Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers Swimlane, Macnica, KnowBe4, SolarWinds, CISA, Microsoft, AT&T and the American Radio Relay League.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1.Option3 Acquires Onclave Networks: Option3, a cybersecurity private equity specialist, has acquired Onclave Networks by ENIGMA, its cybersecurity platform focusing exclusively on zero trust. "With this acquisition, Onclave becomes the foundation for the ENIGMA Zero Trust platform, with technology that is now also being adopted by customers such as the Defense Health Agency, White House Communications Agency and NATO," Manish Thakur, Option3's managing partner, said in a statement. "In an industry with many competing claims, Onclave stands out, having recently received the first ever 'Authority to Operate' awarded by a federal agency for its compliance with zero trust." Terms of the deal were not disclosed.
2. Swimlane and Macnica Announce Partnership: Swimlane, a security automation specialist, has formed an exclusive global partnership with Macnica to enable greater scale and adoption of Swimlane Turbine across the Asia-Pacific Japan and Middle East, Turkey and Africa regions. Through the partnership, Macnica will gain access to Turbine, creating an advanced automation practice across their global network of distributors and resellers to bring the power of AI-enhanced security automation to the regions, the companies said.
3. KnowBe4 Examines Critical Infrastructure Security: KnowBe4, security awareness training and simulated phishing platform provider, has released its "Cyber Attacks On Infrastructure: The New Geopolitical Weapon" report. The report examines the growing threat of cyberattacks on critical infrastructure and provides insight into safeguarding against these potentially devastating attacks.
Key findings from the report include:
- The number of vulnerable points in U.S. power grids is growing by approximately 60 per day, with the total count rising from 21,000 in 2022 to between 23,000 and 24,000 today.
- Globally, the average number of weekly cyberattacks against utilities has quadrupled since 2020, with a doubling occurring in 2023 alone.
- Between January 2023 and January 2024, critical infrastructure worldwide sustained over 420 million attacks — equivalent to 13 attacks per second — marking a 30% increase from 2022.
4. SolarWinds Names CRO: SolarWinds, a provider of secure observability and IT management software, has named Andre Cuenin as chief revenue officer (CRO) effective September 3. In this role, Cuenin will oversee all aspects of revenue generation efforts for SolarWinds and its observability, database and service management solutions. Cuenin is an IT and software sales executive with more than 20 years of experience driving revenue growth strategies at some of the world’s largest and most respected technology companies. Most recently, he served as CRO of application Veracode.
5. CISA Adds Known Exploited Vulnerability: Based on evidence of active exploitation, the Cybersecurity & Infrastructure Security Agency (CISA) has added one new vulnerability to its Known Exploited Vulnerabilities Catalog: CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise, CISA said.
6. Microsoft to Host Cybersecurity Summit on CrowdStrike Outage: Microsoft announced that it would hold a summit to discuss steps to improve cybersecurity systems, after a faulty update from CrowdStrike caused a global IT outage last month. The conference marks the first big step by Microsoft to address the issues that affected nearly 8.5 million Windows devices on July 19, disrupting operations across industries. The event will be held on September 10 at Microsoft's headquarters in Redmond, Washington. The company will invite government representatives to the gathering, it said in a blog. (Source: Reuters)
7. Lawsuit Filed Over AT&T Data Breach: Cellular phone customers have filed a class action lawsuit against AT&T, claiming the telecommunications giant dramatically under-reported the severity of a data breach announced last month, notifying only a subset of those impacted by the breach. According to the complaint, filed in the U.S. District Court for the Northern District of Texas, AT&T limited its notification of the breach to AT&T customers, ignoring those whose data was in AT&T’s possession under roaming agreements with competitors, such as Verizon and T-Mobile, and service agreements with other third-party providers, known as mobile virtual network operators (MVNOs).
8. $1 Million Ransomware Payment Reported: The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to restore systems encrypted in a May ransomware attack. After discovering the incident, the National Association for Amateur Radio took impacted systems offline to contain the breach. One month later, it said its network was hacked by a "malicious international cyber group" in a "sophisticated network attack." (Source: Bleeping Computer)
