marketed as a luxury hobbyist birdwatcher/nature observer item, they can also be used in ecological research, particularly as the AI learns to identify more species. The AX Visio “marks a paradigm shift in the technology of binoculars by making them a more useful tool able to seamlessly identify animals and capture images and video on the same device,” demonstrating that AI can be used to revolutionize all areas of life. (Wired, Swarovski Optik)
AI + CYBER HEADLINES
Rhadamanthys Infostealer Upgraded with AI Capabilities in Large-Scale Phishing Campaign
Security researchers from Check Point Research have discovered a newly upgraded version of the Rhadamanthys Infostealer, which has been dubbed “CopyRh(ight)adamantys.” Attackers are using this new version of the infostealer in a large-scale phishing campaign that uses targeted, malicious emails that convince victims to download files contaminated with the infostealer. Not only are attackers using AI for assistance writing more convincing phishing emails, but the infostealer itself has also been upgraded with AI capabilities, which are mainly focused on extracting cryptocurrency-related sensitive information. The campaign is likely being run by a profit-driven threat actor, and is focused on scaring victims into believing they have committed copyright fraud on their social media accounts. (Check Point, Forbes, Security Affairs)
Cybersecurity Company Camelot Secure Builds ‘AI Wizard’ to Help Organizations Achieve Cybersecurity Compliance Goals
A cybersecurity company called Camelot Secure began building an AI tool for companies to understand and fulfill requirements of the Cybersecurity Maturity Model Certification (CMMC) by the US Department of Defense. The tool, called ‘Myrddin,’ “provides answers and guidance to IT teams undergoing CMMC assessments.” Jacob Birmingham, Camelot Secure’s VP of Product Development, noted that the company build Myrddin because it “noticed that many organizations struggled with interpreting and applying the intricate guidelines of the CMMC framework,” leading to errors and difficulties in getting certified. Myrddin has been integrated into Camelot Secure’s official platform of offerings after several years of developments, and is available for organizations now. (CIO, Camelot Secure)
Thanks for reading this week’s newsletter! If you have news of an interesting novel development, reach out and we may include your story in our next post!
Until next time,