Linthicum Heights, MD – September 16, 2025 – CyberMaxx, a leading provider of managed detection and response (MDR) services, today announced the appointment of Anthony Cali as Chief Revenue Officer (CRO). Anthony will take the helm of the sales organization, driving scale, strategic growth and support our GTM efforts via the channel.

Anthony brings over 18 years of technology sales and leadership experience to CyberMaxx. He’s spent his tech career building strong teams, running multi-million-dollar global business units and focusing on channel partnerships. Most recently, he led Cipher as CEO of North America, where his vision was to scale through the channel to accelerate growth. In just two years, Anthony achieved this by taking Cipher from an unknown entity in the MSSP/MDR market to increasing revenue by over 700%.

“This is an exciting time for us as a company. We have always believed in growing with the channel and delivering joint value to customers, and I’m thrilled to have Anthony join and continue that mission,” said Brian M. Ahern, CEO of CyberMaxx. “His experience, expertise and proven commitment to the channel will enhance our existing partnerships and jointly provide world-class MDR services.”

CyberMaxx is doubling down on its investment in the channel with a clear vision to create meaningful organizational change by surrounding the channel with best-in-class go-to-market support, strategy, and technology.

In addition to Anthony Cali, CyberMaxx has actively invested in senior channel and sales leadership—professionals who have built and scaled channel programs from the ground up, with strong relationships at the TSD and TA levels. Each role supports the channel-focused sales organization and the partner community:

• Mark Jackson, Vice President of National Channel Sales, who will lead execution for our national partners, travel to various TSD events for the rest of FY25 to support and begin planning for a successful go-forward. Most recently, Mark held the role of VP Channel Sales at Thrive and brings more than 12 years of experience in channel sales and cybersecurity.
• Sotiria Doumanis, Senior Director of Sales Operations, who will work closely with Channel Sales Advisors for operational excellence across partner operations and ensure scalable and smooth partner transactions and reporting. Sotiria brings over 14 years of sales strategy and operations expertise, driving revenue growth and operational excellence at leading technology companies including Salesforce, Veeam, and Darktrace.

“The channel is at the heart of our go-to-market strategy here at CyberMaxx and surrounding it with strong and capable leaders like Mark and Sotiria is exactly how we can be strong teammates to our partners.” said Anthony Cali, CRO of CyberMaxx. “We are positioned to elevate our GTM approach for the remainder of 2025 and moving forward.”

About CyberMaxx  

CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. With a focus on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries. For more information about CyberMaxx’s Modern Managed Detection & Response (MDR), visit www.CyberMaxx.com

Media Contact 

John Pinkham

E: jpinkham@cybermaxx.com

M: 781-801-5352

The post CyberMaxx Appoints Anthony Cali as Chief Revenue Officer to Double Down on Channel-Driven Growth Strategy appeared first on CyberMaxx.

At CyberMaxx, culture is more than a buzzword—it’s the foundation of everything we do. From empowering employees to pursue professional growth, to fostering a collaborative environment where every voice is heard.

“Winning the Hyer Breakthrough Culture Award is an honor and a reflection of the incredible team we’ve built,” said Brian Ahern, CEO of CyberMaxx. “We’ve worked intentionally to create a culture where people feel supported, challenged, and inspired. Our mission to protect clients from cyber threats is serious business, but we believe that mission is best achieved when our team feels empowered, connected, and proud of the work they do.”

CyberMaxx’s culture is defined by its commitment to continuous learning, flexibility, and fairness. Whether working remotely, in-office, or in a hybrid model, team members are encouraged to grow through mentorship, certifications, and hands-on experience. The company’s “Join the Pack” philosophy—symbolized by its beloved mascot, Maxx the dog—welcomes new hires into a community built on respect, integrity, and shared purpose.

