Archives

MspPortal Partners Steps up with a Major Purchase

Most everybody know MspPortal Partners supplies security software at wholesale price’s
We now have added Total Email Protection with Barracuda
This allows us to offer 3 different flavors at wholesale pricing.
1) Advanced Email Protection-
Combine email gateway and artificial intelligence to block threats Ensure protection against all 13 email threat types. Automatically remediate post-delivery email threats.

2) Complete Mail Protection-
Includes everything from Advanced. Backs up all O365 and Gsuite components off the O365 and Gsuite Servers

3) Total Mail Protection-
Includes everything from Premium. Protect and restore your Microsoft 365 data. Protect your Microsoft 365 applications from lateral attacks. Plus Phisline-Sentinal

You will be provided as normal up to 3rd level support which puts MspPortal Partners on top of the distributors in the Security Software Arena.
We have 24x7x365 support
Working hours are M-F 7:30am- 5pm MST/Arizona
Coming soon this month will be bundle pricing Mail Filtering (Barracuda), RMM (Barracuda), Antivirus/Antimalware (Bitdefender) this will ensure all Partners and there Customers are protected at all times.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Cybercriminals exploit SVB collapse to steal money and data

By Bill Toulas March 14, 2023 11:55 AM

My thoughts using Barracuda Complte Mail Protection in front of O365 or G-suite is very in expensive compared to your complet network or computers being taking down with malware.

 
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it’s becoming an excellent opportunity.

As multiple security researchers report, threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks.

These campaigns aim to steal money, steal account data, or infect targets with malware.
SVB going defunct

SVB was a U.S.-based commercial bank, the 16th largest in the country, and the largest bank by deposits in Silicon Valley, California.

On March 10, 2023, the bank failed after a run on its deposits. This failure was the largest of any bank since the 2007-2008 financial crisis and the second-largest in U.S. history.

This event has impacted many businesses and people in the technology, life science, healthcare, private equity, venture capital, and premium wine industries who were customers of SVB.

The chaotic situation is further worsened by the prevailing elements of urgency, uncertainty, and the significant amounts of money deposited at the bank.
Scammers jump at the opportunity

 

Security researcher Johannes Ulrich reported yesterday that threat actors are jumping at the opportunity, registering suspicious domains related to SVB that are very likely to be used in attacks.

Some of the examples given in a report published on the SANS ISC website include:

login-svb[.]com
svbbailout[.]com
svbcertificates[.]com
svbclaim[.]com
svbcollapse[.]com
svbdeposits[.]com
svbhelp[.]com
svblawsuit[.]com

Ulrich warned that the scammers might attempt to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank’s collapse.

An attack already seen in the wild is from BEC threat actors who are impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse.

However, these bank accounts belong to the threat actors, who steal payments meant to go to the legitimate company.

Cyber-intelligence firm Cyble published a similar report today exploring developing SVB-themed threats, warning about these additional domains:

svbdebt[.]com
svbclaims[.]net
svb-usdc[.]com
svb-usdc[.]net
svbi[.]io
banksvb[.]com
svbank[.]com
svblogin[.]com

Many of these sites were registered on the day of the bank’s collapse, March 10, 2023, and are already hosting cryptocurrency scams.

These scam pages tell SVB customers that the bank is distributing USDC as part of a “payback” program.

“March 13 2023 – Silicon Valley Bank is actively distributing USDC as part of the SVB USDC payback program to eligible USDC holders. USDC payouts can only be claimed once per wallet,” claims the cryptocurrency scam.

However, clicking on the site’s ‘Click here to claim’ button brings up a QR code that attempts to compromise Metamask, Exodus, and the Trust Wallet crypto wallets when scanned.

Article (https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-svb-collapse-to-steal-money-and-data/)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft: Business email compromise attacks can take just hours

Does this surprise you???
By Bill Toulas March 9, 2023

Microsoft’s Security Intelligence team recently investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some steps taking mere minutes.

