Bitdefender MDR

When it is working..it works fine and does what it was designed to do.

Like I told them GET RID OF INTUITS MAILCHIMP AS A SMTP OUT

I spun up another partner yesterday no issue’s with 15 companies..beware if you try to enter Verification code and it fails do not waste you time its broken just report up here (Reddit r/bitdefender)

Roy Miehe | MspPortal Partners Inc. | Ceo/PresidentSecurity Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Coun

OAuth Attacks Target Microsoft 365, GitHub

Jai Vijayan, Contributing Writer March 17, 2025

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method.

In one wave of recent attacks, threat actors have been using bogus Adobe Acrobat and Adobe Drive logos on malicious OAuth apps to steer targeted users straight to malware-laden or Microsoft 365 credential phishing sites when clicked on. Another scammer is pulling the same trick but with a DocuSign look-alike app that funnels users to a credential phishing page. And in a third campaign, an attacker is going after developers by hitting thousands of GitHub repositories with a bogus OAuth app disguised as a “security alert.” Anyone who clicks the fake alert unknowingly grants full access to their repositories.
A Long Pattern of OAuth Cyber Abuse

The campaigns fit a long pattern of attackers using rogue OAuth apps masquerading as a legitimate service to trick users into granting them excessive permissions. Attackers have long favored the approach because it allows them to bypass traditional security controls, maintain persistent access to user accounts, move laterally, and harvest sensitive data without needing to steal passwords directly. Security researchers also consider malicious OAuth apps as relatively easy to set up and allowing attackers to execute a range of actions using legitimate API calls rather than easier to detect malicious exploits.

What makes the phishing attacks, involving the fake Adobe and DocuSign apps, somewhat different from other malicious OAuth campaigns, is how the attackers are leveraging them, according to researchers at Proofpoint’s Threat Insight team who spotted the campaigns recently.

In typical OAuth campaigns, the malicious app itself is used to directly exfiltrate the victim’s data or take actions using the victim’s account. But with the recent attacks, “these malicious OAuth apps serve as gateways to the phishing sites,” says one Proofpoint researcher who did not want to be named, in comments to Dark Reading. “Specifically, the threat actors are using Microsoft’s credibility to redirect the victim to a phishing page.”

The attackers behind both the Adobe and DocuSign campaigns have taken care to ensure that the permissions their malicious OAuth apps request — such as profile, email, and OpenID — are limited in scope, and therefore unlikely to be flagged as suspicious, the researcher says. “The purpose appears to be account takeover, which can lead to a variety of post-compromise objectives.”

Article (https://www.darkreading.com/application-security/oauth-attacks-target-microsoft-365-github?_mc=NL_DR_EDT__20250320&cid=NL_DR_EDT__20250320&sp_aid=128689&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25&sp_cid=57260&utm_content=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

By Bill Toulas March 16, 2025 10:19 AM

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.

The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X.

The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.

These apps request access to less sensitive permissions such as ‘profile’, ’email’, and ‘openid,’ to avoid detection and suspicion.

If those permissions are granted, the attacker is given access to:

* profile – Full name, User ID, Profile picture, Username
* email – primary email address (no inbox access)
* openid – allows confirmation of user’s identity and retrieval of Microsoft account details

Proofpoint told BleepingComputer that the phishing campaigns were sent from charities or small companies using compromised email accounts, likely Office 365 accounts.

The emails targeted multiple US and European industries, including government, healthcare, supply chain, and retail. Some of the emails seen by the cybersecurity firm use RFPs and contract lures to trick recipients into opening the links.

While the privileges from accepting the Microsoft OAuth app only provided limited data to the attackers, the information could still be used for more targeted attacks.

Furthermore, once permission is given to the OAuth app, it redirects users to landing pages that display phishing forms to Microsoft 365 credentials or distributed malware.

“The victims went through multiple redirections and stages after authorizing O365 OAuth app, until presented with the malware or the phishing page behind,” Proofpoint told BleepingComputer.

