Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected]
Today’s MSSP Alert Market News:
1. Best MSSP Named: Nuspire has been named "Best MSSP" by the Cybersecurity Excellence Awards. The award recognized Nuspire for its innovative approach to cybersecurity management, particularly highlighting the myNuspire platform's role in transforming security program management. The company provides a broad range of services, including managed security services (MSS), managed detection and response (MDR), and managed endpoint detection and response (EDR).
2. Cyber Deal Closes: Cloud and cloud services provider Akamai is buying Noname Security for $450 million — what TechCrunch said was a "steep discount." In its last private fundraise in December 2021, Noname was valued at approximately $1 billion, TechCrunch said. But ongoing consolidation in the cybersecurity space coupled with a difficult economy and stingy private equity and venture capital environments is forcing many of these cybersecurity startups to reassess their value. Noname Security will tuck into Akamai's API security unit. This is technology M&A deal number 123 that MSSP Alert and sister site ChannelE2E have covered so far in 2024. See more than 2,000 technology M&A deals for 2024, 2023, 2022, 2021, and 2020 listed here.
3. Ransomware Prevention Release: Rapid7, an extended risk and threat detection specialist, has brought to market patented ransomware prevention technology that delivers end-to-end ransomware coverage to anticipate advanced attacks as well as accelerate detection and response time. Ransomware prevention is built into the Rapid7 Insight Agent and is designed to easily plug into customers’ existing security ecosystems to supplement existing third-party endpoint protection platforms, EDR solutions or Rapid7’s antivirus capabilities, the company said.
4. Acquisition Builds Pentesting Power: TELUS Corporation (TU) has acquired Vumetric Cybersecurity, a cybersecurity provider of advanced penetration testing to detect vulnerabilities in companies across Canada and North America, according to Yahoo News. TELUS will be integrating Vumetric's digital platform to expand its advisory cyber defense services. Yahoo adds that Vumetric's platform is compatible with major cloud platforms and offers a modern and user-focused approach to cybersecurity testing. This is technology M&A deal number 124 that MSSP Alert and sister site ChannelE2E have covered so far in 2024. See more than 2,000 technology M&A deals for 2024, 2023, 2022, 2021, and 2020 listed here.
5. Cyber Crisis Communications Offer: Highwire PR, a communications and marketing partner for global technology and healthcare companies, has brought to market a new service offering to help companies with cybersecurity issue communications. This new crisis communications offering will provide companies with a full range of support to prepare for, monitor and manage any cybersecurity issues, the company said.
6. 68 Companies Commit to CISA's Secure By Design Pledge: The Cybersecurity and Infrastructure Security Agency (CISA) announced voluntary commitments by 68 of the world’s leading software manufacturers to CISA’s Secure by Design pledge to design products with greater security built in. Participating software manufacturers are pledging to work over the next year to demonstrate measurable progress towards seven concrete goals. Collectively, these commitments will help protect Americans by securing the technology that our critical infrastructure relies on, CISA said.
7. Threat Report Released: Intel 471, a global provider of cyber threat intelligence solutions, has published its 2024 Cyber Threat Report, providing insights on emerging trends, varied motivations and evolving techniques employed by threat actors within the global cybercriminal underground. Among the findings, the pro-Russian NoName057(16) group accounted for almost 60% of all hacktivist incidents during 2023. Also last year, 4,429 ransomware attacks were reported, almost double those observed in 2022. Additionally, LockBit continued to be the most prevalent ransomware variant, impacting 981 victims, Intel 471 reports.
8. City of Wichita Reports Cyberattack: The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, Kansas, which has forced the city's authorities to shut down IT systems used for online bill payment, including court fines, water bills and public transportation. On May 5, the city's authorities announced they were facing a disruptive cyberattack after ransomware encrypted portions of its network. To contain the damage and stop the spread of the attack, the city's IT specialists shut down computers used in online services. (Source: Bleeping Computer)
9. Cyberattack Impacts Healthcare Group: A cyberattack has disrupted “clinical operations” at major healthcare nonprofit Ascension, forcing it to take steps to minimize any impact to patient care. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption,” said the statement from Ascension, a health system that includes 140 hospitals and 40 senior living facilities in 19 states. (Source: CNN)
10. Botnet Exploiting Ivanti Discovered: Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the Mirai botnet. Juniper Threat Labs reported that the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been used to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, CVE-2024-21887 is a command injection vulnerability, thereby allowing an attacker to chain the two into an exploit chain to execute arbitrary code and take over susceptible instances. (Source: The Hacker News)