## MspPortal Partners Steps Up with Premier Security Solutions for MSPs

**MspPortal Partners** is proud to continue serving as a trusted distributor of industry-leading security software at **wholesale prices** exclusively for Managed Service Providers (MSPs), both small and large. We do **not** sell direct to end users — our commitment is to empower **tech firms** with the best tools at the best value.

We’re not here to buy your business — our **aggressive pricing** and **expert service** speak for themselves.

—

### 🛡️ **Barracuda Email Security — Three Wholesale Tiers**

**1) Advanced Email Protection**

* Combines secure email gateway with AI-powered threat detection
* Protects against **13+ email threat types**
* Includes **post-delivery threat remediation**

**2) Complete Mail Protection**

* Includes all features of Advanced
* Adds **cloud backup** for **Microsoft 365 and Google Workspace (Gsuite)** components
* Backup occurs **off-platform** for enhanced redundancy

**3) Total Mail Protection**

* Includes everything from Complete
* Adds **lateral attack protection** across Microsoft 365 apps
* Includes full **data recovery and restore capabilities**

—

### 🖥️ **RMM – Remote Monitoring and Management**

We provide Remote Management tools (RMM) designed for proactive IT monitoring. This includes:

* Real-time system status tracking
* Automated remediation
* Efficient **remote device management**
* Reduces the need for on-site support

—

### 🔐 **Bitdefender — Elite Endpoint Security Solutions**

MspPortal Partners offers **multiple wholesale tiers** for Bitdefender, the global cybersecurity leader. Our customers report **superior performance** to platforms like **CrowdStrike** and **SentinelOne**.

**Available for**:

* Small Businesses
* Midsize Firms
* Enterprise Environments

**Core Features**:

* **GravityZone Platform**: Instantly scalable endpoint protection
* Compliance-ready: Supports **PCI DSS**, **NIS2**, **HIPAA**
* Simple integration with powerful reporting
* Multi-layered defense — next-gen AV, EDR, and behavioral analytics
* MDR — next-gen AV, EDR, and behavioral analytics managed 24x7x365 by humans and AI with alerts

—

### 🛠️ **Support & Training That Sets Us Apart**

We offer up to **Level 3 support**, plus **in-depth training** — a rarity in wholesale distribution.

* **24x7x365 support** always available
* **Phone support** available **Monday–Friday, 7:30 AM to 5:00 PM MST/Arizona** — and yes, **we actually pick up the phone**.

—

### 👤 **Contact**

**Roy Miehe**
CEO/President, MspPortal Partners Inc.
Security Software Distributor: **Bitdefender**, **Barracuda**, **Axcient**
*“Where Service and Technical Skills Count”*

Bitdefender Update EDR

When Bitdefender first started EDR (Endpoint Detection and Response) it was for a unlimted time.
They have now decide to make money paid for a service “retension” with that EDR service.
Option 1 No Data Retention (no cost)
Option 2 Data Retention 90 days(added cost)
Option 1 Data Retention 180 days(added cost)
Option 1 Data Retention 1 year (added cost)
Unless you need the option for auditing purpose do not waste you money.

Roy | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

Hackers Manipulate Stock Markets in $700 Million Illicit Trading Spree-Plus CloudFlare Issues

Stock Markets and Power Grids issues

Hackers Manipulate Markets in $700 Million Illicit Trading Spree
Aya Wagatsuma, Ryo Horiuchi and Takashi Nakamichi
Mon, April 28, 2025 at 7:12 AM MST 7 min read

(Bloomberg) — Criminals are hijacking online brokerage accounts in Japan and using them to drive up penny stocks around the world. The wave of fraudulent trading has reached ¥100 billion ($710 million) since it started in February and shows no signs of cresting. The scams typically use the hacked accounts to buy thinly traded stocks both domestically and overseas, allowing anyone who has built up a position earlier to cash out at inflated values. In response, some Japanese securities firms have stopped processing buy orders for certain Chinese, US and Japanese stocks. Eight of the country’s biggest brokers including Rakuten Securities Inc. and SBI Securities Co. have reported unauthorized trading on their platforms. The breaches have exposed Japan as a potential weak point in efforts to safeguard global markets from hackers.They also threaten to undermine the Japanese government’s push to get more people to invest for their retirement, particularly since some victims say they are baffled as to how their accounts were broken into and the securities companies have so far largely refrained from covering the losses.

