Expert Insights Cybersecurity Industry News Recap: December 5 – December 12, 2024

Welcome to your weekly recap of the cybersecurity vendor news, M&As, and investments making headlines this week.

🚨 Members of our team have been busy attending the 2024 CybersecurityMarketingCon in Philadelphia this week and will be returning soon. If you were also there, let us know your thoughts on the convention!

Got a story to share with our team? Email [email protected].

🚨 Vendor M&As

• A strategic partnership between SonicWall and endpoint protection specialist CrowdStrike has led to the launch of a Managed Detection and Response (MDR) service designed to bring enterprise-grade security to SMBs. (Cyber Magazine)
• Data protection startup Cohesity has merged with Veritas to become the world’s largest data protection software provider, with the goal of creating more value for customers and facilitating faster innovation. (TechCrunch)

📟 Releases And Patches

• On Tuesday December 10^th, Microsoft rolled out patches for a total of 72 security flaws across its software portfolio, including one actively exploited zero-day vulnerability. (The Hacker News)
• Adobe’s December 2024 patch addresses more than 160 vulnerabilities across 16 products. Adobe noted in its advisories that it is not currently aware of any in-the-wild exploits for the vulnerabilities patched with its latest round of updates. (SecurityWeek)
• Splunk released patches to fix a possible Remote Code Execution (RCE) exploit. The flaw exists due to the insecure usage of the Jsonpickle Python library. (SecurityWeek)
• Atlassian has released fixes for 10 high-severity vulnerabilities, although has not reported any of these vulnerabilities being exploited against their products. (SecurityWeek)

🎣 Threats, Bugs, & Hacks

• Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products, which would allow remote attackers to gain administrative privileges on vulnerable appliances. There is no evidence that these vulnerabilities have been exploited in the wild. (The Hacker News)
• Huntress’ research team has identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, with customers warned of active zero-day vulnerabilities being exploited. This vulnerability allegedly resulted from an incomplete vendor patch released in October. (Infosecurity Magazine)
• Amazon Web Services was targeted by hackers who exfiltrated over 2 TB of credentials, source code, and other account secrets across several platforms. (Infosecurity Magazine)
• Oasis Security revealed that it worked with Microsoft to fix a security vulnerability in their MFA implementation. This vulnerability would allow attackers to gain unauthorized access by sidestepping protections. (The Hacker News)

🎙 Expert Insights: Interviews

Don’t miss this week’s round of interviews with cybersecurity experts and thought leaders.

• Q&A: Microsoft VP Alex Simons On Evolving Identity-Based Threats And The Future Of IAM
• Q&A: Fortinet’s SVP Nirav Shah On Universal ZTNA, Transitioning From VPNs, And Evolving Threats
• Q&A: Angel Grant, SVP At Mimecast, On AI-Driven Email Threats And The Future Of Email Security
• Q&A: Phished CTO Arnout van de Meulebroucke on AI-Driven Phishing and Empowering Employees to Combat Cyber Threats

💡 We’ll be back next week with another roundup of the biggest cybersecurity vendor stories. Until then!

Expert Insights’ Cybersecurity Resources

• The Top RMM Solutions For MSPs
• The Top Mobile Device Management (MDM) Solutions
• The Top Email Security Solutions For Office 365
• The Top Email Security Gateways
• The Top Multi-Factor Authentication (MFA) Solutions For Business
• The Top Phishing Protection Solutions
• The Top Cyber Threat Intelligence Solutions