Cybersecurity and privacy experts have expressed worry about the security of genetic and personal data belonging to more than 15 million 23andMe customers after the primary California-based genetic testing provider's bankruptcy filing on Sunday, CyberScoop reported.
Despite its promise to find a buyer that would ensure user data privacy, 23andMe could eventually loosen restrictions on the possible usage of data obtained from its users, according to Peter Berk of the law firm Clark Hill, who added that the sale of 23andMe's genetic data repository could also entice state-sponsored threat actors and other cybercriminals.
"If I know about the sale, that becomes a target, so as a cybercriminal I might target the seller or the buyer in the transaction to try to get into the communications, or figure out how I can intercept the transmission of that exchange," said Berk.
California Attorney General Rob Bonta said individuals who used 23andMe's services have a right to remove genetic information and their saliva samples, as well as have rights regarding data use permissions for research.
Now, here's the latest MSSP market update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. ConductorOne executive appointments: Identity governance provider ConductorOne has named Kevin Paige as field CISO and Mark Costigan as VP of finance. Paige has 30+ years of tech and security leadership expertise. Previously, he served as CISO at Uptycs, Flexport, and MuleSoft and is an investor at Silicon Valley CISO Investments and a venture advisor at Glilot Capital Partners. Costigan also has 30+ years of experience and a proven track record with early-stage, high-growth tech startups. He previously served as VP of finance at Fractal Software, CyberCube, and Indio Technologies. Congratulations!
2. Albabat ransomware targeting macOS: Trend Micro found that MacOS and Linux systems have been targeted by the newest samples of the Albabat ransomware, also known as White Bat, which was initially reported to have targeted Windows systems when it emerged in 2023 before targeting Linux in January 2024, SecurityWeek reports. Albabat "uses a database to track infections and payments. This collected information helps attackers to make ransom demands, monitor infections, and sell victims' data," said Trend Micro researchers, who also discovered the ongoing development of the ransomware strain.
3. Critical NGINX flaw in Kubernetes Ingress: The Hacker News is reporting that as many as 43% of cloud environments could be compromised in unauthenticated remote code execution (RCE) attacks stemming from the exploitation of five critical security flaws impacting the Ingress NGINX Controller for Kubernetes, collectively dubbed IngressNightmare. Attackers could obtain secrets across Kubernetes cluster namespaces and eventually hijack targeted clusters, an analysis from Wiz revealed. Organizations have been urged to immediately implement Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7 to mitigate potential compromise.
4. CrowdStrike recognizes Americas partners of the year: CrowdStrike today announced the winners of the 2025 Americas Partner of the Year Awards, recognizing leading partners across North America, South America and Latin America. 2025 CrowdStrike Americas Partner Awards winners include Accenture – Partner of the Year, Amazon Web Services (AWS) – Public Sector Partner of the Year, Asper – MSSP Partner of the Year, Betta Global Partner – LATAM Partner of the Year and CDW – Resell Partner of the Year. The full list of award winners is available here.
5. Blumira launches M365 threat response feature: Blumira this week launched its M365 threat response feature, which enables security teams to instantly lock out compromised user accounts and revoke active sessions in seconds from directly within Blumira's platform. The capability eliminates the need to switch between multiple applications during the critical breakout window when attackers are actively spreading through an organization’s network. The new threat response feature integrates seamlessly with M365 environments through Blumira’s integrations.
