Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Tuesday, October 17, 2017:
12. Hacker Platform Price Cut: ShadowBrokers, which is suspected of hacking the National Security Agency (NSA), is cutting prices on its biweekly leaks and data dumps, according to The Hill. We'll share more analysis soon.
11. DDoS Prevention: Barracuda Networks has launched Active DDoS Prevention (ADP), a cloud-based service that provides customers with DDoS protection and application security under a single solution. Demand for DDoS mitigation services has been surging, though many MSSPs have been late to the market...
10. Serious Microsoft Hack: A sophisticated hacking group broke into Microsoft's secret internal database for tracking bugs in its own software in 2013, potentially giving the hackers a golden ticket to break into customer networks worldwide, according to Reuters. Microsoft has never publicly confirmed the hack. But after the alleged breach, the company walled the bug tracking database off from the corporate network started requiring two authentications for access, the report said.
9. Financial Network Hack: The North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global SWIFT messaging and financial services system, according to BAE Systems, a Top 100 MSSP for 2017.
8. Adobe Flash Hacks: Adobe Systems warned on Monday that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and the company urged users to quickly patch their systems to prevent such attacks.
7. Facebook Talent: The social media giant is seeking to recruit staff with national security clearance. Alas, I don't qualify...
6. Email Privacy Showdown: The Supreme Court on Monday accepted a second important case on digital privacy, agreeing to hear a dispute between the federal government and Microsoft about emails stored overseas, according to The Washington Post. The case could have major implications for MSPs and service providers that are striving to manage data and customer privacy worldwide.
5. Mobile Privacy: Independent phone maker OnePlus has overhauled its data collection strategy after the company was caught collecting data from its OxygenOS — without telling users, of course, TechCrunch says.
4. Internal Data Risks: Fully 92 percent of companies say their employees try to access information that is not necessary for their day-to-day work – with nearly one in four (23 percent) admitting this behavior happens frequently, according to new research from One Identity. Among the biggest offenders: IT security professionals who poke around their employers' networks for confidential data. Not by coincidence, One Identity -- which spun off from Dell last year -- offers identity and management (IAM) solutions.
2. MSSP Partnership: Nine23, a mobile technology provider and MSSP, will leverage Mi3 Security's machine learning-based application security analysis technology in the company's cyber services. Nine23 provides secure (accredited) end to end enterprise mobility management (EMM) solution and services to government and business customers in the UK.
1. Big MSSP Guarantee: AsTech, a security consulting company, has launched AsTech Vigilance for Managed Qualys Services. The offering includes a $1 million guarantee for securing perimeter networks when a customer adds the AsTech Perimeter Security Guarantee to their AsTech Managed Qualys Service subscription. PS: We haven't read the fine print...