Usage subject to Terms and Conditions

Category Cybersecurity Alerts, News, and Tips

CrowdStrike Gains MSSP Partner Momentum; CEO Dismisses Fear, Uncertainty, Doubt

Read the original article at https://www.msspalert.com/cybersecurity-news/crowdstrike-gains-mssp-partner-momentum-ceo-dismisses-fear-uncertainty-doubt/

CrowdStrike CEO George Kurtz emphasizes partner-first EDR (endpoint detection & response) security strategy. But SentinelOne lurks in MSP channel.

The post CrowdStrike Gains MSSP Partner Momentum; CEO Dismisses Fear, Uncertainty, Doubt appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-news/crowdstrike-gains-mssp-partner-momentum-ceo-dismisses-fear-uncertainty-doubt/

Ubiquiti Breach Allegedly An Inside Job; Former Networking Employee Arrested

Read the original article at https://www.msspalert.com/cybersecurity-breaches-and-attacks/ubiquiti-breach-allegedly-an-inside-job-former-networking-employee-arrested/

Former Ubiquiti employee stole data, demanded ransom payments & manipulated security industry reporters to spread falsehoods, prosecutors allege.

The post Ubiquiti Breach Allegedly An Inside Job; Former Networking Employee Arrested appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-breaches-and-attacks/ubiquiti-breach-allegedly-an-inside-job-former-networking-employee-arrested/

Credential Phishing Insights for MSPs: The Key to Your Customers’ Vulnerabilities

Read the original article at https://www.msspalert.com/cybersecurity-guests/credential-phishing-insights-for-msps-the-key-to-your-customers-vulnerabilities/

In a bid to harvest employee credentials, “Loud inboxes” are often capitalized upon by threat actors to communicate malicious emails.

The post Credential Phishing Insights for MSPs: The Key to Your Customers’ Vulnerabilities appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-guests/credential-phishing-insights-for-msps-the-key-to-your-customers-vulnerabilities/

Threat Hunting vs. Threat Detection: What’s the Difference?

Read the original article at https://www.msspalert.com/cybersecurity-guests/threat-hunting-vs-threat-detection-whats-the-difference/

There are four main differences between threat hunting and threat detection that MSSPs should keep in mind, WatchGuard Technologies asserts.

The post Threat Hunting vs. Threat Detection: What’s the Difference? appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-guests/threat-hunting-vs-threat-detection-whats-the-difference/

VMware Carbon Black Unveils Cloud MDR Security Service

Read the original article at https://www.msspalert.com/cybersecurity-services-and-products/mdr/vmware-carbon-black-unveils-cloud-mdr-security-service/

VMware Carbon Black unveils Cloud Managed Detection & Response (MDR) solution backed by security analysts. Is there room for MSP & MSSP partners?

The post VMware Carbon Black Unveils Cloud MDR Security Service appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-services-and-products/mdr/vmware-carbon-black-unveils-cloud-mdr-security-service/

Presidio Partners with CrowdStrike, CloudEndure for Ransomware Mitigation

Read the original article at https://www.msspalert.com/cybersecurity-companies/mssps/presidio-partners-with-crowdstrike-cloudendure-for-ransomware-mitigation/

Top 250 MSSP Presidio partners with EDR platform provider CrowdStrike & AWS company CloudEndure to deliver a Ransomware Mitigation Kit for customers.

The post Presidio Partners with CrowdStrike, CloudEndure for Ransomware Mitigation appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-companies/mssps/presidio-partners-with-crowdstrike-cloudendure-for-ransomware-mitigation/

When Cybercriminals Hide in Plain Sight: Hacking Platforms You Know and Trust

Read the original article at https://blog.knowbe4.com/when-cybercriminals-hide-in-plain-sight-hacking-platforms-you-know-and-trust

Today’s hackers are concealing their attacks in places you wouldn’t expect… utilizing tools your users know and trust to deliver their malicious payloads. From hijacked single sign-on apps, to weaponized calendar invites, and even malicious office printers, you’ll learn why trusted tools just aren’t as trustworthy as your end users believe.

Read the original article at https://blog.knowbe4.com/when-cybercriminals-hide-in-plain-sight-hacking-platforms-you-know-and-trust

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/12/01/cisa-adds-five-known-exploited-vulnerabilities-catalog

Original release date: December 1, 2021

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number  CVE Title Remediation Due Date
CVE-2020-11261 Qualcomm Multiple Chipsets Improper Input Validation Vulnerability 06/01/2022
CVE-2018-14847 MikroTik Router OS Directory Traversal Vulnerability 06/01/2022
CVE-2021-37415 Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability 12/15/2021
CVE-2021-40438 Apache HTTP Server-Side Request Forgery (SSRF)  12/15/2021
CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus Remote Code Execution 12/15/2021

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria

This product is provided subject to this Notification and this Privacy & Use policy.

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/12/01/cisa-adds-five-known-exploited-vulnerabilities-catalog

Managed Security Services Provider (MSSP) News: 01 December 2021

Read the original article at https://www.msspalert.com/cybersecurity-news/updates-01-december-2021/

Today’s MSSP news involves A-Lign, Anomali, Aviatrix, BigID, Illumio, Lumen, SecurityHQ, TitanHQ, VMware Carbon Black MDR & more.

The post Managed Security Services Provider (MSSP) News: 01 December 2021 appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-news/updates-01-december-2021/