News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers

As we slow down for the holidays, a couple of security stories.   
According to cybersecurity firm Avast, the United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack.   Avast did not identify the federal agency affected, but The Record determined it was the USCIRF. The Cybersecurity and Infrastructure Security Agency (CISA) declined to comment on the attack and said all requests for more information should go to USCIRF. USCIRF did not respond to requests for comment. 

Meanwhile, the FBI reports active exploits of ManageEngine’s Desktop Central product due to a flaw exposed back in October.  A patch was released on December 3.    The FBI now says it observed APT actors compromising Desktop Central servers using the flaw to drop a webshell that overrides a legitimate function of Desktop Central. 

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2.   The highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal.  Threat actors’ focus is also shifting to entities belonging to the government sector, which received 400% more attacks than in October.  The spotlight in November was stolen by the PYSA ransomware group (aka Mespinoza), which had an explosive rise in infections, recording an increase of 50%.  That from Bleeping Computer.

Why do we care?

So I’ll note I won’t be doing news shows next week – but Log4J probably won’t slow down.    The warnings have been constant all month, so at this point, I’m expecting everyone is executing their holiday playbook.

A recent discussion I was involved in highlighted the concern that many small providers don’t have one.   If that’s true for your business… it’s never too late to fix that.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories