Top 5 Most Dangerous Cyber Threats in 2024 Must Read article !!

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

Ericka Chickowski, Contributing Writer May 14, 2024

RSA CONFERENCE 2024 – San Francisco – Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multiyear supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year?

At last week’s RSA Conference, Ed Skoudis, president of the SANS Technology Institute, convened his annual panel of SANS Institute instructors and fellows to dig into topics that should be top of mind for cyber defenders for the remaining months of the year.

Security Impact of Technical Debt

The security cracks left behind by technical debt may not sound like a pressing new threat, but according to Dr. Johannes Ullrich, dean of research for SANS Technology Institute, the enterprise software stack is at an inflection point for cascading problems. What’s more, “It affects more and more not only just our enterprise applications, but also our security stack,” he said.

Technical debt is the accumulation of work in software engineering or system design that’s left undone or put off until tomorrow for the sake of getting a minimum viable product up and running today. The debt may be accrued intentionally to optimize for speed or cost reasons, or it could build up unintentionally due to immature software engineering practices. Either way, it tends to raise a ton of cybersecurity risks as the debt grows.

And according to Ullrich, the rising accrual of technical debt combined with the growing complexity of the software supply chain is increasing the profile of this threat vector.

“Even as a developer myself, it is very easy to say, ‘Hey, this new library doesn’t really have any new features and doesn’t fix any security vulnerabilities, so I’m not going to apply that update,” he says. “The problem is that five years from now, after you skip 10 to 15 different incremental updates, then the big security vulnerability hits that library and now you have to work through all of these little quirks that have added up over the years so you can fix it.”

Article (https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024?_mc=NL_DR_EDT_DR_weekly_20240516&cid=NL_DR_EDT_DR_weekly_20240516&sp_aid=123517&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=53519)

In my world of tech support it is happening with 98% of all manufacturers today Microsoft being the leader in my opinion.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Celebrating Barracuda’s 2024 CRN Women of the Channel winners

MspPortal Partners Inc is a large partner of Barracuda and does large investments in tech firms for it 400 plus MSP partners from the East Coast to the West Coast Alaska and Canada service over 4000 companies amongst the 400 plus partners.

Congrats to the ladies below..But in my opinion they failed to mention 2 ladies that are part of the glue that keeps Barracuda alive

Both these ladies are the glue that  run and mange support teams and staff inside the Barracuda organization (West Coast and East Coast)

Kris Louie and Ginger Janukaitis, they both run the folks who answer the phones for support calls and informs the staff who to direct the calls to if need depending the nature of the support call

Today, CRN announced its highly respected Women of the Channel list for 2024. We’re excited to share that a total of six Barracuda team members made the list!

This annual award highlights a list of women who have made significant strides in their respective fields and at their organizations, underscoring their leadership and dedication to promoting continuous innovation and success. This year, six of our very own female leaders have been featured on the list. The honorees include:

Maria Martinez, VP of Channels, North America

Karen Ward, Regional VP, MSP Sales, Americas, Barracuda MSP

Lindsay Faria, Senior Director, MSP Marketing, Americas, Barracuda MSP

Jenna Renaud, Director of National Accounts

Alli Oneal, Senior Manager, Global Partner Programs & Partner Experience

Aisha Eugene, Senior Manager, Partner Enablement, Barracuda MSP

To help get a sense of their roles and responsibilities, we asked these six women about some of their channel-related accomplishments over the last year as well as a few goals that they have for our channel business in the coming months.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

About RMM’s and Bitdefender and Barracuda

MspPortal Opinions A Security Software Value Add Distributor for MSP’s we work for a living. Flat monthly rate pricing, no contracts

Bitdefender: 3rd leval Support use only Basic AV, ATS, and if client wants EDR, Do not waste you money on MDR or other add-ons What they lacke in “Verbal Tech Support” MspPortal makes up for it we answer calls and emails M-F and have a 24x7x365 answering service to assist us.