The whole process, from signing in using compromised credentials to registering typosquatting domains and hijacking an email thread, took the threat actors only a couple of hours.

This rapid attack progression ensures that the targets will have minimal opportunity to identify signs of fraud and take preventive measures.

A multi-billion problem

BEC attacks are a type of cyberattack where the attacker gains access to an email account of the target organization through phishing, social engineering, or buying account credentials on the dark web.

The attacker then impersonates a trusted individual, such as a senior executive or a supplier, to trick an employee working in the financial department into approving a fraudulent wire transfer request.

According to FBI data, from June 2016 until July 2019, BEC attacks resulted in losses amounting to over $43 billion, and this concerns only the cases reported to the law enforcement agency.

In a Twitter thread, Microsoft’s analysts explain that a recently investigated BEC attack began with the threat actor performing an “adversary-in-the-middle” (AiTM) phishing attack to steal the target’s session cookie, bypassing MFA protection.

The attacker logged in to the victim’s account on January 5, 2023, and spent two hours searching the mailbox for good email threads to hijack.

Thread hijacking is a very effective technique making it appear that the fraudulent message is a continuation of an existing communication exchange, so the recipients are far more likely to trust it.

After that, the attacker registered deceptive domains using homoglyph characters to make them appear almost identical to the sites of the target organization and the impersonated partner.

Five minutes later, the attacker created an inbox rule to siphon emails from the partner organization to a specific folder.

In the next minute, the attacker sent the malicious email to the business partner asking for a wire transfer instruction change and immediately deleted the sent message to reduce the likelihood of the compromised user discovering the breach.

From the first sign-in to the deletion of the sent email, a total of 127 minutes had passed, reflecting a rush from the attacker’s side.

Microsoft 365 Defender generated a warning about BEC financial fraud 20 minutes after the threat actor deleted the sent email and automatically disrupted the attack by disabling the user’s account.
Progression of the attack blocked by Microsoft
Progression of the attack blocked by MS 365 Defender (Microsoft)

“In our testing and evaluation of BEC detections and actions in customer environments faced with real-world attack scenarios, dozens of organizations were better protected when accounts were automatically disabled by Microsoft 365 Defender,” claims Microsoft.

“The new automatic disruption capabilities leave the SOC team in full control to investigate all actions taken by Microsoft 365 Defender and where needed, heal any remaining, affected assets.”

Microsoft says its security product has disrupted 38 BEC attacks targeting 27 organizations using high-confidence eXtended Detection and Response (XDR) signals across endpoints, identities, email, and SaaS apps.

Article (https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

What GoDaddy’s Years-Long Breach Means for Millions of Clients

Drop Go Daddy !!

 

The same “sophisticated” threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here’s what to do.

Nate Nelson
Contributing Writer, Dark Reading

For years, the domain registrar and Web hosting company GoDaddy has experienced a cyber barrage of extraordinary scale, it has confirmed — affecting both the company and its many individual and enterprise clients.

As described in its 10K filing for 2022, released Feb. 16, the company has been breached once every year since 2020 by the same set of cyberattackers, with the latest occurring just last December. It’s worth also mentioning that the company has been the subject of earlier cyber incursions as well. The consequences to GoDaddy are one thing, but, more notably, the breaches have led to data compromises for more than 1 million of the company’s users.

That may well be the key to why the bad guys keep coming back. Because of the nature of its business, GoDaddy is a connecting link to millions of businesses around the world. As Brad Hong, customer success lead at Horizon3ai puts it: “This is the equivalent of your landlord’s office being left unlocked, giving a bad actor access to the keys to your house.”
GoDaddy’s Three-Headed Breach

While the world was coming to grips with COVID-19, thousands of GoDaddy customers had a second problem on their hands. In March 2020, the company discovered that an attacker had compromised the login details for a small number of their employees, as well as 28,000 of their hosting customers.

It was a harbinger of worse things to come.

In November 2021, a threat actor got their hands on a password that allowed them access to Managed WordPress, GoDaddy’s hosting platform for building and managing WordPress sites. This case touched 1.2 million Managed WordPress customers.

