Security Weekly
Enterprise Security WeeklySubscribe
Vulnerability Management, Malware, Security Staff Acquisition & Development

Zombies, Gen Z VS Boomers, ICMs, & Australian Breach Fines – ESW #294

Finally, in the enterprise security news, The company behind Basecamp and the Hey.com email service pulls anchor and exits the cloud, Your self-hosted Exchange Server might be a problem…Is Confidential Computing for suckers? Gen Z and Millennials found not taking things seriously in, survey fielded by Boomers, Industrial Cybersecurity Market expected to take off, Github adds fine-grained personal access tokens, Australia not playing around anymore, jacks up breach fines more than 20x, Layoffs and exit troubles, & more!

Full episode and show notes

Announcements

  • Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.

Hosts

Product Marketer and Content Strategist at OX Security
Chief Product Officer at CyberSaint
  1. 1. FUNDING: 33N Ventures launches for investment in cybersecurity and infrastructure companies

    "The firm is currently fundraising a vehicle of $145 million which is designed to invest in cybersecurity and infrastructure software companies across Europe, Israel, and the U.S. It is understood that it will target investments at Series A and B, with an average ticket size of around $9.7 million."

  2. 2. FUNDING: Data protection startup Anonos raises $50M for PII pseudonymization

    $50M debt financing round via Ghost Tree partners and Aon. Product aims to protect PII by anonymizing it (sounds similar to tokenization?).

  3. 3. FUNDING: HYCU Receives Strategic Investment from Okta Ventures

    The amount of this Series B extension (from Okta Ventures) wasn't shared, but will be added to the $140M raised so far. Self describes as "the world’s fastest growing multi-cloud and hybrid IT data protection as a service company."

  4. 4. FUNDING: Corsa Security Drives Forward with Additional $10 Million Funding

    Appears to be playing in the firewall orchestration space. This is the company's second Series D extension since 2019, with all three led by Roadmap Capital.

    Adrian's Take: "Corsa means 'Race' in Italian and is the most performance mode in most modern Lamborghinis. Less clear is the company's structure and history. Corsa has three co-founders, though one joined the company in 2011, one in 2019, and one in 2021?"

  5. 5. FUNDING: OutThink Raises $10 Million in Seed Round

    $10M Seed led by AlbionVC, describes itself as a "cybersecurity human risk management platform"

  6. 6. FUNDING: Velotix Raises $10M in Seed Funding

    $10M Seed round. Israel-based data security startup. Self describes as an "AI-driven data protection and access permissions platform."

  7. 7. FUNDING: Blockchain Security Company Hexens Raises $4․2 Million in Seed Funding Led by IOSG Ventures

    $4.2M seed round led by IOSG Ventures. Services firm that focuses on blockchain-related audits and penetration tests.

  8. 8. ACQUISITIONS: Palo Alto in negotiations to acquire Cider Security for $200 million

    If at first you don't succeed, try, try again.

  9. 9. EXIT TROUBLES: Palo Alto deal to acquire Apiiro falls through

    Apiiro is going to raise money instead.

  10. 10. EXIT TROUBLES: Cybereason looking for buyer after IPO falls through

    Market conditions claim another victim? The Wall Street Journal reported in June that the company laid off 140 employees.

  11. 11. LAYOFFS: Cyber unicorn Snyk to sack 198 employees, 14% of workforce

    The first major layoff announcement since August, this is a relatively big one.

    "The company said at the time that the changes were being made in order to accelerate its plans by a full year to become free cash flow positive in 2024."

  12. 12. VC TAKE: The 13 most promising cybersecurity startups of 2022, according to VCs
    1. At-Bay - Cybersecurity Insurance MGA - $292M raised
    2. Salt Security - API Security - $271M raised
    3. Noname Security - API Security - $220M raised
    4. Drata - Compliance Automation - $128M raised
    5. Veza - Data Security - $113M raised
    6. Securiti - AI stuff? - $81M
    7. Chainguard - Software Supply Chain Security - $55M
    8. Auditboard - Compliance software - $43M
    9. R2C - SAST (maker of Semgrep) - $43M
    10. Tines - SOAR - $42M
    11. Hummingbird - Anti-Fraud - $38M
    12. Incident.io - Automated Incident Reporting - $38M
    13. FireHydrant - Incident Response and Management - $32.5M
  13. 13. NEW COMPANY: Nudge Security emerges from stealth

    Adrian's take: "An intriguing approach, Nudge Security detects SaaS apps in use by monitoring Google Workspace and Microsoft 365. As new SaaS apps show up, the company's software will 'nudge' employees to configure these SaaS apps more securely. It seems similar to CSPM, but for SaaS apps (I'm sure Gartner is working on an acronym)."

  14. 14. HOT TAKES: the company behind Hey.com and Basecamp vocally ditches AWS and GCP

    TL;DR: DHH says, "Renting computers is (mostly) a bad deal for medium-sized companies like ours with stable growth. The savings promised in reduced complexity never materialized"

    Check out the accompanying podcast to dig deeper and hear more details: https://www.rework.fm/leaving-the-cloud/

  15. 15. HOT TAKES: Your Microsoft Exchange Server Is a Security Liability

    Is this a surprise to anyone?

  16. 16. HOT TAKES: Confidential Computing Is for the Tinfoil Hat Brigade

    TL;DR - confidential computing solves a non-problem unless you're dropping computing hardware into hostile, untrusted territory.

  17. 17. ESSAY: You should have lots of AWS accounts

    TL;DR - put your eggs in many baskets.

  18. 18. BREACHES: BlueBleed

    TL;DR - Microsoft apparently left a bucket open with highly confidential customer data. It was open long enough for search engines to index the contents. Bit of a mess.

  19. 19. POC: Contextualize honeypot alerts automatically with GreyNoise, runZero, Thinkst Canary, and Tines

    Use case that combines the capabilities of Thinkst Canary, Tines, GreyNoise, and runZero.

    Adrian's Take: "An interesting look at how a group of highly functional early stage security products can be used to create compelling automations with minimal effort."

  20. 20. TRENDS: Gen Z and millennials less serious about cybersecurity on work-issued devices than personal, according to new EY Consulting survey
  21. 21. TRENDS: Industrial Cybersecurity Market Expected to Soar in Next Decade
  22. 22. NEW FEATURES: Introducing fine-grained personal access tokens for GitHub

    No more giving access to ALL YOUR REPOS for a simple, narrowly scoped integration!

  23. 23. FREE TOOLS: Chainguard open sources OSQuery detection & response ruleset

    "I'm proud to announce that we've open-sourced our #osquery detection & response ruleset: https://github.com/chainguard-dev/osquery-defense-kit

    It contains 130+ production-ready queries we found useful for detecting malware & other anomalous behavior on our endpoints, designed with alerting in mind."

  24. 24. FREE TOOLS: SCuBA M365 Security Baseline Assessment Tool
  25. 25. FREE TOOLS: JSubFinder – Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets
  26. 26. REGULATIONS: Australian gov plans to increase data breach penalties 20x or more

    Catalin Cimpanu reports that Australia plans to increase the breach fine from AUS$2.22M to whichever is the greater of the following three options: - $50M - 3x the value of any benefit obtained through the misuse of info - 30% of a company's adjusted turnover in the relevant period

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

Related

I want ALL The Firmware – PSW #841

This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux malware, call this number, finding all the Wordpress plugin vulnerabilities!