Opinion

Top 5 Most Dangerous Cyber Threats in 2024 Must Read article !!

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

Ericka Chickowski, Contributing Writer May 14, 2024

RSA CONFERENCE 2024 – San Francisco – Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multiyear supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year?

At last week’s RSA Conference, Ed Skoudis, president of the SANS Technology Institute, convened his annual panel of SANS Institute instructors and fellows to dig into topics that should be top of mind for cyber defenders for the remaining months of the year.

Security Impact of Technical Debt

The security cracks left behind by technical debt may not sound like a pressing new threat, but according to Dr. Johannes Ullrich, dean of research for SANS Technology Institute, the enterprise software stack is at an inflection point for cascading problems. What’s more, “It affects more and more not only just our enterprise applications, but also our security stack,” he said.

Technical debt is the accumulation of work in software engineering or system design that’s left undone or put off until tomorrow for the sake of getting a minimum viable product up and running today. The debt may be accrued intentionally to optimize for speed or cost reasons, or it could build up unintentionally due to immature software engineering practices. Either way, it tends to raise a ton of cybersecurity risks as the debt grows.

And according to Ullrich, the rising accrual of technical debt combined with the growing complexity of the software supply chain is increasing the profile of this threat vector.

“Even as a developer myself, it is very easy to say, ‘Hey, this new library doesn’t really have any new features and doesn’t fix any security vulnerabilities, so I’m not going to apply that update,” he says. “The problem is that five years from now, after you skip 10 to 15 different incremental updates, then the big security vulnerability hits that library and now you have to work through all of these little quirks that have added up over the years so you can fix it.”

Article (https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024?_mc=NL_DR_EDT_DR_weekly_20240516&cid=NL_DR_EDT_DR_weekly_20240516&sp_aid=123517&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=53519)

In my world of tech support it is happening with 98% of all manufacturers today Microsoft being the leader in my opinion.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Celebrating Barracuda’s 2024 CRN Women of the Channel winners

MspPortal Partners Inc is a large partner of Barracuda and does large investments in tech firms for it 400 plus MSP partners from the East Coast to the West Coast Alaska and Canada service over 4000 companies amongst the 400 plus partners.

Congrats to the ladies below..But in my opinion they failed to mention 2 ladies that are part of the glue that keeps Barracuda alive

Both these ladies are the glue that  run and mange support teams and staff inside the Barracuda organization (West Coast and East Coast)

Kris Louie and Ginger Janukaitis, they both run the folks who answer the phones for support calls and informs the staff who to direct the calls to if need depending the nature of the support call

Today, CRN announced its highly respected Women of the Channel list for 2024. We’re excited to share that a total of six Barracuda team members made the list!

This annual award highlights a list of women who have made significant strides in their respective fields and at their organizations, underscoring their leadership and dedication to promoting continuous innovation and success. This year, six of our very own female leaders have been featured on the list. The honorees include:

Maria Martinez, VP of Channels, North America

Karen Ward, Regional VP, MSP Sales, Americas, Barracuda MSP

Lindsay Faria, Senior Director, MSP Marketing, Americas, Barracuda MSP

Jenna Renaud, Director of National Accounts

Alli Oneal, Senior Manager, Global Partner Programs & Partner Experience

Aisha Eugene, Senior Manager, Partner Enablement, Barracuda MSP

To help get a sense of their roles and responsibilities, we asked these six women about some of their channel-related accomplishments over the last year as well as a few goals that they have for our channel business in the coming months.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

FYI We do have Phishing Training Available..spend the money don’t get malware. Targets O365 and Gsuite which in reality are easy targets

By Bill Toulas March 25, 2024 12:56 PM

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named ‘Tycoon 2FA’ to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.

Tycoon 2FA was discovered by Sekoia analysts in October 2023 during routine threat hunting, but it has been active since at least August 2023, when the Saad Tycoon group offered it through private Telegram channels.

The PhaaS kit shares similarities with other adversary-in-the-middle (AitM) platforms, such as Dadsec OTT, suggesting possible code reuse or a collaboration between developers.

