Cybersecurity daily news

MSSP Market Update: SenseOn Inks Kite Distro Deal for UK Channel Growth

A glowing red exclamation point inside a glowing red triangle on a glowing red digital background

Halcyon.ai RISE researchers have discovered a concerning new ransomware campaign targeting Amazon S3 buckets. This attack leverages AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it, according to the company.  

Halcyon noted that this attack does not require the exploitation of any AWS vulnerability; instead, it relies on the threat actor first obtaining an AWS customer’s account credentials.

With no known method to recover the data without paying the ransom, this tactic represents a significant evolution in ransomware capabilities. Be careful out there!

Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!

Today's MSSP Update

1. Delinea names new president, GTM: Identity and auth provider Delinea announced today that Chris Kelly will be the company's president, go-to-market. Kelly has 20+ years of experience driving revenue growth and client experience, and will oversee Delinea’s global sales, channel, solution engineering, and customer success teams. Congratulations!

2. SenseOn, Kite ink distribution deal: Cybersecurity solutions firm SenseOn announced a strategic partnership with Kite Distribution. This collaboration will equip resellers and MSSPs with AI-driven adaptive intelligence solutions to tackle the evolving cybersecurity landscape, the companies said. Through the partnership, Kite Distribution will offer SenseOn’s integrated solution that uses adaptive AI and combines NDR, XDR, EPP, and SIEM.

3. Committee on Foreign Investment targeted for attack: CNN reported that the same Chinese state-backed threat actors behind the recent attack against the Treasury Department have also compromised the Committee on Foreign Investment in the U.S. The CFIUS is the country's foreign investments review office, which was tasked to examine real estate sales in the vicinity of U.S military bases last month, according to SC Media. Information from CFIUS could be leveraged by China and its proxies to acquire land that would help facilitate espionage activities.

4. STIIIZY data breach: Major California marijuana dispensary STIIIZY had customer information from its Alameda, Modesto, and San Francisco stores compromised following a cyberattack against its third-party point-of-sale processing services vendor, according to The Record, a news site by cybersecurity firm Recorded Future. The infiltration of the vendor's systems between October and November exposed not only individuals' names, ages, and addresses but also photographs, medical cannabis cards, driver's license numbers, and passport numbers, said STIIIZY in a breach notice and filing with California regulators. The Everest ransomware operation took credit for the breach.

5. Apple device vulnerabilities: As Silicon Angle reported, security researcher Thomas Roth successfully hacked Apple’s proprietary ACE3 USB-C controller, which is a critical component responsible for managing charging and data transfer on Apple’s latest devices. The hack revealed significant vulnerabilities in Apple’s USB-C implementation and rightly raised concerns about user data security and device integrity, the article said. Roth was able to reverse-engineer the ACE3 controller to expose its internal firmware and communication protocols, which allowed him to reprogram the controller to allow unauthorized actions, including bypassing security checks and injecting malicious commands.

Sharon Florentine

Sharon manages day-to-day content on ChannelE2E and serves as senior managing editor for CyberRisk Alliance’s Channel Brands. She also covers enterprise-class technology companies, strategic alliances and channel partner strategies. Sharon is a veteran tech journalist and editor with more than 25 years experience in the industry, and has previously held key editorial, content and leadership positions at Techstrong Group, CIO.com, Ziff Davis Enterprise and CRN.

You can skip this ad in 5 seconds