Managed Security Services Provider (MSSP) Market News: 25 October 2023

Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News

1. MSP Program Launches in Canada: Cork, a cyber warranty company for MSPs serving small businesses, is launching its Early Access Program (EAP) in Canada. Cork is also announcing the general availability of the Cork Protection platform to U.S.-based MSPs starting November 1.

2. Security Partnership: Seemplicity Security has formed a technical integration with cloud security provider Wiz. As a certified Wiz Integration (WIN) platform partner, Seemplicity enables joint customers to integrate its Security Remediation Operations platform into their existing Wiz workflows to accelerate remediation.

3. Product Launch: CyCognito has announced a major platform expansion of its External Attack Surface Management (EASM). The latest release includes extended visibility across cloud assets, web application API endpoints and web application firewalls (WAFs), enhanced web crawling capabilities, compliance management controls and integrations for exploit database remediation. Additionally, CyCognito's recent State of External Exposure Management report uncovered an alarming number of vulnerable public cloud, mobile and web applications exposing sensitive data.

4. Product Launch: Fortinet has announced the expansion of its Universal SASE offering to "empower today’s hybrid workforce with FortiOS everywhere." Commenting on the announcement, Ken Xie, founder, chairman of the board and CEO, said, “The Fortinet operating system, FortiOS, is the industry’s only enterprise-grade converged operating system able to support all SASE functions, including firewall, SD-WAN, secure web gateway, encryption/decryption, CASB, DLP, and ZTNA, whether deployed in an appliance or cloud-delivered from Fortinet.”

5. 1Password, Okta Suffer Cyberattacks: The spillover from a cyberattack against Okta’s support system is growing as more victims come forward. 1Password on October 23 said it was also impacted by the Okta support system breach, which led to an intrusion of its Okta environment, making it the third security-oriented victim to come forward after BeyondTrust and Cloudflare. (Source: Cybersecurity Dive)

6. Hacker Alert: The threat actor known as Winter Vivern has been observed exploiting a zero day flaw in Roundcube webmail software to harvest email messages from victims' accounts. Winter Vivern, also known as TA473 and UAC-0114, is an adversarial collective whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India. (Source: The Hacker News)

7. Cybercrime Bust: Spanish law enforcement officials have arrested 34 members of a criminal group that carried out various online scams, netting the gang about $3.2 million in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, more than $84,000 in cash, four high-end vehicles, and computer and electronic material worth. The scams, which were conducted via email, SMS, and phone calls, entailed the threat actors masquerading as banks and electricity supply companies to defraud victims. (Source: The Hacker News)

8. Zscaler Issues Threat Report: Zscaler has released its ThreatLabz 2023 Enterprise IoT and OT Threat Report. This year’s report provides an in-depth look at malware activity over a six-month period, analyzing approximately 300,000 blocked attacks on IoT devices secured by the Zscaler Zero Trust Exchange platform. The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, Zscaler said.