Content, Breach, Channel partners, Security Program Controls/Technologies, Security Staff Acquisition & Development, Identity, Channel investors, Malware

Managed Security Services Provider (MSSP) Market News: 7 July 2023

Alert icon isolated on Abstract design bright red banner background

Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

  • The Content: Written for MSSPs and MSPs; threat hunters security operations center as a service (SOCaaS), managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
  • Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
  • Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].

Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News

1. Industry Recognition: Difenda has won the 2023 Microsoft Canada Security Impact Award. These annual Canadian awards recognize the Microsoft partners who have enhanced the lives of Canadians by championing diversity and inclusion, provided exceptional customer service, and embraced digital transformation utilizing Microsoft technology.

2. Leadership Move: Blackpoint Cyber, a cybersecurity company focused on managed service providers (MSPs), has appointed security industry veteran MacKenzie Brown as its new vice president of Security. Brown's role will shape Blackpoint's security strategy and further partner enablement as the company continues to scale.

3. Product Launch: Infisign has launched its identity and access management (IAM) platform. The solution offers passwordless authentication using the zero trust approach. The approach eliminates the reliance on traditional perimeter-based security measures and implements robust authentication and access control mechanisms at every level of the network infrastructure, the company said.

4. Malware Alert: U.S. and Canadian authorities issued a joint advisory on Thursday warning about a widespread increase in the use of a type of malware called Truebot to target organizations in the two countries. "Cyber threat actors are using new variants of Truebot malware to exfiltrate large amounts of sensitive information for financial gain," the Canadian Centre for Cyber Security said in a joint advisory issued by authorities in the two countries, including the U.S. FBI. (Source: Reuters)

5. Cybersecurity Acquisition: EDGE, an Abu Dhabi-based advanced technology and defense company, has acquired OryxLabs, a cybersecurity company known for its tailored solutions. The acquisition of OryxLabs offers the opportunity to expand its portfolio and access advanced solutions to address critical pain points in cybersecurity, both locally and internationally. (Source: Army Technology.com)

6. Malware Alert: Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This vulnerability enables unauthorized attackers to execute malicious code with the SYSTEM user's privileges, granting them unrestricted access to compromised systems. The TrueBot malware, linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware. (Source: The Hacker News)

7. Cybersecurity Certification: INE, a provider of technical training for IT and cybersecurity professionals, is helping equip security teams with the necessary skills to combat emerging cybersecurity threats. INE recently released a groundbreaking new certification, the Enterprise Defense Administrator (eEDA), a blue team certification that tests users’ ability to effectively secure an organization’s mission critical resources to ensure seamless business operations.

8. Hacker Alert: The widely exploited vulnerability in Progress Software’s MOVEit file transfer service has impacted nearly 200 organizations, according to Brett Callow, threat analyst at Emsisoft. The scope of damage caused by Clop’s mass exploit of a zero-day vulnerability in MOVEit  continues to snowball as third-party vendors expose multiple downstream victims. Progress discovered the zero day over Memorial Day weekend on May 28. (Source: Cybersecurity Dive)

Annual In-Person MSSP and Cybersecurity Conferences

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.