Pretending to be Batman, self-destructing USB drives, and controlling your dreams – ESW #350
This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market forces, acquisitions - stuff we usually discuss.
Then we get into all the crazy new AI and non-AI products being announced and coming out. Have some disposable cash to pre-order crazy gadgets? This is the episode for you!
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Hosts
- 1. FUNDING: Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation
$231.5M Series C led by Iconiq Growth that values NinjaOne at $1.9B. Endpoint management platform (MDM, EMM, etc). We haven't seen raises like this since the before times!
- 2. FUNDING: Bugcrowd Raises $102 Million
$102M Series E led by General Catalyst follows a $30M Series D in 2020. "Strategic M&A opportunities" is listed as one of the uses for the funds, and I can't help but wonder if Casey Ellis has already coincidentally created a list of potential acquisition targets?
- 3. FUNDING: IONIX Completes $42M Financing Round to Expand Threat Exposure Management Across the Entire Attack Surface
$42M Series A, led by Maor Investments. IONIX does attack surface management, but there word "external" isn't in there, so I'm not sure what to do with this information. I took a closer look, and they're definitely doing External Attack Surface Management. No hidden surprises or weird hybrid product models here.
- 4. FUNDING: Xensam raises $40 million from Expedition Growth Capital
$40M Series A led by Expedition Growth Capital for this Swedish software asset management startup, led by two brothers.
- 5. FUNDING: LimaCharlie Lands $10.2 Million Series A Funding to Transform Security Operations
$10.2M Series A led by Sands Capital. LimaCharlie uses terms like "SecOps Cloud Platform", but it might be easier to think of it as a modern SIEM that competes alongside Google Chronicle and the like.
The company has been around for nearly 6 years, so not sure why they're just now raising a modest Series A. Bootstrapped in the early years, perhaps?
- 6. FUNDING: Device Authority Secures $7M From Leading Global Cybersecurity VC
$7M Series A led by Ten Eleven Ventures. Device Authority appears to focus on key/cert-based device/non-human authentication, particularly IoT devices.
- 7. NEW COMPANIES: Vorlon comes out of stealth to secure enterprise API use
No details on funding amounts, but Vorlon comes out of stealth backed by "a global VC firm", and surely at least a seed round? Vorlon is focused on securing APIs that enterprises USE, rather than APIs that enterprise develop in-house and/or publish.
- 8. ACQUISITIONS: ZeroFox to be Acquired by Haveli
Running the numbers a bit: ZeroFox raised $154M privately prior to the SPAC. IDX raised $47M prior to their acquisition as part of the SPAC. Including the money raised from the IPO ($170M), a total of $371.2M was raised for the entity just taken private for $350M.
Not a great outcome, but they live to fight another day.
- 9. ACQUISITIONS: Entrust is buying AI-based ID verification startup Onfido, sources say for more than $400M
- 10. MERGER(?): Cohesity and Veritas’ Data Protection Business to Combine, Forming a New Leader in AI-Powered Data Security and Management
Symantec and Veritas were a weird couple that never made sense. Has Veritas finally found its forever home? The combined entity is described as having $1.6B revenue, $1.3B ARR, and a value around $7B.
- 11. NEW COMPANIES: Lightweight DLP & Document Mapping
- 12. NEW FEATURES: Microsoft Entra Verified ID introduces Face Check in preview
FaceID for Microsoft Entra!
- 13. NEW TOOLS: MLLM-guided Image Editing (MGIE) – a Hugging Face Space by tsujuifu
Apple released an open source AI model that is giving us ideas of what the future of 'shopping images might look like!
Yes, you heard that right - Apple, open source, AI, and image editing! It's a combination of words I didn't expect to see together either!
- 14. NEW TOOLS: The Guy Building an Open-Source Google Search Competitor (Stract.com)
A new open source search engine "targeted towards tinkerers and developers". Has a neat feature called "optics" that allows you to customize search results. You can customize how the search engine works, and filter/limit/customize how results are returned.
- 15. NEW TECH: Lucid dream startup says people can work in their sleep
I'm very, very curious.
- 16. NEW TECH: New USB stick has a self-destruct feature that heats it to over 100 degrees Celsius — a secret three-insertion process needed to unlock data safely
Doo dee do dee do do Inspector Gadget doo dee doo dee do DUM DUM
This message will self-destruct.
- 17. NEW PRODUCTS: Brilliant Labs’s Frame glasses serve as multimodal AI assistant
New AI glasses! Roughly around the same price as Meta's Ray-Ban smart glasses (~$350), but with some different features, goals, and design approach.
- 18. NEW PRODUCTS: Gemini Advanced – get access to Google’s most capable AI model, Ultra 1.0
Google is hoping to have finally caught up with OpenAI with the introduction of Gemini. Pro tier is free, and "Advanced" is $20/mo, with a 2 month free trial. Right in line with ChatGPT.