The company’s “noble cause”—defending clients from their worst-day scenarios—serves as a daily motivator. Mission plaques at every desk, monthly recognition awards, and annual Cybersecurity Awareness Month celebrations keep this purpose front and center. CyberMaxx also equips its leaders with the tools to uphold its values consistently, ensuring that policies are applied with fairness and transparency.

CyberMaxx extends its gratitude to Hyer for this recognition. As the company continues to scale, it remains committed to evolving its culture with the same intentionality and excellence it brings to cybersecurity.

About CyberMaxx

CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. Focusing on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries.

About Hyer

Hyer (www.hyer.co) is a leading authority in recognizing and celebrating organizational excellence, particularly in fostering innovative and supportive workplace cultures. Through rigorous evaluation and a deep understanding of modern work dynamics, Hyer identifies companies that are setting new benchmarks for employee engagement, well-being, and impactful cultural development.

Media Contact

John Pinkham

E: jpinkham@cybermaxx.com

M: 781-801-5352

The post CyberMaxx Honored with Hyer 2025 Breakthrough Culture Award appeared first on CyberMaxx.

Chicago, IL – May 14, 2025 – CyberMaxx, the leading Managed Detection and Response (MDR) provider, today announced a strategic refresh of its flagship MDR service, MaxxMDR, to further reduce risk and improve security outcomes for organizations. As part of this enhancement, MaxxMDR is now available in three distinct service tiers—Core, Advanced, and Elite—offering customers greater flexibility and control in selecting the right level of protection for their unique needs.

This evolution of MaxxMDR reflects CyberMaxx’s commitment to a modern, integrated approach to cybersecurity. Each level of the service is powered by the CyberMaxx 24x7x365 Security Operations Center (SOC), where threat monitoring, detection, and response are seamlessly combined into a unified service. Each of the three tiers of service gives customers the power of “Big R” Response, allowing them to defend their company with a modern approach regardless of where they are at in their cybersecurity journey.

CyberMaxx’ modern, tech-enabled, not one-size-fits-all model offers organizations the ability to choose the MDR offering which best fits their company goals depending on where they are in their cybersecurity journey.

• MaxxMDR Core – Includes 24x7x365 monitoring and response for your most critical attack point – the endpoints. CyberMaxx monitors endpoints in real-time to identify threats and engage in our response process immediately. We isolate and contain attacks before data is exfiltrated, assets are further compromised, or irreversible damage is done.
• MaxxMDR Advanced – Builds on MaxxMDR Core and secures the environment on both the endpoint and your cloud email (M365 / Google Workspace). As one of the most widely used cloud application suites today, Microsoft 365 requires continuous monitoring to mitigate concerns regarding data loss, privacy, leakage, and unauthorized access.
• MaxxMDR Elite – The most complete MDR offering monitors the entirety of your critical infrastructure, including endpoints and cloud email. The CyberMaxx team works to identify each of the data sources which provides the most security-relevant telemetry using a managed SIEM and deception technology. This offering also includes Continuous Threat Exposure Management (CTEM), a recurring proactive layer of security which identifies and addresses vulnerabilities preemptively.

“Our new service tiers for MaxxMDR allow all organizations to choose the right balance of features, cost, and protection level that best meets their risk posture – while maintaining a strong focus on response for their company MDR,” said Brian M. Ahern, CEO of CyberMaxx. “As our customers advance in their security maturity, upgrading between service tiers is simple, seamless and quickest time to value in the industry.”

These service enhancements reinforce CyberMaxx’s tech-enabled service model, which prioritizes platform compatibility and customer flexibility. CyberMaxx continues to support seamless integration with industry-leading SIEM and security platforms such as Crowdstrike, Microsoft, SentinelOne, Palo Alto, Cisco/Splunk, Devo, Elastic, Exabeam, LevelBlue, Cloud Service Providers, and an extensive list of additional log sources. At CyberMaxx, we do not require customers to displace their security tech stack investments but instead operationalize those best-in-class technology platforms to deliver the intended security outcomes.

