Archives

Windows Vulnerability Could Crack DC Server Credentials Open

Nathan Eddy Contributing Writer, Dark Reading August 16, 2022
Read the Article IMPORTANT
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Researchers have discovered a vulnerability in the remote procedure calls (RPC) for the Windows Server service, which could allow an attacker to gain control over the domain controller (DC) in a specific network configuration and execute remote code.

Malicious actors could also exploit the vulnerability to modify a server’s certificate mapping to perform server spoofing.

Vulnerability CVE-2022-30216, which exists in unpatched Windows 11 and Windows Server 2022 machines, was addressed in July’s Patch Tuesday, but a report from Akamai researcher Ben Barnes, who discovered the vulnerability, offers technical details on the bug.

The full attack flow provides full control over the DC, its services, and data.
Proof of Concept Exploit for Remote Code Execution

The vulnerability was found in SMB over QUIC, a transport-layer network protocol, which enables communication with the server. It allows connections to network resources such as files, shares, and printers. Credentials are also exposed based on belief that the receiving system can be trusted.

The bug could allow a malicious actor authenticated as a domain user to replace files on the SMB server and serve them to connecting clients, according to Akamai. In a proof of concept, researchers exploited the bug to steal credentials via authentication coercion.
Article (https://www.darkreading.com/remote-workforce/windows-vulnerability-could-crack-dc-server-credentials-open)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

US govt warns Americans of escalating SMS phishing attacks

By Sergiu Gatlan July 29, 2022 11:21 AM

The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.

Such attacks are also known as smishing or robotexts (as the FCC calls them), and scammers behind them may use various lures to trick you into handing over confidential information.

“The FCC tracks consumer complaints – rather than call or text volume – and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022,” the US communications watchdog’s Robocall Response Team said [PDF].

“In addition, some independent reports estimate billions of robotexts each month – for example, RoboKiller estimates consumers received over 12 billion robotexts in June.”

False-but-believable smishing baits reported by American consumers to the FCC include claims about unpaid bills, package delivery issues, bank account problems, or law enforcement actions.

Some of the most devious and convincing lures used in text message phishing attacks are links redirecting the targets to landing pages impersonating bank websites and asking them to verify a purchase or unlock frozen credit cards.

FCC smishing signs
Phishing text messages can also be spoofed to make it appear that the sends is someone you’re more likely to trust, such as a government agency like the IRS or companies you may be familiar with.

While some attackers will attempt to steal payment details, others are not as picky and will be happy to steal any personal information they can get their hands on, use in subsequent scams, or sell to other malicious actors.

To defend against SMS phishing attacks, FCC recommends taking the following measures:

Do not respond to texts from unknown numbers or any others that appear suspicious.
Never share sensitive personal or financial information by text.
Be on the lookout for misspellings or texts that originate with an email address.
Think twice before clicking any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to ensure they weren’t hacked.
If a business sends you a text you weren’t expecting, look up their number online and call them back.
Remember that government agencies almost never initiate contact by phone or text.
Report texting scam attempts to your wireless service provider by forwarding unwanted texts to 7726 (or “SPAM”).
File a complaint with the FCC.

Article (https://www.bleepingcomputer.com/news/security/us-govt-warns-americans-of-escalating-sms-phishing-attacks/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Cyberspies use Google Chrome extension to steal emails undetected

Folks I have warned you stop using Chrome..Firefox with DuckDuckgo.com

By Sergiu Gatlan July 28, 2022
A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail.

The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers (Chrome, Edge, and Whale) and can steal mail from Gmail and AOL accounts.

The attackers install the malicious extension after compromising a target’s system using a custom VBS script by replacing the ‘Preferences’ and ‘Secure Preferences’ files with ones downloaded from the malware’s command-and-control server.

Once the new preferences files are downloaded on the infected device, the web browser automatically loads the SHARPEXT extension.

“The malware directly inspects and exfiltrates data from a victim’s webmail account as they browse it,” Volexity said Thursday.

“Since its discovery, the extension has evolved and is currently at version 3.0, based on the internal versioning system.”

As Volexity further revealed today, this latest campaign aligns with previous Kimsuky attacks as it also deploys the SHARPEXT “in targeted attacks on foreign policy, nuclear and other individuals of strategic interest” in the United States, Europe, and South Korea.

Article (https://www.bleepingcomputer.com/news/security/cyberspies-use-google-chrome-extension-to-steal-emails-undetected/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

Microsoft 365 outage knocks down admin center in North America

By Sergiu Gatlan July 28, 2022 01:12 PM 0

Microsoft is investigating an ongoing incident impacting administrators in North America who report seeing blank pages and 404 errors when trying to access the Microsoft 365 admin center.

This outage could affect any admin in North America, as the company revealed on the Microsoft 365 Service health status page.

“The majority of affected admins report that a blank page renders when attempting to access the admin center, and no perceivable error message is presented,” Microsoft said.

“A limited number of admins report that a 404 error or ‘Loading chunk (number) failed’ is shown intermittently.”

Redmond is working on discovering the issue that triggered this incident and trying to find a potential fix to address its impact on North American admins.

“We’re reviewing networking data to determine the source of impact, as well as determining if a potential fix is available to remediate impact,” the company added.

We’ve received reports from some admins in North America that they’re unable to access the Microsoft 365 admin center. Additional information can be found at https://t.co/lbjX5hSWLp or under MO406459 in the Microsoft 365 admin center.
— Microsoft 365 Status (@MSFTExchange Online, Outlook365Status) July 28, 2022

Today’s incident follows a massive outage that hit multiple Microsoft 365 services with Teams integrations last week.

