Buying Power Matters

In their early days, companies such as Groupon and Living Social maximized the concept of buying power. They would rally a number of individuals who need or want certain items, and use their collective buying power to get the items at lower prices than any one person could buy on the open retail market. This is one of many examples of how buying power can save people and businesses money.

When it comes to endpoint security, MspPortal Partners uses its buying power for solutions from Barracuda, Bitdefender and other providers to help resellers and distributors with ways they can offer competitive rates and grow their businesses. Like a consumer going direct to a retailer, resellers can go direct to providers for encrypted mail solutions, remote management software, email security and malware protection, but they are likely to pay retail rates. They simply don’t have the experience, relationships or the volume to justify the solution providers lowering their rates. Entry-point pricing is much closer to retail pricing, making it difficult for resellers and distributors to add enough margin to quickly build a profitable business.

MspPortal Partners leverages years of security industry experience to purchase endpoint security seats at a much lower rate than individual resellers can negotiate. In fact, MspPortalPartners works with 400 MSPs and 3927 resellers customers across the country and Canada, and collectively, the group manages over 200,000 endpoints. The ability to buy seats in larger quantities results in savings that are passed on to MspPortalPartners customers. This savings is in addition to better customer service, tech support and training that can be relied on 24x7x365.

So, when we talk about buying power, we lean on the relationships MspPortalPartners has built over the last several years with providers to negotiate pricing that benefits our network. And while the buying-power pricing often attracts resellers and distributors to MspPortalPartners, it is our technical knowledge and service that keeps them as a partner.

For more information about our Partner Program and how MspPortalPartners operates, visit…

SonicWall Breached Via Zero-Day Flaw In Remote Access Tool

Sophisticated hackers compromised SonicWall’s NetExtender VPN client and SMB-oriented Secure Mobile Access 100 series product, which are used to provide employees and users with remote access to internal resources.

SonicWall disclosed Friday night that highly sophisticated threat actors attacked its internal systems by exploiting a probable zero-day flaw on the company’s secure remote access products.

The Milpitas, Calif.-based platform security vendor said the compromised NetExtender VPN client and SMB-oriented Secure Mobile Access (SMA) 100 series products are used to provide employees and users with remote access to internal resources. The SMA 1000 series is not susceptible to this attack and utilizes clients different from NetExtender, according to SonicWall.

“We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall wrote in an “Urgent Security Notice” posted to its product notifications webpage at 11:15 p.m. ET Friday. The company said the coordinated attack on its systems was identified “recently.”

SolarWinds Hackers Access Malwarebytes’ Office 365 Emails

SonicWall declined to answer questions about whether the attack on its internal systems was carried out by the same threat actor who for months injected malicious code into the SolarWinds Orion network monitoring tool. The company, however, noted that it’s seen a “dramatic surge” in cyberattacks against firms that provide critical infrastructure and security controls to governments and businesses.

The company said it is providing mitigation recommendations to its channel partners and customers. Multi-factor authentication must be enabled on all SonicWall SMA, firewall and MySonicWall accounts, according to SonicWall.

Products compromised in the the SonicWall breach include: the NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls; as well as SonicWall’s SMA version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

SonicWall partners and customers using the SMA 100 series should either use a firewall to only allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs or configure whitelist access on the SMA directly itself, according to the company.

For firewalls with SSN-VPN access using the compromised version of the NetExtender VPN client, partners and customers should either disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs, according to SonicWall.

SonicWall is the fifth pure-play cybersecurity vendor to publicly disclose an attack over the past seven weeks. FireEye blew the lid off what would become the SolarWinds hacking campaign Dec. 8 when company said that it was breached in an attack designed to gain information on some of its government customers. The attacker was able to access some of FireEye’s internal systems, the company said.

Then CrowdStrike disclosed Dec. 23 that it had been contacted eight days earlier by Microsoft’s Threat Intelligence Center, which had identified a reseller’s Microsoft Azure account making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago, according to CTO Michael Sentonas.

