Each business day MSSP Alert delivers a quick lineup of news, analysis and chatter from across the MSSP, MSP and cybersecurity world.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected]
Today’s MSSP Alert Market News:
1. Public Sector Safety Partnership: BlueVoyant Government Solutions, a division of BlueVoyant focused on providing comprehensive cyber defense to governments, and Carahsoft Technology Corp., a government IT solutions provider, have announced a partnership. Carahsoft will serve as the public sector distributor for BlueVoyant Government Solutions, making BlueVoyant’s cybersecurity technology and services available through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2) and National Association of State Procurement Officials (NASPO) ValuePoint contracts.
2. AI Security Launch: Symmetry Systems, a data and AI security company, has launched its Symmetry for Enterprise Gen AI product line. The line leverages a new Gen AI inventory feature aimed at ensuring the safe adoption of Gen AI technologies, particularly Microsoft Copilot within modern organizations, the company said. Together, this product line helps organizations prepare their data estate to be indexed securely by AI agents like Copilot.
3. Cybersecurity Training Offer: ISC2, a nonprofit member organization for cybersecurity professionals, announced that ISC2 Official Certified in Cybersecurity (CC) Online Self-Paced Training is now available in an adaptive format. The foundational course, which is available for free as part of the "One Million Certified in Cybersecurity" pledge delivered via the ISC2 Candidate program, uses AI to guide learners along pathways tailored to their individual needs based on prior knowledge, learning speed and confidence levels.
4. Fresh Threat Intelligence: BlackBerry has released its latest Global Threat Intelligence Report, revealing threat actors are focusing efforts on targeting high-value data held by the global financial sector, with one million attacks logged over a 120-day period. This "death by a million cuts" is revealed to be using mainly commodity malware, which indicates a large number of independent actors targeting the industry in pursuit of financial gain, BlackBerry said. Critical infrastructure attacks, including those targeting government, financial, healthcare and communications industries, accounted for 62% of industry-related attacks over the report period, September to December 2023.
5. Identity Security Partnership: Verinext, a managed services provider, and One Identity, a specialist in unified identity security, has announced an expanded partnership to streamline the management and strengthen protection of privileged access for mutual customers. Together, the companies offer the new, SaaS-based One Identity Cloud PAM Essentials solution that reduces security risks without adding additional infrastructure.
6. LockBit Threat Actor Sentenced: A dual Canadian-Russian national has been sentenced to four years in prison for his role in infecting more than 1,000 victims with the LockBit ransomware and then extorting them for tens of millions of dollars. Mikhail Vasiliev, 33, who most recently lived in Ontario, Canada, was arrested in November 2022 and charged with conspiring to infect protected computers with ransomware and sending ransom demands to victims. Last month, he pleaded guilty to eight counts of cyber extortion, mischief and weapons charges. (Source: Ars Technical)
7. Data Security Report Released: DoControl, a SaaS Security solution specialist, has released its 2024 State of SaaS Data Security Report, which found that companies are generating approximately 286,000 new SaaS assets, such as files or recordings, each week. Additionally, one out of six employees were found to have shared company data with their personal email. These findings emphasize the urgent need for comprehensive security strategies to mitigate insider threats, control data exposure, manage outdated access permissions and regulate over-permissioned third-party OAuth apps, the company said.
8. Incident Reporting Release: Ontinue, a provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, has released of a set of new advanced automation and reporting capabilities for its ION Managed Security Operations service. These capabilities improve speed and quality of incident resolution and deliver greater transparency with consistent, detailed logic about decisions made, the company said.
9. Threat Intelligence: Netskope Threat Labs has observed an evasive Azorult campaign in the wild that employs multiple defense evasion techniques from delivery through execution to fly under the defender’s radar as it steals sensitive data. Azorult is an information stealer first discovered in 2016 that steals sensitive information including user credentials, browser information and crypto wallet data. Azorult is one of the top malware families that Netskope Threat Labs has observed targeting the healthcare industry over the last year, the company said.
10. Application Security Launch: New Relic has launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing. New Relic customers can now identify exploitable vulnerabilities with an ability to reproduce the problem and remediate the specific threat vector before shipping new code. This enables security and engineering teams to focus on real application security problems with zero false positives, as validated by the OWASP benchmark result of 100% accuracy, the company said.