There was yet more. In a statement published alongside its 10K, GoDaddy shared details of yet a third compromise.

“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company said. It turned out that an attacker had breached and planted malware on the company’s hosting servers for cPanel, a control panel program for Web hosts. This malware intermittently redirected users from the websites they intended to visit, to malicious sites.

In their statement, the company claimed to “have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
The Supply Chain Problem With Hosting Services

According to Domain Name Stat, GoDaddy is far and away the largest domain name registrar on the Internet, capturing more than 12% market share with its nearly 80 million registered domains. Scale, alone, would make it an attractive target for cyberattacks, but being a hosting service makes this a whole other animal.

“GoDaddy and other Web hosting sites are prime targets for adversaries looking to conduct supply chain attacks,” says Allie Roblee, intelligence analyst at Resilience. A company may take care to implement strong security practices and software, shunting phishing attacks, and patching up software bugs, yet still be vulnerable through a trusted provider like their Web hosting service. “Breaching large service providers like GoDaddy allows adversaries to compromise organizations and individuals they may have been unable to get into directly.”

Of course, once attackers get in through the side entrance, they can do anything from stealing credentials to dropping malware, redirecting users to malicious sites, planting backdoors for later use, and much more. But “the implications for these compromises go even beyond that of security,” Hong warns.

Consider an innocent person who intends to visit a business’s website, but instead ends up redirected to a malicious site. Would that person ever risk visiting that business’ website again? This, Hong points out, “hurts the reputation and operations of thousands, if not millions, of legitimate businesses.”

Beyond that, there’s a broader cost. “Weak security at this vendor level additionally allows attackers to force multiply their ability to carry out whatever objective they wish to,” he explains. Such compromises “not only provide them with rich PII and private key data intelligence, but also an extensive network of websites and servers to do their bidding — similar to an IoT botnet, but instead of multiplying traffic, it multiplies the chances of successfully carrying out attacks which rely on humans as a weakness.”
What GoDaddy Customers Can Do

If it didn’t end that first or second time, how likely is it that the campaign against GoDaddy is over now? “It’s possible,” Roblee warns, “that the attackers still have access to GoDaddy’s infrastructure or have the capability to find vulnerabilities in the stolen source code they can exploit to regain access.”

For that reason, she says, “customers should audit any recently changed or uploaded files on their website to ensure that malware has not been installed. Additionally, I would recommend checking historical DNS records to see if any of their domains had been temporarily redirected.”

Hong’s advice is even simpler. “Affected businesses should change everything!” including all potentially affected login credentials, “and especially deprecating and creating fresh SSL private keys if using them.”

Preventative measures will be more necessary going forward than ever before. As GoDaddy assessed in their 10K, the risk of attack “is likely to increase as we expand the number of cloud-based products we offer and operate in more countries.”

GoDaddy declined to comment for this article beyond its published statement when contacted by Dark Reading.

Article (https://www.darkreading.com/risk/what-godaddy-years-long-breach-means-millions-clients?_mc=NL_DR_EDT_DR_weekly_20230309&cid=NL_DR_EDT_DR_weekly_20230309&sp_aid=115492&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=47879)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

 

AI-Powered ‘BlackMamba’ Keylogging Attack Evades Modern EDR Security Must Read

Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.

Elizabeth Montalbano
Contributor, Dark Reading

A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware.

Researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM) — the technology on which ChatGPT is based — to synthesize a polymorphic keylogger functionality on the fly. The attack is “truly polymorphic” in that every time BlackMamba executes, it resynthesizes its keylogging capability, the researchers wrote.

The BlackMamba attack, outlined in a blog post, demonstrates how AI can allow the malware to dynamically modify benign code at runtime without any command-and-control (C2) infrastructure, allowing it to slip past current automated security systems that are attuned to look out for this type of behavior to detect attacks.

