Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers BlueVoyant, Zimperium, Pindrop, CyberMaxx, Ctera, Waterfall Security and CISA.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1. Zero Trust for MSPs: SonicWall has launched Cloud Secure Edge (CSE), a suite of zero trust access offerings designed specifically for MSPs. CSE empowers organizations to securely connect employees and third-party users to resources from any device and location with simplicity and security, SonicWall said. Customers will be able to choose from a range of Secure Internet Access (SIA) and Secure Private Access (SPA) solutions that replace legacy VPNs with cloud-native solutions that deliver network security at all price points.
2. Top Recognition from Microsoft: BlueVoyant, a cybersecurity company that offers a cloud-native cyber defense platform, has been named a 2024 Microsoft Worldwide Security Partner of the Year in recognition of its cyber defense capabilities and the company's strategic relationship with Microsoft. The company was also named the United States Microsoft Security Partner of the Year for the third consecutive year and the first Microsoft Security Partner of the Year Canada.
3. Leadership Move: Zimperium, a mobile device and app security specialist, has named David Natker as vice president of Global Partners and Alliances. He comes from Druva, where he served as senior director of Alliances. Prior to Druva, he spent more than five years at Rubrik, holding key positions including senior director of sales for Global Service Delivery Partners. He also brings valuable experience from his 13-year tenure at Dell EMC, where he led successful sales initiatives for Isilon and the data protection business lines.
4. Funding Round: Pindrop, a voice security specialist, has secured a $100 million loan from Hercules Capital, which is being earmarked for product development and hiring. Pindrop builds deepfake-combating and multi-factor authentication products targeting businesses in banking, finance and related industries. The company claims its tools can ID contact center callers, for example, and with higher accuracy than rival solutions. (Source: TechCrunch)
5. MDR Advancement Unveiled: CyberMaxx, a managed detection and response (MDR) provider, has announced the addition of enhanced response and continuous threat exposure management capabilities to its MaxxMDR solution. The enhanced version of MaxxMDR further reduces risk for customers through a modern approach to securing client environments that integrates threat response within the monitoring and detection functions of the CyberMaxx Security Operations Center, the company said.
6. Funding Round: Ctera, a hybrid cloud data management provider, has raised $80 million in primary and secondary funding from private investor PSG Equity. Previously, the company had raised more than $100 million across five funding rounds. Founded in 2008, the New York-based file storage and sharing firm provides a rich data services ecosystem in a cloud-native global file system over public and private cloud, helping organizations gain control of their data, for performance, insights and governance. (Source: Security Weekly)
7. Remote Access Solution Debuts: Waterfall Security has launched HERA, a new technology designed to enable safe and secure remote access into cyber-physical systems and OT networks. HERA, which stands for Hardware Enforced Remote Access, allows organizations to reap the operational and economical value of remotely accessing and controlling OT devices and workstations, without introducing the risks that come with external connectivity, Waterfall said.
8. CISA Releases Known Vulnerabilities: The Cybersecurity & Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:
- CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
- CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability
- CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise, CISA said.
9. Malware Alert: Cybersecurity researchers have shed light on an adware module that tries to block ads and malicious websites, while offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the installer ("HotPage.exe"). The installer "deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic," ESET researcher Romain Dumont said in a technical analysis. (Source: The Hacker News)
10. 15 Million Emails Leaked: A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards and lists. (Source: Bleeping Computer)