Barracuda: Spam Filtering best in the business, RMM-below,
Do not waste you money on there SOC, XDR especially there Intronis Backup, they lack Development and support

Keep in mind at MspPortal Partners we are techs and believe in Tech dashboards not pretty pictures

Guide To The Best RMM Software of 2024

Best Tools By Paulo Gardini Miguel

1) SuperOps.ai – Best user experience(No knowledge)

2) Barracuda RMM – Best for robust security features (MspPortal Partners Choice ***, Distribute, the most secure and oldest RMM.)
Barracuda RMM is a leading name in the field of remote monitoring and management, focusing on delivering top-notch security features. Serving various industries, it plays a critical role in safeguarding IT systems and networks, making it especially appealing for businesses prioritizing strong security measures.

3) OptiTune – Best for customizable user experience (No knowledge)
4) ITarian RMM – Best for integration capabilities (Poor Support)
5) Syxsense – Best for real-time monitoring (No knowledge)
6) Naverisk – Best for network management efficiency (Not Impressed)
7) MSP360 RMM – Best for cross-platform compatibility (Pretty Web Site)
8) ManageEngine ServiceDesk Plus MSP – Best for helpdesk functionality (No knowledge)
9) N-able – Best for small to medium MSPs (Stay Away SOLARWINDS issue, one of my Partners callis “Disable”)
10) ConnectWise RMM – Best for automation (up and down not reliable)

11) NinjaOne – Best for growing teams (I was a X disrtibutor till they deleted 4000 endpoints of Bitdefender, Now they spend more time in maintence mode or up and down like a YoYo. To be fair MspPortal Partners still has thousands of end points and partners still using the product. MspPortal Partners just will not resell the product. (We have reports to support this)
Reporting is disappointing compared to some other platforms
There’s no plan for teams managing fewer than 50 devices at this time

12)ManageEngine RMM Central – Best for customer service (No knowledge)
13) Atera – Best range of features ( We displace more of this product)
14) GoTo Resolve – Best for providing IT support (No knowledge)
15) LogMeIn Central – Best for internal IT teams ( a Wanna Be for the revenue)
16) Syncro – Best for unlimited endpoints (You had be a tech they have no Vocal Tech Support only email)
17) Domotz – Best value for money (No knowledge)
18) Pulseway – Best for mobile app management (Out of the country and will just take your money lack support)
19) Auvik – Best for network monitoring(No knowledge)
20) Addigy – Best for managing Apple devices (No knowledge)
21) Intermapper – Best for network mapping (No knowledge)
22) Kaseya VSA – Best for easy onboarding and migration (Bad News anything they touch including Datto)
23) VNC Connect RPort – Best for managing IoT devices ((No knowledge)
24) TeamViewer – Best for supporting remote teams (over priced)
25) AnyDesk – Best for remote desktop access (folks moving off this platform)
26) Splashtop – Best for enterprise IT support (Be careful folks are moving off this Remote Platform)
27) Action1 – Good for endpoint management and security (No knowledge)
28) Datto RMM – Good for cloud-based remote management (Kaseya Buyout and up and down good PSA at one time pricey)
29) Hexnode UEM – Good for unified endpoint management (No knowledge)
30) PRTG Network Monitor – Good for network monitoring and reporting (No knowledge)

Whether you’re managing employee devices on a bring-your-own-device (BYOD) policy, installing patches, or monitoring potential security risks to your network, RMM software is essential for any situation where you need to manage IT systems in multiple locations.

Speed, uptime and ease of use, and automation capabilities are all critical factors to consider, but it can be tricky to narrow down the best solutions for your needs.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Action required: 90-day notice – Barracuda DMARC policy Must Read Please

Barracuda Networks, Inc. is taking steps to harden our email-sending domains by moving our DMARC policy into an enforcement configuration. 
 
This important measure will prevent the potential threat of an adversary looking to impersonate Barracuda. As we implement this control, we advise all our customers to change their notification email address and the SMTP server setting on their Barracuda appliance(s) to use their domain/email address instead of ‘barracuda.com‘. Doing this will ensure your email provider accepts your notification emails from your Barracuda appliance.  
 