“Traditional security solutions like endpoint detection and response (EDR) leverage multi-layer, data intelligence systems to combat some of today’s most sophisticated threats, and most automated controls claim to prevent novel or irregular behavior patterns,” the HYAS Labs researchers wrote. “But in practice, this is very rarely the case.”

They tested the attack against an EDR system that was not identified specifically, but characterized as “industry leading,” often resulting in zero alerts or detections.

Using its built-in keylogging ability, BlackMamba can collect sensitive information from a device, including usernames, passwords, and credit card numbers, the researchers said. Once this data is captured, the malware uses a common and trusted collaboration platform — Microsoft Teams — to send the collected data to a malicious Teams channel. From there, attackers can exploit the data in various nefarious ways, selling it on the Dark Web or using it for further attacks, the HYAS Labs researchers said.

“MS Teams is a legitimate communication and collaboration tool that is widely used by organizations, so malware authors can leverage it to bypass traditional security defenses, such as firewalls and intrusion detection systems,” they wrote. “Also, since the data is sent over encrypted channels, it can be difficult to detect that the channel is being used for exfiltration.”

Moreover, because BlackMamba’s delivery system is based on an open source Python package, it allows developers to convert Python scripts into standalone executable files that can be run on various platforms, including Windows, macOS, and Linux, they wrote.
What This Means for Modern Security

AI-powered attacks like this will become more common now as threat actors create polymorphic malware that leverages ChatGPT and other sophisticated, data-intelligence systems based on LLM, according to the HYAS Labs researchers. This, in turn, will force automated security technology to evolve as well to manage and combat these threats.

“The threats posed by this new breed of malware are very real,” the researchers wrote in the post. “By eliminating C2 communication and generating new, unique code at runtime, malware like BlackMamba is virtually undetectable by today’s predictive security solutions.”

Typically, organizations that deploy EDR and other automated security controls as part of a modern security stack believe they’re doing everything in their power to detect and prevent malicious activity. However, BlackMamba’s use of AI now demonstrates that “they are not foolproof,” the HYAS Labs researchers noted.

“The BlackMamba proof-of-concept shows that LLMs can be exploited to synthesize polymorphic keylogger functionality on-the-fly, making it difficult for EDR to intervene,” they wrote.

The security landscape will have to evolve alongside attackers’ use of AI to keep up with the more sophisticated attacks that are on the horizon, according to the researchers. Until then, it’s imperative that organizations “remain vigilant, keep their security measures up to date,” they advised, “and adapt to new threats that emerge by operationalizing cutting-edge research being conducted in this space.”

Article (https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security?_mc=NL_DR_EDT_DR_weekly_20230309&cid=NL_DR_EDT_DR_weekly_20230309&sp_aid=115492&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=47879)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft Outlook flooded with spam due to broken email filters

By Sergiu Gatlan February 20, 2023 11:58 AM

Do you want to save up to 10 minutes a day? Wholesale pricing is way to inexpensive not to use (Barracuda Mail Filtering) call to set up a account for you clients we already maintain 1000’s of mailboxes with 3rd level support. Your clients do not need to click on bad links

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken.

This ongoing issue was confirmed by countless Outlook users who have reported (on social media platforms and the Microsoft Community’s website) that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

“I’ve received 36 spam emails in my inbox the past 2 hours straight. It’s been happening for way too long and it just continues to get worse on an hourly basis,” one user said.

“Seems to have begun happening between 10pm and midnight Eastern time (I have a successful junk mail at 10:04pm, and the first inbox junk mail at 12:17am),” another added.

Some say that even checking the “Only trust email from addresses in my Safe Senders and domains list and Safe mailing lists” in Junk Mail > Filters doesn’t fix this issue, pointing to the webmail service’s filtering being completely broken.

Despite the stream of customer complaints, the Office service status page shows that “everything is up and running.”

Microsoft is yet to share a public statement confirming Outlook users’ reports that spam filters are broken.

While today the spam filtering issue in Outlook seems to be particularly bad and affecting a massive number of customers, this has been going on for months, with some reporting seeing many spam emails landing in their inbox since at least November 2021.

