Security update: WordPress malware attack, high wire mergers and acquisitions

Each week, ChannelE2E visits our MSSP Alert affiliate site to provide a roundup of the top stories impacting MSPs who are deeply focused on cybersecurity.

This week we have news about the Top 250 MSSP High Wire Networks that are selling their non-MSSP businesses in preparation for acquisitions as a pure play managed security service provider. We also have news about a recent malware attack on WordPress sites, so if you manage them on behalf of your clients, you should dig into that. Plus, CISA has released a new report on how MSPs are playing a key role in helping small and medium-sized businesses implement SSO for cybersecurity. Plus, we have a recap of the coverage from the Splunk .conf24 event.

Check out the full range below.

High Wire Networks sells non-MSSP businesses, prepares for acquisitions

High Wire Networks, a top 250 MSSP, invests all of its resources in managed security services, outselling all other companies and becoming pure MSSP fun. The authorities signaled that the company may also carry out strategic acquisitions.

The company announced this week that it has sold its technology services business for $11.2 million to ServicePoint in an all-cash transaction. The proceeds will be used to reduce debt by $5 million and add more cash to the balance sheet.

In addition, High Wire’s board of directors has approved the sale of the company’s VoIP and data networking subsidiary, Secure Voice Corp.. High Wire also reported that there is an interim agreement to sell Secure Voice, and the company expects to complete the sale before the end of the third quarter.

In a post on LinkedIn, High Wire president and CEO Mark Porter said that combining High Wire’s technical services division with ServicePoint IT is intended to “create one of the largest and best professional services organizations in the United States. This combined entity will provide our clients with a broader set of services, greater reach and continuing the journey we started so long ago, many of our great people will lead the way and continue to serve our clients.” Porter also announced that he will serve as an advisor to the ServicePoint venture.

Read the full article here.

WordPress Fights Malware Attack, 5 Infected Plugins

Given that many MSSPs and MSPs manage WordPress sites for their clients, the news of malware injection into five WordPress plugins raises concerns about the vulnerabilities of this popular content authoring software.

An attack on the software supply chain opens the door to malicious code that allows the creation of rogue administrator accounts to perform arbitrary activities, reports The Hacker News. The breach established malicious administrator accounts with usernames “Options” and “PluginAuth”, allowing account data to be exfiltrated to the IP address 94.156.79(.)8.

Attackers also performed malicious JavaScript injections to infect target sites with search engine optimization spam, wrote Chloe Chamberland, a Wordfence security researcher at Defiant. All affected plugins have already been removed from the WordPress plugin directory. Only Social Warfare has released a new version that fixes this problem. Site administrators were also advised to remove the plugins immediately.

Now, in addition to malware, a new credit card skimmer, “Caesar Cipher Skimmer,” is infecting multiple content management platforms, including WordPress, Magento, and OpenCart, reports Securi’s Ben Martin.

Read the full article here.

CISA: How MSPs can help SMBs implement single sign-on

MSPs are key to helping SMEs improve their security posture by implementing single sign-on. This is one of the conclusions of a new report by the Cybersecurity & Infrastructure Security Agency (CISA), which addresses the challenges SMEs face with this technology.

Among CISA’s recommendations is that providers should provide a more flexible schedule for SMB seating thresholds. Specifically, CISA recommends that providers allow bundling of SSO licenses at the MSP or SMB group level, rather than at the individual subscriber organization level.

MSPs are not just a big part of the recommended solution to the problem. CISA also consulted with experienced MSPs to prepare this study. In addition, CISA worked with other stakeholders, including SSO vendors, nonprofits dedicated to improving cybersecurity, and MSPs with experience adopting SSO and migrating between SSO platforms.

The CISA report is titled Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities. CISA’s companion blog post, Why SMBs Don’t Deploy Single Sign-On (SSO), calls on software vendors to consider how their business practices may inadvertently reduce the security posture of their customers.

Read the full article here.

Splunk .conf24: Highlights from Cisco’s First Deal Event

Splunk concluded its .conf24 user conference in Las Vegas earlier this month. It was the first event since Cisco acquired the company last year.

Users and channel partners in attendance witnessed the first glimpses of what the combined company and channel programs will look like in the coming months and years as these two giants join forces. Some might say that together, these two companies form a powerful partnership of equals that translates into stronger solutions, tools, and business relationships across the entire network of MSSPs, MSPs, and cybersecurity providers.

The conference was attended by approximately 5,500 participants, including over 40 sponsors and 1,000 partners.

There was an MSSP Alert. Here’s a roundup of all the coverage from the annual Splunk event.

Read the full article here.