“In some cases, the victims were redirected to an “O365 login” page (hosted on malicious domain). In less than a minute after the authorization, Proofpoint detected suspicious login activity to the account.”
Article (https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

To all MspPortal Partners Security update news

Folks
As always this is my personal opinion
With so many tech firms that provides cloud software services. From Remote connections to back up , mail..banking ect
If you are a Managed Service Provider, Tech, consultant.
Please do not put all your eggs in one basket. This seems to a now be common theme, please do not be lazy, your clients depend upon you to secure there networks and workstations.
If your clients are paying you for a secure service provide it. Take a look at your RMM solution if you provider keeps coming up with more solution in there dashbards it can only lead to a crash and burn for your clients.
There are 3 solutions that I think are best of breed
1) Bitdefender MDR
2) Barracuda Mail Products and RMM
3) Cisco / Meraki firewall
These 3 products will help you assist your clients adding multiple software solutions (which now a days these solution would prefer you to run no security soltions. To many are using AI ChapGT for writing backend code with no dynamic secure API calls.

Example

“March 2025 SendGrid
Mail Stuck in Processing
Starting around 3:27 PM PT until 3:50 PM PT, our engineers identified an issue that affected mail send. A subset of customers may have experienced latency in mail send getting processed. A fix has been implemented, and this issue has been resolved. All delayed mail send has been processed.
Mar 11, 16:09 – 16:09 PDT
API Authentication issues
Our engineers have monitored the fix and confirmed that the API authentication issues have been resolved. All services are now operating normally.
Mar 6, 08:12 – Mar 7, 12:09 PST
Unsubscribe check failures causing billing issues
Our engineers have monitored the fix and confirmed the issue with Marketing Campaign emails has been resolved. All services are now operating normally at this time.
Mar 6, 11:52 – 15:51 PST”

The relationship with Microsoft, Cloudflare and Crowdstrike was devastating for end users it was like a BlackScreen of death with really no solution available in a timely like fashion except to update one machine at a time

CISA Adds Six Known Exploited Vulnerabilities to Catalog
03/11/2025 03:00 PM EDT

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Latest News 3-14-2025
Week-long Exchange Online outage causes email failures, delays
By Sergiu Gatlan March 14, 2025 02:59 PM
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages.

While the company didn’t publicly share information on this incident, it tagged it as a critical service issue tracked under EX1027675 on the Microsoft 365 Admin Center.

Microsoft has yet to share more information on what regions were affected by this outage, but it said the incident impacted “any user serviced by the impacted portion of infrastructure.”

Customers worldwide also reported experiencing email delivery failures over the last week, with those impacted saying they were receiving a Non-Delivery Report (NDR) with a “554 5.6.0 Corrupt message content” error.

The company first acknowledged the Exchange Online email delivery issues on March 10, 11:14 AM, but the admin center incident report says the outage started on March 7, 12:30 PM UTC.

“A recent service update, intended to improve our message transport services, introduced a code issue that resulted in impact for a portion of service infrastructure,” Redmond said in the final update regarding this incident on Thursday.

“Additionally, users may be unable to send email messages with attached files in any connection method of Exchange Online. Sending attachments as ZIP files allows the email messages to be delivered as expected, serving as a method by which to bypass the issue while we continue to investigate.
Article (https://www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/)

New MDR Product from Bitdefender and MspPortal Partners Inc.

MDR Secure Plus Bundle license: Includes existing Core MSP solution + Advanced Threat Security add on + EDR + MDR.
Whole Sale Pricing. Bought Individually would run $6.68 an endpoint. I reality you are purchasing a 24x7x365 tech for no money out of your pocket where do you hire a tech for no out of pocket expense.

Modern, Turnkey MDR for Managed Service Providers

Managed Service Providers face unique risks because they manage networks
and IT infrastructures for hundreds of small businesses. We at Bitdefender and MspPortal Partners
understand your need for cyber resiliency and operational efficiency – not only
for you but also for your customers.

Cybersecurity has become a critical factor for business success. Many MSPs
struggle in the face of increasingly complex technological environments,
more sophisticated attacks, inefficient on boarding resulting in slow
provisioning, licensing restrictions, manual billing that creates hours of extra
work for your team, and slow or unresponsive support.