The upgraded MaxxMDR offering builds on the momentum of CyberMaxx’s recent acquisitions of Cybersafe Solutions and onShore Security, further scaling its enterprise-grade capabilities to serve the under-resourced mid-market sector.

CyberMaxx’s enhanced MDR solution empowers customers to maximize protection, minimize complexity, and make informed decisions through powerful threat visibility and the “Big R” response capabilities delivered by a world-class SOC.

About CyberMaxx
CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. With a focus on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries.

More information about CyberMaxx’s Modern Managed Detection & Response (MDR).

Media Contact
John Pinkham
E: jpinkham@cybermaxx.com
M: 781-801-5352

The post CyberMaxx Enhances Tech-enabled MDR Offering to Deliver Best-In-Class Security Outcomes appeared first on CyberMaxx.

CyberMaxx recently released the Q1 2025 Ransomware Research Report. This quarter produced the highest number of recorded attacks so far. Amongst the findings, our researchers discovered that Healthcare facilities remained some of the most highly targeted, likely because they are left vulnerable due to the potential life-or-death consequences of operational disruptions.

Operational downtime at a healthcare facility can be devastating, putting patient safety, critical services, and sensitive data at immediate risk. When systems go offline, it can delay urgent care, disrupt access to medical records, and halt life-saving procedures—making every minute count.

Threat actors know this. That’s why healthcare is a prime target for ransomware attacks. Cybercriminals exploit the urgency and potential harm caused by downtime, believing that the high stakes will pressure organizations into paying the ransom quickly to restore operations.

By the Numbers

Of the over 400 organizations CyberMaxx protects, 75 are healthcare facilities. That equates to upwards of 500K endpoints across hospitals, doctors’ offices, dentists, and more. During this past quarter, there have been a total of 2,461 ransomware and data extortion attacks. Of those, 127 took place in a healthcare organization. 68 attacks were based in the United States, totaling 54% of the healthcare related attacks.

A Common Cause of Healthcare Data Breaches

The Oracle Health Data Breach is one example of a recent compromise. Oracle Health became aware of the breach around February 20, 2025, initiating a comprehensive investigation and response process. In early 2025, Oracle Health, formerly known as Cerner, suffered a significant data breach affecting multiple U.S. hospitals and healthcare providers. The breach occurred due to unauthorized access to legacy data migration servers, using compromised customer credentials. This unauthorized access reportedly began sometime after January 22, 2025, with the attackers exfiltrating patient data to an external location. Notification of affected clients began in March, with Oracle Health striving to provide transparency on the extent of the breach.

The stolen data reportedly included sensitive patient information from electronic health records, though the precise scope and amount of compromised data remain unclear. The use of compromised credentials to access legacy systems underscores a common vulnerability within the healthcare sector, where outdated or insufficiently protected systems remain integrated with modern networks.

An individual identifying themselves as “Andrew” has attempted to extort the affected healthcare providers, demanding payments in exchange for not releasing the stolen data. Notably, this threat actor does not appear to be affiliated with any known ransomware group, suggesting the possibility of either a lone actor or a new entity entering the scene.

The motivations and capabilities of “Andrew” are still under investigation, but the lack of affiliation with a prominent ransomware group could complicate efforts to track and apprehend the individual. The healthcare sector is still particularly vulnerable to such attacks, given the sensitive nature of patient data and the potential harm that could result from its unauthorized disclosure.

A Case for Updating Legacy Systems

This breach highlights the ongoing challenge of securing legacy systems and ensuring that customer credentials are adequately protected. As Oracle Health continues to investigate and mitigate the impacts of the breach, healthcare organizations must remain vigilant and proactive in bolstering their own cybersecurity measures.

The incident also serves as a reminder that attackers are increasingly targeting healthcare institutions due to their critical role in society and the high value of the data they possess. Ensuring robust protection of sensitive data should remain a top priority for all entities operating in the healthcare sector.

