The Good, the Bad and the Ugly in Cybersecurity – Week 3

The Good

The world’s largest illegal marketplace on the dark web, DarkMarket, has been taken offline in an international operation led by German police and law enforcement agencies from Australia, Denmark, Moldova, Ukraine, the United Kingdom, and the USA (DEA, FBI, and IRS), with the support of Europol. The site had close to half a million users, over 2400 sellers, and had handled hundreds of thousands of transactions involving the trade of drugs, counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware. It is estimated that the site handled transactions equal to €140 million.

The takedown was made possible due to the arrest of an Australian citizen involved in the operation of DarkMarket near the German-Danish border over the weekend. The investigation allowed officers to locate and close the marketplace, and seize the criminal infrastructure of more than 20 servers in Moldova and Ukraine. The servers seized contained the data of many other users, sellers and operators and is expected to lead to additional arrests.

The Bad

The move to working from home has left many organizations vulnerable. Allowing employees to access organizational networks and cloud assets requires security tools and discipline that is often lacking, and attackers have taken notice.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Analysis Report saying it is aware of several recent successful cyberattacks against various organizations’ cloud services. According to CISA, threat actors are using several vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.

Gaining access into secured cloud environment requires the use of a variety of tactics and techniques – phishing, brute force login attempts, and possibly a “pass-the-cookie” attack – to attempt to exploit weaknesses in the victim organizations’ cloud security practices.

CISA noted that across several different incident reports, attackers tried to gain access by harvesting user credentials through malicious links. If that tactic failed, they tried harder, generating emails that spoofed a legitimate file hosting service account login. When they obtained the user’s credentials, they would send emails from the victim’s accounts to other employees and obtain their credentials as well. In some cases that wasn’t necessary: one organization allowing employees to connect via VPN left port 80 open…and in return received an aggressive brute force attack.

CISA noted that sometimes attackers simply followed the email-trail, exploiting the fact that employees set up email forwarding rules to automate sending work emails to their personal email accounts. In one case, attackers modified an existing email rule on a user’s account and redirected the emails to an account controlled by the actors.

CISA said that the activity could not be tied to any single threat actor, but they believe it is unrelated to the recent APT group said to be behind the recent SolarWinds breach.

The Ugly

Irresponsibility when it comes to holding customer data reached a new high this week. After social media giants banned President Trump’s accounts indefinitely, many of his supporters flocked to alternative social media platform Parler, which offered to host content without moderation, however heinous. Parler had been known to host extremists of all kinds, and has now been forced off Amazon’s hosting service and had its apps banned from various App Stores.

However, it seems the developers behind the platform were not particularly concerned about securing their users’ privacy, either. Before Parler went down, a hacktivist known as “@donk_enby” found a way to download and save nearly all the messages, photos, and videos in the order they were posted.

Capturing 99.9% of Parler’s entire content didn’t require any particular “leet” hacking skills, either. The site used an insecure direct object reference, or IDOR, which allows anyone to guess the pattern an application uses to refer to its stored data. Simply put, the posts on Parler were listed in chronological order: increasing a value in a Parler post’s URL by one gives you access to the next post on the site. In addition, Parler didn’t require authentication to view public posts and didn’t implement any mechanism to limit scraping like “rate limiting” that would prevent someone from accessing many posts in a short space of time. One cybersecurity expert decried the site’s architecture as “like a Computer Science 101 bad homework assignment”.

Now, many users fear that this data could be used against them in the aftermath of the Capitol Hill assault. Other hacktivists have already started sifting through the data and correlating messages, time and geolocation to pinpoint the location of the perpetrators in the riot (indeed, some posted from within the Capitol building). This is, of course, good news for law enforcement, but as a case study in how to host and secure potentially sensitive user data, it serves as an object lesson in how to fail, and fail big.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Rapid growth in 2020 reveals OKR software market’s untapped potential

Last year, a number of startups building OKR-focused software raised lots of venture capital, drawing TechCrunch’s attention.

Why is everyone making software that measures objectives and key results? we wondered with tongue in cheek. After all, how big could the OKR software market really be?

It’s a subniche of corporate planning tools! In a world where every company already pays for Google or Microsoft’s productivity suite, and some big software companies offer similar planning support, how substantial could demand prove for pure-play OKR startups?


The Exchange explores startups, markets and money. Read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.


Pretty substantial, we’re finding out. After OKR-focused Gtmhub announced its $30 million Series B the other day, The Exchange reached out to a number of OKR-focused startups we’ve previously covered and asked about their 2020 growth.

Gtmhub had released new growth metrics along with its funding news, plus we had historical growth data from some other players in the space. So let’s peek at new and historical numbers from Gthmhub, Perdoo, WorkBoard, Ally.io, Koan and WeekDone.

Growth (and some caveats)

A startup growing 400% in a year from a $50,000 ARR base is not impressive. It would be much more impressive to grow 200% from $1 million ARR, or 150% from $5 million.

So, percentage growth is only so good, as metrics go. But it’s also one that private companies are more likely to share than hard numbers, as the market has taught startups that sharing real data is akin to drowning themselves. Alas.

As we view the following, bear in mind that a simply higher percentage growth number does not indicate that a company added more net ARR than another; it could be growing faster from a smaller base. And some companies in the mix did not share ARR growth, but instead disclosed other bits of data. We got what we could.