Please note this is a 90-day notice that we plan to enforce our DMARC policy. If you have not moved to the new product version that supports this change by July 19, 2024, your product (see list below) will no longer be supported. 
 
Below are articles to assist in making these changes to your Barracuda appliances where Barracuda DMARC policy will be enforced, please click on the one(s) that are relevant to you or locate them on Barracuda Campus by searching for “DMARC.”  
 
 
 
 
 
 
 
 

 

Please note, if you have not moved to the new version by July 19, 2024 your product will no longer be supported.  

 
We greatly appreciate your cooperation in this matter to improve your security posture and reduce potential email impersonation attacks. 
 
If you have questions or need assistance, please reach out to the support team at support@barracuda.com.

 
 
Thank you! 
 
TheBarracudaTeam

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

Cybercriminals pose as LastPass staff to hack password vaults

Cybercriminals pose as LastPass staff to hack password vaults

If you are not Off Last Pass Yet get off it..you should be Try Bitwarden
By Bill Toulas April 18, 2024 10:56 AM

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft.

CryptoChameleon is an advanced phishing kit that was spotted earlier this year, targeting Federal Communications Commission (FCC) employees using custom-crafted Okta single sign-on (SSO) pages.

According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL.

During its investigations, LastPass discovered that its service was recently added to the CryptoChameleon kit, and a phishing site was hosted at at the “help-lastpass[.]com” domain.

The attacker combines multiple social engineering techniques that involve contacting the potential victim (voice phishing) and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.

Below are the tactics LastPass observed in this campaign:

Victims receive a call from an 888 number claiming unauthorized access to their LastPass account and are prompted to allow or block the access by pressing “1” or “2”.

If they choose to block the access, they’re told they will get a follow-up call to resolve the issue.

A second call comes from a spoofed number, where the caller, posing as a LastPass employee, sends a phishing email from “support@lastpass” with a link to the fake LastPass site.

Entering the master password on this site allows the attacker to change account settings and lock out the legitimate user.

The malicious website is now offline but it is very likely that other campaigns will follow and threat actors will rely on new domains.

Users of the popular password management service are recommended to beware of suspicious phone calls, messages, or emails claiming to come from LastPass and urging immediate action.

Some indicators of suspicious communication from this campaign include emails with the subject “We’re here for you” and the use of a shortened URL service for links in the message. Users should report these attempts to LastPass at abuse@lastpass.com.

Regardless of the sevice, the master password should not be shared with anyone since it is the key to all your sensitive information.

Article (https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Cisco Duo warns third-party data breach exposed SMS MFA logs

Plus Bonus Article must read today

By Bill Toulas April 15, 2024 10:52 AM

Cisco Duo’s security team warns that hackers stole some customers’ VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider.

Cisco Duo is a multi-factor authentication and Single Sign-On service used by corporations to provide secure access to internal networks and corporate applications.

Duo’s homepage reports that it serves 100,000 customers and handles over a billion authentications monthly, with over 10,000,000 downloads on Google Play.

In emails sent to customers, Cisco Duo says an unnamed provider who handles the company’s SMS and VOIP multi-factor authentication (MFA) messages was compromised on April 1, 2024.

The notice explains that a threat actor obtained employee credentials through a phishing attack and then used those credentials to gain access to the telephony provider’s systems.

The intruder then downloaded SMS and VoIP MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024.

“We are writing to inform you of an incident involving one of our Duo telephony suppliers (the “Provider”) that Duo uses to send multifactor authentication (MFA) messages via SMS and VOIP to its customers,” reads the notice sent to impacted customers.

“Cisco is actively working with the Provider to investigate and address the incident. While the investigation is ongoing, the following is a summary of the incident based on what we have learned to date.”

The provider confirmed that the threat actor did not access any contents of the messages or use their access to send messages to customers.