Securing Your Healthcare Data

Healthcare organizations must prioritize proactive defense, real-time detection, and incident response—because even a short disruption can have life-threatening consequences, and attackers are counting on that pressure to profit.

Don’t miss this session hosted by CyberMaxx and HS-ISAC, full of stories from cybersecurity experts and healthcare customers, validating the real-world impact of cyber threats happening daily, targeting medical and dental organizations of all sizes. Hear all the ways you can take steps to protect your organization from the rising threats. Learn more here: Improving Healthcare Cybersecurity So Patient Data Doesn’t End Up on the Dark Web | CyberMaxx

More Reading on Ransomware

• Download Q1 2025 Ransomware Research Report
• All Ransomware Research Reports

The post The State of Ransomware in Healthcare appeared first on CyberMaxx.

• SonicWall SMA Appliance Vulnerability Under Active Exploitation
• Cisco Patches High Severity WebEx Vulnerability
• Atlassian Releases April Patch Cycle
• DKIM Replay Attack Exploits Google OAuth in Phishing Campaigns

SonicWall SMA Appliance Vulnerability Under Active Exploitation

SonicWall updated a security advisory originally released in 2021, noting that the vulnerability is believed to be actively exploited. The vulnerability, CVE-2021-20035 (7.2/10), can allow an authenticated user to inject arbitrary commands as a “nobody” user and execute code remotely. This vulnerability affects the SonicWall SMA 100 series product and the SMA 200, 210, 400, 410, and 500v platforms.

Affected Versions

• 10.2.1.0-17sv and earlier.
• 10.2.0.7-34sv and earlier.
• 9.0.0.10-28sv and earlier.

Recommendations

• 10.2.1.1-19sv and higher.
• 10.2.0.8-37sv and higher.
• 9.0.0.11-31sv and higher.

More Reading / Information

• https://www.bleepingcomputer.com/news/security/sonicwall-sma-vpn-devices-targeted-in-attacks-since-january/
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

Cisco Patches High Severity WebEx Vulnerability

Cisco released a patch for a new vulnerability affecting its Webx product. The vulnerability, CVE-2025-20236 (CVSS 8.8/10), allows unauthenticated attackers the ability to gain client-side remote code execution using malicious meeting links by tricking users into downloading arbitrary files. The patch provides improved input validation of URL’s within the WebEx App to address the issue.

Affected Versions

• Cisco WebEx 44.6.
• Cisco WebEx 44.7.

Recommendations

• Upgrade Cisco WebEx 44.6 to version 44.6.2.30589.
• For Cisco WebEx 44.7, migrate to a fixed release.

More Reading / Information

• https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC
• https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Atlassian Releases April Patch Cycle

Atlassian released patches for seven high-severity vulnerabilities, including four vulnerabilities impacting dependencies in Bamboo, Confluence, and Jira data-center versions only. If exploited, these vulnerabilities can lead to several issues, like Denial-of-Service and XML external entity injections.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest updates to affected products.

More Reading / Information

• https://www.securityweek.com/vulnerabilities-patched-in-atlassian-cisco-products/
• https://confluence.atlassian.com/security/security-bulletin-april-15-2025-1540723536.html

DKIM Replay Attack Exploits Google OAuth in Phishing Campaigns

Scammers are utilizing Google Sites, a free web-building platform, to deploy fake support portals to steal credentials. To lure users to this portal, the scammers are registering a domain and creating a Google account for “me@domain”. The attacker will then create a Google OAuth app, name the OAuth application the entire text of the phishing message they want to send, include a lot of white space at the end, and then grant it access to their new account. Granting the OAuth app access to their account will trigger a security alert message from Google to the spammer, which will display the entirety of the phishing message they want to send. They will then forward this message to the victims. Since DKIM only verifies the message and headers and not the envelope, the message passes signature validation and displays in the inbox as if it were sent directly from Google. By using “me@domain,” the eventual message will default in the victim’s inbox as being sent “to me,” which Gmail uses as shorthand for your address.

