Tenable Launches $25 Million Early-Stage Venture Fund


Vulnerability management software firm Tenable has launched a $25 million venture fund to place bets on early-stage startups in the attack surface and exposure management space.

The new Tenable Ventures plans to make seed- and early-stage investments in companies building technology to help businesses discover, assess and manage security risk.

The Columbia, Maryland-based Tenable said the fund will work with startups in highly-competitive cybersecurity markets such as Israel and the U.S., to help with the development and go-to-market strategies for exposure management solutions. 

The venture fund also plans to work with startups to improve product design, create consistent and shareable data models, enterprise readiness and more.

“[We] will invest in companies tackling significant problems that require new and innovative approaches, data sets and platforms,” Tenable said in a note announcing the fund.

The company said it will look for companies that focus on a preventive approach to security using emerging technologies in cloud security, identity management, external attack surface management, operational technology and vulnerability management. 

Such technologies would expand the exposure management ecosystem and could be considered for integration into the Tenable One Exposure Management platform, the company said.

Tenable Ventures has already made investments in three companies — software supply chain security play Lineaje, identity threat detection and response firm Authomize and API security startup Araali Networks.

Tenable has itself been active on the acquisition front, shelling out $45 million in 2022 to purchase attack surface management startup Bit Discovery.  Prior to that, Tenable also acquired Accurics and Indegy for a combined $238 million.

Related: Tenable Shells Out $45 Million to Acquire Bit Discovery

Related: Tenable to Acquire Accurics in $160M Deal

Related: Tenable Acquires OT Security Firm Indegy for $78 Million

The post Tenable Launches $25 Million Early-Stage Venture Fund appeared first on SecurityWeek.

Forward Networks Raises $50 Million in Series D Funding


Forward Networks, a company that specializes in security and reliability solutions for large enterprise networks, has raised $50 million in a Series D funding round.

The funding round, which brings the total invested in the company to more than $110 million, was led by MSD Partners, with participation from Section 32, Omega Venture Partners, Goldman Sachs Asset Management, Threshold Ventures, A. Capital and Andreessen Horowitz.

Forward Networks’ product creates a digital twin of the customer’s network, helping them gain insights that can be used to make better decisions and improve their network’s security, compliance and health. The platform supports AWS, Google Cloud Platform, and Microsoft Azure.

For network security, the company’s platform provides attack surface management, vulnerability management and security posture management capabilities. 

Forward Networks claims to have quadrupled its customer base since 2019 and achieved an ARR growth of 139% from 2021 to 2022. 

Related: Network Security Company Corsa Security Raises $10 Million

Related: Whistic Raises $35 Million in Series B Funding for Vendor Security Network

Related: Network Security Firm Portnox Raises $22 Million in Series A Funding

Related: Zero Trust Network Access Provider Banyan Security Raises $30 Million

The post Forward Networks Raises $50 Million in Series D Funding appeared first on SecurityWeek.

Thoma Bravo to Buy Magnet Forensics in $1.3B Transaction


Thoma Bravo’s shopping spree in the cybersecurity lane is showing no signs of slowing down.

The private equity giant has announced plans to spend $1.3 billion to acquire Canadian software firm Magnet Forensics, a deal that expands Thoma Bravo’s push into the lucrative cybersecurity category.

Magnet Forensics, based in Waterloo, markets a suite of tools in the digital forensics and incident response space to help businesses hunt for early signs of data breaches.

Thoma Bravo said its newly created Morpheus unit will acquire Magnet Forensics for approximately $1.3 billion and take the company private.

Once the deal closes, Thoma Bravo said the plan is to combine Magnet Forensics with Grayshift, a third company that also sells digital forensics software and tools. Thoma Bravo  has majority control of Grayshift after a strategic investment last July.

With the two combined entities, Thoma Bravo’s ambition is to create “a powerful end-to-end digital investigations platform” for public safety agencies to work on cybercrime cases. 

Grayshift markets mobile device digital forensics tools to help with lawful access and extraction.  

The transaction is expected to close by the second quarter this year.

Over recent years, Thoma Bravo has bought into the cybersecurity business in a big way, shelling out billions to acquire Ping Identity ($2.8 billion deal), SailPoint ($6.9 billion all-cash) and Sophos ($3.9 billion).

The private equity firm’s portfolio also includes Imperva, LogRhythm, AppOmni, Proofpoint and Venafi.

Related: KKR to Acquire Barracuda Networks From Thoma Bravo

Related: Thoma Bravo to Acquire Ping Identity for $2.8 Billion

Related: Thoma Bravo to Take SailPoint Private in $6.9B All-Cash Deal 

Related: Thoma Bravo to Acquire Sophos for $3.9 Billion

The post Thoma Bravo to Buy Magnet Forensics in $1.3B Transaction appeared first on SecurityWeek.

Critical Vulnerabilities Patched in OpenText Enterprise Content Management System


Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.

The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed for managing the distribution and use of information across an organization. Specifically, the flaws impact the product’s Content Server component.

The security firm this week published three different advisories describing its findings.

OpenText was informed about the vulnerabilities in October 2022 and patched them earlier this month with the release of version 22.4, according to Sec Consult.

One of the critical vulnerabilities, tracked as CVE-2022-45923, can allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.

The second critical flaw, CVE-2022-45927, impacts the Java Frontend of the OpenText Content Server component and can allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution.

Sec Consult has also identified five types of vulnerabilities in the Content Server component that can be exploited by authenticated attackers.

These issues, rated ‘high impact’, can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.

Proof-of-concept (PoC) code is available for the high-impact issues, but the advisories describing the critical flaws do not include PoC code in an effort to prevent malicious exploitation.

Related: Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms

Related: InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes

Related: OpenText Acquires Email Security Firm Zix for $860 Million

The post Critical Vulnerabilities Patched in OpenText Enterprise Content Management System appeared first on SecurityWeek.