Gtmhub:

  • 400% ARR growth, 2019.
  • 300% ARR growth, 2020.
  • More: The company has seen strong ACV growth and its reportedly strong gross margins from 2019 held up in 2020, it said.
  • TechCrunch coverage

Perdoo:

  • 240% paid customer growth, 2020.
  • 340% user base growth, 2020.
  • Given strong market demand, a company representative told The Exchange that Perdoo had to restrict its free tier to 10 users.
  • TechCrunch coverage

WorkBoard:

Twilio CEO Jeff Lawson says wisdom lies with your developers

Twilio CEO Jeff Lawson knows a thing or two about unleashing developers. His company has garnered a market cap of almost $60 billion by creating a set of tools to make it easy for programmers to insert a whole host of communications functionality into an application with a couple of lines of code. Given that background, perhaps it shouldn’t come as a surprise that Lawson has written a book called “Ask Your Developer,” which hit the stores this week.

Lawson’s basic philosophy is that if you can build it, you should.

Lawson’s basic philosophy in the book is that if you can build it, you should. In every company, there is build versus buy calculus that goes into every software decision. Lawson believes deeply that there is incredible power in building yourself instead of purchasing something off the shelf. By using components like the ones from his company, and many others delivering specialized types functionality via API, you can build what your customers need instead of just buying what the vendors are giving you.

While Lawson recognizes this isn’t always possible, he says that by asking your developers, you can begin to learn when it makes sense to build and when it doesn’t. These discussions should stem from customer problems and companies should seek digital solutions with the input of the developer group.

Building great customer experiences

Lawson posits that you can build a better customer experience because you understand your customers so much more  acutely than a generic vendor ever could. “Basically, what you see happening across nearly every industry is that the companies that are able to listen to their customers and hear what the customers need and then build really great digital products and experiences — well, they tend to win the hearts, minds and wallets of their customers,” Lawson told me in an interview about the book this week.

Billboard for book Ask your Developer by Jeff Lawson, CEO of Twilio

Image Credits: Twilio (image has been cropped)

He says that this has caused a shift in how companies perceive IT departments. They have gone from cost centers that provision laptops and buy HR software to something more valuable, helping produce digital products that have a direct impact on the business’s bottom line.

He uses banking as an example in the book. It used to be you judged a bank by a set of criteria like how nice the lobby was, if the tellers were friendly and if they gave your kid a free lollipop. Today, that’s all changed and it’s all about the quality of the mobile app.

“Nowadays your bank is a mobile app and you like your bank if the software is fast, if it is bug free and if they regularly update it with new features and functionality that makes your life better [ … ]. And that same transformation has been happening in nearly every industry and so when you think about it, you can’t buy differentiation if every bank just bought the same mobile app from some vendor and just off the shelf deployed it,” he said.

GitLab oversaw a $195 million secondary sale that values the company at $6 billion

GitLab has confirmed with TechCrunch that it oversaw a $195 million secondary sale that values the company at $6 billion. CNBC broke the story earlier today.

The company’s impressive valuation comes after its most recent 2019 Series E in which it raised $268 million on a 2.75 billion valuation, an increase of $3.25 billion in under 18 months. Company co-founder and CEO Sid Sijbrandij believes the increase is due to his company’s progress adding functionality to the platform.

“We believe the increase in valuation over the past year reflects the progress of our complete DevOps platform towards realizing a greater share of the growing, multi-billion dollar software development market,” he told TechCrunch.

While the startup has raised over $434 million, this round involved buying employee stock options, a move that allows the company’s workers to cash in some of their equity prior to going public. CNBC reported that the firms buying the stock included Alta Park, HMI Capital, OMERS Growth Equity, TCV and Verition.

The next logical step would appear to be IPO, something the company has never shied away from. In fact, it actually at one point included the proposed date of November 18, 2020 as a target IPO date on the company wiki. While they didn’t quite make that goal, Sijbrandij still sees the company going public at some point. He’s just not being so specific as in the past, suggesting that the company has plenty of runway left from the last funding round and can go public when the timing is right.

“We continue to believe that being a public company is an integral part of realizing our mission. As a public company, GitLab would benefit from enhanced brand awareness, access to capital, shareholder liquidity, autonomy and transparency,” he said.

He added, “That said, we want to maximize the outcome by selecting an opportune time. Our most recent capital raise was in 2019 and contributed to an already healthy balance sheet. A strong balance sheet and business model enables us to select a period that works best for realizing our long-term goals.”

GitLab has not only published IPO goals on its Wiki, but its entire company philosophy, goals and OKRs for everyone to see. Sijbrandij told TechCrunch’s Alex Wilhelm at a TechCrunch Disrupt panel in September that he believes that transparency helps attract and keep employees. It doesn’t hurt that the company was and remains a fully remote organization, even pre-COVID.

“We started [this level of] transparency to connect with the wider community around GitLab, but it turned out to be super beneficial for attracting great talent as well,” Sijbrandij told Wilhelm in September.

The company, which launched in 2014, offers a DevOps platform to help move applications through the programming lifecycle.

Update: The original headline of this story has been changed from ‘GitLab raises $195M in secondary funding on $6 billion valuation.’

 

Extra Crunch roundup: Antitrust jitters, SPAC odyssey, white-hot IPOs, more

Some time ago, I gave up on the idea of finding a thread that connects each story in the weekly Extra Crunch roundup; there are no unified theories of technology news.

The stories that left the deepest impression were related to two news pegs that dominated the week — Visa and Plaid calling off their $5.3 billion acquisition agreement, and sizzling-hot IPOs for Affirm and Poshmark.

Watching Plaid and Visa sing “Let’s Call The Whole Thing Off” in harmony after the U.S. Department of Justice filed a lawsuit to block their deal wasn’t shocking. But I was surprised to find myself editing an interview Alex Wilhelm conducted with Plaid CEO Zach Perret the next day in which the executive said growing the company on its own is “once again” the correct strategy.


Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


In an analysis for Extra Crunch, Managing Editor Danny Crichton suggested that federal regulators’ new interest in antitrust enforcement will affect valuations going forward. For example, Procter & Gamble and women’s beauty D2C brand Billie also called off their planned merger last week after the Federal Trade Commission raised objections in December.

Given the FTC’s moves last year to prevent Billie and Harry’s from being acquired, “it seems clear that U.S. antitrust authorities want broad competition for consumers in household goods,” Danny concluded, and I suspect that applies to Plaid as well.

In December, C3.ai, Doordash and Airbnb burst into the public markets to much acclaim. This week, used clothing marketplace Poshmark saw a 140% pop in its first day of trading and consumer-financing company Affirm “priced its IPO above its raised range at $49 per share,” reported Alex.

In a post titled “A theory about the current IPO market”, he identified eight key ingredients for brewing a debut with a big first-day pop, which includes “exist in a climate of near-zero interest rates” and “keep companies private longer.” Truly, words to live by!

Come back next week for more coverage of the public markets in The Exchange, an interview with Bustle CEO Bryan Goldberg where he shares his plans for taking the company public, a comprehensive post that will unpack the regulatory hurdles facing D2C consumer brands, and much more.

If you live in the U.S., enjoy your MLK Day holiday weekend, and wherever you are: Thanks very much for reading Extra Crunch.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

 

Rapid growth in 2020 reveals OKR software market’s untapped potential

After spending much of the week covering 2021’s frothy IPO market, Alex Wilhelm devoted this morning’s column to studying the OKR-focused software sector.

Measuring objectives and key results are core to every enterprise, perhaps more so these days since knowledge workers began working remotely in greater numbers last year.

A sign of the times: This week, enterprise orchestration SaaS platform Gtmhub announced that it raised a $30 million Series B.

To get a sense of how large the TAM is for OKR, Alex reached out to several companies and asked them to share new and historical growth metrics:

  • Gthmhub
  • Perdoo
  • WorkBoard
  • Ally.io
  • Koan
  • WeekDone

“Some OKR-focused startups didn’t get back to us, and some leaders wanted to share the best stuff off the record, which we grant at times for candor amongst startup executives,” he wrote.

5 consumer hardware VCs share their 2021 investment strategies

For our latest investor survey, Matt Burns interviewed five VCs who actively fund consumer electronics startups:

  • Hans Tung, managing partner, GGV Capital
  • Dayna Grayson, co-founder and general partner, Construct Capital
  • Cyril Ebersweiler, general partner, SOSV
  • Bilal Zuberi, partner, Lux Capital
  • Rob Coneybeer, managing director, Shasta Ventures

“Consumer hardware has always been a tough market to crack, but the COVID-19 crisis made it even harder,” says Matt, noting that the pandemic fueled wide interest in fitness startups like Mirror, Peloton and Tonal.

Bonus: Many VCs listed the founders, investors and companies that are taking the lead in consumer hardware innovation.

A theory about the current IPO market

Digital generated image of abstract multi colored curve chart on white background.

Image Credits: Getty Images/Andriy Onufriyenko

If you’re looking for insight into “why everything feels so damn silly this year” in the public markets, a post Alex wrote Thursday afternoon might offer some perspective.

As someone who pays close attention to late-stage venture markets, he’s identified eight factors that are pushing debuts for unicorns like Affirm and Poshmark into the stratosphere.

TL;DR? “Lots of demand, little supply, boom goes the price.”

Poshmark prices IPO above range as public markets continue to YOLO startups

Clothing resale marketplace Poshmark closed up more than 140% on its first trading day yesterday.

In Thursday’s edition of The Exchange, Alex noted that Poshmark boosted its valuation by selling 6.6 million shares at its IPO price, scooping up $277.2 million in the process.

Poshmark’s surge in trading is good news for its employees and stockholders, but it reflects poorly on “the venture-focused money people who we suppose know what they are talking about when it comes to equity in private companies,” he says.

Will startup valuations change given rising antitrust concerns?

GettyImages 926051128

Image Credits: monsitj/Getty Images

This week, Visa announced it would drop its planned acquisition of Plaid after the U.S. Department of Justice filed suit to block it last fall.

Last week, Procter & Gamble called off its purchase of Billie, a women’s beauty products startup — in December, the U.S. Federal Trade Commission sued to block that deal, too.

Once upon a time, the U.S. government took an arm’s-length approach to enforcing antitrust laws, but the tide has turned, says Managing Editor Danny Crichton.

Going forward, “antitrust won’t kill acquisitions in general, but it could prevent the buyers with the highest reserve prices from entering the fray.”

Dear Sophie: What’s the new minimum salary required for H-1B visa applicants?

Image Credits: Sophie Alcorn

Dear Sophie:

I’m a grad student currently working on F-1 STEM OPT. The company I work for has indicated it will sponsor me for an H-1B visa this year.

I hear the random H-1B lottery will be replaced with a new system that selects H-1B candidates based on their salaries.

How will this new process work?