Google has told the user who reported this issue that they will be working to fix the OAuth bug that makes this attack vector possible.

Recommendations

View who the message was sent to and check to see if the “To” field is your email address.
Never rely solely on a message’s domain, authentication status, or visual design to determine legitimacy.
Verify login pages manually—don’t follow embedded links, especially in urgent-sounding emails.
Scroll to the bottom of the email and check if the email for which access was granted was your email address.

More Reading / Information

• https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/
• https://www.legal.io/articles/5636309/DKIM-Replay-Attack-Exploits-Google-Infrastructure-in-Sophisticated-Phishing-Scheme

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory April 23rd, 2025 appeared first on CyberMaxx.

According to CyberMaxx research, there were 74 active groups responsible for 2,461 recorded incidents in Q1 2025. This figure marks a 4.3% increase over the previous quarter, which saw 66 active groups conduct 2,358 attacks.

In Q1 2025, ransomware groups averaged 33.2 successful attacks each. With 398 attacks, Cl0p was the most active group this quarter, representing approximately 16% of all successful attacks.

Other notable ransomware groups in Q1 2025 were RansomHub (234 attacks), Akira (217 attacks), Babuk2 (156 attacks), and Qilin (113 attacks). Notably, Lockbit, one of the most prolific groups throughout 2024, fell to 24th place with only 23 attacks.

February 2025 was a record-breaking month for the Cl0p: the group carried out 331 individual attacks, the highest number ever recorded by a single group in a single month.

Cl0p’s dominance stems from its use of two critical vulnerabilities. These include CVE 2024 50623 and CVE 2025 55956 in Cleo Harmony products.

This surge in ransomware activity during Q1 2025 marks a clear escalation in ransomware threats, and Cl0p has raised the benchmark for attack efficiency and volume.

The group’s successful exploitation of critical vulnerabilities reinforces the urgent need for security teams to prioritize patch management and promptly address critical vulnerabilities in Q2 2025.

Organizations should enhance their monitoring and detection capabilities to catch intrusions before data exfiltration occurs and ensure they implement multi-factor authentication (MFA) while actively monitoring compromised accounts.

CyberMaxx’s cyber research team regularly investigates threats on its own. These efforts aim to build shared knowledge across the cybersecurity community.

Access the full Ransomware Research Report here: Q1 2025 Ransomware Research Report

About CyberMaxx

CyberMaxx, LLC., founded in 2002, is the leading provider of managed detection and response (MDR), headquartered in Chicago, IL. CyberMaxx’s managed detection and response solution (MaxxMDR) is designed to be scalable for clients of all sizes, providing protection and improving the organization’s security posture, ultimately giving customers peace of mind that their systems and data are secure. CyberMaxx expanded its capabilities through the 2022 acquisition of CipherTechs, an international cybersecurity company providing a complete cybersecurity portfolio across MDR Services, Offensive Security, Governance, Risk & Compliance, DFIR, and 3rd party security product sourcing.

For more information, visit: www.cybermaxx.com

CyberMaxx Media Contact
Clint Poole
cpoole@cybermaxx.com

The post CyberMaxx Q1 2025 Ransomware Research Report shows 4.3% increase in attack volume over the previous quarter, setting new records appeared first on CyberMaxx.

• SonicWall NetExtender Patches Vulnerabilities in Windows Versions
• Apache Patches Critical Roller Vulnerability
• Oracle Releases Quarterly Patch Cycle
• Juniper Networks Patches Dozens of Vulnerabilities
• Security Updates Released for Adobe, Chrome, and Firefox

SonicWall NetExtender Patches Vulnerabilities in Windows Versions

SonicWall has patched three vulnerabilities in its NetExtender for Windows product. The most severe is CVE-2025-23008 (CVSS 7.2/10), where an authenticated user can exploit and modify configurations. Two other medium severity vulnerabilities were also patched, CVE-2025-23009 (CVSS 5.9/10) and CVE-2025-23010 (CVSS 6.5/10). The first can allow an attacker to manipulate file paths while the second can allow them to trigger an arbitrary file deletion.

