Opinion

UPDATE 1-Amazon.com’s Ring gave police data without user consent 11 times in 2022

WASHINGTON, July 13 (Reuters) – Amazon.com’s Ring doorbell unit, which makes videos of the outside of an owner’s home, gave footage to law enforcement without the user’s consent 11 times so far this year, the company said.

Amazon said it provided the video under emergency circumstances. Senator Edward Markey, a lawmaker interested in privacy, on Wednesday released a letter from Amazon on the topic that was a response to his inquiry to the company.

“In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay,” wrote Brian Huseman, vice president of public policy for Amazon.

The company also said that it had 2,161 law enforcement agencies on its Neighbors Public Safety Service, which allows police and others to ask Ring owners for footage.

“Increasing law enforcement reliance on private surveillance creates a crisis of accountability,” Markey said in a statement.

Amazon’s Ring said in a statement that it followed the law.

“The law authorizes companies like Ring to provide information to government entities if the company believes that an emergency involving danger of death or serious physical injury to any person, such as a kidnapping or an attempted murder, requires disclosure without delay,” the company said in a statement.

In the letter, Huseman declined to specify when Ring technology can capture audio and how sensitive the audio recordings are. Users can easily disable audio.

He also declined to pledge to make end-to-end encryption the default for Ring data. End-to-end encryption is available although it would disable some features.

Markey said that he was concerned that Amazon and other tech companies would begin using biometric data in their systems and noted that he and others had introduced a bill aimed at restricting law enforcement access to such information. Hold Your Breath
(Reporting by Diane Bartz; Editing by Cynthia Osterman)

In closing you might want to remove SPYING DEVICES this is one of them

Microsoft has revealed that this week’s Microsoft 365 worldwide outage

By Sergiu Gatlan June 22, 2022 07:23 AM

Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions.

Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services.
Microsoft reveals cause behind this week’s Microsoft 365 outage

According to Microsoft, problems encountered during the incident included delays and failures when accessing some Microsoft 365 services.

Customer reports also shared info on continuous re-login requests, emails not getting delivered after being stuck in queues, and the inability to access Exchange Online mailboxes despite trying all available connection methods.

The affected services included the Microsoft Teams communication platform, the Exchange Online hosted email platform, SharePoint Online, Universal Print, and the Graph API.

Microsoft’s response while investigating the root cause behind the outage also brought to light some issues related to how the company fails to share new incident-related info with customers.

Even though Microsoft told customers they could find out more about this incident from the admin center under EX394347 and MO394389, user reports suggest that those incident tickets were not showing up, effectively keeping the customers in the dark.

This is the reason we will not sell O365..We do not want to support the product. MspPortal Partners has a relationship with RackSpace hosting email, we have a 99.9 uptime..nothing is perfect but we/RackSpace is far superior to O365

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

CISA say beware and alert with Goolge and Microsoft

Google-

CISA Recommends Organizations Update to the Latest Version of Google Chrome
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
CISA: Flaws Allow Attackers to Take Control of Affected Systems

The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser.

In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).

Microsoft Releases June 2022 Security Updates
06/14/2022 02:53 PM EDT

Original release date: June 14, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

iPhones Open to Attack Even When Off, Researchers Say

Wireless chips that run when the iPhone iOS is shut down can be exploited.
By Dark Reading Staff

Bluetooth, near-field communication (NFC) and ultra-wideband (UWB) operate when iPhone’s iOS system is shut off, meaning even powered-down devices are vulnerable to attack.

New research from the Technical University of Darmstadt in Germany examined the chips that enable the “Find My” functions and allow users to access banking and identification information even when the device is in low-power mode. This access also has the unintended consequence of leaving the device open to attack, even though the user might think the iPhone is offline and secure. according to the team’s paper, entitled “Evil Never Sleeps.”

“On recent iPhones, Bluetooth, near field communication (NFC), and U=ultra-wideband (UWB) keep running after power off, and all three wireless chips have direct access to the secure element,” the paper states. “As a practical example what this means to security, we demonstrate the possibility to load malware onto a Bluetooth chip that is executed while the iPhone is off.”

That said, exploitation is far from simple, requiring several steps and the use of known bugs like BrakTooth, the researchers explain.

Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

 

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

A vulnerability chain discovered in Zoom’s chat functionality can be exploited to allow zero-click remote code execution (RCE), threat hunters have revealed.

Google’s Project Zero uncovered an attack path that would allow cyber adversaries to silently force a victim to connect to a man-in-the-middle (MitM) server — no user action needed. From there, attackers can intercept and modify client update requests and responses in order to send the victim a malicious update, which will automatically download and execute, thus allowing RCE.