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.
These figures come from Cloudflare’s 2025 Q1 DDoS Report, where the company says it mitigated a total of 21.3 million DDoS attacks in 2024.

However, 2025 is looking to be an even bigger problem for online entities and companies, with Cloudflare already responding to 20.5 million DDoS attacks in just the first quarter of 2025.
These attacks include Cloudflare itself, whose infrastructure was targeted directly in 6.6 million attacks over an 18-day multi-vector campaign.

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.

These figures come from Cloudflare’s 2025 Q1 DDoS Report, where the company says it mitigated a total of 21.3 million DDoS attacks in 2024.

However, 2025 is looking to be an even bigger problem for online entities and companies, with Cloudflare already responding to 20.5 million DDoS attacks in just the first quarter of 2025.

These attacks include Cloudflare itself, whose infrastructure was targeted directly in 6.6 million attacks over an 18-day multi-vector campaign.
Link Markets
https://finance.yahoo.com/news/hackers-manipulate-markets-700-million-141234302.html

Link CloudFare
https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-record-number-of-ddos-attacks-in-2025/

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

To all MSP’s,Resellers Vars’s and Distribotors (Called “MSP”) Read your EULA’s

To all MSP’s,Resellers Vars’s and Distributors (Called “MSP”)
Read your EULA’s
HAVE ALL MANUFACTURERS ADD ONE LINE TO THE AGREEMENT ADDRESSED TO YOUR FIRM (“Documentation ” Called “MFG”)

If a security breach is caused by the manufacturer..All agreements are nul and void immediately at the digression of the MSP.
Example Crowdstrike adding a bad sys file, that took down thousands of computers at on time via update distributed by Microsoft and Cloudfare.

Link
ClowdStrike EULA (https://www.crowdstrike.com/en-us/legal/software-terms-of-use/)

6. No Warranty.

6.1 Disclaimer. THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS ARE PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND. CROWDSTRIKE AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS. THERE IS NO WARRANTY THAT THE SOFTWARE OR ANY OTHER CROWDSTRIKE OFFERINGS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF SOFTWARE USER’S PARTICULAR PURPOSES OR NEEDS. THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE SOFTWARE OR ANY OTHER CROWDSTRIKE OFFERINGS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. SOFTWARE USER AGREES THAT IT IS SOFTWARE USER’S RESPONSIBILITY TO ENSURE SAFE USE OF SOFTWARE AND ANY OTHER CROWDSTRIKE OFFERING IN SUCH APPLICATIONS AND INSTALLATIONS. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES.

6.2 No Guarantee. SOFTWARE USER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DISCOVER, PREVENT OR WARN OF, ALL OF SOFTWARE USER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND SOFTWARE USER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR.

7. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW CROWDSTRIKE SHALL NOT BE LIABLE TO SOFTWARE USER (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR: (A) ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF CROWDSTRIKE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS IN THE AGGREGATE $100. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THESE TERMS. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 7.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

America’s biggest phone Carriers preparing to hike prices!!!

America’s biggest phone Carriers preparing to hike prices!!!
Brian Sozzi · Executive Editor
Fri, April 25, 2025 at 5:25 AM MST 3 min read

Verizon, AT&T, and T-Mobile prepare to raise prices on consumers because of Trump’s trade war. Personal opinion its just Corp Greed.
Suggestion Boost and Mint Mobile Wireless are much less expensive..Phones are not computers

The smartphone ecosystem has avoided the biggest brunt of President Trump’s tariffs, for now.

But if that for now ends, major phone carriers appear poised to dump the higher costs of smartphones onto the laps of consumers.

Trump earlier this month exempted smartphones and some other electronics from his reciprocal tariffs, though he left a 20% fentanyl tariff on China intact. The exemption could prove temporary, keeping the prospect of 145% tariffs on China (where Apple (AAPL) makes its iPhones in play.

With regards to Apple.. a phone is a phone the toys that Apple provides are not loss leader products..Apple made a choice to move manufacturing to China based upon my opiion pure greed to line there pocket books…

Article
(https://finance.yahoo.com/news/verizon-att-and-t-mobile-prepare-to-raise-prices-on-consumers-because-of-trumps-trade-war-122549340.html)

Bitdefender MDR

When it is working..it works fine and does what it was designed to do.

