Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers BreachBits, The ASCII Group, Guardio Labs, Cowbell, Trellix, ConnectWise and Fortra.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1. Outpost24 Adds AI Feature to Platform: Outpost24, an exposure management solutions provider, has integrated a new AI assistant into its exposure management platform. This AI domain discovery feature enables Outpost24 customers to identify domains belonging to their organization, improving the speed and accuracy of domain ownership and classification, the company said. And with this new capability customers can focus on their owned domains and prioritize their remediation efforts, enabling them to detect shadow IT and cybersquatting activities.
2. BreachBits Joins MSSP/MSP Group: BreachBits, a cloud-based cybersecurity provider, is partnering with The ASCII Group, a membership-based community of independent North American MSPs, MSSPs and solution providers. By partnering with The ASCII Group, BreachBits is creating lasting relationships with IT service providers and is demonstrating a strategic focus on channel programs, the company said. BreachBits has also upgraded its BreachRisk platform to include an interface where service providers can access security and compliance capabilities as revenue streams.
3. Guardio Labs Detects "EchoSpoofing" Operation: Guardio Labs has uncovered a critical in-the-wild exploit of Proofpoint’s email protection service, responsible for securing 87 of the Fortune 100 companies. Dubbed “EchoSpoofing”, this issue allowed threat actors to dispatch millions of perfectly spoofed phishing emails, leveraging Proofpoint’s customer base of well-known companies and brands such as Disney, IBM, Nike, Best Buy and Coca-Cola, Guardio Labs said. These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive recipients and steal funds and credit card details.
4. Cowbell Secures Funding: Cowbell, a provider of cyber insurance for small and medium-sized enterprises (SMEs), has closed a $60 million Series C equity investment from Zurich Insurance Group, a global multi-line insurer. Cowbell said it plans to scale operations to meet growing demand, extend its presence in key international markets, bolster cyber resilience services, introduce new cutting-edge products to the market and further strengthen strategic partnerships.
5. Trellix an Email Security Leader: Trellix, an extended detection and response (XDR) specialist, has been recognized as an Innovation Leader in the Frost & Sullivan 2024 Email Security Radar Report. Trellix Email Security delivers comprehensive protection across email, collaboration platforms and enterprise applications to stop advanced threats through multi-layered detection powered by Trellix Wise AI, the company said.
6. Billington Cyber Summit on Tap: The 15th Annual Billington CyberSecurity Summit will place special emphasis on exploring AI and its implications for national security. The summit will be held September 3-6 at the Ronald Reagan Building in Washington, D.C. This year’s theme, "Advancing Cybersecurity in the AI Age," will be woven throughout the event, with the final day focused solely on the issue.
7. ConnectWise Makes Leadership Hire: ConnectWise, a software company focused on MSPs, has appointed Aziz Benmalek as chief business officer. In this role, Benmalek will oversee the company's sales and marketing organizations globally, bringing his experience in the software industry to drive growth and success, the companyt said. Benmalek has held leadership positions at Microsoft, Splunk and Sage.
8. New Threat Actor Spotted: A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to share malicious links or malware, per Check Point, which has dubbed it "Stargazers Ghost Network." (Source: The Hacker News)
9. Fortra Adds WAF Controls: Fortra has updated its managed application firewall (WAF) solution that aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0. Fortra Managed WAF now includes enhanced client-side protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks. With this release, Fortra Managed WAF closes a gap that still is prevalent in competitors’ WAFs where they are unable to comprehensively address inline script integrity enforcement, a delivery mechanism used by most websites, Fortra said.
