Content, Content

Managed Security Services Provider Morning News: 02 January 2018

Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.

Here’s the lineup for Tuesday, January 2, 2018:

12. Partnership: WiPro will leverage ThreatModeler's software to help customers understand and mitigate security risks. Key project areas for the effort will involve DevOps and digital transformation efforts.

11. Antivirus Software for Spying: How can programmers potentially transform antivirus software into spying tools? This New York Times report provides some clues... and once again raises concerns about Kaspersky Lab's alleged ties to Russia's government. Kaspersky has repeatedly denied the claims.

10. Crypto Hijackers: North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions, Bloomberg says. A hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins -- worth about $25,000 as of Dec. 29 -- according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute, the Bloomberg report says...

9. New Crypto Fund: Waves Platform, a blockchain platform, is launching a blockchain venture fund. The Basics Fund is seeking an initial $10 million investment for January 2018 with a total of $30 million by April. Alexander Ivanov, founder and CEO of Waves, will serve as a key adviser and principal for the Basics Fund, the company said.

8. Sonos Speaker Security Flaw: Internet-connected speakers from Sonos and Bose could suffer major security issues if authentication services aren't properly established, according to a new Trend Micro report. The report is the latest red flag for consumers who embrace IoT (Internet of Things) devices without fully understanding the potential security risks...

7. John McAfee Hacked: McAfee founder John McAfee apparently suffered a Twitter account hack in recent days...

6. Ancestry.com Data Leak: Ancestry.com last week closed portions of its community-driven genealogy RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public Internet, ThreatPost notes. In a statement, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server...

5. Retail Security Breach: Forever 21 recently provided deeper details about a November 2017 payment card security incident that involved malware that exploited inconsistent encryption practices...

4. SD-WANs & Cloud Security: Aryaka and Zscaler are partnering to deliver SD-WAN connections backed by cloud-delivered security services.

3. Help Desk Hackers: Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered. The avenue for these attacks is a Magento extension named Mirasvit Helpdesk, which allows sites to show a "Chat with us" widget on Magento shops, according to BleepingComputer.

2. Next Cybersecurity Conference: We're keeping a close eye on Enigma 2018, a cybersecurity conference that seeks to "clearly explain emerging threats and defenses in the growing intersection of society and technology." Check the MSSP Alert Cybersecurity Conference Calendar for events throughout 2018 and beyond. Also, submit your own event for possible listing on the calendar.

1. Welcome Back: As you return to work and kick off the 2018 business year, thanks for reading MSSP Alert. We look forward to closely tracking the MSSP market -- opportunities, challenges and strategies -- while leveraging your feedback and guidance throughout the year. Got questions? Email me: [email protected].

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.