“Daily Briefing 5.31.19: HiddenWasp Linux malware. Huawei ban updates. Baltimore's ransomware incident. ISIS speaks globally, kills locally. - The CyberWire” plus 1 more

“Daily Briefing 5.31.19: HiddenWasp Linux malware. Huawei ban updates. Baltimore's ransomware incident. ISIS speaks globally, kills locally. - The CyberWire” plus 1 more

Daily Briefing 5.31.19: HiddenWasp Linux malware. Huawei ban updates. Baltimore's ransomware incident. ISIS speaks globally, kills locally. - The CyberWire

Posted: 31 May 2019 07:57 AM PDT

Cyber Attacks, Threats, and Vulnerabilities

Suicide bomber strikes military academy in Kabul (FDD's Long War Journal) An Islamic State suicide bomber struck outside the Marshal Fahim National Defense University in Kabul earlier today. It is the second time the so-called Khorasan province has attacked the academy. According to UNAMA, the jihadists launch more "suicide and complex attacks" in the Afghan capital than in any other area of the country.

Warning over 'HiddenWasp' Linux backdoor undetectable by antivirus software (Computing) China-linked HiddenWasp Linux malware is being used in sophisticated, targeted attacks.

Advanced Linux backdoor found in the wild escaped AV detection (Ars Technica) Fully developed HiddenWasp gives attackers full control of infected machines.

HiddenWasp Malware Stings Targeted Linux Systems (Intezer) Intezer has discovered a new, sophisticated malware named HiddenWasp, targeting Linux systems. Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity, but rather it is a trojan purely used for targeted remote control.

Sophisticated HiddenWasp Malware Targets Linux (SecurityWeek) Sophisticated "HiddenWasp" malware is targeting Linux and providing attackers with remote control of the infected systems, security researchers say.

North Korean Hackers Target Crypto Exchange UPbit's South Korean Users (CoinDesk) North Korean hackers have been using a familiar phishing tool to steal UPbit customer details, security experts allege.

New Zealand's "hacked" budget was found on a website (Naked Security) Police close their investigation, concluding that New Zealand's "wellbeing" budget wasn't hacked.

New Zealand Says Budget Leak Was Bungled, Not Hacked (SecurityWeek) New Zealand's Treasury Secretary Gabriel Makhlouf said his department had fallen victim to a "systematic" and "deliberate" hack, which turned out to be false.

The cryptominer that kept coming back (Naked Security) A Monero cryptominer made a home on an Apache Tomcat server and just wouldn't stay away.

High-Risk Flaws Found in Process Control Systems From B&R Automation (SecurityWeek) Several vulnerabilities, including ones classified as "high risk," have been found in APROL process control systems from B&R Industrial Automation.

AVEVA Vijeo Citect and CitectSCADA (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.5ATTENTION: Low skill level to exploitVendor: AVEVAEquipment: Vijeo Citect and CitectSCADAVulnerability: Insufficiently Protected Credentials2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a locally authenticated user to obtain Citect user credentials.

Venafi: Four Ways Open Source Libraries Leave Organizations at Risk (BusinessWIre) Venafi warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks

How secure is the intelligence community's IT supply chain? (Fifth Domain) Concerned over threats to the acquisition supply chain from foreign actors, the Senate Select Committee on Intelligence included the establishment of a supply chain risk management task force in the latest Intelligence Authorization Act, approved May 14.

DoD bought phony military gear made in China, including counter-night vision clothing that didn't actually work (Military Times) The counterfeits included clothing that used a near-infrared fabric to make the wearer more difficult for enemy forces to detect with night-vision goggles.

Report: Security Platform Leaking Hotel Security Logs, Including Marriott Properties (vpnMentor) vpnMentor's research team has recently discovered that Marriott and other hotel brands managed by The Pyramid Hotel Group have experienced a cybersecurity ...

Report: Theta360 Data Breach Leaks Millions of Private Photographs (vpnMentor) vpnMentor's research team has discovered that Theta360 experienced a huge data breach. Hacktivists from our research team, Noam Rotem and Ran Locar, ...

POS Malware Found at 102 Checkers Restaurant Locations (Threatpost) One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.

Data Breach – Checkers (Checkers) To Our Valued Checkers and Rally's Guests: We recently became aware of a data security issue involving malware at certain Checkers and Rally's locations.

Analysis Shows Poor GDPR Compliance in European Websites (SecurityWeek) A web-scanning service has analyzed the visible GDPR compliance of the 100 most popular websites in each of the 28 European member states.

Ethiopian INSA Agents Hacked: 142 agents chose the predictable password...Report (Borkena) Safety Detective which cliams to be World's largest antivirus review website says 142 agents Ethiopian Intelligence INSA agents are hacked

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough (WIRED) At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner.

Baltimore's risk assessment called a pair of aged city computer systems a 'natural target for hackers' (Baltimore Sun) Baltimore's IT office issued a warning that the city was using computer systems that were out of date, vulnerable to attack and not backed up.

Ransomware Succeeds Because Targets Don't Learn From History (Forbes) The recent ransomware attack on the city of Baltimore is just one more of close to 200 on governments. And it surely won't be the last, since municipalities don't seem to be learning from history.

NSA Deflects Blame for Baltimore Ransomware Attack (Nextgov.com) The city of Baltimore had more than two years to defend itself against the attack, and it's officials' fault they dropped the ball, according to NSA cyber chief Rob Joyce.

Luzerne County needs outside assistance to overcome cyber attack (Times Leader) Luzerne County is calling in an outside vendor to help assess the extent of damage caused by a cyber attack that has prompted the administration to shut down some computer work stations and servers…

Cyberattacks by email impersonators are on the rise (CIO Dive) Seven in 10 companies hit by email impersonation lost data, money or customers, a Mimecast survey shows. Here are three ways to stave off attackers.

Kaspersky Lab reports 61% jump in mobile banking malware (ATM Marketplace) Mobile banking Trojans are among the most rapidly developing, flexible and dangerous types of malware, according to Kaspersky Lab, which found a 61% increase in the number of files (from 18,501 to 2,841) of this type of malware between Q4...

White Nationalist Groups Banned By Facebook Are Still On The Platform (BuzzFeed News) "Facebook likes to make a PR move and say that they're doing something, but they don't always follow up on that."

Gaming Industry Exploits User Addiction (Avast) The gaming industry uses psychological tactics to trigger addiction and more spending, but gamers can stay safe and sane with these tips.

Cybercrime: An Inside View from Ex-Hacker Brett Johnson (InCyberDefense) Recently, Looking Glass Solutions sponsored an event featuring Brett Johnson. Johnson said that there are only three reasons why a cybercrime is committed.

Security Patches, Mitigations, and Software Updates

Microsoft warns users to patch as exploits for 'wormable' BlueKeep bug appear (TechCrunch) Microsoft has issued its second advisory this month urging users to update their systems to prevent a re-run of attacks similar to WannaCry. The software giant said Thursday that the recently discovered "wormable" vulnerability in Remote Desktop Services for Windows can allow attackers …

Apple Patches SQLite, WebKit Bugs in iTunes and iCloud for Windows (SecurityWeek) Apple released updates for iTunes and iCloud for Windows applications, to address recently disclosed SQLite and WebKit security flaws in them.

G Suite to get Gmail confidential mode, on by default (Help Net Security) Starting on June 25, Gmail confidential mode will be turned on by default for G Suite users and it will be on admins to turn it off.

Google Is Finally Making Chrome Extensions More Secure (WIRED) Third-party developers don't always build extensions with security best practices in mind. Now Google is taking steps to better protect user data.

Cyber Trends

Geopolitical Cyber Threats and Business Operations (Infosecurity Magazine) Cyber-attacks can be easily cross-continentally conducted by a small number of personnel in contrast to conventional warfare

Nation-State Security: Private Sector Necessity (SecurityWeek) While threats facing private industry and government may once have looked distinctly different, the line separating attackers pursuing these two arenas is now so blurred that it's often hard to distinguish one from another.

Industry is Not Prepared for the IIoT Attacks that Have Already Begun (SecurityWeek) A new survey from Irdeto demonstrates that direct cyber-attacks against IIoT have already started, and that industry is not yet well prepared.

Many are seeing the damage of cybercrime and identity theft firsthand (Help Net Security) As massive data breaches continue to make international headlines and the Internet is an integral part of our daily lives, consumers are now grasping the

Businesses are struggling to implement adequate IAM and PAM processes, practices and technologies (Help Net Security) Businesses find identity and access management (IAM) and privileged access management (PAM) security disciplines difficult yet un-concerning.

