Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers Enzoic, INE Partnerships, Hub Cyber Security, Blackswan Technologies, Arkose Labs, The New Jewish Home, Qmulos, Hiya and Mandiant.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1. Drawbridge Releases Cyber Risk Assessment: Drawbridge, a provider of cybersecurity solutions to the alternative investment industry, has released its next generation cyber risk assessment service. Provided as a suite of modules, the solution combines a unique set of analytics with Drawbridge’s client service. Clients can now benchmark and score their cyber programs to prioritize risk remediation by comparing themselves to over 1,000 other managers in real-time, the company said.
2. Enzoic Offers AD Enhancements: Enzoic, a provider of threat intelligence solutions, has released the latest version of Enzoic for Active Directory (AD). The solution provides a frictionless way to continuously monitor, identify and remediate unsafe credentials by screening username and password combinations in Active Directory against Enzoic’s database. This helps organizations eliminate weak, exposed or shared passwords, reducing the risk of a successful account takeover, the company said.
3. INE Partnerships Enhance Cyber Training: INE Security, a global cybersecurity training and certification provider, has launched initiatives with several higher education institutions in an ongoing campaign to invest in the education of aspiring cybersecurity professionals. “There is a critical skills gap in the industry, which has enormous implications for businesses and individuals alike,” Dara Warn, INE Security’s CEO, said in a statement. “We are working to partner with higher education institutions to close that gap, rewrite the book on how to prepare cybersecurity students, and ultimately reinforce the entire industry’s strength and security.”
4. Hub, Blackswan Form Partnership: HUB Cyber Security, a developer of cybersecurity and data fabric solutions, has announced its collaboration with Blackswan Technologies (BST), a U.S. enterprise AI vendor. As part of the agreement between the parties, HUB Security has the exclusive option to acquire BST by August 22, 2025, subject to adjustment and further terms and conditions that would be set forth in a definitive agreement, the company said.
5. Arkose Labs Unveils Cyberattack Business: Arkose Labs’ threat research unit ACTIR has revealed the details behind a cyberattack enablement business that it has dubbed Greasy Opal, based on its threat research taxonomy. Greasy Opal is allegedly selling products and solutions to a wide spectrum of customers, including bad actors and competing CAPTCHA-solving services. Given Greasy Opal’s ability to quickly create reliable machine-learning models for each new type of CAPTCHA challenge, it poses a significant threat in the cybersecurity landscape. Based on public records, Greasy Opal has been operating out of the Czech Republic since 2009, Arkose Labs said.
6. Data Breach Under Investigation: Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the private personal and health information of 104,234 patient records of Jewish Home Lifecare, which does business as The New Jewish Home, a New York-based healthcare provider. On August 16, 2024, The New Jewish Home notified patients that an unknown threat actor had accessed certain files on its network, which contained the personally identifiable information and private health information of its patients. The ransomware group ALPHV/BlackCat claimed responsibility for the breach, listing The New Jewish Home on the dark web. The ransomware group said it had stolen clinical research databases, financial documents, and more than 2,000 employee and client documents, including Social Security numbers, driver's licenses and passports, according to Schubert Jonckheer & Kolbe LLP.
7. Qmulos Updates Federal Compliance Solution: Qmulos, a compliance, security and risk management automation provider, has brought to market Q-Compliance V4.6.0. This latest update introduces significant features to streamline federal compliance processes and enhance user experience. Qmulos has released its FedRAMP OSCAL SSP generator, which enables organizations to create and generate FedRAMP-compliant System Security Plans (SSPs) using the Open Security Controls Assessment Language (OSCAL). This tool significantly reduces the time and complexity associated with FedRAMP authorization, the company said.
8. Hiya Publishes Phone Span and Fraud Report: Hiya, a voice security specialist, has published H1 2024 Global Call Threat Report, which explores the volume, frequency and type of phone spam and fraud across major global markets between January and June of 2024. In the first six months of 2024, Hiya reports that it flagged nearly 20 billion calls as suspected spam, more than 107 million spam calls every day. Hiya’s data showed spam flag rates of more than 20% of unknown calls (calls coming from outside of someone’s address book) in 25 out of the 42 countries included in the report, with some spam flag rates above 50%.
9. Mandiant Spots Malware Dropper: Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of the malware strains distributed using this technique are Lumma Stealer, Hijack Loader (aka DOILoader, IDAT Loader, or SHADOWLADDER), and CryptBot, all of which are advertised under the malware-as-a-service (SaaS) model. (Source: The Hacker News)