— Positive in Palo Alto

Venture capitalists react to Visa-Plaid deal meltdown

A homemade chocolate cookie with a bite and crumbs on a white background

Image Credits: Ana Maria Serrano/Getty Images

After news broke that Visa’s $5.3 billion purchase of API startup Plaid fell apart, Alex Wilhelm and Ron Miller interviewed several investors to get their reactions:

  • Anshu Sharma, co-founder and CEO, SkyflowAPI
  • Amy Cheetham, principal, Costanoa Ventures
  • Sheel Mohnot, co-founder, Better Tomorrow Ventures
  • Lucas Timberlake, partner, Fintech Ventures
  • Nico Berardi, founder and general partner, ANIMO Ventures
  • Allen Miller, VC, Oak HC/FT
  • Sri Muppidi, VC, Sierra Ventures
  • Christian Lassonde, VC, Impression Ventures

Plaid CEO touts new ‘clarity’ after failed Visa acquisition

Zach Perret, chief executive officer and co-founder of Plaid Technologies Inc., speaks during the Silicon Slopes Tech Summit in Salt Lake City, Utah, U.S., on Friday, Jan. 31, 2020. The summit brings together the leading minds in the tech industry for two-days of keynote speakers, breakout sessions, and networking opportunities. Photographer: George Frey/Bloomberg via Getty Images

Image Credits: George Frey/Bloomberg/Getty Images

Alex Wilhelm interviewed Plaid CEO Zach Perret after the Visa acquisition was called off to learn more about his mindset and the company’s short-term plans.

Perret, who noted that the last few years have been a “roller coaster,” said the Visa deal was the right decision at the time, but going it alone is “once again” Plaid’s best way forward.

2021: A SPAC odyssey

In Tuesday’s edition of The Exchange, Alex Wilhelm took a closer look at blank-check offerings for digital asset marketplace Bakkt and personal finance platform SoFi.

To create a detailed analysis of the investor presentations for both offerings, he tried to answer two questions:

  1. Are special purpose acquisition companies a path to public markets for “potentially promising companies that lacked obvious, near-term growth stories?”
  2. Given the number of unicorns and the limited number of companies that can IPO at any given time, “maybe SPACS would help close the liquidity gap?”

Flexible VC: A new model for startups targeting profitability

12 ‘flexible VCs’ who operate where equity meets revenue share

Spotlit Multi Colored Coil Toy in the Dark.

Image Credits: MirageC/Getty Images

Growth-stage startups in search of funding have a new option: “flexible VC” investors.

An amalgam of revenue-based investment and traditional VC, investors who fall into this category let entrepreneurs “access immediate risk capital while preserving exit, growth trajectory and ownership optionality.”

In a comprehensive explainer, fund managers David Teten and Jamie Finney present different investment structures so founders can get a clear sense of how flexible VC compares to other venture capital models. In a follow-up post, they share a list of a dozen active investors who offer funding via these nontraditional routes.

These 5 VCs have high hopes for cannabis in 2021

Marijuana leaf on a yellow background.

Image Credits: Anton Petrus (opens in a new window)/Getty Images

For some consumers, “cannabis has always been essential,” writes Matt Burns, but once local governments allowed dispensaries to remain open during the pandemic, it signaled a shift in the regulatory environment and investors took notice.

Matt asked five VCs about where they think the industry is heading in 2021 and what advice they’re offering their portfolio companies:

21 Cyber Security Twitter Accounts You Should Be Following in 2021

To remain current with the ever-evolving cybersecurity ecosystem, it is essential to have the right sources to keep you on top of the most important malware research, outbreaks, breaches, pentesting, or reverse engineering news. Twitter is where you’ll find experts sharing their insights and, if you haven’t already, soon discover that it is imperative for your career development. Out of thousands of accounts, we’ve hand-picked 21 for 2021 that between them will not only cover the full spectrum of cybersecurity issues but also, thanks to the wonders of retweeting, curate the most important tweets of those they follow. Our list has some well-established rock stars in the field, but you’ll discover some new, interesting and influential people here, too.

1. @Fox0x01 Azeria |  Maria Markstedter


Azeria is a security researcher, reverse engineer, founder and CEO of Azeria Labs, and Forbes Person of the Year in Cybersecurity for 2020. IRL known as Maria Markstedter, Azeria was also a Forbes under 30 alum. She is an expert in ARM-based systems and is a thought leader in cybersecurity. @Fox0x01 should be top of your list for 2021.

2. @Runasand | Runa Sand


Runa Sandvik works on digital security for journalists. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project. She is a board member of the Norwegian Online News Association, and an advisor to The Signals Network. The passion she has for privacy is second to none. Follow @runasand to keep up with the infosec news others miss.

3. @RobertMLee | Robert M. Lee


Former USAF Cyber Warfare Operations Officer tasked to the National Security Agency (NSA), Robert M Lee now runs his own cybersecurity company and teaches others about his experience of dealing with advanced adversaries targeting Industrial Control Systems (ICS). A thought leader in the field of assessing, hunting and monitoring ICS threats, @RoberMLee’s busy Twitter feed is never short of interesting.

4. @JHaddix | Jason Haddix


Jason Haddix is a leader in the Bug Bounty community. His Bug Hunter’s Methodology is a must for anyone getting into the Bug Bounty field. His tweets show how much he loves being in the trenches and performing actual assessments. Jason is one of the nicest guys in the industry and is willing to have a conversation with anyone about helping them get better technically. @Jhaddix describes himself as a “Father, hacker, educator, gamer & nerd.” If that’s not enough good reasons for him to be on your list for 2021, we don’t know what is!

SentinelOne’s Cybersecurity Predictions 2021 | What Can We Expect After a Year Like This?

5. @campuscodi | Catalin Cimpanu


Catalin Cimpanu is a cybersecurity news reporter at ZDNet, where he covers the full breadth of relevant infosec news, whether it’s data breaches, hacking, threat actors or any other related cyber security topic. Catalin’s tweets are always informative and often must reads. @campuscodi covers both offensive and defensive security, and he caters to his followers by delivering actionable intelligence and essential facts that every security expert needs to be up on.

