Deception, SaaS Security, and the 10 Plagues of Cloud Security – ESW #312
In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.
- but no one was hurt!
As a member of the Security Weekly community, we are pleased to offer you 20% off your InfoSec World 2023 tickets! Join a community of over 2,000 security professionals and innovators at InfoSec World on September 25th through 27th at Disney’s Coronado Springs Resort. Experience world-class learning and networking through enlightening keynotes, informative panel discussions, interactive breakout sessions, hands-on workshops, and more.
Register today at securityweekly.com/infosecworld2023 using code ISW23-SECWEEK20!
- 1. FUNDING: CrowdStrike Combines Powers With Abnormal Security to Stop Breaches
A "venture round" from Crowdstrike Ventures follows the company's $210M Series C in May 2022.
- 2. FUNDING: DataDome Closes $42 Million in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud
- 3. FUNDING: Hypori Completes $23M Series B Financing
- 4. FUNDING: Strivacity Announces $20 Million in New Funding To Modernize Customer Sign-in Experiences and Security
- 5. FUNDING: Push Security raises $15M to help SaaS users lower their online vulnerability
- 6. FUNDING: Entitle Launches With $15M in Seed Funding to Bake Security Into Permissions Management
- 7. FUNDING: SCADAfence raises $16 million, adds Fujitsu and Mitsubishi Electric as new investors
- 8. FUNDING: Votiro Raises $11.5 Million in Series A Funding
- 9. FUNDING: Spera raises $10M for its identity security posture management platform
- 10. FUNDING: Trustle Raises $6M Seed Round to Revolutionize Access Management
- 11. NEW COMPANIES: Seedata.IO – Making cybersecurity unknowns, known
- 12. LESSONS: 10 Plagues of Cloud Security
- 13. LESSONS: 69 Ways to F*** Up Your Deploy
- 14. LESSONS: List of experiences rolling out Yubikeys and WebauthN – Clint Gibler on Twitter
- 15. NEWSLETTERS: Jason Haddix’s Executive Offense Issue #2
- 16. REPORTS: FS-ISAC Navigating Cyber in 2023
- 17. AI TRENDS: Chat GPT & AI a growing concern for cyber insurance: Corvus’ Hedberg – Reinsurance News
- 18. AI TRENDS: Samsung workers made a major error by using ChatGPT
There's a lot of confusion and FUD going around on what is and isn't trained on when you use ChatGPT.
TL;DR: If you use ChatGPT's consumer interface (chat.openai.com), you are opted IN for your prompts being used to train/improve the service. There's a form you can fill out to opt OUT. (it's literally a Google form, which seems kinda janky, but it's pretty easy to opt out).
If you use OpenAI's API interface (api.openai.com), you are opted OUT for your input OR output data being used for training/improvement. There's a form you can use to opt IN.
- 19. TRENDS: Burgum, Baesler applaud landmark North Dakota computer science, cybersecurity measure
- 20. ESSAY: AI Revolutionizes Infosec
- 21. ESSAY: Cybersecurity vs. Everyone: From Conflict to Collaboration
- 22. SQUIRREL: When tires attack: Marques Brownlee on Twitter