Funding, SentinelOne/Wiz rumors, Layoffs, NordVPN’s skunkworks, ChatGPT Enterprise – ESW #330
There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and removes it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D
Announcements
Security Weekly listeners: InfoSec World 2023 is just weeks away! Have you registered to join over 2,500 cybersecurity experts on September 25-27 in Lake Buena Vista, FL? InfoSec World is your gateway to a world of knowledge and growth. Don't miss the chance to enhance your career, connect with industry leaders, and make an impact on the rapidly evolving landscape.
Secure your seat using code ISW23-SECWEEK20 to save 20% off your registration. Register today: securityweekly.com/infosecworld2023
Hosts
- 1. FUNDING: SpyCloud Raises $110 Million Growth Round Led by Riverwood Capital
- 2. FUNDING: Announcing our Series A funding round (Cerby)
- 3. FUNDING: Cypago, which aims to automate compliance and governance for companies, raises $13M
- 4. ACQUISITIONS: Malwarebytes acquires Cyrus Security
- 5. ACQUISITION RUMORS: Cybersecurity startup Wiz considers potential bid for SentinelOne
- 6. DUMPSTER FIRE: After merger reports, SentinelOne ends Wiz collaboration
SentinelOne is reportedly angry about leaks regarding the merger talks between the two Israeli cybersecurity companies.
- 7. DIVESTITURE: iVerify is now an independent company!
iVerify is a unique case. First, it has been spun out of Trail of Bits, which is already a quite unique consulting/product company. Second, it's focused on mobile device security - a category that fizzled out years ago, with not much to show for the billions investors poured into it.
However, like most divestitures from small, savvy consulting shops, iVerify nailed market fit and gained customers before even thinking about doing a spinout.
- 8. LAYOFFS: Sevco issues a RIF
Other layoffs in the security space we haven't mentioned from August: Fortinet (?), SecureWorks (300), NCC Group (?), Rapid7 (470), Aware (?), and HackerOne (12%).
- 9. DEAD COMPANIES: BlueLava Ceases Operations
While asking around about this one, I learned that a few other security startups have quietly shuttered this year: ByteChek, possibly Araali and Fidelis got parted out last week. Armorblox was said to be a fire sale, though Cisco hasn't shared the deal amount.
- 10. NEW PRODUCTS: NordLabs — join us in creating cutting-edge technology
- 11. NEW PRODUCTS: Introducing ChatGPT Enterprise
- 12. TOOLS: GitHub – utkusen/promptmap: automatically tests prompt injection attacks on ChatGPT instances
- 13. TOOLS: PIPE – Prompt Injection Primer for Engineers
- 14. ESSAYS: 5 Tips for Creating a Memorable Cybersecurity Brand (And 5 That Will Crush You)
- 15. ESSAYS: Notes on Roadtrips by The Browser Company
One of the most interesting and useful write-ups I've seen on company values. Most organizations' values feel like someone scheduled a 60 minute meeting titled "Decide On Company Values", picked 5 or 10 from a list, and published it. This is not that.
- 16. ESSAYS: AI & Cybersecurity: Learnings from three months of Semgrep Assistant
- 17. ESSAYS: Security Budgets – Supply and Demand
- 18. ESSAYS: Is it Time to Accept that the Current Role of the CISO Has Failed?
- 19. BREACHES: HTML Smuggling Leads to Domain Wide Ransomware – The DFIR Report
- 20. BREACHES: A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
It's rare we talk about a breach that's a win, but that's what this is.
- 21. BREACHES: Rackspace’s costs to deal with ransomware attack top $10 million
Following up on Rackspace's incredible ransomware experience that resulted in them shutting down a legacy business line.
- 22. BREACHES: Hosting firm says it lost all customer data after ransomware attack
- 23. BREACHES: When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability
- 24. TAKEDOWNS: U.S. Hacks QakBot, Quietly Removes Botnet Infections – Krebs on Security
- 25. VULNERABILITIES: CISA Releases IOCs Associated with Malicious Barracuda Activity
- 26. GUIDES: How to Prevent ChatGPT From Stealing Your Content & Traffic
- 27. GUIDES: Updated whitepaper available: AWS Security Incident Response Guide
- 28. REPORTS: The state of AI in 2023: Generative AI’s breakout year
Some very interesting stats compiled in this lovely report from McKinsey.
- 29. SQUIRREL: Yes, a Pigeon is Faster for Data Transfer than Gigabit Fiber Internet
