Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers Stellar Cyber, Judy Security, Alphabet/Google, Wiz, NextDLP, NST Cyber, Huione Pay, Sysdig, Cybereason and Rite Aid.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1. Partnership Delivers MSP Solution: BlueVoyant has brought to market its new Cyber Defense Platform, which integrates internal, external and supply chain defense solutions into a single, cloud-native platform designed to measure and strengthen cyber defense posture in a cost-effective manner. The BlueVoyant platform provides AI-powered, next-generation security operations across enterprises' entire attack surface. It processes data and alerts from internal networks, supply chains and the dark web, the company said.
2. XDR Partnership Targets MSPs: Stellar Cyber, an Open XDR specialist, is partnering with Judy Security, a provider of cybersecurity solutions for small and medium-sized businesses (SMBs). “We have a very diverse maturity level across our MSP partners — some are more technical than others. Stellar Cyber helps us address their diverse needs seamlessly,” Brian Stoner, Judy Security senior vice president of growth, said in a press statement. “We’re able to uplevel our partner ecosystem to provide enterprise-class services with 360-degree XDR visibility to their SMB customers at an MDR price.”
3. Alphabet Acquiring Wiz?: Google parent Alphabet is reportedly in advanced talks to acquire cybersecurity company Wiz for roughly $23 billion in a deal that would represent the technology giant's biggest acquisition ever. Wiz, founded in Israel and now headquartered in New York, provides cloud-based cybersecurity solutions with real-time threat detection and responses powered by AI. (Source: Reuters)
4. Security Research Report Released: Next DLP, a specialist in insider risk and data protection, reports that that 73% of security professionals admit to using SaaS applications that had not been provided by their company’s IT team in the past year. Respondents named data loss (65%), lack of visibility and control (62%) and data breaches (52%) as the top risks of using unauthorized tools. Also, one in ten admitted they were certain their organization had suffered a data breach or data loss as a result.
5. Leadership Move: NST Cyber, an offensive cybersecurity solutions provider, has named Pradeep Kumar as its chief product architect. Under his leadership, NST Assure, a continuous threat exposure management (CTEM) platform that protects large financial organizations and enterprises worldwide, is poised for significant advancements under Kumar's leadership, the company said. Kumar joins NST Cyber from IBM, where he served as chief architect, specializing in the development of large-scale, multi-tenant enterprise SaaS solutions.
6. Hackers Trade in Crypto: A major Cambodian payments firm reportedly received crypto worth more than $150,000 from a digital wallet used by North Korean hacking group Lazarus. Huione Pay, which is based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year. Huione Pay's board said in a statement the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware. The wallet that sent the funds was not under its management, Huione said. (Source: Reuters)
7. Threat Actor Spotted: A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10-times surge, including a "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple (open-source software) security tools." The primary objective of the attacks is to harvest and sell credentials, deploy cryptocurrency miners, and maintain persistence in victim environments. (Source: The Hacker News)
8. Ransomware Alert: A new version of a ransomware strain called HardBit comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during the runtime in order for the ransomware to be executed properly. Additional obfuscation hinders security researchers from analyzing the malware." (Source: The Hacker News)
9. Pharmacy Confirms Data Incident: Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Rite Aid didn't share what customer data was accessed in the breach or how many individuals were affected, saying that the data breach doesn't impact health or financial information. (Source: Bleeping Computer)