Quickly turn off SSL cert in the policy. This is a temporary solution only
Until further advice..already in contact with Romania
Roy 10-6-2022 10:25am
Bitdefender
Bitdefender Update BEST 7.6.3.212 (Windows) Release Notes – Slow Ring
Bitdefender has released version 7.6.3.212 of the Bitdefender Endpoint Security Tools (for Windows) on slow ring.
The release notes are available here. Link (https://www.bitdefender.com/business/support/en/77209-77540-windows-agent.html#UUID-24e427f0-a355-8638-b2d5-177b5e7c8c30)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Bitdefender releases free decryptor for LockerGoga ransomware
By Bill Toulas September 16, 2022 11:09 AM
Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.
The free tool is available for download from Bitdefender’s servers and allows you to recover encrypted files using instructions in this usage guide [PDF]. LInk https://www.nomoreransom.org/uploads/LockerGoga-Decrypt-Doc.pdf
Bitdefender says the decryptor was developed in cooperation with law enforcement agencies, including Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police.
For a working decryptor to be created, researchers usually need to identify a flaw in the cryptography used by the ransomware encryptor.
However, in this case, the LockerGoga operators were arrested in October 2021, which may have allowed law enforcement to access the master private keys used to decrypt victims’ encryption keys.
How to decrypt your files
Files encrypted by LockerGoga will have the “.locked” filename extension and cannot be opened with regular software.
Bitdefender’s tool offers to scan your entire filesystem or a single folder, locate any encrypted files, and perform the decryption automatically.
For this to work, the computer needs to be connected to the internet, and the ransom notes generated by the ransomware during the encryption need to be in the original paths.
Bitdefender says the decryptor can operate either on a single machine or on entire networks encrypted by LockerGoga.
Note that the decryption process can be interrupted or not always work as expected, and you might end up with corrupted files. For this reason, the decrypter has the “backup files” option ticked by default, and users are recommended to leave that setting enabled.
Who was LockerGoga
The LockerGoga ransomware operation launched in January 2019, hitting high-profile targets such as the French engineering firm Altran Technologies and the Norwegian aluminum giant Norsk Hydro.
Together with Ryuk and MegaCortex, LockerGoga was involved in ransomware attacks against at least 1,800 organizations worldwide.
In October 2021, twelve individuals were arrested in an international law enforcement operation for deploying various ransomware strains, including LockerGoga.
“Its operator, who has been detained since October 2021 pending trial, is part of a larger cybercrime ring that used LockerGoga and MegaCortext ransomware to infect more than 1,800 persons and institutions in 71 countries to cause an estimated damage of $US 104 million,” Bitdefender explains in the decryptor announcement.
Since the operator’s arrest, threat actors have ceased using the LockerGoga ransomware, and the ransomware’s source code was never released.
Therefore, this decryptor will mostly be for past victims who refused to pay the ransom and have been waiting to recover their files for free.
Article (https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
For MspPortal Partners only
Starting August 3rd we will be spinning up partner requests for 30 day trials of Bitdefender new additions of there XDR release.
probably the most comprehensive release ever. Security on steroids
If you wish to set up a trial please send me a email
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
CISA orders agencies to patch new Windows zero-day used in attacks
By Sergiu Gatlan
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.
This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.
Microsoft has patched it as part of the July 2022 Patch Tuesday, and it classified it as a zero-day as it was abused in attacks before a fix was available.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft explained in a security advisory published today.
Redmond says the vulnerability was discovered internally by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
BleepingComputer has also reached out to Microsoft earlier today with questions about how this vulnerability was used in attacks.
Federal agencies given three weeks to patch
CISA has given the agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.
Article (https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-new-windows-zero-day-used-in-attacks/)
You head off malware by using Bitdefender #1 in malware protection
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Bitdefender releases update BEST 7.6.1.202 (Windows) Release Notes – Slow Ring
Bitdefender has released version 7.6.1.202 of Bitdefender Endpoint Security Tools (for Windows) on slow ring.
The release notes are available here.