Like I told them GET RID OF INTUITS MAILCHIMP AS A SMTP OUT

I spun up another partner yesterday no issue’s with 15 companies..beware if you try to enter Verification code and it fails do not waste you time its broken just report up here (Reddit r/bitdefender)

Roy Miehe | MspPortal Partners Inc. | Ceo/PresidentSecurity Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Coun

OAuth Attacks Target Microsoft 365, GitHub

Jai Vijayan, Contributing Writer March 17, 2025

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method.

In one wave of recent attacks, threat actors have been using bogus Adobe Acrobat and Adobe Drive logos on malicious OAuth apps to steer targeted users straight to malware-laden or Microsoft 365 credential phishing sites when clicked on. Another scammer is pulling the same trick but with a DocuSign look-alike app that funnels users to a credential phishing page. And in a third campaign, an attacker is going after developers by hitting thousands of GitHub repositories with a bogus OAuth app disguised as a “security alert.” Anyone who clicks the fake alert unknowingly grants full access to their repositories.
A Long Pattern of OAuth Cyber Abuse

The campaigns fit a long pattern of attackers using rogue OAuth apps masquerading as a legitimate service to trick users into granting them excessive permissions. Attackers have long favored the approach because it allows them to bypass traditional security controls, maintain persistent access to user accounts, move laterally, and harvest sensitive data without needing to steal passwords directly. Security researchers also consider malicious OAuth apps as relatively easy to set up and allowing attackers to execute a range of actions using legitimate API calls rather than easier to detect malicious exploits.

What makes the phishing attacks, involving the fake Adobe and DocuSign apps, somewhat different from other malicious OAuth campaigns, is how the attackers are leveraging them, according to researchers at Proofpoint’s Threat Insight team who spotted the campaigns recently.

In typical OAuth campaigns, the malicious app itself is used to directly exfiltrate the victim’s data or take actions using the victim’s account. But with the recent attacks, “these malicious OAuth apps serve as gateways to the phishing sites,” says one Proofpoint researcher who did not want to be named, in comments to Dark Reading. “Specifically, the threat actors are using Microsoft’s credibility to redirect the victim to a phishing page.”

The attackers behind both the Adobe and DocuSign campaigns have taken care to ensure that the permissions their malicious OAuth apps request — such as profile, email, and OpenID — are limited in scope, and therefore unlikely to be flagged as suspicious, the researcher says. “The purpose appears to be account takeover, which can lead to a variety of post-compromise objectives.”

Article (https://www.darkreading.com/application-security/oauth-attacks-target-microsoft-365-github?_mc=NL_DR_EDT__20250320&cid=NL_DR_EDT__20250320&sp_aid=128689&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25&sp_cid=57260&utm_content=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

By Bill Toulas March 16, 2025 10:19 AM

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.

The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X.

The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.

These apps request access to less sensitive permissions such as ‘profile’, ’email’, and ‘openid,’ to avoid detection and suspicion.

If those permissions are granted, the attacker is given access to:

* profile – Full name, User ID, Profile picture, Username
* email – primary email address (no inbox access)
* openid – allows confirmation of user’s identity and retrieval of Microsoft account details

Proofpoint told BleepingComputer that the phishing campaigns were sent from charities or small companies using compromised email accounts, likely Office 365 accounts.

The emails targeted multiple US and European industries, including government, healthcare, supply chain, and retail. Some of the emails seen by the cybersecurity firm use RFPs and contract lures to trick recipients into opening the links.

While the privileges from accepting the Microsoft OAuth app only provided limited data to the attackers, the information could still be used for more targeted attacks.

Furthermore, once permission is given to the OAuth app, it redirects users to landing pages that display phishing forms to Microsoft 365 credentials or distributed malware.

“The victims went through multiple redirections and stages after authorizing O365 OAuth app, until presented with the malware or the phishing page behind,” Proofpoint told BleepingComputer.

“In some cases, the victims were redirected to an “O365 login” page (hosted on malicious domain). In less than a minute after the authorization, Proofpoint detected suspicious login activity to the account.”
Article (https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

To all MspPortal Partners Security update news

Folks
As always this is my personal opinion
With so many tech firms that provides cloud software services. From Remote connections to back up , mail..banking ect
If you are a Managed Service Provider, Tech, consultant.
Please do not put all your eggs in one basket. This seems to a now be common theme, please do not be lazy, your clients depend upon you to secure there networks and workstations.
If your clients are paying you for a secure service provide it. Take a look at your RMM solution if you provider keeps coming up with more solution in there dashbards it can only lead to a crash and burn for your clients.
There are 3 solutions that I think are best of breed
1) Bitdefender MDR
2) Barracuda Mail Products and RMM
3) Cisco / Meraki firewall
These 3 products will help you assist your clients adding multiple software solutions (which now a days these solution would prefer you to run no security soltions. To many are using AI ChapGT for writing backend code with no dynamic secure API calls.

