Funding continues for early startups, cybersecurity isn’t special, but pickleball is – ESW #343
On this week's news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have you think. The goal of patching faster than exploits can be used - is it a fool's errand?
Also, pickleball - the country's fastest growing sport, is causing chaos across the nation.
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Hosts
- 1. FUNDING: ArmorCode Raises $40M in Series B Funding
- 2. FUNDING: Mine Raises $30M in Series B Funding
- 3. FUNDING: Announcing our $22M Series B
- 4. FUNDING: ProvenRun secures €15 million Series A to accelerate its growth in security-by-design for the Internet of Things (IoT) – ProvenRun
- 5. NEW COMPANIES: Xeol: Secure from Code to Deploy
- 6. NEW COMPANIES: Enveedo
- 7. NEW FEATURES: A (beta) Canarytoken for Active Directory Credentials
- 8. TRENDS: State of the Cloud 2023
- 9. LESSONS LEARNED: Real-Life Lessons in Breach Response – SafeBase Blog
- 10. ATTACKS: SQL Brute Force Leads to BlueSky Ransomware – The DFIR Report
I'm sorry, did you say XP-CMDSHELL???
What Year is It.GIF
- 11. ATTACKS: What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
- 12. ATTACKS: North Korean hacking ops continue to exploit Log4Shell
- 13. ESSAYS: Cybersecurity Isn’t Special
SHOTS FIRED
- 14. BEST PRACTICES: CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model
We're seeing a lot of shifting from traditional models and assumptions now that failures (mostly ransomware) is hitting companies hard, and often. We've long had the data telling us that using patching as a defensive measure requires extremely quick response. Quicker than most organizations can muster.
If vulns are going to be exploited, they'll generally happen in hours or days. At that scale, there are only a few options:
- fully automate software updates and skip QA/safety testing altogether
- put mitigations in place very quickly (e.g. virtual patching, vuln/exploit-specific mitigations)
- design systems/networks to be more resilient to attacker actions in general (e.g. isolation, zerotrust, principle of least privilege, etc)
We saw the latter two in action following Okta's latest breach, as BeyondTrust, Cloudflare, and 1Password seemed to detect the attacks very quickly, and (according to them, at least) were able to isolate and eradicate the attackers.
In another example, the folks that fared best during the Log4Shell debacle were those that denied outbound comms by default for servers or any other systems that didn't really need it. Turns out that malicious code can't do much damage if it can't communicate back out!
In conclusion, I hate to say that traditional vuln management seems like a waste of time, but... I don't think getting OT vendors to switch to rust, as CISA suggests, is the solution either.
- 15. REPORTS: The Continued Threat to Personal Data – Key Factors Behind the 2023 Increase
A report commissioned by Apple, concluding that we need... more encryption to stop more breaches??
- 16. REGULATIONS: FBI explains how companies can delay SEC cyber incident disclosures
- 17. SQUIRREL: ‘FYI Pickleball DRAMA’: Local Governments Overwhelmed By Tennis-Pickleball Turf Wars, Documents Show
- 18. SQUIRREL: T’was the Night Before the Breach — 2023 Edition
