Managed Security Services Provider (MSSP) News: 30 December 2021 -

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), eXtended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
Frequency and Format: Every business morning. Typically one or two sentences for each item below.
Reaching Our Inbox: Send news, tips and rumors to [email protected].

A. Today’s MSSP, MDR, XDR and Cybersecurity News Alerts

1. Big MSSP and MDR Merger: Herjavec Group and Fishtech Group are merging, Robert Herjavec and Gary Fish disclosed.

2. MSSP M&A List: Here's our updated look at 85 MSSP mergers and acquisitions...

3. Hackers Bypass Two-Factor Authentication (2FA) Security: Here’s how they do it, according to Palo Alto Networks and Stony Brook University.

4. Log4j Exploit?: Aquatic Panda, a China-based hacker group, has attempted to infiltrate an academic institution through the Log4j vulnerability, CrowdStrike reported. The bug involved VMware's software, according to SC Media.

5. Log4j and Crypto Trading: One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyberattack on its payment system running a vulnerable Log4j version, Bleeping Computer reported. Threat actors approached ONUS to extort a $5 million sum and threatened to publish customer data should ONUS refuse to comply, the report said.

6. Microsoft Fixes False Log4j Positives: Microsoft Defender for Endpoint suffered some Log4j false positive reports, but Microsoft has updated the security software to correct the issue, VentureBeat reported.