Plaintext: Banking Crisis, ChatGPT, Patch Tuesday

Welcome back to Dark Reading in Plaintext, now coming to you as a weekly newsletter. In this issue of Plaintext, we reflect on the hectic activity surrounding Silicon Valley Bank this week and the impact on the cybersecurity VC ecosystem. We also look at today's Patch Tuesday update, which includes fixes for two zero-day vulnerabilities.

What Happened to the Money?: Last week's stunning collapse (and timely rescue) of Silicon Valley Bank could hamper the ability of venture-backed cybersecurity startups to raise capital. Silicon Valley Bank was the leading source of that financing, says Rob Ackerman, founder and managing director of AllegisCyber Capital, and investors will be "even more cautious than they were" in the aftermath. If the bank had shut down, it would have been a big loss for the venture capitalist community, as well, as it would mean the loss of a trusted partner who understands how VCs operate, he says.

Public reports show some 500 cybersecurity companies banked with SVB, says Richard Stiennon, chief research analyst at IT-Harvest. The liquidity crisis meant these companies faced the prospect of not being able to make payroll. The swift intervention of?The Federal Reserve ,?The Bank of England ,?and HSBC ?over the weekend now ensures these companies have access to their funds.

"We are taking decisive actions to protect the U.S. economy by strengthening public confidence in our banking system." (a statement from Treasury Secretary Janet Yellen, Federal Reserve Board Chair Jerome Powell, FDIC Chairman Martin Gruenberg)

Microsoft Fixes Zero-Days: Microsoft fixed 74 vulnerabilities as part of this month's Patch Tuesday security update. Security teams should prioritize two zero-day vulnerabilities, one in Microsoft Outlook's authentication mechanism and another that's a Mark of the Web bypass. An attacker could just trigger the Outlook flaw by sending a maliciously crafted message. The very first Patch Tuesday was back in 2003, when Microsoft pledged to roll out security updates on a set schedule to help network administrators keep up with all the patches. The fixed-schedule approach has become a standard industry practice and several companies have their own update schedules, including Oracle (once a quarter) and Adobe (once a month on Tuesday).

What We Are Reading

• The fact that employees are submitting sensitive business data and private data into ChatGPT raises concerns about the possibility of proprietary data being leaked.
• Security companies are incorporating ChatGPT into their platforms to deliver new features.
• With more than 700,000 cybersecurity jobs available, now is the time to jump-start your cybersecurity career .

On-Air

Tune in to our on-demand webinar Threat Hunting Today: The Tools and Techniques That Get You Out In Front of Criminals for insights on developing an internal threat hunting program.

"Good hunting drives good engineering." (Chris Crowley, senior instructor, SANS Institute)

From Our Library

Check out some of the latest reports from our?Dark Reading Library .

• Tech Insights (Feb 2023):?Emerging Cyber Vulnerabilities That Every Enterprise Should Know About
• Tech Insights (Feb 2023):?Shoring Up the Software Supply Chain Across Enterprise Applications
• Supple chain on our mind: State of the Supply Chain ?research report.
• The first report based of the 2022 Dark Reading Strategic Security Survey:?How Enterprises Are Attacking the Cybersecurity Problem Report

On That Note

Join us on March 23 for Dark Reading's first Virtual Event of 2023, "Emerging Cybersecurity Technologies: What You Need to Know." Our keynote speakers are Chenxi Wang, Ph.D. and Martin Fisher . There will be panels on securing the hybrid workforce, protecting cloud assets, and deploying next-generation security operations. Register here.