Barracuda RMM Update

Barracuda announced that they will be releasing Barracuda RMM 12 SP4 to our cloud instances starting on August 2, 2021. This release introduces an integration with Microsoft Windows Defender Antivirus that allows MSPs to monitor and manage through Barracuda RMM and ServiceNow Service Desk PSA for round trip updates between Barracuda RMM tickets and ServiceNow incidents. In addition to the integrations, this release also offers improvements that enhance your user experience including Microsoft and third-party software patch management, and more.

A maintenance window is required for this upgrade during which all services will be unavailable. Please plan accordingly using the schedule outlined below.
• US01/02/05: Wednesday, August 4 from 2200 – 0200 (+1) UTC-0400
• US03/04/07: Thursday, August 5 from 2200 – 0200 (+1) UTC-0400
Barracuda RMM 12 SP4 will be generally available on Thursday, August 5, 2021.

Bitdefender Gravity Zone Sandbox Analyzer Detection

Folks you need to add ATS (Hyperdetect with Sandbox combo package pricing)

Sandbox Analyzer Detection

Bitdefender Gravity Zone

Sandbox Analyzer has detected a threat on your network.
More information about the detected object can be found below.
________________________________________
Sandbox Detection Details
Company: This could have been your firm or your clients beware
Host Name/IP ACTIVITYLINK61 / x.x.x.x
Detection Timestamp 22 Jul 2021, 11:11:04
Threat Type Trojan
This bundle contained the following file(s):
File Name File Path File Size Remediation
ALProWebserver_Sunshine.exe C:/Home/alpro/Sunshine/Webportal 6.94 MB Quarantined

To view the behavioral events recorded during sandbox analysis, you can generate the Sandbox Analysis Results report from the Reports section in Control Center.

Bitdefender Requirement Important

Please read your Security Alerts:

Deployments have reached Customer’s maximum license limit:

Notification Details:

The Customer company XYZ FD has reached the maximum number of endpoints protected by the license key (Company Key).
To protect more endpoints for this company, you should extend its service subscription or add more licenses.
Otherwise your endpoints will not be protected and are subject to malware

Windows Privilege Escalation Vuln Puts Admin Passwords At Risk

July 21 2021

Microsoft has issued a temporary workaround for systems vulnerable to CVE-2021-36934, also known as “HiveNightmare” and “SeriousSAM.”

Microsoft has issued a temporary workaround for a privilege escalation vulnerability that could expose administrator passwords to non-admin users.

CVE-2021-36934, also called “HiveNightmare” and “SeriousSAM,” appears to have been first detected by security researcher Jonas Lykkegaard, Forbes reports. Lykkegaard noticed the Security Account Manager (SAM) file had become read-enabled for all users, meaning an attacker with non-admin privileges could access hashed passwords and elevate privileges.

Lykkegaard and other security researchers found the issue affected the Windows 11 preview as well as Windows 10. Microsoft has confirmed the problem affects Windows 10 version 1809 and newer operating systems and has provided workarounds for systems affected by the flaw.

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” the company wrote in its CVE.

An attacker who successfully exploited the flaw could run arbitrary code with system privileges and then install programs; view, change, or delete data; or create new accounts with full user rights. They also have the ability to execute code on a target system to exploit the bug. So far Microsoft has not detected exploits in the wild, though it notes exploitation is “more likely.”

Microsoft has stated it will update the CVE as its investigation continues.
Article: Dark Reading

Windows Print Spooler Remote Code Execution Vulnerability

MspPortal Reported the issue on 7-7-2021

For PrintNightmare we currently have the following detections live:
Exploit.RPRN.CVE-2021-1675.PrintNightmare — from our NAD module (I know the CVE in the name differs, but it still detects the attack)
Alert.RPRN.AddPrinterDriver — from our EDR module
We are also working on detection from our behavioral engine. However, that will take a bit more time as it requires extensive testing but will be available soon.

 

Solution 7-12 Bitdefender Solved the issue

Bitdefender technologies will now protect against this vulnerability.