The reseller’s Azure account was used for managing CrowdStrike’s Microsoft Office licenses, and the hackers failed in their attempt to read the company’s email since CrowdStrike doesn’t use Office 365 email, according to Sentonas.

Then Mimecast announced Jan. 12 that a sophisticated threat actor had compromised a Mimecast-issued certificate used to authenticate several of the company’s products to Microsoft 365 Exchange Web Services. The compromised certificate was used to authenticate Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365, the company disclosed.

Mimecast declined to answer CRN questions about whether its breach was carried out by the same group who attacked SolarWinds. But three cybersecurity officials told Reuters Jan. 12 they suspected the hackers who compromised Mimecast were the same group that broke into SolarWinds. The Washington Post reported that the SolarWinds attack was carried out by the Russian foreign intelligence service.

Most recently, Malwarebytes disclosed Tuesday that the SolarWinds hackers leveraged a dormant email production product within its Office 365 tenant that allowed access to a limited subset of internal company emails. Malwarebytes doesn’t itself use SolarWinds Orion, and learned about the attack from Microsoft following suspicious activity from a third-party application in the company’s Office 365 tenant

 

By Michael Novinson January 23, 2021, 11:20 AM EST (Article)

13 email threat types to know about right now

Brought to by Barracuda and MspPortal Partners/MSP Aggregator – Distributor
How inbox defense protects against increasingly sophisticated attacks or compliment your current mail filtering solution considering O365 and Mimecast are now compromised very inexpensive to protect yourself from bad actors.
Have your tech team contact MspPortal Partners for pricing

MspPortal provides aggressive/displacement pricing but assisting in the integration and 1 & 2 line tech support

PDF Table of Contents
1) Introduction: Radically reduce susceptibility to targeted email attacks page 1
2) Fighting increasingly complex email attacks page 3
3) Spam page 5
4) Malware 8
5) Data Exfiltration page 12
6) URL Phishing page 15
7) Scamming page 18
8) Spear Phishing page 22
9) Domain Impersonation page 26
10)Brand Impersonation page 30
11)Blackmail page 34
12)Business Email Compromise page 38
13)Conversation Hijacking page 42
14)Lateral Phishing page 46
15)Account Takeover page 49
16)Strengthening your email security posture with API-based inbox defense page 53
17)Conclusion: Effectively protecting against evolving email threats page 56

PDF download Barracuda 13 email threats

Beware Microsoft to Launch ‘Enforcement Mode’ for Zerologon Flaw

Microsoft to Launch ‘Enforcement Mode’ for Zerologon Flaw
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.

Microsoft has warned IT security admins that starting with its Feb. 9, 2021, security update, it will enable Domain Controller (DC) enforcement mode by default as a means of addressing a Critical remote code execution vulnerability affecting the Netlogon protocol.

This move will block vulnerable connections from noncompliant devices, according to a Microsoft Security and Response Center blog post. DC enforcement mode requires both Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with a Netlogon secure channel, unless a business has allowed an account to be exposed by adding an exception for a noncompliant device.

CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) with a CVSS score of 10. It could enable an unauthenticated attacker to use MS-NRPC to connect to a domain controller and gain full admin access.

Article DarkReading

Now is the Time to think about Protecting Mail and Endpoints

Most firms bought in to the idea of purchasing Microsoft Office 365 for financial reasons and convenience. Microsoft promised easy access to Word, Excel and Outlook know matter where you are. Unfortunately, now might be the day of reckoning with the breach of Microsoft cloud products. Hackers, phishing emails and bad actor malware are regularly using O365 to find more victims, and truth is, you’re actually more likely to already be infected via Microsoft’s patching processes. (This is not your fault. Microsoft’s MO is to always do patching on your operating system to keep you secure.)

You need to take a proactive position to:
1) Protect your email (Barracuda Spam Filtering best in breed)
2) Protect your Windows Operating systems (Bitdefender Gravity Zone fully EDR protection The only cybersecurity vendor to prevent all advanced threats AV comparatives.