As the company revealed in a preliminary post-incident report, last week’s outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that triggered cascading failures and availability impact worldwide.

Exchange Online and Outlook were hit by a second outage that prevented customers from signing into their accounts and accessing and receiving emails.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-admin-center-in-north-america/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

For MspPortal Partners only

Starting August 3rd we will be  spinning up partner requests for 30 day trials of Bitdefender new additions of there XDR release.

probably the most comprehensive release ever. Security on steroids

If you wish to set up a trial please send me a email

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

 

Microsoft Teams outage also takes down Microsoft 365 services

By Sergiu Gatlan July 21, 2022
What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online.

“We’ve received reports of users being unable to access Microsoft Teams or leverage any features,” the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago.

Two hours later, Redmond said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service.

However, Teams was not the only product impacted by the outage since users also began reporting failures to connect to various Microsoft 365 services.

Microsoft confirmed the issues saying that the subsequent Microsoft 365 outage only affected services that came with Teams integration.

“We’ve identified downstream impact to multiple Microsoft 365 services with Teams integration, such as Microsoft Word, Office Online and SharePoint Online,” Microsoft explained.
As the company further detailed on its Microsoft 365 Service health status page, affected customers experienced issues with one or more of the following services:

Microsoft Teams (Access, chat, and meetings)
Exchange Online (Delays sending mail)
Microsoft 365 Admin center (Inability to access)
Microsoft Word within multiple services (Inability to load)
Microsoft Forms (Inability to use via Teams)
Microsoft Graph API (Any service relying on this API may be affected)
Office Online (Microsoft Word access issues)
SharePoint Online (Microsoft Word access issues)
Project Online (Inability to access)
PowerPlatform and PowerAutomate (Inability to create an environment with a database)
Autopatches within Microsoft Managed Desktop
Yammer (Impact to Yammer experiments)
Windows 365 (Unable to provision Cloud PCs)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-outage-also-takes-down-microsoft-365-services/)

Barracuda RMM 12 SP6 MR1 update to our cloud instances

Barracuda  will be releasing Barracuda RMM 12 SP6 MR1 to our cloud instances starting on July 29, 2022. This release includes several new features, including upgrading Firewall rules for users of Avast Antivirus and the ability to send an MFA code to a mobile device using SMS.

A maintenance window is required for this upgrade during which all services will be unavailable. Please plan accordingly using the schedule outlined below.
Barracuda Cloud Maintenance Window:

US07 Friday, July 29 from 0000 – 0200 UTC-0500 for MspPortal Partners

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Microsoft investigates ongoing Exchange Online, Outlook outage

By Sergiu Gatlan July 18, 2022 10:26 AM
Microsoft is investigating an ongoing outage impacting Microsoft 365 services after customers have reported experiencing issues while trying to sign into, access, and receive emails on the outlook.com portal and via Exchange Online.

“We’re investigating an issue with users accessing or experiencing degraded functionality when using Exchange Online and http://outlook.com services,” Microsoft said in a tweet via the company’s official Twitter account for updates on Microsoft 365 services.

Admins were also told that they could find more information regarding these ongoing problems in the admin center under EX401976 and OL401977.

“We suspect there may be unexpected network drops which are contributing to the degraded experience and are reviewing diagnostic logs to understand why,” the company added.

While Redmond did not reveal the scale of the issue, thousands of reports have been submitted in the past 24 hours on DownDetector by Outlook and Exchange Online users who have either been unable or experienced difficulties when trying to log in or email.
Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

UPDATE 1-Amazon.com’s Ring gave police data without user consent 11 times in 2022

WASHINGTON, July 13 (Reuters) – Amazon.com’s Ring doorbell unit, which makes videos of the outside of an owner’s home, gave footage to law enforcement without the user’s consent 11 times so far this year, the company said.

Amazon said it provided the video under emergency circumstances. Senator Edward Markey, a lawmaker interested in privacy, on Wednesday released a letter from Amazon on the topic that was a response to his inquiry to the company.

“In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay,” wrote Brian Huseman, vice president of public policy for Amazon.

The company also said that it had 2,161 law enforcement agencies on its Neighbors Public Safety Service, which allows police and others to ask Ring owners for footage.

“Increasing law enforcement reliance on private surveillance creates a crisis of accountability,” Markey said in a statement.

Amazon’s Ring said in a statement that it followed the law.

“The law authorizes companies like Ring to provide information to government entities if the company believes that an emergency involving danger of death or serious physical injury to any person, such as a kidnapping or an attempted murder, requires disclosure without delay,” the company said in a statement.

In the letter, Huseman declined to specify when Ring technology can capture audio and how sensitive the audio recordings are. Users can easily disable audio.

He also declined to pledge to make end-to-end encryption the default for Ring data. End-to-end encryption is available although it would disable some features.

Markey said that he was concerned that Amazon and other tech companies would begin using biometric data in their systems and noted that he and others had introduced a bill aimed at restricting law enforcement access to such information. Hold Your Breath
(Reporting by Diane Bartz; Editing by Cynthia Osterman)

In closing you might want to remove SPYING DEVICES this is one of them

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs
By Sergiu Gatlan July 12, 2022 01:02 PM

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.

The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.

In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors.

After stealing the targets’ credentials and their session cookies, the threat actors behind these attacks logged into the victims’ email accounts. They subsequently used their access in business email compromise (BRC) campaigns targeting other organizations.

“A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA),” the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) said.

“The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets.”

Article (https://www.bleepingcomputer.com/news/security/microsoft-phishing-bypassed-mfa-in-attacks-against-10-000-orgs/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Barracuda is the play from a security standpoint