Microsoft Storm, WormGPT, Century of the Linux Desktop, & IronNet’s Public Run – ESW #324

Adrian Sanabria

1. FUNDING: Secure Code Warrior lands $50M to educate developers on best cyber practices

   $50M Series C led by Paladin Capital Group.

2. FUNDING: Vendict raises $9.5 million for its generative AI GRC tool

   $9.5M Seed Round led by NFX, Disruptive AI, and Cardumen Capital. GenAI for responding to security questionnaires.

3. FUNDING: SpecterOps Raises in $8.5M Series A Extension – FinSMEs

   $8.5M extension to $25M Series A in April, for a total $33.5M Series A. Led by Ballistic Ventures. Kevin Mandia, the CEO and founder of Mandiant, will serve as an Observer to SpecterOps’ Board of Directors.

4. FUNDING: Cove, an AI-powered safety layer for the web

   $5.8M Seed, led by Thrive Capital.

5. FUNDING: PrivacyHawk Raises $2.7 Million to Pioneer the Personal Data Protection Market
6. FUNDING: Teleskope Raises $2.2M in Pre-Seed Funding
7. ACQUISITIONS: Jamf announces its acquisition of dataJAR, a leading Apple technology managed services provider
8. ACQUISITIONS: Graylog Acquires Resurface.io

   Reportedly an asset acquisition. 4-year old Resurface (API security) had raised $5.3M with the last round in August 2022. 11-year old, Houston-based GreyLog (Security Operations, Log mgmt) has raised $27.4M, with the last round raised in 2021.

9. DELISTING: IronNet Announces Intention to Voluntarily Delist Securities from New York Stock Exchange
10. MARKET TRENDS: Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity
11. BREACHES: Analysis of Storm-0558 techniques for unauthorized email access

    We just released a blog on this, at my day job! https://www.valencesecurity.com/resources/microsoft-storm-0558-saas-breach

12. BREACHES: “Millions” of sensitive US military emails were reportedly sent to Mali due to a typo
13. BREACHES: Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack
14. BREACHES: Microsoft Bows to Pressure to Free Up Cloud Security Logs
15. HOWTO: How to be a security person that engineers don’t hate
16. HOWTO: How to securely build product features using AI APIs

    are emerging capabilities, and there is time-pressure to launch transformative features. Security teams need to enable their businesses to grow and succeed in this environment. That means rapidly coming up to speed on the risks of these sorts of product features. More importantly it means awareness of the pragmatic set of controls emerging to reduce these risks.

17. HOWTO: How to detect suspicious activity in your AWS account by using private decoy resources
18. HOWTO: Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting – Rezonate
19. TOOLS: WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
20. REGULATION: National Cybersecurity Strategy Implementation Plan
21. REGULATION: The Biden administration is tackling smart devices with a new cybersecurity label
22. NEW FEATURES: AWS Fault Injection Simulator adds new actions for Amazon EKS and Amazon ECS
23. AI NEWS: Google plans to scrape everything you post online to train its AI

    From one of my favorite researchers, Paperghost, aka Christopher Boyd!

24. SQUIRREL: Linux has nearly half of the desktop OS Linux market
25. SQUIRREL: James Cameron on AI: “I warned you guys in 1984 and you didn’t listen”