6. @natashenka | Natalie Silvanovich


Natalie Silvanovich is a Security Engineer for Google Project Zero, where her work involves breaking things other folks think are unbreakable. In 2019, she found a fully remote vulnerability affecting the iPhone, and this year she’s already presented a webinar at Nullcon on exploiting Android Messengers with WebRTC. Make sure you enable notifications for @natashenka because you do not want to miss anything she tweets.

7. @zackwhittaker | Zack Whittaker


Zack Whittaker is security editor at TechCrunch and author of the popular this week in security newsletter. As such, Zack is one of the first sources you should look to for breaking cyber and infosec news. @zackwhittaker’s feed is an essential way to keep up with everything that’s going on in the cyber world that could affect your organization, whether it’s in the U.S. or abroad.

8. @laparisa | Parisa Tabriz


Parisa Tabriz is a computer security expert who works for Google as a Director of Engineering. She describes herself as “a browser boss” and “security princess”. She is a thought leader and influencer and had one of the largest ever turnouts for a keynote speaker at Black Hat.  @laparisa regularly tweets and retweets essential content, often related to browser and web security, Google Chrome usage and cyber security tips.

9. @BillDemirkapi | Bill Demirkapi


When you talk about who is the next big thing in security, Bill’s name is often the first to be mentioned. Bill is currently an offensive security researcher at Zoom, a sophomore at Rochester Institute of Technology, and has presented at DEF CON twice – and he’s only 19 years old! We recommend that you watch Demystifying Modern Windows Rootkits that Bill presented at DEF CON last year or any of his other fascinating videos and you will quickly understand why @BillDemirkapi made our list of 21 essential Twitter accounts to follow in 2021.

10. @Carlos_Perez | Darkoperator


Carlos Perez’s main area of interest is post-exploitation. Carlos considers post-exploitation lacking in many training courses and not sufficiently practiced by many pentesters and security professionals. Aside from being a regular security podcaster and PowerShell MVP, Carlos is also a Metasploit contributor. His @Darkoperator Twitter feed and website are filled with his knowledge and experience, which he loves to share with those looking to learn.

11. @patrickwardle | Patrick Wardle


It’s rare for an organization not to have Macs in their fleets these days, and you won’t find a better curator, tweeter and retweeter of the latest macOS security news than Patrick Wardle. Founder of his own open-source software company, organizer of the Apple-focused OBTS security conferences, and currently Principal Security Researcher at Jamf, @patrickwardle’s feed will keep you on top of what’s happening in the macOS security, malware and reverse engineering world.

12. @binitamshah | Binni Shah


Binni Shah is a must-follow, especially if you like putting your hands on the keyboard and want to learn the latest techniques of offensive and defensive security. Linux evangelist, Kernel developer and security enthusiast, @binitamshah has provided value with her tweets for years, which is why she has almost 90K followers. Almost everything she tweets is a must-read, so if you’re not one of those 90K yet, you know what to do next!

13. @gcluley | Graham Cluley


Since 2013, Gramham Cluley has been working for himself as an independent blogger, podcaster, and public speaker on computer security issues. His tech bio includes work for Sophos and McAfee and he was instrumental in writing an early AntiVirus toolkit for Windows in the 1990s. These days, @gcluley covers a wide-range of cybersecurity news from both his blog and his regular Smashing Security podcast.

14. @ryanaraine | Ryan Naraine


If you had to meet one person in the cybersecurity industry, Ryan Naraine should probably be top of your list. Not only is he a thought leader and influencer, he is also very friendly, willing to help, make an introduction or point you in the right direction. Ryan Naraine is a storyteller with more than 20 years of experience in information security. His tweets are informative and timely, and it is recommended your notifications are set up to alert you whenever @ryanaraine tweets.

15. @JohnLaTwc | John Lambert


You can get an indication of how influential John Lambert is from his Twitter bio, which helpfully warns “**BEWARE There are Tech Support Scams that use my name **”. Distinguished Engineer at Microsoft, John has been with the company for over twenty years. He manages the Microsoft Threat Intelligence Center (MSTIC) in the Cloud and AI Division. John has a wealth of knowledge of adversaries and continues to help the cybersecurity community by publishing reports and tweeting about the latest techniques from @JohnLaTwc.

16. @RGB_Lights | Rob Joyce


Robert E. Joyce is a cybersecurity official who has served as special assistant to the President and Cybersecurity Coordinator on the U.S. National Security Council. He gave the keynote at 2018 DEF CON and has headed the NSA’s TAO (Tailored Access Operations) unit. Rob was also the person behind getting Ghidra released to the public, which has made a huge impact in the reverse engineering community. Although not a prolific Tweeter, if APTs and national security threats are on your radar, you want to be following @RGB_Lights.

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

17. @evacide | Eva Galperin


Eva Galperin is EFF‘s Director of Cybersecurity. Eva’s work is primarily focused on providing privacy and security for vulnerable populations around the world. In April 2019, she convinced anti-virus provider Kaspersky Lab to begin explicitly alerting users of security threats upon detection of stalkerware on the company’s Android product. Eva also asked Apple to allow antivirus applications in its marketplace and, like Kaspersky, to alert its users if their mobile devices have been jailbroken or rooted. Always relevant and often humorous, @evacide is an infosec account not to be missed.

18. @marcusjcarey | Marcus J Carey


Marcus Carey is co-editor of the Tribe of Hackers series of books offering real-world advice from leading cybersecurity experts on everything from Blue and Red Teaming to C-Suite advice on how to build and manage solid enterprise security teams. Marcus is passionate about creating technology solutions that improve cybersecurity for everyone. His tweets are very helpful and @marcusjcarey is always generous with his time in answering questions on any topic.

