SECURITY
Notepad++ confirms it was hijacked and used to distribute malware (link)
Notepad++ is a free code editor that was targeted by a Chinese state-sponsored group Lotus Blossom
Lotus Blossom intercepted and redirected update traffic destined for Notepad++ to their servers
This is a great example of a supply-chain attack. A trusted and legitimate tool (Notepad++) becomes a malware delivery vehicle at the hands of a Chinese state-backed group
VENDOR
CyberFOX announces “nine-figure” growth investment (link)
CyberFOX focuses on it’s privileged access management (PAM) and password management solutions
They plan to use the investment to accelerate AI product development, global expansion, and pursue acquisitions
Bitwarden doubles their pricing to $20/yr for premium (link)
Announcement came hidden in a blog update and upset r/bitwarden
Still offering a free tier
Cork Cyber and ScalePad announce integration to align cyber risk data with QBRs (link)
This is another step step toward security data enabling business conversations
MSPs using ScalePad for QBRs can use Cork Cyber’s cyber risk data to drive sales conversations
Syncro and IRONSCALES partner on email security (link)
This move allows Syncro to expand its bundled offering past RMM+PSA+M365 management
N-able announces new AI-focused positioning (link)
New focus includes:
AI-assisted scripting and automation
AI-powered developer portal
Advanced AI threat detection models
Automated threat triage
OTHER
31 ransomware statistics to share with clients who don’t see the value in cybersecurity (link)
Highlights include:
75% of SMBs say they could not continue operating if hit with ransomware
85% of all ransomware attacks go unreported
15% of ransomware victims who paid the ransom did not receive decryption keys
r/ITMemes