Enterprise Security Weekly Subscribe

Zimperium, Crypto Heists, NPM Attack, $11B For CyberSec, & a Threat to SPACs – ESW #267

March 31, 2022

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

1. FUNDING: TokenEx Raises $100M in Series B Funding
$100M Series B, led by K1 Investment Management. Tokenization isn't new to market and is often associated with the CASB market, though it can be considered a standalone technology. It's certainly a useful approach: instead of exposing sensitive data to risk, you replace it with a token. In the (often rare, depending on use case) case someone needs to view the actual sensitive element, they can do that in a more protected manner through a different workflow.
2. FUNDING: Cyera raises $56 million Series A for cloud data security platform
Sure, let's call the company Cyera, it's only one letter different from Cyvera, which PANW acquired for $200M in 2014. No one remembers that. Funding "led by Sequoia Capital, alongside Accel, and Cyberstarts. René Bonvanie, CMO Emeritus of Palo Alto Networks, also participated in the financing and joined the board, with Armis Security co-founders Yevgeny Dibrov and Nadir Izrael also taking part." Sounds like it aligns with what we're seeing advertised as "Data Security Posture Management". There aren't a whole lot of tools in the cloud that discover, categorize, and track what data is being used or stored where, which is the gap Cyera is looking to fill.
3. FUNDING: Compliance and security startup Theta Lake raises $50M for commercial expansion – SiliconANGLE
$50M Series B, Led by Battery Ventures with Lightspeed Venture Partners, Neotribe Ventures, Cisco Investments, RingCentral Ventures, Salesforce Ventures and Zoom Video Communications Inc. also participating. Including the new funding, The company has raised more than $70 million to date. Theta Lake is a data security vendor that uses NLP and other techniques to detect security and compliance issues across data that isn't typically well analyzed or tracked (voice, video, chat, email, documents). Integrates with collaboration tools, comms tools, meeting software, etc
4. FUNDING: Cyberpion raises $27M Series A for its external attack surface management platform – TechCrunch
$27M Series A, led by US Venture Partners with existing investors Team8 and Hyperwise participating. Cyberpion is an external attack surface management (EASM) tool. The only differentiator I'm seeing between this and other EASM tools is that, if they spot a subdomain takeover risk, it sounds like they're saying that they'll go ahead and do the takeover so no one else can.
5. FUNDING: Wing Security launches its end-to-end SaaS security platform, raises $26M – TechCrunch
$20M Series A led by GGV Capital (the other $6M was the seed round). Claims to automatically discover, monitor, and automatically remediate security issues related to 3rd party SaaS tools in use by employees.
6. FUNDING: Cloaked raises $25M Series A – TechCrunch
$25M Series A, co-led by Lux Capital and Human Capital. Founded by the sartorially-aware Bhatnagar brothers, Cloaked appears to be a B2C going after the privacy market by generating fake identities with throwaway email addresses and phone numbers.
7. FUNDING: Nucleus Security generates $20M for unified vulnerability management
This is a $20M Series B, led by Lead Edge Capital. Nucleus seems to be going after the vulnerability prioritization market, along side Cisco-acquired Kenna and remediation-pivoted Vulcan Cyber. A bit late to market, I couldn't find any real differentiators on their website.
8. FUNDING: Clear Skye lands $14M to simplify identity governance on ServiceNow
9. FUNDING: Cybersecurity Startup Hackuity Emerges Out of Stealth With a €12M funding
10. FUNDING: Skiff bags $10.5M to build private/collaborative workspaces – TechCrunch
11. FUNDING: Apono raises $5 million Seed round for permissions management platform
12. FUNDING: Cleveland Inno – AgileBlue raises $3M, adds Tribeca ESP as investor
13. FUNDING: Secfense raises $2 million in its next investment round
14. ACQUISITIONS: Mobile security firm Zimperium to be acquired by Steven Mnuchin’s private equity group
15. TRENDS: Startup Self-Repricing as a Recruiting Tool by @ttunguz
16. SUPPLY CHAIN: Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
17. THREATS: A Beautiful Factory for Malicious Packages
18. THREATS: Pwning Microsoft Azure Defender for IoT
19. BREACHES: Hackers Steal About $600 Million in One of the Biggest Crypto Heists
20. BREACHES: Philip Stafford on Twitter – “Just the six days to notice $600m had gone”
21. FEDERAL: White House Proposes $10.9 Billion Budget for Cybersecurity
22. REGULATIONS: PCI DSS 4.0 – The Ultimate Guide
23. REGULATIONS: SPAC crackdown: SEC proposes new rules stripping its advantages over traditional IPOs
24. NEW PRODUCT: F8th Inc.
"Protects against account and session takeovers, web bots, and insider threats". Pronounced "faith"??
25. NEW PRODUCT: SandboxAQ Launches with Prominent Investors Including T. Rowe Price, Eric Schmidt, Breyer Capital, Guggenheim Partners and Thomas Tull, and Customers Including Vodafone Business, Mt. Sinai Health System and Wix
26. NEW PRODUCT: Threat Jammer. Risk assessment for your peace of mind
27. NEW PRODUCT: Bandura Cyber relaunches as ThreatBlockr with a new solution to block malicious network traffic – Genre Lyrics
28. SQUIRREL: Dyson’s bizarre new headphones have a built-in air purifier
https://www.theverge.com/2022/3/30/23000577/dyson-zone-noise-cancellation-headphones-built-in-air-purifier

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

https://www.90degree.vc/

Related

Cybersecurity in the Cloud: Lessons for Businesses and Beyond – Melina Scotto – CSP #206

December 24, 2024

Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, concluding with advice for future cybersecurity professionals. This segm...

Day in the Life of a CISO, as They Consider Personal Risks and New Defenses in 2025 – BSW #376

December 16, 2024

In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more!

The CISO’s Vital Role, As They Step Away and Companies Seek Top Cyber Talent – BSW #375

December 9, 2024

In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more!