Funding continues for early startups, cybersecurity isn’t special, but pickleball is – ESW #343

Funding continues for early startups, cybersecurity isn’t special, but pickleball is – ESW #343 On this week’s news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have you think. The goal of patching faster than exploits can be used – is it a fool’s errand? Also, pickleball – the country’s fastest growing sport, is causing chaos across the nation. Announcements Follow us on X (formerly known as Twitter) for livestream reminders, highlighted clips, memes, and more! You can find us @ SecWeekly. Hosts 1. FUNDING: ArmorCode Raises $40M in Series B Funding 2. FUNDING: Mine Raises $30M in Series B Funding 3. FUNDING: Announcing our $22M Series B 4. FUNDING: ProvenRun secures €15 million Series A to accelerate its growth in security-by-design for the Internet of Things (IoT) – ProvenRun 5. NEW COMPANIES: Xeol: Secure from Code to Deploy 6. NEW COMPANIES: Enveedo 7. NEW FEATURES: A (beta) Canarytoken for Active Directory Credentials 8. TRENDS: State of the Cloud 2023 9. LESSONS LEARNED: Real-Life Lessons in Breach Response – SafeBase Blog 10. ATTACKS: SQL Brute Force Leads to BlueSky Ransomware – The DFIR Report I’m sorry, did you say XP-CMDSHELL??? What Year is It.GIF 11. ATTACKS: What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals… 12. ATTACKS: North Korean hacking ops continue to exploit Log4Shell 13. ESSAYS: Cybersecurity Isn’t Special SHOTS FIRED 14. BEST PRACTICES: CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model We’re seeing a lot of shifting from traditional models and assumptions now that failures (mostly ransomware) is hitting companies hard, and often. We’ve long had the data telling us that using patching as a defensive measure requires extremely quick response. Quicker than most organizations can muster. If vulns are going to be exploited, they’ll generally happen in hours or days. At that scale, there are only a few options: fully automate software updates and skip QA/safety testing altogether put mitigations in place very quickly (e.g. virtual patching, vuln/exploit-specific mitigations) design systems/networks to be more resilient to attacker actions in general (e.g. isolation, zerotrust, principle of least privilege, etc) fully automate software updates and skip QA/safety testing altogether put mitigations in place very quickly (e.g. virtual patching, vuln/exploit-specific mitigations) design systems/networks to be more resilient to attacker actions in general (e.g. isolation, zerotrust, principle of least privilege, etc) We saw the latter two in action following Okta’s latest breach, as BeyondTrust, Cloudflare, and 1Password seemed to detect the attacks very quickly, and (according to them, at least) were able to isolate and eradicate the attackers. In another example, the folks that fared best during the Log4Shell debacle were those that denied outbound comms by default for servers or any other systems that didn’t really need it. Turns out that malicious code can’t do much damage if it can’t communicate back out! In conclusion, I hate to say that traditional vuln management seems like a waste of time, but… I don’t think getting OT vendors to switch to rust, as CISA suggests, is the solution either. 15. REPORTS: The Continued Threat to Personal Data – Key Factors Behind the 2023 Increase A report commissioned by Apple, concluding that we need… more encryption to stop more breaches?? 16. REGULATIONS: FBI explains how companies can delay SEC cyber incident disclosures 17. SQUIRREL: ‘FYI Pickleball DRAMA’: Local Governments Overwhelmed By Tennis-Pickleball Turf Wars, Documents Show 18. SQUIRREL: T’was the Night Before the Breach — 2023 Edition