What about Bard? We shall not speak of it again, it's dead and that's not just a hallucination!
- 19. AI TRENDS: OpenAI Gives ChatGPT a Memory
Imagine starting a ChatGPT session, but it ALREADY KNOWS YOU
Exciting and terrifying.
- 20. AI TRENDS: Slack AI capabilities ignite productivity using institutional knowledge
Inevitably, AI features come to Slack
- 21. TRENDS: One big benefactor of the AI boom: The tiny island of Anguilla – The Hustle
There were a lot of positive things being said about another tiny island nation benefitting from a popular TLD and booming domain registration business that makes up most of the country's TLD: Tuvalu.
While the money is great for these tiny island nations, what happens when these TLDs go out of style? These island nations are becoming dependent on this income and don't have much of a backup plan when/if it dries up. Also, what happens if they're swallowed by the sea?
- 22. TRENDS: Ransomware Hit $1 Billion in 2023
After taking a dip in 2022, we knew things were going back up when, almost halfway through 2023, the total direct losses from ransomware was already almost at 2022 numbers. It's still considerably less than direct losses from BEC scams, which were $2.7B just in the US back in 2022 (the ransomware numbers are global, not limited to the US).
This is only slightly more than 2020's $905M and 2021's $983M, but still not a trend we'd want to see. In hindsight, it seems that the dip in 2022 was an anomaly, thanks in part to law enforcement activities. The FBI's infiltration of the Hive ransomware alone saved targets at least $130M in ransom payments.
- 23. TRENDS: Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries — smart security systems vulnerable as tech becomes cheaper and easier to acquire
Not an enterprise security thing, but an interesting trend all the same. This is definitely something Paul's Security Weekly would have covered this week, but since they're on break, we've got their back!
- 24. REPORTS: Addressing the Threat of Security Debt: Unveiling the State of Software Security 2024
Just released, this is a very consumable 45 pages that's not text dense and asks some provoking questions about tech debt. I haven't had a chance to dig very deep into it yet.
- 25. REPORTS: Mastercard Signals: Emerging technology trends
An interesting, high-level report on emerging tech trends from Mastercard
- 26. REPORTS: Google Cloud Threat Horizons: H1 2024
From Google Cloud's Office of the CISO is a short-and-sweet 20 pager that gets right into some of the most common causes of some of the most common cloud security incidents.
- 27. REPORTS: Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017–2023
Some great meta-analysis of exploits used by ransomware crews over the years, from Recorded Future. A very short and sweet read that gets to the point in under 12 pages.
- 28. LEGISLATION: Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
Good thing we've got the benefit of hindsight to know what policy decisions are likely to move the needle and which are doomed to -- oh FFS, Canada.
- 29. READS: 10 must-read cybersecurity books for 2024 – Help Net Security
- 30. PRIVACY ISSUES: Datatilsynet giver påbud i Chromebook-sag
Remember when Germany banned schools and some other orgs from using Microsoft 365? Well, now it's Google and Denmark at odds.
- 31. RANTS: Trust no one: why we can’t trust most stats about the cybersecurity industry, and why must stop creating numbers out of thin air
A very well researched and referenced essay on the state of stats in the cybersecurity industry. As someone who also rants a fair bit on this topic, I can only fully agree with Ross's assessment.
- 32. ESSAYS: What I got wrong about loyalty at work
TL;DR: loyalty doesn't exist anymore between companies and employees, regardless of generation.
- 33. ESSAYS: The Basics of Software Resilience and Security Chaos Engineering
Less of an essay and more of a cliff notes version of Kelly's book on security chaos engineering.
- 34. EXEC MOVES: We’ve hired Ash Devata as CEO at GreyNoise, and I get my dream job.
I consider it a sign of success and maturity that Andrew has moved over for a professional CEO, allowing him to go back to focusing on the core work he's best at!
- 35. BEST PRACTICES: The UK’s National Cyber Security Centre hits the reset button on patching expectations
No more 30/45/90 day patch windows here. They're recommending 5 days or less for Internet-facing stuff, 7 days for operating systems and applications, and 14 days for internal and even air-gapped services and software!
- 36. BEST PRACTICES: Principles for Package Repository Security
I think we're long overdue for guidance on how to securely manage package repos!
- 37. RFI: Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software
A request for comments on this whitepaper by DHS - you've only got a few days to get your comments in (closes Feb 20th)!
- 38. SQUIRREL: Microsoft Graveyard
You know how there's a website dedicated to products killed by Google? This is that, but for Microsoft.
- 39. SQUIRREL: Beast — Rezvani
A crazy C8 Corvette-based supercar limited to 20 production cars. You should really click the link and scroll down to the "optional 007 package", that's where this gets really interesting.