Merry Christmas and Happy Hanukkah. MSSP Alert will be taking tomorrow off to celebrate, and we hope the networks and infrastructure you monitor will enjoy a quiet, safe day, too.
Adobe has issued an emergency security update for its web development application server ColdFusion. There’s a critical vulnerability, CVE-2024-53961, which could allow attackers to read arbitrary files for organizations using versions 2023 and 2021.
For more information and to get the updates, visit the site here.
Got news or tips to share with us? Please send them to [email protected]
Today’s MSSP Update
1. Ascension Health cyberattack fallout – SCMedia reports that 5.6 million patients data was impacted by the Ascension Health cyberattack that was originally detected in May 2024. Records stolen include payment information such as credit card or bank account numbers, Social Security Numbers, and more.
2. Looking to fortify your ransomware incident response? - The Cybersecurity and Infrastructure Security Agency (CISA) is offering a 4-hour webinar on January 7 to help. Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209) is a 200-level training that is open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. More information is here.
3. Is Rapid7 for sale? – Reuters has reported that Cannae Holdings is holding talks about participating in a deal to acquire the cybersecurity vendor Rapid7, but will stop working with the activist investor that has been advocating for the sale. Reuters cites a regulatory filing as its source.
4. Remote support compromise - Identity and access security vendor BeyondTrust said some customers of its remote support SaaS tool were impacted in a compromise that began on December 2. The company detected the incident on December 5 and identified an API key for remote support SaaS had been compromised. The API key was revoked and the company notified impacted customers.
5. Are you offering automated breach and attack simulation? - MSSPs, there are some advanced cybersecurity services that are expected to grow significantly, like Automated Breach and Attack Simulation. This market is expected to hit $5.5 billion by 2031, a compound annual growth rate of 33.6% from 2022 until 2031.
6. Cybersecurity outlook - The cybersecurity market continues to grow, too. Allied Market Research says it will grow to reach $578 billion by 2023, growing at a CAGR of 10.4% from this year until then.