In 2024, Tycoon 2FA released a new version that is stealthier, indicating a continuous effort to improve the kit. Currently, the service leverages 1,100 domains and has been observed in thousands of phishing attacks.

Tycoon 2FA attacks

Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim’s input and relays them to the legitimate service.

“Once the user completes the MFA challenge, and the authentication is successful, the server in the middle captures session cookies,” Skoia explains. This way, the attacker can replay a user’s session and bypass multi-factor authentication (MFA) mechanisms.

Sekoia’s report describes the attacks in seven distinct stages as described below Target :

Stage 0 – Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 1 – A security challenge (Cloudflare Turnstile) filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
Stage 2 – Background scripts extract the victim’s email from the URL to customize the phishing attack.
Stage 3 – Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page.
Stage 4 – This stage presents a fake Microsoft login page to steal credentials, using WebSockets for data exfiltration.
Stage 5 – The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
Stage 6 – Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.

An overview of the attack is described with the diagram below, which includes all the steps of the process.

Evolution and scale

Sekoia reports that the latest version of the Tycoon 2FA phishing kit, released this year, has introduced significant modifications that improve the phishing and evasion capabilities.

Key changes include updates to the JavaScript and HTML code, alterations in the order of resource retrieval, and more extensive filtering to block traffic from bots and analytical tools.

For example, the kit now delays loading malicious resources until after the Cloudflare Turnstile challenge is resolved, using pseudorandom names for URLs to obscure its activities.

Also, Tor network traffic or IP addresses linked to data centers are now better identified, while traffic is rejected based on specific user-agent strings.

Regarding the scale of operations, Sekoia reports that it’s substantial, as there’s evidence of a broad user base of cybercriminals currently utilizing Tycoon 2FA for phishing operations.

The Bitcoin wallet linked to the operators has recorded over 1,800 transactions since October 2019, with a notable increment starting August 2023, when the kit was launched.

Over 530 transactions were over $120, which is the entry price for a 10-day phishing link. By mid-March 2024, the threat actors’ wallet had received a total of $394,015 worth of cryptocurrency.

Tycoon 2FA is just a recent addition to a PhaaS space that already offers cybercriminals plenty of options. Other notable platforms that can bypass 2FA protections include LabHost, Greatness, and Robin Banks.

For a list of the indicators of compromise (IoCs) linked to the Tycoon 2FA operation, Sekoia makes available a repository with over 50 entries.

Article (https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

 

Google’s new AI search results promotes sites pushing malware, scams

Google’s new AI search results promotes sites pushing malware, scams  (Get off Google Chrome)

By Mayank Parmar March 25, 2024 07:32 AM

Google’s new AI-powered ‘Search Generative Experience’ algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.

Earlier this month, Google began rolling out a new feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries for search queries, including recommendations for other sites to visit related to the query.

However, as SEO consultant Lily Ray first spotted, Google’s SGE is recommending spammy and malicious sites within its conversational responses, making it easier for users to fall for scams.
BleepingComputer found that the listed sites promoted by SGE tend to use the .online TLD, the same HTML templates, and the same sites to perform redirects.

This similarity indicates that they are all part of the same SEO poisoning campaign that allowed them to be part of the Google index.

When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site.

In BleepingComputer’s tests, the redirects most commonly lead you to fake captchas or YouTube sites that try to trick the visitor into subscribing to browser notifications.

Browser notifications are a common tactic scammers use to send visitors a barrage of unwanted ads directly to the operating system desktop, even when you’re not on the website.

Once we subscribed to some of the notifications, we began to receive spam with advertisements for tech support affiliate scams, fake giveaways, and other unwanted sites.

In one instance, we received an alert for McAfee antivirus that led to a site claiming our system was infected with ten viruses, urging the visitor to “Scan now to remove viruses” or renew their license.

However, these misleading ads are simply designed to sell McAfee licenses so the fraudsters can earn affiliate commissions.

Finally, and while not as common, BleepingComputer saw some of the redirects pushing unwanted browser extensions that perform search hijacking, and potentially other malicious behavior.