19. @taviso | Tavis Ormandy


Tavis Ormandy is a vulnerability researcher at Google Project Zero. If you are interested in understanding and hunting for vulnerabilities in software, @taviso is a must follow. Find the time to read everything he’s posted on his personal blog as well as on the Project Zero site and you’ll come away both enlightened and enthused, ready to tackle your own projects with the same zeal and dogged determination.

20. @adversariel | Ariel Herbert-Voss


Ariel Herbert-Voss is an adversarial machine learning and security expert. Her work includes demonstrating practical attacks that can undermine privacy considerations in large language models. She is also the co-founder of AI Village at DEF CON. @adversariel is wicked good at what she does and her Twitter feed shows it.

21. @craiu | Costin Raiu


Costin Raiu describes himself as a “Romanian antihacker from another planet”, but it seems while Costin is visiting Earth, he also happens to be director of Global Research and Analysis at Kaspersky. As such, @craiu is a superb source of intel ranging from new zero-day discoveries to retweets from “the best of the rest” covering breaking news in threat intelligence.

Conclusion

Limiting ourselves to just twenty one of the best Twitter accounts to follow during 2021 of course means there’s plenty of Twitter cybercelebs and gurus we couldn’t include. We compiled this list with the help of our own SentinelLabs researchers @MarcoFigueroa and @philofishal, who are also both worth following for relevant content and breaking research on Windows, Linux and macOS topics. Finally, we’d be remiss not to mention that you can keep up with all our news on Twitter, too, by following @SentinelOne and @LabsSentinel.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Harness snags $85M Series C on $1.7B valuation as revenue grows 3x

Harness, the startup that wants to create a suite of engineering tools to give every company the kind of technological reach that the biggest companies have, announced an $85 million Series C today on a $1.7 billion valuation.

Today’s round comes after 2019’s $60 million Series B, which had a $500 million valuation, showing a company rapidly increasing in value. For a company that launched just three years ago, this is a fairly remarkable trajectory.

Alkeon Capital led the round with help from new investors Battery Ventures, Citi Ventures, Norwest Venture Partners, Sorenson Capital and Thomvest Ventures. The startup also revealed a previously unannounced $30 million B-1 round raised after the $60 million round, bringing the total raised to date to $195 million.

Company founder and CEO Jyoti Bansal previously founded AppDynamics, which he sold to Cisco in 2017 for $3.7 billion. With his track record, investors came looking for him this round. It didn’t hurt that revenue grew almost 3x last year.

“The business is doing very well, so the investor community has been proactively reaching out and trying to invest in us. We were not actually planning to raise a round until later this year. We had enough capital to get through that, but there were a lot of people wanting to invest,” Bansal told me.

In fact, he said there is so much investor interest that he could have raised twice as much, but didn’t feel a need to take on that much capital at this time. “Overall, the investor community sees the value in developer tools and the DevOps market. There are so many big public companies now in that space that have gone out in the last three to five years and that has definitely created even more validation of this space,” he said.

Bansal says that he started the company with the goal of making every company as good as Google or Facebook when it comes to engineering efficiency. Since most companies lack the engineering resources of these large companies, that’s a tall task, but one he thinks he can solve through software.

The company started by building a continuous delivery module. A cloud cost-efficiency module followed. Last year the company bought open-source continuous integration company Drone.io and they are working on building that into the platform now, with it currently in beta. There are additional modules on the product roadmap coming this year, according to Bansal.

As the company continued to grow revenue and build out the platform in 2020, it also added a slew of new employees, growing from 200 to 300 during the pandemic. Bansal says that he has plans to add another 200 by the end of this year. Harness has a reputation of being a good place to work, recently landing on Glassdoor’s best companies list.

As an experienced entrepreneur, Bansal takes building a diverse company with a welcoming culture very seriously. “Yes, you have to provide equal opportunity and make sure that you are open to hiring people from diverse backgrounds, but you have to be more proactive about it in the sense that you have to make sure that your company environment and company culture feels very welcoming to everyone,” he said.

It’s been a difficult time building a company during the pandemic, adding so many new employees, and finding a way to make everyone feel welcome and included. Bansal says he has actually seen productivity increase during the pandemic, but now has to guard against employee burnout.

He says that people didn’t know how to draw boundaries when working at home. One thing he did was introduce a program to give everyone one Friday a month off to recharge. The company also recently announced it would be a “work from anywhere” company post-COVID, but Bansal still plans on having regional offices where people can meet when needed.

Germany’s Xentral nabs $20M led by Sequoia to help online-facing SMBs run back offices better

Small enterprises remain one of the most underserved segments of the business market, but the growth of cloud-based services — easier to buy, easier to provision — has helped that change in recent years. Today, one of the more promising startups out of Europe building software to help SMEs run online businesses is announcing some funding to better tap into both the opportunity to build these services, and to meet a growing demand from the SME segment.

Xentral, a German startup that develops enterprise resource planning software covering a variety of back-office functions for the average online small business, has picked up a Series A of $20 million.

The company’s platform today covers services like order and warehouse management, packaging, fulfillment, accounting and sales management, and the majority of its 1,000 customers are in Germany — they include the likes of direct-to-consumer brands like YFood, KoRo, the Nu Company and Flyeralarm.

But Benedikt Sauter, the co-founder and CEO of Xentral, said the ambition is to expand into the rest of Europe, and eventually other geographies, and to fold in more services to its ERP platform, such as a more powerful API to allow customers to integrate more services — for example in cases where a business might be selling on their own site, but also Amazon, eBay, social platforms and more — to bring their businesses to a wider market.

