Content, Content

Managed Security Services Provider (MSSP) News: 12 January 2018

Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.

Here’s the lineup for Friday, January 12, 2018:

11. U.S. Government Barring Huawei?: A new bill introduced to Congress proposes a ban preventing branches of the U.S. government from working with service providers that use any equipment from China-based technology firms Huawei and ZTE, according to TechCrunch. The bill mirrors the U.S. federal government's recent decision to ban Kaspersky Lab security products from federal networks, alleging the company potentially has ties to Russia's government. Kaspersky has repeatedly denied the claims.

10. Kaspersky Lab - Guilty Until Proven Innocent?: President Donald Trump’s cyber czar praised federal agencies Thursday for banning the use of Moscow-based antivirus firm Kaspersky Lab’s products amid concerns that the software could be hijacked by Russian spies -- despite the lack of clear evidence connecting the company to the Kremlin, Law360 notes...

9. Banking Breach: Mexico’s attorney general’s office is investigating an attempt to hack and rob Bancomext, the government-run export bank, Reuters says. The hackers were not successful in siphoning money from the bank’s accounts, said the official at the attorney general’s office, who declined to be named. Some funds are now frozen pending the investigation,  though actual figures were not disclosed...

8. Cryto Hacker: Leveraging a recently-discovered flaw in Oracle's PeopleSoft and WebLogic servers, one hacker was able to deploy a cryptocurrency miner and rake in 611 Monero coins worth roughly $226,000 dollars, TechRepublic notes while pointing to a report from the SANS Institute.

7. VMware Security Patches: VMware has released security updates for the VMware Workstation & Fusion platforms to address use-after and integer-overflow vulnerabilities.

6. Meltdown, Spectre - Six Steps to Remediation: Secureworks, a Top 100 MSSP for 2017, has released a six step list to help customers address the Meltdown & Spectre vulnerabilities. The problem? Both Microsoft and Intel have disclosed problems with some recent patches related to the vulnerabilities. MSSPs and customers increasingly don't know which "fixes" to trust. We'll share more thoughts later today.

5. Meltdown - Intel Update: Intel says some of its Meltdown patches can cause problems in old chips, continuing the company's biggest PR challenge since the Pentium bug of 1994. We'll share more thoughts later today.

4. Meltdown, Spectre Update - Google Cloud Platform: Google has deployed software patches against the Spectre and Meltdown chipset security flaws last year, without slowing down its cloud services, the company indicated Thursday.

3. Attack Simulator: Cymulate has launched an attack simulation platform for MSSPs. The offering allows MSSPs to assess whether the organizations they serve are truly ready to handle cybersecurity threats effectively, the startup claims. We'll share more details soon.

2. Top 100 Vertical Market MSPs: Today is the final day to fill ChannelE2E's Top 100 Vertical Market MSPs survey. Results and honorees will be announced in February.

1. How Much Is Your Business Worth?: Find out by attending ChannelE2E's webcast on Thursday, January 18. We'll cover actual valuation figures for IT service providers, and KPIs you can use to lift your company valuation. Plus, we'll unveil the Top 100 M&A deals involving VARs, MSPs and CSPs from 2017. Register now.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.