Welcome to the Cyber Sizzler - the only cybersecurity newsletter that helps everyone from analysts to CEOs get 2% better every day.

If Lenny's Newsletter and MilkRoad had a snarky, nerdy, love child, it would be us. We serve up the industry’s latest news, security tips that'll make you feel invincible, and of course, a healthy helping of memes and wit. We promise you won't be bored, but we can't guarantee you won't be hooked.

Hey, want to know a little secret? If you share this newsletter with just two of your buds, you'll gain access to our exclusive Cyber Sizzler database. It's like a secret club, but without the weird handshakes.

Simply share this email, reply to us and ask for access - done. 

ON DECK FOR TODAY

• HEATING UP: Twitter melts down over more security

• DUMPSTER FIRE: PeopleConnect lose 20M customer passwords

• CACHING IN: CommandK rakes in $3M, Deepwatch adds 180 stacks

• JALA-MEME-ÑOS: Elon > Zuck

HEATING UP

Spicy opinions on things care about for whatever reason

1. Twitter melts down over more security

Twitter had a conniption when Elon put the hammer down on SMS based 2FA. We think it’s funny because everyone wants Twitter fixed, but nobody wants it to change. Hell, ChatGPT came up with a list pretty darn close to the outrage.

1. Taking away the text message 2FA option is inconvenient

2. Switching to a different 2FA method is a hassle

3. It's not fair that Twitter Blue subscribers get special treatment

4. Some users may not see the need to take extra steps to protect their account

These are toddler arguments…but Twitter.

Even though Twitter ham-fisted the announcement, it’s a step in the right direction to securing accounts. It feels like Twitter users are more tech forward than the Facebook crowd and will be able to navigate auth apps easier. We’d also like to see more than a 30 day window. Something we think Rhianna probably wanted as well.

But good luck getting non-techies (old people) to sign up for an auth app, and there’s almost no way we see them paying for Blue.

Rock, meet hard place.

DUMPSTER FIRE

Eyebrow raising breaches that you already know about,

with just the numbers that you need.

PeopleConnect

• Affected: 20,221,007

• Dwell time: Unknown, but data went for sale Jan. 21, 2023

• Notification time: 14 days, Feb 3, 2023

• Identity monitoring: None 🙄

Bleeping Computer has more coverage, but the gist is that TruthFinder and Instant Checkmate lost 20 MILLION customer records. PeopleConnect, the parent company, enlisted a third-party cyber firm and said they couldn’t find a breach.

Also, it’s likely an “inadvertent leak or theft of a particular list.” Neither reason is very comforting. Again, no ID monitoring is a bit of a head scratcher. I’m sure they’d say something along the lines of, “this is an older list with only names, emails, and passwords.” I’m sure none of these 20M re-use passwords or have kept the same email. 🙄

MSSPs: Take note of the shortcomings in PeopleConnect's response page and strive for better. Be clear and informative by providing relevant details, such as what data was compromised and steps taken to prevent future incidents. Contact your customers to discuss your breach response plan. Just don't mention that the password for the response page is "password123".

Sales Teams: PeopleConnect's response to the recent breach is pointing towards an insider threat or a misconfiguration. But instead of getting stuck on the details, put together a presentation that tackles the issues and showcases your solutions. Sales engineers, create new scenarios that demonstrate how you would handle these scenarios. This is your opportunity to take charge and show everyone that you're the go-to team when it comes to fighting potential breaches.

Internal Teams: An audit should have uncovered the two giant CSVs with customer data - no excuses. If you haven’t implemented regular data audits and quality checks, shame. If they’re in-place already, look for massive CSVs. If you have an external auditor or use an MSP, email the rep and ask for the audit results. Specifically call out the PeopleConnect breach and ask what massive backup files they found (csv, bak, etc.). Take action today - you’re still responsible for your security.

CACHING IN

CommandK

• RAISED: $3M (seed round)

• DATE: February 9, 2023

• LED BY: Lightspeed

• PARTICIPATED: AllIn Capital, Robin Vasan (Mango Capital), Jon Gelsey, Sundeep Peechu (Felicis), Akash Saxena

• CEO: Jayesh Sidhwani

• WHAT: Data security platform; protection of secrets (API tokens, SSH keys, PII)

• Our take: CommandK has ambitious goals in a heavily fragmented space. They have a big opportunity in the “secrets” space, and something that Jayesh pointed out in their recent TechCrunch interview. Something that could be tough to pull off is the “damage control and leak prevention” function. Screenshots show a Slack integration, but data sprawl extends well beyond. We look forward to seeing Teams, Outlook, data repository (Google Drive, OneDrive, etc.), and ITSM (ServiceNow) integrations. Hey Jayesh, we’d love a demo 🌶️

Deepwatch

• RAISED: $180M (unknown, equity and strategic)

• DATE: February 15, 2023

• LED BY: Springcoast Capital Partners (they’re new)

• PARTICIPATED: Splunk Ventures, Vista Credit Partners

• CEO: Charlie Thomas

• WHAT: MDR

• Our take: Deepwatch has brought in a TON of money ($256M) in a relatively short amount of time (founded in 2019) which tells us a couple of things. They’ve achieved product market fit, and the MDR market is hotter than Rihanna’s halftime show. We somehow squeezed in two Rhianna references in one post.

Jala-meme-ños

TALL GLASS OF MILK

Time to cool down with a tall glass of milk. Thanks for reading! We'll be back soon with more updates and insights to help you stay on top of the latest trends in the industry. In the meantime, feel free to reach out if you have any questions or feedback. Keep crushing it!

AFTERBURN