Mainly, he said, the startup wants “to build a better ecosystem to help our customers run their own businesses better.”

The funding is being led by Sequoia Capital, with Visionaires Club (a B2B-focused VC out of Berlin) also participating.

The deal is notable for being the prolific, high-profile VC’s first investment in Europe since officially opening for business in the region. (Sequoia has backed a number of startups in Europe before this, including Graphcore, Klarna, Tessian, Unity, UiPath, n8n and Evervault — but all of those deals were done from afar.)

Augsburg-based Xentral has been around as a startup since 2018, and “as a startup” is the operative phrase here.

Sauter and his co-founder Claudia Sauter (who is also his co-founder in life: she is his wife) built the early prototype for the service originally for themselves.

The pair were running a business of their own — a hardware company they founded in 2008, selling not nails, hammers and wood, but circuit boards they designed, along with other hardware to build computers and other connected objects. Around 2013, as the business was starting to pick up steam, they decided that they really needed better tools to manage everything at the backend so that they would have more time to build their actual products.

But Bene Sauter quickly discovered a problem in the process: smaller businesses may have Shopify and its various competitors to help manage e-commerce at the front end, but when it came to the many parts of the process at the backend, there really wasn’t a single, easy solution (remember this was eight years ago, at a time before the Shopifys of the world were yet to expand into these kinds of tools). Being of a DIY and technical persuasion — Sauter had studied hardware engineering at university — he decided that he’d try to build the tools that he wanted to use.

The Sauters used those tools for years, until without much outbound effort, they started to get some inbound interest from other online businesses to use the software, too. That led to the Sauters balancing both their own hardware business and selling the software on the side, until around 2017/2018 when they decided to wind down the hardware operation and focus on the software full time. And from then, Xentral was born. It now has, in addition to 1,000 customers, some 65 employees working on developing the platform.

The focus with Xentral is to have a platform that is easy to implement and use, regardless of what kind of SME you might be as long as you are selling online. But even so, Sauter pointed out that the other common thread is that you need at least one person at the business who champions and understands the value of ERP. “It’s really a mindset,” he said.

The challenge with Xentral in that regard will be to see how and if they can bring more businesses to the table and tap into the kinds of tools that it provides, at the same time that a number of other players also eye up the same market. (Others in the same general category of building ERP for small businesses include online payments provider Sage, NetSuite and Acumatica.) ERP overall is forecast to become a $49.5 billion market by 2025.

Sequoia and its new partner in Europe, Luciana Lixandru — who is joining Xentral’s board along with Visionaries’ Robert Lacher — believe however that there remains a golden opportunity to build a new kind of provider from the ground up and out of Europe specifically to target the opportunity in that region.

“I see Xentral becoming the de facto platform for any SMEs to run their businesses online,” she said in an interview. “ERP sounds a bit scary especially because it makes one think of companies like SAP, long implementation cycles, and so on. But here it’s the opposite.” She describes Xentral as “very lean and easy to use because you an start with one module and then add more. For SMEs it has to be super simple. I see this becoming like the Shopify for ERP.”

Vdoo raises $25M more to develop its AI-based security for IoT and connected devices

It’s estimated that there were some 50 billion connected devices globally in 2020, and while that really says a lot about how far we’ve come in tech, for many it also speaks to a big issue: security vulnerabilities, with the devices themselves, plus all the components and services running on them, all potential targets for anything from malicious hackers to not-so-intentional data leaks.

Today, Israeli startup Vdoo — which has been developing AI-based services to detect and fix those kinds of vulnerabilities in IoT devices — is announcing $25 million in funding, money that it plans to use to help it better address the wider issue as it applies to all connected objects. With its initial focus on large industrial deployments, medical systems, communications infrastructure and automotive, Vdoo also is looking more deeply now at the wider network of devices that use communications chips, providing quick (as in minutes) assessments to identify and remediate or directly fix various issues: it cites zero-day vulnerabilities, CVEs, configuration and hardening issues, and standard incompliances among them.

The funding — an extension to the $32 million round that Vdoo announced in April 2019 — is coming from two investors, Israel’s Qumra Capital and Verizon Ventures (the investing arm of Verizon, which — by way of its acquisition of Aol many years ago — also owns TechCrunch).

Verizon’s interest in Vdoo is strategic and speaks to the opportunity in the market. As CEO Netanel Davidi (who co-founded the company with Uri Alter and Asaf Karas) describes it, operators like Verizon are interested because of their role as a distributer and reseller of hardware as part of their wider services play, be it for broadband access, or a telematics service or something for the connected home or connected office.

“They sell connected devices to enterprises and home users that are not made by them, yet the carriers are responsible for the security,” he said, “so the solution is to bake that into devices” to make it work more seamlessly, he said.

Verizon is not the startup’s only strategic backer. Others in the first tranche of this round included another carrier, Japan’s NTT Docomo, MS&AD Ventures (the venture arm of the global cyber insurance firm) and Dell Technology Capital, the VC arm of Dell.

The company has now raised around $70 million, and while it’s not disclosing valuation, Davidi confirmed that it has more than doubled this year.

(In April 2019, PitchBook estimated that it was just under $100 million, which would make it now at over $200 million if that figure is accurate.)

Davidi said that the decision to raise this money as an extension to the previous round rather than a new round was strategic: it gave the company the chance to raise funding more quickly, and to take more time to prepare for a bigger funding round in the near future.

And the reason for raising quickly was to address what was a quickly moving target: One of the by-products of the COVID-19 pandemic has been a dramatic shift to people working from home, buying new devices to enable that and in general using their communications networks much more heavily than before.