Other scams promoted by the SGE results lead to fake Amazon giveaways that pretend to be loyalty programs giving away an Apple iPhone 15 Pro.

These giveaway scams are used to collect your personal information, which will be sold to other scammers and direct marketers.

Article (https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

 

Microsoft 365 suite is now WARN

I feel so sorry for folks that use O365..most of you are glutton for punishment. They provide no really true US support considering they take you money either monthly or yearly..Unfortunately most Major Firms use O365. think about looking around..careful with O365 for Malware and phishing attacks

Anyway

Some users may be unable to sign into the Microsoft To Do service
Title: Some users may be unable to sign into the Microsoft To Do service User impact: Users may be unable to sign into the Microsoft To Do service. Current status: We’re reviewing network traces to isolate the source of this issue and identify our troubleshooting actions. Scope of impact: Impact may occur for all users when attempting to sign into the Microsoft

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

MspPortal Partners New Product line for MspPortal Partners

Our New Phishing Line Product is like no other, combined with our Spam Filter Product you will have a 99% chance of protecting your network and your clients networks

1) An advanced email threat protection add-in for Microsoft 365 and Gmail.

It enables reporting phishing and other type of threats. Each inbox’s risk profile is unique and this plugin exposes tell tale signs of threats to your security

2) Helps users learn what to look

for using each email as a learning opportunity combined with security awareness training.

3) Addresses, Domains, Email Addresses, words, and other known threat types from different sources.

4) Pushes your endpoint protection even further and helps users better determine a real threat versus legitimate emails.

5) Phishing simulation:

Phishing simulation provides realistic emails to users to see if they react properly. When a user reports a simulated phishing email, it improves the organizations net reporter score Upon failure of a simulated phishing email, the organization can automatically enroll the user in remedial training.

1) MspPortal Partners Complete Email Protection

Backup and recovery for Exchange Online O365, GSuite

SharePoint, OneDrive, and Teams, Unlimited Storage, along with email archiving

2) Protect your business data with enterprise-grade automated Microsoft Office 365 or Gsuite backup for Mail, Calendar, Contacts, Tasks, Groups, Teams, OneDrive, and SharePoint, along with email archiving

 

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

 

 

 

 

 

Microsoft 365 admins warned of new Google anti-spam rules

By Sergiu Gatlan October 8, 2023 11:09 AM

After you read this article you will understand why I do not carry O365 nor Google products in my security lines.
To all MSP’s/ Vars get ready you work load is about to get very heavy supporting you clients

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google’s recent announcement of stricter anti-spam rules for bulk senders.

“By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com,” the Microsoft Defender for Office 365 team said.

“This is especially important when sending bulk email (large volume email), as it helps maintain the deliverability and reputation of your email campaigns.”

Failure to follow newly announced email authentication standards might lead to emails being rejected or tagged as spam.

Microsoft also warned that the Microsoft 365 service should not be used for bulk emailing, as emails not following sending limits will be blocked or sent to special high-risk delivery pools by outbound spam controls built within Exchange Online Protection (EOP).

Those who want to send bulk emails should use their own on-premises email servers or third-party mass mailing providers, which will help ensure good email-sending practices.

Organizations that want to deliver bulk emails through EOP will have to abide by this outbound spam protection guidance:

Exercise caution not to exceed the sending limits in the service by sending emails at a high rate or volume. This includes refraining from sending emails to a large list of BCC recipients.
Refrain from using addresses in your primary email domain as senders for bulk emails, as it may impact the delivery of regular emails from senders within the domain. Instead, consider utilizing a custom subdomain exclusively for bulk email.
Ensure that any custom subdomains are configured with email authentication records in DNS, including SPF, DKIM, and DMARC.
However, Microsoft cautioned that even “following these recommendations does not guarantee delivery. If your email is rejected as bulk, send it through on-premises or a third-party provider instead.”

Redmond’s warning was prompted by Google’s announcement regarding the introduction of new anti-spam guidelines targeting senders of over 5,000 daily emails to Gmail users.