Data Breaches Make Zero Trust The New Buzzword In Cybersecurity (Investor's Business Daily) Despite huge spending on computer security, the good guys aren't even close to getting the upper hand vs. hackers.

Number of exposed health files 'alarming' says data security firm - Digital Health Age (Digital Health Age) The number of sensitive data files in healthcare, pharma and biotech accessible to every employee should leave us alarmed according to data security company Varonis, after a report highlighted the data risk in several industries a year after the implementation of GDPR. The Global Data Risk Report from the Varonis Data Lab suggested that in...

UAE, Saudi firms still unprepared for cyber-attacks: IBM Security (TahawulTech.com) Organisations in the UAE and Saudi Arabia are still unprepared to respond to cyber-attaks, according to the latest study by IBM Security.

Parting Shots (Q1 2019 Issue) (Infosecurity Magazine) What term do you prefer to describe what we do?


Huawei bars staff from having technical meetings with US contacts (TechCrunch) Reeling from the ongoing U.S.-China trade war, Chinese technology giant Huawei has found itself in yet another dilemma: How to pursue internal communications with its own U.S. employees? For now, the company has ordered its Chinese employees to bar technical meetings with their U.S. contacts and se…

Cybersecurity Jobs Added to Government's Shortage Occupation List (Infosecurity Magazine) Cybersecurity roles have been recognized as an official shortage by the UK Government's Migration Advisory Committee

20 public cybersecurity companies you should know (Built In) In our digitally hyperconnected world, cybersecurity companies are more in demand than ever. We've rounded up 20 publicly traded ones.

A veteran's look at the cybersecurity industry and the problems that need solving (Help Net Security) In this interview, Daniel Miessler, a 20-year industry veteran, talks with Help Net Security about the cybersecurity industry in general.

The Snowden effect: Privacy is good for business (CNET) Tech companies didn't look so good when Edward Snowden revealed they were helping governments spy on average people. But the revelations have worked in the industry's favor.

Palo Alto Networks Snaps Up Two Startups For $400M+ As Its Taste For Acquisitions Grows (Crunchbase News) The company has ramped up its buying activity over the past 14 months with a total of six known acquisitions since March 2018, according to Crunchbase data.

Twofer: Palo Alto to Buy TwistLock, PureSec in Major Cloud Security Play (Channelnomics) Visit the post for more.

Palo Alto Networks stock drops as cloud-transition pain concerns analysts (MarketWatch) Palo Alto Networks Inc. shares fall Thursday as several analysts cut their price targets as the cybersecurity company's transition to annual cloud-based...

Sequoia leads $110M funding round for password security startup Dashlane (SiliconANGLE) Sequoia leads $110M funding round for password security startup Dashlane

Enterprise cybersecurity startup BlueVoyant raises $82.5M at a $430M+ valuation (TechCrunch) The pace of malicious hacks and security breaches is showing no signs of slowing down, and spend among enterprises to guard against that is set to reach $124 billion this year. That's also having a knock-on effect on the most innovative cybersecurity startups, which continue to raise big mone…

NetApp buys data security developer Cognigo (CRN Australia) Develops data security and GDPR compliance software.

Three MSSPs Merge To Take On Security Giants Secureworks, IBM (CRN) Three smaller MSSPs have joined forces to gain the scale necessary for competing against larger managed security players like Secureworks, IBM and Arctic Wolf Networks.

GDIT, Leidos among those on $49M AI contract for HHS (Washington Business Journal) A spate of D.C.-area technology companies will compete to bring artificial intelligence and other solutions to an HHS shared services office.

Army names Silicon Valley's data mining company Palantir to lead battlefield intelligence (MuckRock) Palantir, a data mining startup based in Silicon Valley, will be handling initial delivery of the U.S. Army's battlefield intelligence network, the Pentagon confirmed earlier this year, positioning the company to influence the Army's long-term implementation of its artificial intelligence priorities.