Affected Versions 

Version 10.3.1 and earlier versions.

Recommendations

Upgrade to NetExtender Windows version 10.3.2.

More Reading / Information

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
• https://www.securityweek.com/sonicwall-patches-high-severity-vulnerability-in-netextender/

Apache Patches Critical Roller Vulnerability

Roller is an open-source Java blog server. Apache announced a new patch for the vulnerability CVE-2025-24859 (CVSS 10/10). This allows an attacker to abuse previous sessions and maintain persistence even if the password to the compromised account is changed. The issue was fixed by implementing a centralized session management to invalidate all sessions after passwords are changed.

Affected Versions 

• Roller versions up to and including 6.1.4.

Recommendations

• Upgrade to Roller version 6.1.5

More Reading / Information

• https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f
• https://www.securityweek.com/critical-vulnerability-found-in-apache-roller-blog-server/

Oracle Releases Quarterly Patch Cycle

Oracle announced the release of its Quarterly Patching Cycle for the first Quarter of 2025. In the release, there were 378 total vulnerabilities, 180 unique vulnerabilities, and 40 critical severity vulnerabilities. These vulnerabilities affect many Oracle products, including but not limited to Oracle Communications, MySQL, Financial Services apps, Fusion Middleware, etc.

Affected Versions 

A full list of affected products can be found here.

Recommendations

Apply the patches for any affected products in use.

More Reading / Information

• https://www.oracle.com/security-alerts/cpuapr2025.html
• https://www.securityweek.com/oracle-patches-180-vulnerabilities-with-april-2025-cpu/

Juniper Networks Patches Dozens of Vulnerabilities

Juniper Networks has released patches for dozens of high-severity vulnerabilities in Junos OS, Junos OS Evolved, and certain dependencies in Juno Space. Most of the vulnerabilities affecting Juno OS and OS Evolved can lead to DoS conditions and access sensitive information if exploited.

Affected Versions 

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending
• https://www.securityweek.com/juniper-networks-patches-dozens-of-junos-vulnerabilities/

Security Updates Released for Adobe, Chrome, and Firefox

Adobe has released patches for 54 vulnerabilities in several products. Adobe also called urgent attention specifically to its ColdFusion application. 15 of the patched vulnerabilities affect ColdFusion, leading to file system read, arbitrary code execution, and security feature bypasses.

Google Chrome announced patches with an updated browser version, which has addressed two new vulnerabilities. Successful exploitation of these can lead to buffer overflows and remote code execution.

Mozilla has released updates to Firefox ESR, Thunderbird, and Thunderbird ESR to address a high-severity vulnerability affecting its component handling HTTP requests.

Recommendations

• Apply the latest patches to any affected Adobe products.
• Upgrade to Google Chrome to version 135.0.0.7049.96 for Windows and Mac, and 135.0.7049.95 for Linux.
  • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
• Upgrade to Mozilla Firefox to version 137.0.2.
  • Recent versions of Firefox have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

More Reading / Information

• https://helpx.adobe.com/security.html
• https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-25/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory April 16th, 2025 appeared first on CyberMaxx.

According to CyberMaxx research, Q4 2024 saw 2,358 ransomware attacks, making it the highest number recorded in a single quarter. This marks a 137% increase compared to the attacks observed in Q3 2024.

“There were almost double the number of successful attacks in the final 90 days of 2024 as there were in all of Q3 2024,” says Connor Jackson, Security Research Manager at CyberMaxx. “Q3 saw 1,218 attacks vs Q4s 2,358, at 193%.”

Threat actors followed mainstream cloud adoption in 2024, and it became a popular target. Identity attacks and exploiting misconfigurations were the main attack vectors utilized.

