PeaceNoToWar, NortonLifeLock Pending UK Inquiry, RSA Con, & Space Force Insignia – ESW #265
This week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, & Incident Reporting Signed into Law, & more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. FUNDING: Cowbell raises $100M to offer organizations continuous cyber insurance
- 2. FUNDING: SG tech startup Silent Eight raises $40m in Series B funding
- 3. FUNDING: SafeBase bags $18M Series A to speed up vendor security auditing process – TechCrunch
- 4. FUNDING: Network discovery and asset inventory leader Rumble announces $15M Series A led by Decibel Partners
- 5. FUNDING: Hackuity Emerges From Stealth With $13 Million in Funding
- 6. FUNDING: OneLayer Emerges From Stealth With $8.2M to Build Security for Private 5G Networks
- 7. ACQUISITION: Veracode Announces Significant Growth Investment from TA Associates - In 2017, CA Technologies acquired Veracode for $614M in cash. About a year and a half later, when CA was acquired by Broadcom, Veracode was spun out to Thoma Bravo for $950M in cash. This week, TA Associates announced a deal to become majority owner (with Thoma retaining a minority stake). The deal values Veracode at $2.5B, suggesting a continued, healthy growth in value for the AppSec vendor.
- 8. ACQUISITION: Crosspoint Capital Partners Leads Acquisition of RSA Conference - PE firm Crosspoint Capital along with STG (who acquired RSA along with McAfee, FireEye and other legacy industry behemoths) will break out the RSA Conference as an independent event company. There aren't a lot of large, independent cyber security event companies out there, so it will be interesting to see how long RSAC remains independent, or whether it considers expanding or making acquisitions of its own.
- 9. ACQUISITION: SentinelOne to Acquire Attivo Networks for $616M - This is a Big Deal (puns always intended). Attivo Networks is best known as a deception vendor, which will always hold a special place in my heart for using "Decepticons" within their product naming scheme. Though it looks like the company's AD products were a pivot, the company is still heavily focused on detecting attackers after they get in (lateral movement, in other words). As EDR vendors like SentinelOne evolve into XDR vendors, the focus moves from being a point product to a more holistic platform to "detect bad things" happening internally. As part of that larger platform, this deal makes a lot of sense. Attivo lists 7 products now, so SentinelOne gets a lot for their money here. Money raised was $60M - returning 10x to investors isn't too shabby, especially as the number of vendors looking for large exits increases.
- 10. ACQUISITION: Calian Completes Acquisition of US Managed Service Provider Computex
- 11. ACQUISITION: CyberRes Completes Acquisition of Debricked to Further Expand Software Supply Chain Security
- 12. ACQUISITION: Booz Allen Acquires Government Security Consultancy EverWatch – ChannelE2E
- 13. ACQUISITION: CTSI Announces Acquisition of Enterprise Security Solutions
- 14. ACQUISI-OOPS: NortonLifeLock’s acquisition of Avast on hold pending UK inquiry – SiliconANGLE - The UK has been increasingly flexing its anti-competitive muscles when it comes to big tech, notably giving FAANG companies like Facebook a hard time when it comes to acquisitions. NortonLifeLock, has already been broken into a fraction of the company it once was, so the irony of anti-trust concerns isn't lost on us.
- 15. SUPPLY CHAIN: Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine - This is a wild ride and well worth reading the full article. The node-ipc maintainer decided to use their position to push protest messaging and then took the step of doing actual damage to systems geo-located as Russia or Belarus. Malicious versions of node-ipc have been deprecated and mostly handled. The larger issue is one of trust between package maintainers and the software dependent on these packages. RIAEvangelist, the node-ipc maintainer, is still the active maintainer of 40 other npm packages. Should we continue to use and trust any other packages RIAEvangelist has access to? What happens when they decide to protest the US? What about any other individual maintainer that could do something like this at any time? At a minimum, organizations need two things: the ability to detect when something goes awry with a project and a plan of action when it does. For example, the addition of a module called "peacenotwar", use of base64 encoding, and other shenanigans gave multiple opportunities to spot this particular incident as it unfolded. As for immediate action, I suspect most folks locked on a known good version of node-ipc as they monitored the situation. Long term decisions are tougher: do you migrate off vue.js? What are the chances the replacement you choose won't run into the same issue?
- 16. INTEL: CISA adds 15 vulnerabilities to list of flaws exploited in attacks
- 17. Cloudflare unveils email security tools following acquisition
- 18. Here There Are Monsters
- 19. NEW COMPANY: Command Zero, led by Dov Yoran - Headed by Dov Yoran (brother of Amit Yoran, CEO of Tenable), Command Zero is still in stealth, but looks to be assembling most of the crew manning the ThreatGRID ship that was sold to Cisco back in 2014. Aside from Yoran (CEO), this crew so far includes Dean De Beer (CTO), Eric Hulse (Director of Research) and Scott Dunlop (Architect). Other significant hires include Christopher Scott (Senior Director, Technical PM) and Alfred Huger (Co-Founder). Looks like most folks are joining directly from Cisco, so I've got to wonder if Cisco Ventures might be bankrolling the seed round here, or if this is totally removed from ThreatGRID's acquirer.
- 20. LEGISLATION: Biden signs cyber incident reporting bill into law
- 21. SQUIRREL: Quincy man travels into Ukraine to rescue co-worker and family - "he eventually traded his wristwatch for a 15-year-old Toyota that was low on oil and needed duct tape to keep the hood in place"
- 22. SQUIRREL: i have discovered the emblems of the various units of the US Space Force (Ben on Twitter)