Microsoft didn’t reply to a request for comment when BleepingComputer reached out earlier today.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender – MDR w/ XDR, unique in the cybersecurity industry

Are you talking about MDR yet? Managed Detection and Response (MDR) is one of the fastest-growing areas of cybersecurity, delivering superior security outcomes to businesses spanning all sizes and industries. Threat intelligence is real people, not automated. Our pricing on this solution is better than the competition, and we offer full partner margins. Need competitive battlecards? Let me know, and I will get that for you.

Need more info…

What the MDR Landscape Will Look Like in 2023

The managed services industry has made a huge impact and is one of the most significant trends coming out of cybersecurity in the last few years. Gartner® predicts that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities”, while the MDR industry will hit revenues of $1.9B. You can check out our MDR Threat Assessment to be prepared for what lies ahead in 2023

Bitdefender Named Notable Vendor in the New Forrester Landscape for MDR

The new and exciting Forrester Landscape for MDR, Q1 2023 has just been launched!

Access the full report to discover Bitdefender’s positioning and to read Forrester’s analysis of MDR’s market dynamics and evolution, the business values and core capabilities of MDR, as well as Notable MDR Providers by geography, industry and offering type.

MDR & XDR: A Consolidated Approach to a Fully Managed Threat Detection and Response Program Webinar Watch On Demand Now

XDR – or Extended Detection & Response – entered the cybersecurity lexicon roughly five years ago. According to Gartner, by the end of 2027, XDR will be used by up to 40% of end-user organizations – up from 5% today. Why such strong adoption? Though still an emerging technology, XDR integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components, and because it’s cloud-delivered, XDR can provide organizations faster and more accurate detections.

While today’s technology does a great job of protecting against many threats, they cannot fully protect against advanced attackers purposefully attempting to breach your customers systems.

Let me know what additional information or resources you may need to support your customer conversations. I’m just a phone call or email away.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft: Some WSUS servers might not offer Windows 11 22H2 updates

By Sergiu Gatlan February 14, 2023 03:45 PM

MspPortal Partner leads the Market with Msp’s, Resellers using Security Software Solutions like Bitdefender ( the leader anti-malware protection) and Barracuda Phishing and Spam Filtering On Premise mail servers and O365 and G-suite. We do 3rd level support for all the products we sell we do not outsource tech services out of the country. Protect Your Network and workstations with 2 inexpensive best of breed security solutions

Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month’s Patch Tuesday to endpoints across enterprise environments. Does this surprise you?

This known issue only affects WSUS servers upgraded from Windows Server 2016 or Windows Server 2019.

Microsoft Configuration Manager (part of the Microsoft Endpoint Manager) is not affected by this issue.

“The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019,” Microsoft said.

As Redmond further explains, these problems result from .msu and .wim MIME types being accidentally removed during the upgrade process to Windows Server 2022.

“This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server,” the company added.

“This issue might affect security updates or feature updates for Windows 11, version 22H2.”

Microsoft is working on a fix for this known issue and will provide more information with a future update.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-some-wsus-servers-might-not-offer-windows-11-22h2-updates/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft Outlook outage prevents users from sending, receiving emails 2-7-2023

By Sergiu Gatlan February 7, 2023 02:50 AM

I have no clue why folks still use O365 There are better product for less money and no annual payment only monthly
Microsoft is investigating and working on addressing an ongoing outage affecting the company’s Outlook webmail service.

Users report issues while sending, receiving, or searching email through Outlook.com.

Some also report not being able to connect to Outlook.com, seeing 500 Errors when trying to log in, or having their entire accounts wiped and not seeing any emails after connecting.

According to information shared via the company’s Microsoft 365 Status Twitter account, Redmond is performing targeted restarts to portions of the infrastructure impacted by a recent change.

The outage started at around 6 AM UTC on Tuesday and is affecting customers in North America and has spread out to other regions worldwide due to the affected infrastructure.