DCMS selects Bristol consultancy for Cyber Security discovery project (Consultancy) UK consultancy Mace & Menter has been appointed as the partner to the Department for Digital, Culture, Media and Sport on a discovery project to better understand the users of the Cyber Exchange serv

Big Data startup weighs cutting 122 jobs, shutting Santa Clara HQ (Silicon Valley Business Journal) Big Data platform provider MapR Technologies, led by founder and CEO John Schroeder, may close its Santa Clara headquarters and cut 122 jobs.

​Google relies on growing underclass: temps who outnumber full-timers (Silicon Valley Business Journal) Google has long used contractors, but some employees worry that a growing reliance on them represents a shifting, less admirable work culture.

Why ICS security startup Dragos' CEO puts a premium on people not profits (TechCrunch) Written in its company's handbook, there's one rule for working at Dragos. "Don't be an asshole." "The first key to our success is our people and that we hire good people," said Robert Lee, the company's founder and chief executive, in an interview wi…

Cisco Stock Is a Top Pick During the Trade War, Analyst Says (Barron's) Cisco Systems stock is attractive because it is relatively insulated from the escalating trade conflict between the U.S. and China, according to JPMorgan.

SafeBreach Joins Microsoft Intelligent Security Association (AP NEWS) SafeBreach, a leader in breach and attack simulation, today announced that it has joined the Microsoft Intelligent Security Association, a collaborative initiative to help organizations defend against increasingly sophisticated, fast moving threats worldwide.

Proofpoint sends channel a reminder to focus on email security (MicroscopeUK) Ahead of InfoSec the security vendor has highlighted the importance of resellers helping customers secure their communications

'We'd like to dump them like so many bricks': Most brutal burns from CRN Vendor Report - so far…. (CRN) Vendors variously branded 'appalling', 'elitist' and 'anti-channel' in CRN 2019 Vendor Report.

Capsule8 Names Scott Kenerly as Chief Financial Officer (Capsule8) Capsule8, the only company providing high-performance attack protection for Linux production environments, today announced the appointment of Scott Kenerly as Chief Financial Officer … Read of "Capsule8 Names Scott Kenerly as Chief Financial Officer"

Products, Services, and Solutions

SOSA and Elron Partner to Boost Innovation within the International Cyber Ecosystem (Smart Cities Dive) SOSA, the leading global innovation platform that connects international organizations to innovative technology, has entered into a strategic partnership with Elron, a top Israeli early stage investment firm specializing in cyber.

Infoblox Unveils Simplified Security Platform to Detect and Stop Threats in Today's Borderless Networks (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced BloxOne™ Threat Defense,...

Phunware Announces Dual Token Structure (Yahoo) Phunware, Inc. (PHUN), a fully-integrated enterprise cloud platform for mobile that provides products, solutions, data and services for brands worldwide, today announced the introduction of the Phun utility token ("Phun") for its Multiscreen as a Service (MaaS) platform.

Elcomsoft Phone Viewer 4.50 adds data export support, allows evidence analysis in external tools (openPR) Press release - ElcomSoft Co. Ltd. - Elcomsoft Phone Viewer 4.50 adds data export support, allows evidence analysis in external tools - published on openPR.com

CREST and EC-Council Announce Certification Equivalency for Penetration Testers (openPR) CREST and EC-Council Announce Certification Equivalency for Penetration Testers - published on openPR.com

New infosec products of the week: May 31, 2019 (Help Net Security) New infosec products of the week include releases from the following vendors: AccessData, Bittium, Moogsoft, SailPoint, StorageCraft and Zyxel.

Technologies, Techniques, and Standards

What a teen grade hacker's confession can teach us (Naked Security) "We had access to the grade book. Now we could change the grades."

4 tips for getting the most from threat intelligence (CSO Online) It's easy to gather data on potential threats, but you have to know what to do with that intelligence if you want to improve your security stance.

How Did You Celebrate National Password Day? (Interfocus) In light of National Password Day, here are some tips and tricks to improve your online security, and that of your business, related to passwords.

Plan like a marketer, test like an attacker (ITWeb) Most IT security failures occur because cyber criminals know the psychology of human nature and how to exploit it.

Sumo Logic Co-founder: Beware of These Dangers with Data (Investing News Network) Christian Beedgen of data analytics firm Sumo Logic discussed subjectivity and confirmation bias in algorithms and data models at Collision.

