Editing Tweets, Lithuanian Unicorn (NordVPN), Trust Issues, & Ubiquity Legal Battle – ESW #268
Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of “Say” and “Do”, Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: Glilot Capital raises $220 million for fourth Seed fundUnlike other funding pieces we report on, this one is a VC fund intended to partially be used for funding cybersecurity startups. Not a huge fund, until you consider that their aiming for Seed investments, and then it seems huge.
- 2. FUNDING: NordVPN raises its first money, $100M, at a $1.6B valuation$100M round led by Novation. Boom: just like that, we have another unicorn. I have some strong opinions on consumer VPN products, but Nord Security has at least expanded beyond just a private VPN, adding products like password databases, cloud storage, and other offerings.
- 3. FUNDING: Former Amazon exec gives Chinese firms a tool to fight cyber threats – TechCrunch$76M Series E, led by CPE and CDH Investments. ThreatBook is described as threat intel and endpoint security, depending on where you look. The company's founder makes a Crowdstrike comparison and plans to take the company public (in China) in the not-too-distant future. The company also aims to go global with its' product portfolio.
- 4. FUNDING: Coro secures $60M at ~$500M valuation for an all-in, SaaS-based cyber protection platform aimed at SMBs – TechCrunch$60M Series C led by UK-based Balderton Capital. Appears to be another one of these boil-the-ocean approaches that intends to be everything an SMB needs when it comes to security. Godspeed to them, it's an important segment of the market to figure out, since that's where the vast majority of businesses exist and also where they're most vulnerable.
- 5. FUNDING: Airgap Networks Raises $13.4M in Series A Funding$13.4M Series A, led by Storm Ventures. "Airgap delivers an Agentless Zero Trust Segmentation platform with a patented Ransomware Kill Switch™"
- 6. FUNDING: Cybersecurity startup Corsha lands $12M – TechCrunch$12M Series A co-led by Ten Eleven Ventures and Razor's Edge Ventures to "bring MFA to machine-to-machine API traffic". Uh, what? Ah, got it. Later on they clarify how this works: "Corsha toughens those requests with a one-time-use MFA credential built from the machine’s dynamic identity and checked against a cryptographically verifiable distributed ledger network. The API request is only accepted if there is a match between the MFA credential and that machine’s identity, and each API call requires a fresh, one-time-use credential". Seems like this could potentially be used for SaaS authentication as well - it seems like a lot of consumer and business SaaS is still ridiculously easy to attack by stealing session tokens (e.g. OAuth 1.0).
- 7. FUNDING: tru.ID Adds Sorenson Ventures to $9m Seed Round to Scale the Mobile Cybersecurity Platform$9M Seed round, led by Sorenson Ventures. Tru.ID appears to be leveraging the SIM cards built into mobile devices as an additional factor for MFA use cases.
- 8. FUNDING: Nudge Security announces seed funding with Ballistic Ventures$7M Seed round led by Ballistic Ventures (the firm's first investment), Nudge is founded by long-time Alienvault employees Russel Spitler and Jaime Blasco. There aren't a ton of details on what Nudge's product will be, but lots of hints that it takes a more proactive and positive approach in helping employees make good security choices.
- 9. FUNDING: SeeMetrics scores $6M seed to surface key security metrics for CISOs – TechCrunch$6M Seed round, led by Work-Bench, 8VC, AGP, Essence, and others. The plan is to build a product that will provide better metrics/KPIs to CISOs. Not many details yet on how the necessary data will be ingested, analyzed, and presented. Potentially a very interesting product/space - this is fairly unique from what I've seen.
- 10. FUNDING: Polaris Web Protection & Cyber Security$500K Seed round. Singapore-based security startup offering Web Application and API Protection (WAAP)
- 11. FUNDING: Ermetic Receives Strategic Investment from Splunk VenturesFunding details unknown, but this follows a $70M Series B led by Qumra Capital with support from Forgepoint Capital. Appears to be a CSPM vendor.
- 12. ESSAYS: Trust issues: The two sides of Say:DoPart 3 of a great series that focuses on something we don't have enough of in this industry: vendor trust.
- 13. TRENDS: The how and why of raising OT security capital – TechCrunchThere has always been capital available for OT Security startups, but they tended to get less funding than mainstream security startups and were highly focused in the Israeli markets. This article, by Insight Partners' Matt Gatto, suggests there might be (or should be?) increased interest in OT Security in the near future.
- 14. TRENDS: AcidRain – a Modem Wiper Rains Down on EuropeThis is the _seventh_ wiper that Russia has unleashed since the invasion of Ukraine. This isn't something we'd typically report on, except that, if history is anything to go on, we'll be seeing criminal groups leveraging wipers moreso in the future.
- 15. TRENDS: Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber playerWhoever controls the REDSPICE controls $9.9B AUS. Yes, this joke is the only reason this article is here. Aside from the fact that we reported on the White House earmarking some $10B+ for cybersecurity, so I suppose the federal cyber spending trend is spreading?
- 16. REPORTS: Cyber Security Market Industry Analysis, Size, Share, Growth Opportunities, Future Trends, SWOT Analysis, Competition, and Forecasts 2022 to 2030 – Digital JournalBased on the outdated info in the abstract, I wouldn't recommend buying this $4,000 report.
- 17. LEGAL: Ubiquiti Teaches AWS Security and Crisis Comms Via CounterexampleA particularly good writeup from @QuinnyPig on Ubiquiti's poorly advised lawsuit against Brian Krebs.
- 18. RESEARCH: ForAllSecure offering $1K to integrate free fuzzer to open source projectsWe had David on the podcast back on December 23rd, 2021 and found a very unique and interesting approach to discovering software issues. Continuing in the vein of unique approaches, ForAllSecure is now offering $1000 to anyone that will integrate its fuzzer with a popular open source project (>100 stars).
- 19. SQUIRREL: Elon Musk to join Twitter’s board of directors, teases ‘significant improvements’
- 20. SQUIRREL: Trung Phan on Twitter
- 21. SQUIRREL: Editing of Tweets is a bad idea. Here’s why.