Example

“March 2025 SendGrid
Mail Stuck in Processing
Starting around 3:27 PM PT until 3:50 PM PT, our engineers identified an issue that affected mail send. A subset of customers may have experienced latency in mail send getting processed. A fix has been implemented, and this issue has been resolved. All delayed mail send has been processed.
Mar 11, 16:09 – 16:09 PDT
API Authentication issues
Our engineers have monitored the fix and confirmed that the API authentication issues have been resolved. All services are now operating normally.
Mar 6, 08:12 – Mar 7, 12:09 PST
Unsubscribe check failures causing billing issues
Our engineers have monitored the fix and confirmed the issue with Marketing Campaign emails has been resolved. All services are now operating normally at this time.
Mar 6, 11:52 – 15:51 PST”

The relationship with Microsoft, Cloudflare and Crowdstrike was devastating for end users it was like a BlackScreen of death with really no solution available in a timely like fashion except to update one machine at a time

CISA Adds Six Known Exploited Vulnerabilities to Catalog
03/11/2025 03:00 PM EDT

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Latest News 3-14-2025
Week-long Exchange Online outage causes email failures, delays
By Sergiu Gatlan March 14, 2025 02:59 PM
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages.

While the company didn’t publicly share information on this incident, it tagged it as a critical service issue tracked under EX1027675 on the Microsoft 365 Admin Center.

Microsoft has yet to share more information on what regions were affected by this outage, but it said the incident impacted “any user serviced by the impacted portion of infrastructure.”

Customers worldwide also reported experiencing email delivery failures over the last week, with those impacted saying they were receiving a Non-Delivery Report (NDR) with a “554 5.6.0 Corrupt message content” error.

The company first acknowledged the Exchange Online email delivery issues on March 10, 11:14 AM, but the admin center incident report says the outage started on March 7, 12:30 PM UTC.

“A recent service update, intended to improve our message transport services, introduced a code issue that resulted in impact for a portion of service infrastructure,” Redmond said in the final update regarding this incident on Thursday.

“Additionally, users may be unable to send email messages with attached files in any connection method of Exchange Online. Sending attachments as ZIP files allows the email messages to be delivered as expected, serving as a method by which to bypass the issue while we continue to investigate.
Article (https://www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/)

New MDR Product from Bitdefender and MspPortal Partners Inc.

MDR Secure Plus Bundle license: Includes existing Core MSP solution + Advanced Threat Security add on + EDR + MDR.
Whole Sale Pricing. Bought Individually would run $6.68 an endpoint. I reality you are purchasing a 24x7x365 tech for no money out of your pocket where do you hire a tech for no out of pocket expense.

Modern, Turnkey MDR for Managed Service Providers

Managed Service Providers face unique risks because they manage networks
and IT infrastructures for hundreds of small businesses. We at Bitdefender and MspPortal Partners
understand your need for cyber resiliency and operational efficiency – not only
for you but also for your customers.

Cybersecurity has become a critical factor for business success. Many MSPs
struggle in the face of increasingly complex technological environments,
more sophisticated attacks, inefficient on boarding resulting in slow
provisioning, licensing restrictions, manual billing that creates hours of extra
work for your team, and slow or unresponsive support.

MDR Foundations for MSPs helps you provide proactive protection for your
customers and minimize the impact of attacks quickly and effectively with:
• Prompt incident and breach response that supports a customer in all
scenarios
• Bulk on boarding of customers for MspPortal MSPs and automated on boarding for
customers
• Option of professional services to accelerate on boarding by MspPortal Partners
• Constant communication via email notifications in the MDR Portal

Proactive Protection
24/7 monitoring and response –including threat-intel driven hunts by our team Bitdefender and MspPortal Partners of experts across your entire customer base – to ensure organizations
are cyber resilient.

Thank you.

Sincerely,
MspPortal Partners Inc
By Roy Miehe

www.mspportalpartners.net
I will be provisioning up to 4 Tech Firms a week