With both of these layers of security in place, you can limit your exposure to the SolarWinds malware threat, which is bigger than even the media understand. Everyday more and more firms are coming forward with security breaches. Unfortunately for SolarWinds’ customers, the malware used int he attack is a mutating virus and responds to web commands.

If you are the Public, ask your Internet provider or support tech if they use SolarWinds RMM. If they do, ask to have it removed and replaced. Most tech firms will try justify why they should keep SolarWinds. Fight for your protection.

If you are tech company, contact MspPortal Partners, and we will set you up with the proper security to protect you endpoints and clients.

The cost for both lines through us is less than $6.00 a month per endpoint/mailbox. MspPortal Partners is a Value-Add Distributor for both products. MspPortal Partners does not sell direct to the public. MspPortal Partners have over 400 plus tech firms fully trained to implement a security solution to protect you.

Note: More than likely, your tech firm will charge for any modifications to your account because the virus is not their fault.

Side/foot note:
1) We asked and received a confirmation from the legal team at Barracuda that there is was/no integration of SolarWinds Orion software in the ESS spam filtering or RMM solutions.
2) Bitdefender also confirmed it does not use the Orion solution.
3) Sign up for our RSS feed to keep you informed on today’s Security Landscape

SolarWinds Hackers’ Attack on Email Security Company Raises New Red Flags

Customers of Mimecast were targeted in cyberattack, showing the multiple layers of potential victims at risk in massive hack

Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The tools and techniques used in this attack link these operators to those who recently targeted SolarWinds, The Wall Street Journal reports.

The SolarWinds attack affected some 18,000 public and private organizations that downloaded infected versions of legitimate updates to its Orion network management software. However, the attack on Mimecast shows not all victims had to be SolarWinds customers to be targeted.

Mimecast was a SolarWinds customer in the past but no longer uses the Orion software, a person familiar with the matter told WSJ. The company has not determined how attackers got in or whether its earlier use of SolarWinds could have left it vulnerable.

Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Mimecast Comments 

Look at this: on there comment section
Forward-Looking Statements-my interpretation is it is not our fault and no payment relief was made
Do you really want to do business with a firm like this? Or trust your confidential emails to you customers.

Dark Reading Comments and Article

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

The discovery of a data breach at email service provider Mimecast could indicate attackers behind the massive SolarWinds incident may have pursued multiple paths to infiltrate target organizations, a new report states.

Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The tools and techniques used in this attack link these operators to those who recently targeted SolarWinds,

The SolarWinds attack affected some 18,000 public and private organizations that downloaded infected versions of legitimate updates to its Orion network management software. However, the attack on Mimecast shows not all victims had to be SolarWinds customers to be targeted.

Mimecast was a SolarWinds customer in the past but no longer uses the Orion software, a person familiar with the matter told WSJ. The company has not determined how attackers got in or whether its earlier use of SolarWinds could have left it vulnerable.

Left undisclosed by SolarWinds: Put out of list of the 18,000 companies affected even CISA has not confirmed, maybe folks should contact the FTC they are a publicly traded firm

 

 

RCE Vulnerability Affecting Microsoft Defender

RCE Vulnerability Affecting Microsoft Defender

 

Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647

in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1647 and apply the necessary updates.

Ubiquiti Inc Hacked-

Dear Customer,

We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.

Thank you,
Ubiquiti Team

Personally I have respect for the firm to come out with a announcement

I have tried to contact them via phone and email asking if SolarWinds Orion monitoring tools are used in there network but at the time of this article there has been no response yet

Deployments have exceeded Customer’s license limit

 Folks add this to your email alerts. (Bell Top Right hand corner-> Sprocket)

Companies and endpoints need to be licensed IMPORTANT otherwise you will have endpoints not updating correctly

It will appear as Notification Details:

The Customer company XYZ has exceeded the maximum number of endpoints protected by the license key .

Roy