Connected-device security typically focuses on monitoring activity on the hardware, how data is moving in and out of it. Vdoo’s approach has been to build a platform that monitors the behavior of the devices themselves, using AI to compare that behavior to identify when something is not working as it should. 

“For any kind of vulnerability, using deep binary analysis capabilities, we try to understand the broader idea, to figure out how a similar vulnerability can emerge,” is how Davidi described the process when we talked about the first part of this round back in 2019.

Vdoo generates specific “tailor-made on-device micro-agents” to continue the detection and repair process, which Davidi likens to a modern approach to some cancer care: preventive measures such as periodic monitoring checks, followed by a “tailored immunotherapy” based on prior analysis of DNA.

Vdoo is a play on the Hebrew word that sounds like “vee-doo” and means “making sure”, and points to the basic idea of how it approaches the verification around its device monitoring. It also feels somewhat like the next step in endpoint security, which was the focus of Davidi and Alter’s previous startup, Cyvera, which was eventually acquired by Palo Alto Networks.

The focus on devices, in some ways, is a significantly more complex approach, given that it’s not just about the device, but the many components that go into them. As we have seen with Meltdown and Spectre, vulnerabilities might exist at the processor level.

And as Davidi pointed out to me this week, at times those issues aren’t even intentional but still mean data can leak out, and at worst that can be exploitable by bad actors.

“Backdoors are being built into many devices, and some are not even intentional,” he said. “It may be that the developer wanted to create a shortcut to make something else easier in the future. Some will see that as a back door, and some will not.”

The fractal-like nature of the issue is what Vdoo is digging into with its widening approach.

“Initially we wanted to serve the ecosystem of manufacturers, since they are the cause of the problem and the origin of the security issues,” he said. “We started there with Fortune 500 customers in areas like automotive and industrial and medical and telco and aviation. The idea was to make a platform that could serve and protect security stakeholders. But then we saw that this was a big unserved market.”

Indeed, Vdoo quotes figures from research firm MarketsandMarkets that forecast that the global device security market will grow to $36.6 billion by 2025 from $12.5 billion in 2020.

“The number of connected IoT devices is rapidly growing, creating greater opportunities for security breaches,” said Boaz Dinte, managing partner of Qumra Capital, in a statement. “Vdoo’s unique device-centric, deep technology automated approach has already brought immediate value to vendors in a very short period of time. We believe the market opportunity is huge, and with newly infused growth capital, Vdoo is well-positioned to become the leading global player for securing connected devices.”

“With the expansion of 5G networks and mobile edge compute, there’s a need for an end-to-end, device-centric security approach to IoT,” added Verizon Ventures MD Tammy Mahn in a statement. “As the venture arm of a leading telco, Verizon Ventures is proud to invest in Vdoo and its world-class team on their journey to solve this global need, while ushering in a new era of security by design in our increasingly connected world.”

Stacklet raises $18M for its cloud governance platform

Stacklet, a startup that is commercializing the Cloud Custodian open-source cloud governance project, today announced that it has raised an $18 million Series A funding round. The round was led by Addition, with participation from Foundation Capital and new individual investor Liam Randall, who is joining the company as VP of business development. Addition and Foundation Capital also invested in Stacklet’s seed round, which the company announced last August. This new round brings the company’s total funding to $22 million.

Stacklet helps enterprises manage their data governance stance across different clouds, accounts, policies and regions, with a focus on security, cost optimization and regulatory compliance. The service offers its users a set of pre-defined policy packs that encode best practices for access to cloud resources, though users can obviously also specify their own rules. In addition, Stacklet offers a number of analytics functions around policy health and resource auditing, as well as a real-time inventory and change management logs for a company’s cloud assets.

The company was co-founded by Travis Stanfield (CEO) and Kapil Thangavelu (CTO). Both bring a lot of industry expertise to the table. Stanfield spent time as an engineer at Microsoft and leading DealerTrack Technologies, while Thangavelu worked at Canonical and most recently in Amazon’s AWSOpen team. Thangavelu is also one of the co-creators of the Cloud Custodian project, which was first incubated at Capital One, where the two co-founders met during their time there, and is now a sandbox project under the Cloud Native Computing Foundation’s umbrella.

“When I joined Capital One, they had made the executive decision to go all-in on cloud and close their data centers,” Thangavelu told me. “I got to join on the ground floor of that movement and Custodian was born as a side project, looking at some of the governance and security needs that large regulated enterprises have as they move into the cloud.”

As companies have sped up their move to the cloud during the pandemic, the need for products like Stacklets has also increased. The company isn’t naming most of its customers, but it has disclosed FICO a design partner. Stacklet isn’t purely focused on the enterprise, though. “Once the cloud infrastructure becomes — for a particular organization — large enough that it’s not knowable in a single person’s head, we can deliver value for you at that time and certainly, whether it’s through the open source or through Stacklet, we will have a story there.” The Cloud Custodian open-source project is already seeing serious use among large enterprises, though, and Stacklet obviously benefits from that as well.

“In just 8 months, Travis and Kapil have gone from an idea to a functioning team with 15 employees, signed early Fortune 2000 design partners and are well on their way to building the Stacklet commercial platform,” Foundation Capital’s Sid Trivedi said. “They’ve done all this while sheltered in place at home during a once-in-a-lifetime global pandemic. This is the type of velocity that investors look for from an early-stage company.”

Looking ahead, the team plans to use the new funding to continue to developed the product, which should be generally available later this year, expand both its engineering and its go-to-market teams and continue to grow the open-source community around Cloud Custodian.