However, the stolen message logs do contain data that could be used in targeted phishing attacks to gain access to sensitive information, such as corporate credentials.

The data contained in these logs includes an employee’s:

Phone number
Carrier
Location data
Date
Time
Message type

When the impacted supplier discovered the breach, they invalidated the compromised credentials, analyzed activity logs, and notified Cisco accordingly. Additional security measures were also implemented to prevent similar incidents in the future.

The vendor provided Cisco Duo with all of the exposed message logs, which can be requested by emailing msp@duo.com to help better understand the scope of the breach, its impact, and the appropriate defense

strategy to take.

Cisco also warns customers impacted by this breach to be vigilant against potential SMS phishing or social engineering attacks using the stolen information.

“Because the threat actor obtained access to the message logs through a successful social engineering attack on the Provider, please contact your customers with affected users whose phone numbers were contained in the message logs to notify them, without undue delay, of this event and to advise them to be vigilant and report any suspected social engineering attacks to the relevant incident response team or other designated point of contact for such matters,” concludes the notification from Cisco’s Data Privacy and Incident Response Team.

“Please also consider educating your users on the risks posed by social engineering attacks and investigating any suspicious activity.”

The FBI warned last year that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks.

In 2022, Uber was breached after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp via their phone numbers, pretending to be IT help desk personnel. This eventually led to the target allowing the hackers to log into the account and gain access to Uber’s systems.

Cisco has not disclosed the supplier’s name and the number of customers impacted by this incident. BleepingComputer contacted Cisco with further questions but a reply was not immediately available.
Related Articles:

Article (https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-data-breach-exposed-sms-mfa-logs/)

Article a Must Read ( https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/) Cisco warns of large-scale brute-force attacks against Most VPN services

Roy Miehe | MspPortal Partners Inc. | Ceo/PresidentSecurity

Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count

 

Bitdefender Changes access to Power user

Bitdefender recently made major changes to the Power User capability, and the main driver for this change is security. The 3rd party technology we use for PowerUser could pose some security risks in the future, and we had to act quickly to mitigate those risks. Also, the latest version of the technology is not compatible with any operating system before Windows 10, which does not fall in line with our target to offer backward compatibility.

Therefore, we’ve decided to provide a change which will let us continue PowerUser for all the supported operating systems. The new CLI will help us provide a lighter agent footprint, and much more precise control of all modules going forward.

We are currently working on adding new commands in PowerUser ComandLine to support additional actions and we plan to expend its coverage as we move forward.
Considering the feedback we recently received from some of our customers and partners, we also plan to release example scripts in our documentation, and allow the use of our existing Power User capability. It will be accessible only by running the process EPPowerConsole.exe directly, and it will be limited to Windows 10 and above operating systems.

An important project we have ongoing right now is the development of a new BEST GUI, which will offer some of the Power User capabilities in the endpoint GUI.
We aim to introduce as many settings as possible going forward on this new UI and CLI. Your feedback is most welcome, as it will determine what options will be available in the upcoming BEST GUI.”

I spoke to a nice gentleman in Romaina (BD Head Quarters, and he stated it had changed to only getting to it: By following these steps Windows/program Files/Bitdefender/endpoint security/ run as admin EPPowerConsole.exe-> then put the password in to bring up the UI. A little painful but secure

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

04/11/2024 02:15 PM EDT

Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive rhttps://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-systemequires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.

While ED 24-02 requirements only apply to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate email and are encouraged to contact their respective Microsoft account team for any additional questions or follow up. FCEB agencies and state and local government should utilize the distro MBFedResponse@Microsoft.com for any escalations and assistance with Microsoft. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.

Article (https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-issues-emergency-directive-24-02-mitigating-significant-risk-nation-state-compromise-microsoft)

Folks be smart get off O365 they are compromised ever since they were invefected by solarwinds a leaking timebomb

2020 was a roller coaster of major, world-shaking events. We all couldn’t wait for the year to end. But just as 2020 was about to close, it pulled another fast one on us: the SolarWinds hack, one of the biggest cybersecurity breaches of the 21st century.