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Bitdefender will be the leader in Extended Detection & Response (XDR)
Datasheet• Consolidates observations and events across the business environment
• Built-in machine learning algorithms for high confidence detections
• Cross-source root cause analysis and context for rapid triage and action
• Guided or automated threat response directly from the platform
At-a-Glance
Bitdefender GravityZone XDR is a cloud-delivered solution built to secure
the entire business environment. The solution provides detection and response
capabilities across an organization’s users and systems, including endpoints, network,
and cloud.
With an easy-to-use interface, GravityZone
XDR is designed to intelligently analyze and automatically correlate and triage security
events from across the organization, resulting in a key set of benefits to
organizations looking to secure complex environments.
Key Benefits
• Comprehensive visibility with easy to
deploy and manage sensors that collect
data from across the organization
• Out-of-the-box automated detection and
triage of alerts based on correlation
and detection algorithms delivered both
locally to the sensor and at the cloud
platform level
• Easy investigation using the Incident
Advisor, a single dashboard highlighting
comprehensive analysis with
recommended automated or guided
response actions
• Rapid response for complete incident
containment executed directly from
within the XDR Platform. This will replace all SOC’s
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Technical Advisory: CVE-2022-30190 Zero-day Vulnerability “Follina” in Microsoft Support Diagnostic Tool
Quick Overview by Bitdefender
On Monday, May 30, 2022, Microsoft issued CVE-2022-30190, a zero-day remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). The first detections in the wild indicate that this vulnerability is triggered remotely from Microsoft Office documents.
This is a critical issue as cybercriminals often choose Office documents as a popular tactic to infect victims with their malicious content. This vulnerability (referred to as “Follina”) only requires users to open a single document and no further interactions are necessary before the system is compromised. The end-user doesn’t even need to open the document in certain situations (document with RTF extension and the preview pane enabled).
A CVE has been assigned by Microsoft, but there is no patch available as of May 31st, 2022. This is a critical issue, as it is not mitigated by disabling macros and Protected View offers only limited protection.
It is important to note that this vulnerability is related to the Microsoft Support Diagnostic Tool (MSDT), not necessarily to Microsoft Office. Office has been used to weaponize this vulnerability in the wild, but it is not needed to trigger this vulnerability. There are also other methods to trigger this vulnerability. There are effectively two vulnerabilities: 1) Microsoft Office template injection trusting the MS-MSDT protocol and 2) the MS-MSDT protocol allowing malicious code execution.
All MspPortal Partners receive notices ASAP on security news
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (O365)
1) Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks
Nearly 60% of all phishing attacks impersonate Microsoft and about half a million Microsoft 365 accounts were compromised in 2021, new data shows.
Barracuda Networks’ telemetry — from from millions of emails it analyzed — shows that in 2021, a little over half of all social engineering attacks came via phishing, and Microsoft was the most-impersonated brand in those attack attempts. Overall, attackers sent 3 million emails from 12,000 compromised accounts, and one in five organizations suffered an account compromise last year.
As a Security Software Distributor of Barracuda there security mail which is by far the best in the industry. Built from scratch using open source. For a very inexpensive dollar amount you could be protected> Call your MSP/Tech firm for pricing and then have them call MspPortal Partners to assist in implementing a secure solution at no additional cost.
1) Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four already. Do you really want to use Chrome or Google period let alone Google Mail
2) Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)
3)Microsoft Releases April 2022 Security Updates (112)
4) Apple Releases Security Updates (its getting worse)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Bitdefender enforces two-factor authentication for all GravityZone Cloud accounts on April 12, 2022 IMPORTANT
Bitdefender enforces two-factor authentication for all GravityZone Cloud accounts on April 12, 2022 (Read More)
Due to a scheduled update, Control Center will be unavailable from 4/12/2022, 8:30:00 PM GMT-07:00 to 4/12/2022, 11:30:00 PM GMT-07:00. Release Notes
Bitdefender has today released version 7.4.10.200020 of Endpoint Security for Mac on slow ring. The release notes are available here (English only).