MDR Foundations for MSPs helps you provide proactive protection for your
customers and minimize the impact of attacks quickly and effectively with:
• Prompt incident and breach response that supports a customer in all
scenarios
• Bulk on boarding of customers for MspPortal MSPs and automated on boarding for
customers
• Option of professional services to accelerate on boarding by MspPortal Partners
• Constant communication via email notifications in the MDR Portal

Proactive Protection
24/7 monitoring and response –including threat-intel driven hunts by our team Bitdefender and MspPortal Partners of experts across your entire customer base – to ensure organizations
are cyber resilient.

Thank you.

Sincerely,
MspPortal Partners Inc
By Roy Miehe

www.mspportalpartners.net
I will be provisioning up to 4 Tech Firms a week

Microsoft to deprecate WSUS driver synchronization in 90 days BEWARE FOLKS

By Sergiu Gatlan January 24, 2025 03:13 PM

Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now.

The company first announced the deprecation in June 2024, when it also encouraged customers to adopt its newer cloud-based driver services.

“If you’re using driver synchronization updates via Windows Server Update Services (WSUS), prepare for change. This service is scheduled for deprecation on April 18, 2025,” Microsoft said on Friday. “For on-premises contexts, drivers will be available on the Microsoft Update catalog, but you won’t be able to import them into WSUS.

“You’ll need to use any of the available alternative solutions, such as Device Driver Packages, or transition to cloud-based driver services for your organization, such as Microsoft Intune and Windows Autopatch,” the company added.

Redmond also announced in September that WSUS had been deprecated but that it plans to continue publishing updates through the channel and maintain all existing capabilities.

This came after WSUS was listed on August 13 as one of the “features removed or no longer developed starting with Windows Server 2025.”

“Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS,” Microsoft’s Nir Froimovici said at the time. “However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.”

Introduced almost two decades ago, in 2005, as Software Update Services (SUS), WSUS allows IT admins to manage and distribute updates for Microsoft products across corporate networks with large numbers of Windows devices.

WSUS provides centralized control over updates rather than having each endpoint download them from Microsoft’s servers.

After its deprecation, Microsoft encourages enterprises to adopt cloud-based solutions for client and server updates, such as Windows Autopatch, Azure Update Manager, and Microsoft Intune.
Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-to-deprecate-wsus-driver-synchronization-in-90-days/)

Microsoft Bets Office Subscribers Will Pay 30% More for AI Tools

By Matt Day, Bloomberg News
January 16, 2025 at 3:41PM EST

My opinion try calling Microsoft for support good luck..they might speak English if you need that language. Let alone being able to solve your issue. Oh how about keeping O365 mail going today alone 497 servers 7 hour ago were down..and they want you to pay more money..its all cloud based so they can gather more information about you..try to keep the spying down to a dull roar Microsoft..You know there are alternatives.

Look at LibreOffice..little work but may be well worth it

(Bloomberg) — Microsoft Corp. is raising the price of its package of Office apps for consumers, a bet that subscribers will be willing to cough up more for access to new artificial intelligence tools.

The Microsoft 365 family subscription, which offers access to Word, Excel and other apps for as many as six people, will now cost $130 a year, a 30% increase, the company said in a blog post Thursday. The version for individuals is rising 43% to $100. The price changes take effect immediately for new subscribers and will affect existing ones when they renew.

The increase is an attempt to wring more revenue from the company’s existing customer base and help justify the tens of billions of dollars it’s spending to develop and operate pricey AI services. The Redmond, Washington-based company, which has partnered with startup OpenAI, is infusing its product lineup with AI tools capable of analyzing documents and generating text and images.

A spokesperson said it was the first price increase for the software bundle – launched as Office 365, but now called Microsoft 365 — in 12 years. “These changes bring the transformative power of AI to the personal productivity tools that millions of people use every day,” Bryan Rognier, a company vice president, said in the blog post.

Rognier said the company has also made “countless enhancements” to the core Office apps and introduced such services as antivirus protection and image- and video-editing tools.

Microsoft previously tested the price hikes in Australia, Singapore and other Southeast Asian markets. They were controversial.

“It’s very annoying, and frankly I’m considering simply canceling entirely and just using Google Docs in the future,” said Daniel Burke, an independent game developer in Australia.

Burke and other users discovered that when they tried to cancel their subscriptions, Microsoft revealed a previously hidden option called Microsoft 365 Classic that rolled back the price increase and new AI features.

