Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Monday, March 5, 2018:
12. Certificates Compromised: The CEO of UK certificate reseller Trustico last week decided to settle an argument with Digicert executive VP Jeremy Rowley by emailing him the private keys for 23,000 TLS certificates that had been issued by Symantec's disgraced Certificate Authority, to prove they had been compromised, Boing Boing says.
11. Equifax Breach Costs: Equifax said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history, Reuters reports. So far, Equifax has recorded $114 million in breach-related costs -- but obviously, the numbers keep rising.
10. Crypto Mining Attacks: Researchers estimate 2.7 million users were attacked by malicious miners in 2017. That is up 50 percent from 2016 (1.87 million), according to the report that is planned to be presented later this week at Kaspersky’s annual Security Analyst Summit, ThreatPost says.
9. Germany Security Controversy: German security officials allowed hackers“controlled” access to government networks in order to track possible culprits and their methods, a top interior ministry official said last week, as outraged lawmakers complained about being kept in the dark, according to Reuters.
8. Vertical Markets: Nearly half (48%) of U.S. healthcare respondents reported getting breached in the last year alone – more than 2.5X the rate from only two years ago – and 56% report feeling either ‘very’ or ‘extremely’ vulnerable to data breaches, according to a report from Thales eSecurity.
7. Healthcare Breach: A surgical center affiliated with St. Peter's Hospital in Albany has been hit by the second-largest computer breach of patient records in New York state since 2016, Times Union says. St. Peter's Surgery & Endoscopy Center revealed that hackers potentially compromised medical records of about 135,000 patients earlier this year, Time Unions says.
6. Talent: RMS, a catastrophe risk modeling and analytics company, has named Karen White as its new CEO, succeeding co-founder Hemant Shah. She previously held key executive roles at SolarWinds, Syncplicity, Addepar and Oracle. More than 400 insurers, reinsurers, trading companies, and other financial institutions leverage RMS solutions to better understand and manage the risks of natural and human-made catastrophes, including hurricanes, earthquakes, floods, terrorism, and pandemics.
5. Remote Monitoring Security Hole: HP Enterprise has patched a vulnerability in its Lights-Out 3 remote management platform for HPE ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions, ThreatPost says.
4. M&A - Cyber Training: KnowBe4 has acquired Popcorn Training, a security company based in Johannesburg and Cape Town, South Africa, the companies confirmed today. The acquisition will add 52 new training modules to the KnowBe4 library. Popcorn will operate as an independent subsidiary of KnowBe4, the companies say.
3. Partnerships:
- Abacode Cybersecurity, an MSSP, has deepened its relationship with KnowBe4 -- a security awareness specialist and simulated phishing platform provider.
- Denver-based solution provider GTRI has joined R9B's partner program for a deeper push into credential detection software, managed security services, and entry-level and advanced cybersecurity training.
2. Office 365 Password Stealing: Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords, according to Dark Reading. A new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS, the report says.
1. Microsoft Meltdown, Spectre Fixes: The latest Microsoft patches for Meltdown & Spectre are available here. We'll share more details and analysis soon.