Starting February 1st, 2024, Google will mandate senders exceeding this threshold to implement SPF/DKIM and DMARC email authentication for their domains. This measure aims to bolster defenses against email spoofing and phishing attempts.

Furthermore, bulk senders must provide Gmail recipients with a one-click option to unsubscribe from commercial emails and promptly address unsubscription requests within two days.

As part of these efforts to combat spam, Google said it will also closely monitor spam thresholds and, in cases where abusive bulk senders are identified, it will mark their emails as spam to protect users from unsolicited and potentially harmful messages.

“If you don’t meet the requirements [..], your email might not be delivered as expected, or might be marked as spam,” Google warned.

Article (https://www.bleepingcomputer.com/news/security/microsoft-365-admins-warned-of-new-google-anti-spam-rules/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

I do support UAW folks need fair wages read below

Without employee’s these would go broke. Companies have forgotten fair compensation rules

Amazon Prime Video to include ads in 2024 — unless users pay $2.99 a month to get rid of them
Are you serious they already get paid from advertisers, now they want us to pay them also..personally if it went to the employees and drivers I would have no problem paying the fee

Costco exec says membership fee increase question of ‘when, not if’
I know what I pay annually and the membership is not cheap..again I have no issue in paying more if it was given to the employees equally
Working at Costco isn’t typically considered a sustainable career, but the company has better wages and benefits than some of its competitors. According to ZipRecruiter, the average hourly pay for a Costco employee in the U.S. is $20.52 per hour, or $42,688 per year, which is about the same as a teacher’s.

What is the point of a CC lock if the bank does not include card lock won’t affect autopsy transactions; Way to many industries make it nearly impossible to shut down auto pays example from the 90’s was Symantec and McAfee
.
We are all customers of the banks they make 2-3% on every transaction. contact your bank and ask to have the auto lock apply to all transactions. This is a big bone of contention with me

Which Issuers Offer a Credit Card Lock?
Most major credit card issuers offer credit card locks or freezes. They include:

American Express. American Express allows for a seven-day card freeze.

Capital One. You can instantly lock your credit card on Capital One’s app. The card can still accept returns, credits and dispute adjustments during the lock, and some payments are exempted.

Chase. The company allows customers to block new purchases, cash advances and balance transfers made with the physical card or card number. Digital wallet purchases are still allowed, and the card lock won’t affect autopay transactions, credits or fees. If someone tries to make a purchase on a blocked card, Chase will notify the cardholder by email. BIG UNDERWRITER OF CREDIT CARDS, SOUTHWEST, AMAZON. big offender

Citi. The lock/unlock feature on the Citi Mobile App allows cardholders to block new, nonrecurring charges.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.
Elizabeth Montalbano Contributor, Dark Reading (August 22, 2023)

Roy Comment great article way to many firms are using “Terms and Conditions on there web sites to try and avoid litigation” Microsoft is a great example, I can name many others that I come in contact with, another example is RackSpace totally hosed the mail world with there security breach Dec 2022. All firms need to be held accountable/and financially for security breaches

A nationwide class-action suit filed against Progress Software in the wake of the massive MOVEit breach could point to additional litigation against software companies whose vulnerable applications are exploited in large-scale supply chain attacks, a legal expert says.

Progress faces claims of negligence and breach of contract, among others, in five nationwide class-action lawsuits filed by consumer-rights law firm Hagens Berman after the Cl0p ransomware gang exploited a critical zero-day flaw in its MOVEit managed file transfer application.

The attack has affected both multinational, high-profile million- and billion-dollar organizations — Shell Oil and British Airways among them — as well as smaller organizations both public and private who deploy MOVEit to exchange sensitive data and large files both internally and externally.

Environments that had vulnerable versions of the software installed exposed sensitive personally identifiable information (PII) of customers, including names, Social Security numbers, birth dates, demographic information, insurance policy numbers, and other financial information.

Hagens Berman claims that in all, Progress has compromised the sensitive personal information of more than 40 million people, and promises that more class actions are on the way as more of the 600 affected organizations come forward.