“We saw a 39% increase in attacks against cloud environments over 2023, making this a common initial access vector for threat actors,” says Jackson.

There has been a continued rise in new threat actors, with Q4 witnessing 66 active groups involved in successful ransomware and data extortion attacks. This compares to 39 active ransomware groups in Q4 2022 and 46 active groups in Q4 2023, showing a steady upward trend in the number of threat actors entering the space.

The average cost of a data breach for an organization continues to grow year over year. Between 2020 and 2024, the cost has risen from $3.86M to $4.88M. This shows that incidents are becoming more frequent and more expensive.

The cyber research team at CyberMaxx conducts routine threat research independent of client engagements in order to help foster collective intelligence among the cybersecurity community.

Access the full Ransomware Research Report here: https://cybermaxx.com/q4-2024-ransomware-research-report/

About CyberMaxx

CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. With a focus on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries.

For more information about CyberMaxx’s Modern Managed Detection & Response (MDR), visit www.cybermaxx.com

Media Contact

Clint Poole
E: cpoole@cybermaxx.com
M: 857-540-2331

The post CyberMaxx Q4 2024 Ransomware Research Report reveals Q4 witnessed the most attacks in any single quarter to date appeared first on CyberMaxx.

We are thrilled to announce that Cybersafe Solutions is now officially part of the CyberMaxx family (Press Release). This acquisition is not just a merger of two organizations but a strategic alignment of vision, capabilities, and commitment to redefining Managed Detection and Response (MDR) services. Together, we aim to deliver unparalleled security solutions for businesses navigating an increasingly complex threat landscape.

Why We’re Excited About This Partnership

The cybersecurity challenges facing businesses today require innovative solutions that go beyond traditional approaches. At CyberMaxx and Cybersafe, we have always been dedicated to empowering organizations to protect what matters most. By joining forces, we amplify our impact.

Scale provides enterprise-level solutions for underserved mid-market and SME customers.

We are dedicated to delivering enterprise-level solutions tailored to the needs of mid-market and SME customers. MaxxMDR from CyberMaxx employs a modern approach that integrates threat response directly into the 24x7x365 monitoring and detection capabilities of the CyberMaxx Security Operations Center (SOC). To better address the unique security requirements of our customers, MaxxMDR is now offered in three distinct service levels: Core, Advanced, and Elite, allowing businesses to select the level of protection that aligns with their specific needs.

Through two recent acquisitions, CyberMaxx has expanded its customer base to include more than 450 MDR clients. This growth not only increases scale but also adds significant expertise, enabling us to safeguard a broader range of attack surfaces effectively.

Strengthening tech-enabled services capabilities by expanding 3rd-Party SIEM Support

These acquisitions bring expanded compatibility with third-party SIEM platforms, reinforcing the CyberMaxx tech-enabled model that monitors and responds to each customer’s most security-relevant data. Customers will now have access to an extended range of supported platforms, including Devo, Elastic, Exabeam, LevelBlue, and Splunk. This increased compatibility offers greater flexibility and allows customers to implement an effective MDR solution without the need for additional technology investments.

Enhanced Customer Experience

In addition to expanding platform support, CyberMaxx is enhancing the customer experience with the adoption of the Cybersafe CyberSight portal. CyberSight increases visibility into MDR performance and provides upgraded reporting features, offering analysts deeper insights into security operations. Customers can also access these features remotely through a mobile app, ensuring full control and visibility at any time.

Commitment to Innovation

Our collaboration allows us to offer broader compatibility with third-party SIEM and EDR platforms. This flexibility ensures our customers can leverage existing investments while benefiting from cutting-edge threat detection and response capabilities.

A Shared Vision for the Future

At its core, this partnership is about leveraging our combined resources, expertise, and technologies to protect organizations in an increasingly interconnected world. By integrating Cybersafe’s tailored MDR solutions with CyberMaxx’s tech-enabled platform and threat intelligence, we are poised to set a new standard in cybersecurity.

