Sharing is Caring

Because who needs security when you can have convenience?

February 20, 2023

Welcome to the Cyber Sizzler - the only cybersecurity newsletter that helps everyone from analysts to CEOs get 2% better every day.

If Lenny's Newsletter and MilkRoad had a snarky, nerdy, love child, it would be us. We serve up the industry’s latest news, security tips that'll make you feel invincible, and of course, a healthy helping of memes and wit. We promise you won't be bored, but we can't guarantee you won't be hooked.

Hey, want to know a little secret? If you share this newsletter with just two of your buds, you'll gain access to our exclusive Cyber Sizzler database. It's like a secret club, but without the weird handshakes.

Simply share this email, reply to us and ask for access - done. 

ON DECK FOR TODAY

  • LEVEL UP: Stop sharing your location data

  • DUMPSTER FIRE: California medical centers, Pepsi bottling, T-Mobile, and Zacks Investment Research expose customer data

  • CACHING IN: VulnCheck, Skybox Security raise money

  • JALA-MEME-ÑOS: Memes

LEVEL UP: Because Sharing is Caring

I skimmed a Wired article the other day - How to Make Sure You're Not Accidentally Sharing Your Location (paywall) - and it got me thinking.

We're always talking about protecting our customers and companies. But what about ourselves?

When was the last time you did a security assessment on your own devices? If you’re anything like me, the answer is never.

Why do you need to do a self-assessment?

Beyond the standard privacy concerns and security risks, there’s the sneaky side of the app business of Location Data Reselling.

A data reseller with 1 BILLION mobile devices!!!!

Location data reselling is when companies track your every move through your mobile device and sell that data to third-party companies for a profit. It's like being followed by a creepy stalker, except that stalker is a giant corporation with deep pockets.

Enter:

Cyber Sizzler Security and Privacy and Optimization Self-Audit (CSSPOSA™)

Think of it like a colonoscopy for your phone - it may not be the most pleasant thing to do, but it's important to understand what's going on in your digital world.

I’m sure you’re saying - But I’m in security…I’m fine!

Here's the thing - turning off tracking isn't always enough to protect your digital privacy.

Don't believe me?

I found a great YouTube video from the Payette Forward crew that explains it all (and WAY more.) Let me give you a brief rundown of how it went for me…

LEVEL UP - Take Action (under 2 min.)

2 quick steps to take your game to the next level:

  1. Watch the video and plug any potential leaks.

  2. Create a 6 month recurring reminder - just say Hey Siri, create a 6 month recurring CSSPOSA™ reminder. You’ll get a new phone or have a major OS update at least once a year, which means you’ll need to keep toggling these.

There’s a list of links to the good parts in our super-secret Cyber Sizzler database.

🍎 iPhone | 🤖 Android

DUMPSTER FIRE

Eyebrow raising breaches that you already know about,

with just the numbers that you need.

  • Affected: 3,300,638

  • Dwell time: 7 days (Dec 1, 2022 - Dec 8, 2022)

  • Notification time: 63 days (Feb 1, 2023)

  • Identity monitoring: 1 year of Norton LifeLock

The Register covers it well, but any breach over 1M needs a congressional hearing. Not to mention the completely unacceptable 63 days until notification.

  • Affected: unknown, but has around 3500 employees

  • Dwell time: 27 days (Dec 23, 2022 - Jan 19, 2023)

  • Notification time: 22 days (Feb 10, 2023)

  • Identity monitoring: 1 year of Kroll Identity Monitoring

Bleeping Computer rightly points out that after the initial compromise was discovered that it took a whopping 9 days to remediate.

  • Affected: 820,000

  • Dwell time: 9 months(!) Nov 2021 - Aug 2022)

  • Notification time: 30 days (Jan 27, 2023)

  • Identity monitoring: nope (🙄)

Yeah, this happened last month, but an incredibly long 9 month dwell time earned them a spot on the list. Sure, an old database that was accessed, but how generous of them to not offer identity monitoring. Who needs piece of mind?

  • Affected: 37 MILLION!

  • Dwell time: 42 days (Nov 25, 2022 - Jan 5, 2023)

  • Notification time: 14 days (Jan 19, 2023)

  • Identity monitoring: NOPE (🙄🙄🙄🙄)

T-Mobile should be hauled back into Congress for their repeated negligence. Of course the company chose not to dish out ID monitoring. Krebs hints that they’re probably just waiting to get class-actioned again as it’s probably cheaper for them rather than doing the right thing.

DUMPSTER FIRE - Take Action

MSSPs: While you don’t want to spook your customers, you need to keep them informed on the latest breaches and attack vectors. Providing ongoing employee cybersecurity training is crucial, and if you haven't started yet, now is the perfect time to start. There are some truly horrible training programs out there, so find one that actually holds peoples attention.

Sales Teams: Revamp your marketing materials and hit the ground running with fresh collateral. The latest medical breach in California has opened the door for medical providers to bolster their security. Help them achieve this. Urge your value engineers to create a reliable system for keeping these numbers up-to-date, and don't waste any time - email your prospects immediately.

Software Companies: It's time to strengthen your defenses in the wake of the T-Mobile breach. Security is a team effort, and everyone needs to pitch in - not just Dev and InfoSec. Ops, Compliance, the Executive Team, and Legal must also be reminded of their role in security. Schedule security exercises and punish your public facing APIs.

CACHING IN

  • RAISED: $3.2M in seed funding

  • DATE: February 9, 2023

  • LED BY: Sorenson Ventures

  • CEO: Anthony Bettini

  • WHAT: Vulnerability intelligence

  • RAISED: $50M in late stage funding

  • DATE: February 8, 2023

  • LED BY: CVC Growth Funds, Pantheon, and J.P. Morgan

  • CEO: Mo Rosen

  • WHAT: I think Threat intelligence? Nearly impossible to tell by looking at the website

Jale-meme-ños

Found this fitting

TALL GLASS OF MILK

Time to cool down with a tall glass of milk. Thanks for reading! We'll be back soon with more updates and insights to help you stay on top of the latest trends in the industry. In the meantime, feel free to reach out if you have any questions or feedback. Keep crushing it!

What'd you think of today's edition?

Login or Subscribe to participate in polls.

AFTERBURN