Design and Innovation

The Army wants C5ISR systems on demand (C4ISRNET) The Army is focusing on global hot spots where it thinks it might have to respond with soldiers by sending the proper technicians ahead first. Army staffers are also making sure they configure systems as much as possible in advance of competition, however, but forward technicians can assist if systems break or need to be tweaked.

AI, the Mandatory Element of 5G Mobile Security (Threatpost) The complexity and scale of the 5G ecosystem, combined with a lack of skills and training in software-centric security, will be important drivers for AI deployment in the carrier space.

ODNI Seeks Industry Innovation (SIGNAL Magazine) The intelligence agency is looking for industry to present capabilities to enhance national security.

AI May Pose More Questions Than Answers (SIGNAL Magazine) Classified Cyber Forum seeks to answer some of the questions AI and machine learning pose to the military and intelligence agencies.


Your starter for ten: Why aren't Universities winning the cyber-security challenge? (SC Magazine) A quarter of UK universities believe their research programmes may have been infiltrated, and more than half confirm that a cyber-attack has led to research data ending up in foreign hands.

UK Universities Facing Daily State-Sponsored Attacks (Infosecurity Magazine) UK universities are facing increased attacks from state-sponsored hackers

Legislation, Policy, and Regulation

Following US Huawei ban, China threatens own blacklist for foreign firms (TechCrunch) Odds of the U.S. and China cooling off their trade war further diminished on Friday after the world's most populous nation said it would create a list of "unreliable" foreign firms of its own. Gao Feng, a spokesman of China's commerce ministry, said today that the nation will create an "entity list…

Donald Trump set to confront May over Huawei risks on London trip (Times) Donald Trump will confront Theresa May over the security risk posed to Britain by the Chinese company Huawei during his visit next week, a senior aide to the president has said. John Bolton, the...

Huawei: Trump Will Threaten U.K. With Intelligence-Sharing Cuts During Visit (Forbes) President Trump has decided to take a hard line with the U.K. government over Huawei during his visit next week, threatening to cut intelligence-sharing unless the controversial decision to allow the Chinese company's equipment into the U.K. network is reversed.

Britain may not have made final decision on Huawei and 5G: Bolton says (Reuters) Britain may not have made a final decision on allowing China's Huawei a res...

China's saber-rattling on rare-earths trade has US officials looking for options (Ars Technica) Coal runoff could be a solution; Pentagon wants funding for rare-earths independence.

Lawmaker: China's rare earths threat 'could cripple a nation' (Washington Examiner) China's threat to restrict rare earth exports to the United States could have devastating results, a senior Republican lawmaker said.

British Spies Tried to End Tech's Encryption Debate. But Their 'Ghost Proposal' Only Rekindled It (Fortune) Apple, Microsoft and Google have rejected a plan that would've allowed law enforcement to eavesdrop on communication.

Apple and WhatsApp hit back at GCHQ eavesdropping plans  (The Telegraph) Several of the world's largest technology companies have publicly rejected a proposal by British security services for a system which could give the government access to people's encrypted messages.

Apple, Google and WhatsApp condemn UK proposal to eavesdrop on encrypted messages (CNBC) In an open letter to GCHQ, 47 signatories including Apple, Google and WhatsApp have jointly urged the U.K. cybersecurity agency to abandon its plans for a so-called "ghost protocol."

Germany proposes Europe's first diversity rules for social media platforms (Media Policy Project) Tighter regulation of social media and other online services in now under discussion in several European countries, as well as in the UK where the government has released a white paper outlining it…

Lowdown: Sri Lanka's Cyber Security Bill provides for cybersecurity agency, penalties, and more (MediaNama) The Sri Lankan government has drafted a 'Cyber Security Bill' to protect vital information and essential services from cyber attacks, reports Daily News. The bill vests the government with powers to establish a 'Cyber Security Agency' and is meant to 'empower' the Sri Lanka Computer Emergency Readiness Team and National Cyber Security Operations Centre, which …

Cryptocurrency Firms Renew Push to Break Free From SEC Rules (WIRED) Kik has started a crowdfunding campaign to support its legal battle, asserting that its kin coins are not securities.

