Cybersecurity daily news

MSSP Market News: CISA Alerts on New Critical Vulnerabilities

Share
Credit: Adobe Stock Images

We wrapped up our third annual MSSP Alert Live this week with more attendees than we’ve ever had before. This year we took the event to Austin, moving on from Washington D.C. for the first time ever.

Thanks to all our speakers, sponsors, attendees for your support. It was great to see everyone there for education, networking and fun, including the great party to celebrate the Top 250 MSSPs sponsored by Stellar Cyber.

Did you attend? We’d love to hear your feedback. You can reach me at [email protected]. We also got a lot of questions about the MSSP 250 during the event. If you have any questions about the MSSP 250 and how to participate, please also send those my way. I’ll be putting together an FAQ in the days to come to help answer them.

Don’t forget to send your tips and news to me for this daily column. Use that same email address, [email protected]

Today’s MSSP Update

1. AWS, SentinelOne collaboration - At its OneCon event yesterday SentinelOne announced an expanded strategic collaboration with AWS that calls for SentinelOne’s Purple AI cybersecurity analyst to be powered by Amazon Bedrock, to provide AI-powered security and protection for customers. Additionally, the expanded SCA will increase investments in SentinelOne’s AI-powered Singularity Platform within AWS Marketplace.

2. New Veeam vulnerability - CISA has added a new Veeam vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711 covers the Veeam Backup and Replication Deserialization Vulnerability

3.New Oracle Critical Patch Update - Oracle has released its most recent Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products, available here: Oracle Critical Patch Update Advisory – October 2024.

4. Google Meet as an attack vector - OODA Loop has released research showing how cybercriminals are luring users to fake Google Meet pages to deploy infostealers against them.

5. The Ransomware economy - GuidePoint Security’s GRIT Ransomware report finds 49 active groups impacting more than 1,000 publicly posted victims in Q3 2024. The report notes that a strong “middle class” has surfaced in the RaaS ecosystem, distributing ransomware victims across a greater number of diverse groups.

6. Updates add AI to cybersecurity - Secuvy a provider of AI-driven data governance and security solutions has released several new features to enhance data security, mitigate insider threats, and streamline privacy operations. They include observability classification, risk assessment with remediation, Secuvy-Netskope integration, Secuvy-DRM Integration, and Privacy risk threshold review with DPIA/PIA delegation.

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.