We are excited to welcome Cybersafe into the CyberMaxx family. Together, we are positioned to deliver best-in-class MDR solutions that meet the evolving needs of our clients.”

We look forward to this new chapter and invite you to join us as we build a safer world—together.

Read the Press Release

The post CyberMaxx and Cybersafe Combine to Scale Modern Managed Detection and Response (MDR) Services appeared first on CyberMaxx.

Chicago, IL – January 21, 2025 – CyberMaxx, a leading managed detection and response (MDR) provider, today announced that it has closed the acquisition of Cybersafe, a leader in continuous MDR services, and onShore Security, a leading provider of enterprise-grade cybersecurity solutions, further accelerating the company’s growth and strengthening its MDR capabilities. These acquisitions create greater scale through additional security resources and domain expertise, enterprise-grade cyber-security solutions, and enabling best-in-class MDR technology. Combined with a strong 2024 performance, the two acquisitions position the company as a top 15 MDR provider by annual revenue.

Enhanced enterprise-level solutions for mid-market and SME customers.

Through these acquisitions, CyberMaxx adds broader security capabilities and depth of expertise across a wider attack surface to better serve its rapidly expanding base of hundreds of MDR customers.

MaxxMDR by CyberMaxx further reduces risk for customers through a modern approach that integrates threat response within the monitoring and detection functions of the CyberMaxx 24x7x365 Security Operations Center (SOC). To better meet the unique security requirements of its customers, MaxxMDR will now be available in three distinct service level offerings: Core, Advanced, and Elite.

Strengthening tech-enabled services capabilities by expanding platform compatibility

The acquisitions further bolster compatibility with leading third-party security and SIEM vendors, reinforcing the CyberMaxx tech-enabled model which monitors and responds to each customer’s most security-relevant data. World-class MDR services from CyberMaxx include seamless integrations and domain expertise across leading security vendors including Crowdstrike, Microsoft, SentinelOne, Palo Alto, Cisco/Splunk, Devo, Elastic, Exabeam, and LevelBlue, and more. The increased compatibility offers greater flexibility and allows customers to implement an effective MDR solution without the need for additional technology investments.

Enhanced Customer Experience

In addition to expanding platform support, CyberMaxx will imminently roll out enhancements in customer experience with the advancements of its customer portal, providing enhanced visibility into MDR performance and providing upgraded reporting features; offering analysts deeper insights into security operations. Customers will also have complete access to these enhanced features through a modern mobile app, ensuring full control and visibility, anywhere and at any time.

“We are thrilled to welcome Cybersafe and onShore Security to the CyberMaxx family,” said Brian M. Ahern, CEO of CyberMaxx. “These acquisitions mark a significant milestone in our mission to provide unparalleled cybersecurity solutions. By combining the strengths of all three organizations, we deliver a modern MDR experience at scale, addressing the evolving needs of our clients.”

“Joining CyberMaxx is a natural progression for Cybersafe,” added Benedetto Filingeri, CEO of Cybersafe. “Our shared mission and complementary capabilities will provide our customers with enhanced services and resources previously unavailable to them.”

“This starts an exciting new chapter for the team and our customers,” said Stel Valavanis, CEO of OnShore Security. “By combining the resources and expertise of CyberMaxx to our team’s Elastic-based MDR, we can achieve extraordinary growth and deliver even greater security operations.”

All companies will operate as a single unified company under the CyberMaxx brand.

About CyberMaxx

CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. With a focus on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries.

For more information about CyberMaxx’s Modern Managed Detection & Response (MDR), visit www.cybermaxx.com

Read the joint statement.

Media Contact

Clint Poole
E: cpoole@cybermaxx.com
M: 857-540-2331

The post CyberMaxx Announces the Acquisition of Cybersafe Solutions and onShore Security appeared first on CyberMaxx.