Rep. Sherrill Introduces Bipartisan Bill to Safeguard Federal Research from Foreign Espionage (TAP into Sparta) Today, Representative Mikie Sherrill (D-NJ) joined with Representatives Anthony Gonzalez (R-OK), Jim Langevin (D-RI), Elise Stefanik (R-NY), Eddie Bernice Johnson (D-TX), and Frank Lucas (R-OK) to announce the introduction of the bipartisan Securing American Science and Technology Act of 2019 (SASTA) to address academic espionage at our institutions of higher education.

Maine passes bill requiring ISPs to ask permission before selling data (Engadget) Maine's legislature might protect privacy with a newly-passed bill that requires consent before ISPs sell your data.

Cyber Command names Navy admiral as new deputy (Fifth Domain) Following the retirement of Deputy Commander Lt. Gen. Vincent Stewart, Cyber Command has been operating without a deputy commander. Now, a new deputy commander has been appointed to help Cyber Command further define its new role as a unified combatant command.

Litigation, Investigation, and Law Enforcement

ProtonMail Accused of Voluntarily Helping Police Spy on Users (SecurityWeek) Privacy-focused ProtonMail has been accused of voluntarily helping law enforcement spy on users, but the company has denied the accusations.

ProtonMail denies that it offers real-time surveillance assistance (HackRead) A Swiss lawyer has accused ProtonMail that the company has initiated offering IP Logging upon request of Swiss authorities.

Trump opens new rift with 'conflicted' Robert Mueller (Times) Calls by the Democrats for impeachment grew louder yesterday as Donald Trump railed against Robert Mueller, the special counsel who used his only public statement to declare that his investigation...

Mueller's Bottom Line: Indicting Trump Wasn't Even an Option (WIRED) Robert Mueller outlined the conclusions of the Russia investigation and made clear, in his own obtuse way, that the next steps belong to Congress.

Why Is The Info Generating Mueller's Probe All Linked To Hillary Clinton? (The Federalist) At a certain point, it can't be mere coincidence that every major figure involved in probing Trump's campaign is linked to Hillary Clinton in some manner.

SEC Policy Incentivizing Whistleblowers Weakened by Ruling, Lawyers Say (Wall Street Journal) A recent U.S. Supreme Court decision that raised questions about protections for whistleblowers weakens the regulator's policy, according to lawyers who fear tipsters may now be more reluctant to report information to company compliance officers.

Prosecutor downplays email tracking in Navy SEAL murder case (Navy Times) Defense lawyers accuse prosecutors of engaging in misconduct and want charges against Gallagher dismissed or prosecutors removed from the case.

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors (KrebsOnSecurity) Canadian government regulators are using the country's powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software.

Blue Haven's flexible family capital, Canada's women-led startups, weathering climate change, future of food dealflow - ImpactAlpha

Posted: 28 May 2019 04:00 AM PDT

Greetings, Agents of Impact!

Podcast Series: Beyond Trade-offs

Blue Haven Initiative: Wealthy families have the flexibility to drive impact across their portfolios. The family business for many high- and ultra-high-net-worth families is the business of managing the wealth itself. In the U.S. alone, more than 3,000 single and multi-family offices hold more than $1.7 trillion in assets. One perk of being such an asset owner: you get to set the rules. Liesel Pritzker Simmons and her husband, Ian Simmons, have committed to integrate impact across 100% of their assets. Blue Haven Initiative, their $500 million family office, accounts for impact across its portfolio. "The role of the impact investor is to take a step back and say, "What's the thing you're trying to accomplish? What's the best way to scale that impact?" Pritzker Simmons told ImpactAlpha's David Bank for the seventh and final episode of our Beyond Trade-offs series, produced in collaboration with Omidyar Network. "Sometimes it's through market-rate investing. And sometimes, it absolutely is not."

That flexibility is why high-net-worth families enjoy perhaps the greatest responsibly to drive the shift of capital towards impact. In the largest portion of the half-billion dollar portfolio, Blue Haven targets market-rate returns, in both public and private markets. To pursue direct investments, Blue Haven created a $50 million venture capital mandate that targets energy access, financial inclusion and logistics, primarily in sub-Saharan Africa. Blue Haven has invested market-rate-seeking equity in firms like M-KOPA, which has found success distributing lease-to-own solar kits in East Africa. When Blue Haven looked at solar mini-grids, however, the family office determined the risk level made it a better fit for the philanthropic portfolio. Blue Haven made a grant to PowerGen in Tanzania to prove out a lower-cost model at scale. Says Omidyar Network's Robynn Steffen, "Families have to be on the front lines of bearing the risk of early-stage innovation and fueling impact in the toughest market segments."

Read on, and listen in, to, "Blue Haven Initiative: Wealthy families have the flexibility to drive impact across their portfolios," by Dennis Price on ImpactAlpha.

  • Travel to the land beyond trade-offs. Join The Call No. 9, featuring Blue Haven Initiative's Liesel Pritzker Simmons, Prudential Financial's Ommeed Sathe, Elevar Equity's Sandeep Farias and Omidyar Network's Robynn Steffen, Thursday, May 30th, at 10:00 am PT / 1:00 pm ET / 6:00 pm London. RSVP now.
  • Binge on Beyond Trade-offs. Catch up on the full series of podcasts (and subscribe on iTunes, Spotify, SoundCloud or Stitcher).

Dealflow: Follow the Money

StandUp secures C$18 million to invest in Canada's women-led tech startups. Research suggests that companies with female leaders perform better and recruit more diverse teams. Yet only 13% of venture capital goes to startups with at least one female founder, and funding bias is strongest in the early stages. The Toronto-based StandUp Ventures raised C$18 million (US$13.4 million) towards a C$25 million target to help women overcome the early-funding hurdle. Women-led teams have better odds in later rounds, according to StandUp Ventures' Michelle McBane, which has backed seven startups since launching in 2017. StandUp made a second investment in job-safety communication platform Bridgit, which closed C$6.2 million in Series B funding in March. StandUp's backing from investors includes C$5 million from entrepreneur-focused bank BDC. "This follow-on funding from top financial institutions demonstrates that investors are actively beginning to support women entrepreneurs and businesses," McBane says. More.

Agritask raises $6 million to help farmers weather climate change. A third of the world depends on agriculture to earn a living. Many small-scale farmers lack access to insurance to protect their income in the face of climate change. "To a large extent this is a result of product design which often relies on limited data availability and visibility into the ongoing agricultural and climatic risks," says Ofir Ardon of Agritask, a Tel Aviv-based agriculture data analytics software startup. Agritask aims to help agricultural businesses, from farmers to insurers better use data to make business decisions. Most of its users are in emerging and frontier markets. The InsuResilience Investment Fund is backing with a $6 million investment, its fifth equity investment. Agritask joins a growing roster of companies supporting small farmer insurance adoption as a solution to climate risk. Read on.

Dealflow overflow: "future of food" edition.

  • Kentucky-based AppHarvest raised an undisclosed amount of Series A funding from ValueAct Capital and Revolution's Rise of the Rest fund, and secured an $82 million investment from Equilibrium Capital to build a 2.8 million-square-foot greenhouse in the eastern part of the state. The project will support 285 full-time jobs in an area where poverty levels are twice the national rate.
  • New York-based Artemis, formerly known as Agrilyst, closed an $8 million Series A round for its indoor farm management software. The company rebranded as part of a business pivot that involves shifting focus to large-scale indoor farms, like the kind AppHarvest is building. (Artemis is the Greek goddess of wilderness and hunting, and as the company's CEO Allison Kopf explains, "of all things living.")
  • San Francisco-based Silo clinched $3 million from Initialized Capital and several angel investors for its perishable food marketplace, which aims to cut food waste by improving market linkages between buyers and sellers. Produce Pay and Farmster also link farmers and distributors online, while Full Harvest and FoodMaven go a step further, focusing on over-supplied or "ugly" produce that is most likely to be wasted.

Agents of Impact: Follow the Talent

Amy Bell, ex-of Tideline, joins the corporate venture team at Whole Foods. Bell will remain an advisor to the impact investing strategy firm… Nonprofit Finance Fund was awarded $55 million in New Markets Tax Credits… Omidyar Network is hiring a director of people in Redwood City… The U.S. Department of the Treasury is looking for a program manager for the CDFI Fund in Washington DC… Business for Social Responsibility seeks a manager of financial services in New York.

May 28, 2019.


Popular posts from this blog

123Movies || Blue Story [2019] Watch Online Full Free HD - WspyNews

Live streaming is new hunting ground for Chinese online fraudsters - South China Morning Post

Top 6 Small Business Ideas for New Entrepreneurs in Philadelphia - The Hack Post