Microsoft spokespeople told reporters that the limited rollout gave the company a chance “to listen, learn and improve,” a phrase Rognier repeated in Thursday’s blog post. He said customers in markets now getting the price hike will also be able to opt in to a web- and mobile-based variant, called Basic, or, for a “limited time,” versions of the apps under the Classic brand. Neither option will include the AI services.

“Companies like Microsoft have spent so much on building AI up that now they need to force it on people,” said Kate Littlejohn, an Australian teacher and university tutor who requires the Office apps for her job. “I’m relieved that I found a way to opt out, but it shouldn’t be so difficult.”

John Bennetts, an Australian retiree who uses Office for email, word processing and the occasional spreadsheet, paid up.

“Habit makes me pay up and stay,” he said. “So I keep paying Microsoft and others, though I probably should not.”

–With assistance from Dina Bass.

(Updates with price increase criticism beginning in the seventh paragraph.)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count

Bitdefender Still does not have MDR ready

1-17-2025
Still not ready for prime time..I sent a email to the product manger..asking if they were fully staffed 1 month ago ans still no reply..If BD is going to charge for manged services, with the count they already maintain globally this is important to have eyes on 24x7x365 including Romania Holidays..in the tech industry, if we buy a product and pay for it support will call backs are important, other wise we might as well go to the product back in 94-95..Keep in mind this is always my opinon. My firm mange’s over 200K endpoints. MY MSP Partners depend upon my being correct and accurate

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

As I reported earlier Bitdefender MDR is still not ready for Prime Time

If you are Partner with my firm MspPortal Partners will will keep you informed and do a hands on setup for you..

This is now posted on the splash page when you login to Gravity Zone

As you all know I am a strong supporter of Bitdefender but are lacking Developers to make MDR a reality, it all the same products as in Gravity Zone..MDR runs hooks into Gravity Zone..( It is the best possible product to run to protect you clients

Requirements

For a company to enroll others:

The company type must be a Partner.
The company must have all the add-ons and services included in the product trial available for resell.

For a company to be enrolled:
The company type must be a Customer.
The company must be directly managed or using the same license as the company that wants to enroll them.
The company must not have all add-ons and services included in the trial enabled for own use.
The company must be using a monthly subscription, and the Endpoint Security product type.
The company must use the A la carte protection model.
Important
Additional restrictions may apply. If you meet all the trial requirements but are unable to access the feature, contact MspPortal Partners your Partner (mdr@mspportal.net if your interested in finding out more information).
The MDR Product Trial feature will be released in stages and has limited availability at the moment. Check the release notes for news and updates.

Microsoft Is Forcing Its AI Assistant on People—and Making Them Pay

Microsoft is trying a new approach to build excitement for its artificial-intelligence assistant Copilot: Give it to customers whether they want it or not.

The tech company recently added Copilot to its consumer subscription service for software including Word, Excel and PowerPoint in Australia and several Southeast Asian countries. Along with the AI feature, it raised prices for everyone who uses the service, called Microsoft 365, in those countries.

What about people who don’t want to pay for an AI assistant to spruce up their documents and summarize emails? They are out of luck.

Alistair Fleming uses Word to write scripts for his YouTube channel about 1990s Japanese wrestling. The Australian noticed that every time he finished a line, Copilot’s rainbow logo would pop up on screen and ask if it could help with his writing.

“It was very keen to be used, and this was irritating to me as a user,” Fleming said.

Fleming also noticed his monthly bill for 365 increased to 16 Australian dollars from A$11.

Some users said on social media that Copilot pop-ups reminded them of Clippy, Microsoft’s widely derided Office helper from the late 1990s, that would frequently offer unsolicited help.

A Microsoft spokesman wouldn’t comment on the strategy behind the forced addition of Copilot in certain regions and whether the company plans a similar approach in other markets.

The change demonstrates the lengths to which Microsoft is going to try to profit from its huge investments in AI. Copilot, which is built with technology from OpenAI, is a key part of Chief Executive Satya Nadella’s plan to keep expanding Microsoft’s software business for consumer and corporate customers.

Microsoft is OpenAI’s biggest investor, having plowed close to $14 billion into the ChatGPT maker.
Article:
https://finance.yahoo.com/news/microsoft-forcing-ai-assistant-people-103000840.html