New Microsoft Vulnerability Identified: Top Cybersecurity News From the Week of Oct 17th
The global cybersecurity awareness month is in full swing, as the dynamic world of cyber embrace new M&A deals and a plethora of ongoing attacks. Here are some of the most notable cybersecurity news from the week:
Deloitte acquires emerging security services startup
Financial advisory giant Deloitte has acquired Hacktive, a Sydney-based security services firm with a staff of 10 specialists. The deal marks Deloitte’s third acquisition in as many months.
The acquisition of Hacktive increases Deloitte’s cyber capabilities across the lifecycle, with Hacktive assisting customers in both the early stages of security planning, such as consultancy and vulnerability assessments, as well as late phases of the cycle such as managed services and cyber operations.
MSP Leaders Infinigate merges with Starlink
Infinigate Group, the world’s leading value-added distributor for IT Security, is combining with Starlink of Dubai. Starlink is a leading IT compliance and security solution provider based in the middle-east. This is an exciting partnership as both businesses are leaders in value-added distribution. Starlink will operate under the Infinigate Group. The combined business is projected to have yearly sales of around $2.2 billion.
VMWare ends security support for its most used software versions
VMware has ended general support for versions 6.5 and 6.7 of its ESXi hypervisor. There will be no more security patches or bug fixes for these versions. There are two more years of technical guidance available, where VMware will give support for low-severity issues. However, there will be no more security patches of any kind. Over 6,000 companies run about 79,000 instances of ESXi.
New Microsoft Office 365 vulnerability comes to light
Organisations using the MS Office suite’s Message Encryption tool are warned that they might be exposed to external risks. This was identified and announced by leading European security service provider WithSecure. According to their researchers, if enough encrypted messages are captured, a threat actor might be able to infer parts of the clear text of scrambled messages.
“Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents. More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on e-mail archives stolen during a data breach, or by breaking into someone’s email account, e-mail server or gaining access to backups,” explained WithSecure™ consultant and security researcher Harry Sintonen.
For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.