The SolarWinds hack was a major event not because a single company was breached, but because it triggered a much larger supply chain incident that affected thousands of organizations, including the U.S. government.

Suggestion at least use our malware protection products (Like Mail Protection to start off with)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

New Windows driver blocks software from changing default web browser

Must read article (https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/)

 

By Lawrence Abrams April 7, 2024 10:17 AM
Microsoft is now using a Windows driver to prevent users from changing the configured Windows 10 and Windows 11 default browser through software or by manually modifying the Registry.

Windows users can still change their default browser through the Windows settings. However, those who utilized software to make the changes are now blocked by a driver quietly introduced to users worldwide as part of the February updates for Windows 10 (KB5034763) and Windows 11 (KB5034765).

IT consultant Christoph Kolbicz was the first to notice the change when his programs, SetUserFTA and SetDefaultBrowser, suddenly stopped working.

SetUserFTA is a command line program that lets Windows admins change file associations through login scripts and other methods. SetDefaultBrowser works similarly but is only for changing the default browser in Windows.

Starting with Windows 8, Microsoft introduced a new system for associating file extensions and URL protocols with default programs to prevent them from being tampered with by malware and malicious scripts.

This new system associates a file extension or URL protocol to a specially crafted hash stored under the UserChoice Registry keys.

If the correct hash is not used, Windows will ignore the Registry values and use the default program for this URL protocol, which is Microsoft Edge.

Kolbicz reverse engineered this hashing algorithm to create the SetUserFTA and SetDefaultBrowser programs to change default programs.

However, with the Windows 10 and Windows 11 February updates installed, Kolbicz noted that these Registry keys have now been locked down, giving errors when modified outside the Windows Settings.

For example, using the Windows Registry Editor to modify these settings gives an error stating, “Cannot edit Hash: Error writing the value’s new contents.”

BleepingComputer contacted Microsoft about the lockdown of these Registry keys in March, but they said they had nothing to share at this time.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

FTC: Americans lost $1.1 billion to impersonation scams in 2023

By Bill Toulas April 1, 2024 12:03 PM

At MspPortal Partners Inc we/partners can train your employees for Work and Home. With our # 1 Mail Protection and Phishing Education rated and used by the top 500 firms.

“Many scammers impersonate more than one organization in a single scam – for example, a fake Amazon employee might transfer you to a fake bank or even a fake FBI or FTC employee for fake help.”

The top Five scam types FTC highlights are:

1) Copycat Account Security Alerts: Scammers send fake alerts about unauthorized account activity, tricking victims into transferring funds for protection.
Phony Subscription Renewals: Emails claim a subscription you never had is renewing, coaxing you into a refund scam that involves returning over-refunded amounts via gift cards.

2) Fake Giveaways, Discounts, or Money to Claim: Scams offer bogus discounts or giveaways from known brands, leading victims to buy gift cards or send money to claim the non-existent offers.

3) Bogus Problems with the Law: Impersonators claim you’re implicated in a crime, pushing you to move money or buy gift cards under the guise of resolving the issue.

4) Phony Subscription Renewals: Emails claim a subscription you never had is renewing, coaxing you into a refund scam that involves returning over-refunded amounts via gift cards.

5) Made-up Package Delivery Problems: Fraudulent messages from carriers about delivery issues, aiming to steal credit card information or account details under the pretense of resolving a delivery problem.

The agency provides tips for consumers to protect against this type of fraud, which include avoiding clicking on URLs arriving via unsolicited communications, distrusting requests for money transfers, and taking the time to verify suspicious communications.

148,0000 Phone Calls
120,0000 Phishing Emails
65,000 Text Messages
45,000 Other Methods

Article (https://www.bleepingcomputer.com/news/security/ftc-americans-lost-11-billion-to-impersonation-scams-in-2023/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”