FTC Against Drizly’s CEO, 12 Funding Announcements, Cisco Meraki, & MFA Trends – ESW #295
Finally, in the enterprise security news, 12 funding announcements, 1Password acquires Passage, Layoffs continue with another round at Cybereason, FTC takes action against Drizly’s CEO, everything you need to know about new US data privacy legislation, Cisco Meraki devices in Russia go POP! Young silicon valley workers are in for a shock, Ransomware trends, MFA trends, US officials say tech companies need to build secure products, All that and lots more, on this episode of Enterprise Security Weekly!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- 1. FUNDING: Versa Networks Secures $120M Financing in Pre-IPO Round Led by BlackRock to Capitalize on Rapidly Growing SASE Market
- 2. FUNDING: Binary Defense Raises $36 Million From Invictus Growth Partners to Propel Rapid Expansion as the Most Trusted MDR Platform
- 3. FUNDING: Sepio announces series B funding, supporting growth in expanding its sales organizations and allocating resources toward the product roadmap
$27M Series B, led by US Venture Partners. "Physical-layer-based Asset Risk Management"
They REALLY want us to know Lane Bess contributed to this round, because he took a trip to space with Jeff Bezos.
- 4. FUNDING: Valence Security raises new cash to secure the SaaS app supply chain
$25M Series A led by M12 (MSFT). Collaborative SaaS Security (SSPM).
- 5. FUNDING: PreVeil Raises $20M in Series C Funding – FinSMEs
- 6. FUNDING: Spyderbat Nabs $10M Series A Funding Round
$10M Series A led by NTTVC. "Cloud native runtime security"
- 7. FUNDING: Alethea Closes $10M Series A Financing Led by Ballistic Ventures
$10M Series A led by Ted Schlein and Kevin Mandia. Using ML to identify disinformation and social media manipulation. Designed for use by threat intel teams.
- 8. FUNDING: BluSapphire raises $9.2 Mn in Series A
$9.2M Series A, led by Barings PE India. SaaS-based SOC/XDR stack. Not to be confused with the vape brand.
- 9. FUNDING: Data security company Bearer closes seed round at $8 million
$4M add-on to total an $8M Seed round, led by Alven. Data security SaaS company based in Paris.
- 10. FUNDING: Atlanta Inno – Atlanta startup Arnica raises $7M as it enters growing cybersecurity market
$7M Seed round, led by Joule Ventures.
- 11. FUNDING: Perygee Raises $4.75M in Seed Funding
$4.75M Seed round led by Ballistic Ventures. "Boston, MA-based company providing a lightweight and complete security platform for Internet of Things (IoT) and Operational Technology (OT)"
- 12. FUNDING: Cybersecurity Startup Protexxa Raises $4 Million in Seed Funding to Protect Businesses and Individuals Online as Cybercrime Accelerates
- 13. ACQUISITIONS: Passage is joining 1Password!
- 14. LAYOFFS: Cyber unicorn Cybereason sacks 200 employees, 17% of workforce
The second round of layoffs for Cybereason in 2022. The first saw 140 employees (10%) get cut on June 1st. This round sees 200 more employees (17%) out the door. Most are non-US, with 50 of the layoffs in Israel.
Recently, a confidential IPO filing fell through and it seems like they could be struggling to find a buyer at their desired valuation price, which may or may not be realistic, given the market correction (are they really worth $5bn??? What’s the multiple?)
- 15. REGULATIONS: FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
It's not just Joe Sullivan taking the heat on security responsibility here - the CEO of Drizly is personally impacted here as well (though he's not going to jail or anything).
- 16. REGULATIONS: What You Need to Know About the U.S.’s Forthcoming Data Privacy Legislation
- 17. SANCTIONS: Cisco disables Meraki networks in Russia
From the Risky Biz News newsletter: US networking equipment vendor Cisco allegedly disabled WiFi networks managed through its Meraki service in Russia. According to multiple online reports, the company failed to give customers any warning and just renamed all networks in Russia as "12345-Sanctions."
- 18. TRENDS: The fate of the world economy may depend on what happens to a company most Americans have never heard of
More of a national security story than an information security story, but relevant all the same.
- 19. TRENDS: Young Silicon Valley workers are in for a rude awakening as industry giants make major job cuts and ditch ambitious projects for the first time in their careers
It's easy to make fun of if you've never had access to fancy FAANG/MANTA perks, but then, these perks can make a big difference when you're paying $4k/mo for a 650sq ft efficiency in San Fran, which is not a position I've been in.
- 20. TRENDS: New LinkedIn profile features help verify identity, detect and remove fake accounts, boost authenticity
All the social media platforms are starting to feel pressure to deal with bot and fraud problems!
- 21. HOT TIPS: 4 ways cybersecurity startups can boost adoption and shorten time to value
- 22. HOT TIPS: Step 0: Create A Risk Register
- 23. REPORTS: The State of Crypto Security
Spoiler: it's bad.
- 24. REPORTS: Ransomware Victims and Network Access Sales in Q3 2022
- 25. REPORTS: A CISO’s Guide to Legal Risks and Liabilities
STEP1: Don't knowingly break the law to protect your employer STEP2: ...
- 26. REPORTS: Financial Trend Analysis – Ransomware Trends in Bank Secrecy Act Data between July 2021 and December 2021
- 27. BEST PRACTICES: CISA – Implementing Phishing-Resistant MFA
- 28. BEST PRACTICES: CISA – Implementing Number Matching in MFA Applications
- 29. CYBERCRIME: Young Finnish man detained in absentia over data breach at Vastaamo
This one is a big deal to me, because Vastaamo is the second largest company on my "Destroyed by Breach" list. https://docs.google.com/spreadsheets/d/15CTPcgZQenWKDLDTQ2ibveUM4i7Of_n20TzdTi23xcg/edit?usp=sharing
- 30. CYBERCRIME: Hackers selling access to 576 corporate networks for $4 million
Access to 576 corporate networks for only $4 MILLION dollars? That's a steal! At less than $8000 per network, could a security vendor do more good buying access to compromised companies and just fixing them, instead of building and selling a product?
- 31. CAPTAIN OBVIOUS: U.S. Officials Say Tech Companies Must Build Secure Products
The title of this article causes me physical pain. So does the content.
- 32. NEW FEATURES: Advanced Microsoft Authenticator security features are now generally available!
Better late than never! Something good comes out of the (most recent) Uber hack.
- 33. NEW TOOLS: Artemis: Hunt For Security Issues In Source Code
From README.md: "Artemis is an extensible source code scanning tool developed by the Warner Bros. Discovery Application Security team that provides a single interface for running multiple security analysis tools against a source code repository, regardless of the contents of the repository. Artemis can scan repositories in different GitHub, GitLab, Bitbucket, or Azure DevOps organizations from a single, unified platform."
- 34. BREACHES: Incident Report: Employee and Customer Account Compromise – August 4, 2022
The incident report for the Twilio breach has been finalized.
- 35. RESOURCES: Top 10 resources about the business of cybersecurity
A list of great cybersecurity resources! Somehow, they forgot to include ESW, but we can overlook that.
- 36. SQUIRREL: Malwarebytes marketing misses the mark, makes amends