The suits claim that Progress failed “to properly secure and safeguard personally identifiable information,” thus exposing plaintiffs to “a current and ongoing risk of identity theft” as well as invasion of privacy, financial costs, loss of time and loss of productivity, according to a court filing. Moreover, they face a continued risk that their private information will be misused by criminals.

Depending on how the case proceeds, it could set further precedent for the liability of software providers if and when they fail to fix vulnerabilities in their products before attackers can exploit them and cause data, financial, and other losses for their customers.

Article (https://www.darkreading.com/attacks-breaches/software-vendors-may-face-greater-liability-in-wake-of-moveit-lawsuit?_mc=NL_DR_EDT_DR_weekly_20230824&cid=NL_DR_EDT_DR_weekly_20230824&sp_aid=117842&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=49587)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft 365 outage blocks access to web apps and services

By Sergiu Gatlan April 20, 2023 10:24 AM

My Comments:
Why do you folks put up with Microsoft?? If you want to safe guard your clients information at least use MspPortal/Barracuda product called Total Mail Protection, save it off the Microsoft Network wholesale pricing is very inexpensive but call for pricing

Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps like Excel Online and online services.

The list of affected services includes Microsoft 365 suite, Exchange Online, SharePoint Online, Yammer Enterprise, Planner, Microsoft Teams, Microsoft 365 for the web, and Project for the web.

According to reports, customers are experiencing problems when trying to sign into their accounts and will see that no web apps are available once in.

“We’re investigating access issues with Microsoft 365 Online apps and the Teams admin center. Further information can be found under OO544150 within the Microsoft 365 admin center,” the company tweeted earlier today.

“Users may be intermittently unable to view or access web apps in Microsoft 365. We’re reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan,” the admin center incident report says.

In some cases, a banner displayed at the top of the screen asks “new” users to reach out to their IT department to help with the issue.

“New to Microsoft 365? This is your Microsoft 365 home page where you can see and access all of your apps. If it’s empty, it could be that your user license was very recently assigned to you,” the notification reads.

“Wait 10 minutes and refresh this page. If you still don’t see any apps, contact your IT department. They can help you get up and running.”

We’re investigating access issues with Microsoft 365 Online apps and the Teams admin center. Further information can be found under OO544150 within the Microsoft 365 admin center.
— Microsoft 365 Status (@MSFT365Status) April 20, 2023

According to the latest updates provided by Microsoft in the admin center, the out was caused by caching infrastructure performing below acceptable performance thresholds and leading to timeout exceptions.

“Analysis of diagnostic data has identified an unusually high number of timeout exceptions within our caching and Azure Active Directory (AAD) infrastructure. We’re working to isolate the cause of these exceptions whilst identifying steps to remediate impact,” Microsoft said.

Until this Microsoft 365 outage is addressed, users can access applications through direct URLs. Microsoft provides the following examples:

Microsoft 365 Admin Center – admin.microsoft.com
Outlook – outlook.office.com
Microsoft Teams – teams.microsoft.com
Word Online – microsoft365.com/launch/word
Excel Online – microsoft365.com/launch/excel

Another outage took down multiple Microsoft 365 services in January after a router IP address change caused packet forwarding issues between routers in Microsoft’s Wide Area Network (WAN).

Services affected by the January 2023 outage included Microsoft Teams, Exchange Online, Outlook, SharePoint Online, OneDrive, the Microsoft 365 Admin Center, Microsoft Graph, Microsoft Intune, and several Microsoft Defender products.

Update April 20, 13:23 EDT: Microsoft is investigating high CPU usage impacting infrastructure processing back-end navigation feature APIs.

Until the outage is resolved, customers can access the Microsoft 365 admin center via http://admin.microsoft.com.

We’re investigating high CPU utilization on the components which process back-end navigation feature APIs. Further details are under MO544165 in the admin center. As the admin center currently does not appear within the Waffle, use https://t.co/EdTvCQNMih to access the service.
— Microsoft 365 Status (@MSFT365Status) April 20, 2023

Link (https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-blocks-access-to-web-apps-and-services/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”