“Users in additional regions beyond North America may experience some residual impact due to the affected portions of infrastructure in North America,” Microsoft says on its Office service health status page.

“We’ve begun observing gradual improvement from this issue for users located in some of the additional affected regions.

“We’re continuing to perform targeted restart operations on the primarily affected infrastructure in North America in order to restore the availability of the service.”

We’ve confirmed that a recent change is contributing to the cause of impact. We’re working on potential solutions to restore availability of the service. Refer to EX512238 or https://t.co/nEuSQarMf3 for more detailed information.
— Microsoft 365 Status (@MSFT365Status) February 7, 2023

Microsoft also said in an update to its service health site that the current Outlook outage also affects additional functionality, such as the calendar consumed by other services like the Microsoft Teams communication platform.
Today’s outage follows a major five-hour-long incident that impacted Azure and Microsoft 365 worldwide last week and took down multiple services, including Microsoft Teams, Exchange Online, and Outlook.
Redmond revealed in a post-incident report that it was caused by a router IP address change that had led to packet forwarding issues between all routers in its Wide Area Network (WAN).
Update February 07, 10:41 EST: Microsoft says 99.9% of affected services have been restored and is now monitoring for full recovery.
Availability is at 99.9%, with full restoration almost complete. We’re continuing to monitor the environment to ensure full recovery. For more updates, please refer to tEX512238 and TM512245 in the admin center.
— Microsoft 365 Status (@MSFT365Status) February 7, 2023

Update February 07, 11:58 EST: More than 12 hours after the outage started, Microsoft says that the underlying issue behind the outage has been resolved, and all services are now working.

We’ve confirmed that the issue is resolved after an extended period of monitoring. Further details can be found under EX512238 and TM512245 in the admin center.
— Microsoft 365 Status (@MSFT365Status) February 7, 2023

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-outage-prevents-users-from-sending-receiving-emails/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft 365 outage takes down Teams, Exchange Online, Outlook

By Sergiu Gatlan January 25, 2023 04:11 AM

MspPortal Partners Comment: I hate to say this but all companies are a gluten for punishment, Microsoft needs to stay in the Software development space not the hosting environment. There support is one of the worst in the industry, they need to refund dollars for downtime.
There is much better products in the market place.

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues.

“We’re investigating issues impacting multiple Microsoft 365 services. We’ve identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps,” the Microsoft 365 team said in a Twitter thread.

“We’ve isolated the problem to networking configuration issues, and we’re analyzing the best mitigation strategy to address these without causing additional impact.

According to Redmond, users across all regions currently being serviced by the impacted infrastructure may be unable to access the affected Microsoft 365 services.

The list of services impacted by this outage includes Microsoft Teams, Exchange Online, Outlook, SharePoint Online, OneDrive for Business, PowerBi, Microsoft 365 Admin Center, Microsoft Graph, Microsoft Intune, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity, as revealed in a service health notification.

We’re investigating issues impacting multiple Microsoft 365 services. More info can be found in the admin center under MO502273.
— Microsoft 365 Status (@MSFT365Status) January 25, 2023

The Azure team shared additional information related to this incident on the Microsoft Azure service status page.

“Starting at 07:05 UTC on 25 January 2023, customers may experience issues with networking connectivity, manifesting as network latency and/or timeouts when attempting to connect to Azure resources in Public Azure regions, as well as other Microsoft services including M365, PowerBI,” the update reads.

“We’ve determined the network connectivity issue is occurring with devices across the Microsoft Wide Area Network (WAN). This impacts connectivity between clients on the internet to Azure, as well as connectivity between services in datacenters, as well as ExpressRoute connections.

“The issue is causing impact in waves, peaking approximately every 30 minutes. We are actively investigating and will share updates as soon as more is known.”

At the moment, some customers also have issues loading the Microsoft Azure status page, which intermittently displays “504 Gateway Time-out” errors.
Azure status page error

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-teams-exchange-online-outlook/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”