Article

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

CISA and DoD Release 5G Security Evaluation Process Investigation Study

CISA and DoD Release 5G Security Evaluation Process Investigation Study
05/26/2022 09:00 AM EDT

2.3 5G Threat Landscape
A key input to any security risk assessment is threat analysis. The 5G system model supports
depiction of the attack surface for the investigation. There are numerous threat frameworks such as
those offered by MITRE ATT&CK® [5]; the European Union Agency for Cybersecurity’s (ENISA) 5G
Threat Landscape [6]; the Threat Modeling Framework for Mobile Communication Systems [7];
3GPP’s Security Assurance Specifications (SCAS) and Technical Specification (TS) 33.501 [8];
publications released by the Federal Communications Commission (FCC) Communications Security,
Reliability, and Interoperability Council VII (CSRIC) [9]; 5G Enablers for Network and System Security
and Resilience (ENSURE) [10]; and the GSM Association’s (GSMA) Security Manual [11]. The study
team examined these resources as well as threat analyses conducted by 3GPP and a paper on
potential 5G threat vectors published by the Enduring Security Framework’s 5G Threat Model
Working Panel [12]. Figure 3 shows some of the threats to the 5G subsystems that were extracted
from these sources. Some of the threats such as eavesdropping, theft of user data, or user location
tracking may impact integrity and confidentiality of user data as well as service availability to
individual users. Other threats may impact local or regional network, application, or service availability
(e.g., denial of service [DoS] or Distributed DoS [DDoS] attacks, misconfigured or compromised
virtualization platforms or network functions, vulnerable components [supply chain threats], or
physical attacks on edge computing components), with follow-on effects on the confidentiality,
integrity, and availability of 5G services and applications for enterprises relying on 5G for their
missions

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

5G_Security_Evaluation_Process_Investigation_508c

MSP’s beware of world economics

It has come to my attention that a lot of “RMM Firms are trying to buy your business on 1 year special pricing vs monthly sort of like what Microsoft proposed for O365  pricing. Most of the these firms are scrambling to stay in business

As a distributor of security software I changed this model around to monthly without a contract 12 year ago. In the case of MspPortal Partners we can flex on accounts receivable against our accounts payable.

If any of you can remember the dot com bubble 2000, or Financial Market crash 2008, I know personally it seemed we received weekly bankruptcy notices from firms going out of business. Just review the business community they are laying off or cutting back hiring

If you can provide your clients “Flex Power” to grow and retract on the fly, your business will continue to grow now and into the future

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace,  Axcient
“Where Service and Technical Skills Count”

Important: Microsoft 365 – Term and Prices Announcement

As a Security Provider of Security Software by Rackspace be aware Microsoft will be reaching into your pocketbook  (Wrong) MspPortal Partners refuses to sell O365.

Rackspace offers a Standalone  or Hosted mail server and at MspPortal Partners monthly  and no contract pricing.

We previously shared an announcement about changes to the Microsoft 365 CSP experience regarding the enforcement of annual-commit subscription terms, price increases on select products, and a premium charge for monthly-commit licenses. Microsoft is now enforcing annual commitments which historically they have not enforced, and they have created an offer for monthly-commitment options but with a premium charge.

This communication serves as a reminder that monthly-commit licenses will receive a price increase due to the pricing premium from Microsoft for monthly adjustment flexibility. As required by Rackspace’s agreement with our Customers, this communication serves as your 45-day notice that Rackspace will begin to pass Microsoft’s price increase through to our customers on July 1, 2022, per the terms of our agreement.

Microsoft is currently not allowing terms to change from monthly to annual commitments. However, we are working closely with Microsoft to provide an option to allow our customers to switch to annual licenses prior to July 1 to avoid the monthly premium should they wish to do so. Please continue to monitor the control panel where you manage licenses, as we will enable this feature via the control panel once we come to a resolution with Microsoft.

In the initial announcement, we announced Microsoft’s price increases on six products, reflected on invoices as of April 1 with pricing as follows (annual-commit pricing, per user/per month):

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (O365)

1) Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks
Nearly 60% of all phishing attacks impersonate Microsoft and about half a million Microsoft 365 accounts were compromised in 2021, new data shows.

Barracuda Networks’ telemetry — from from millions of emails it analyzed — shows that in 2021, a little over half of all social engineering attacks came via phishing, and Microsoft was the most-impersonated brand in those attack attempts. Overall, attackers sent 3 million emails from 12,000 compromised accounts, and one in five organizations suffered an account compromise last year.

As a Security Software Distributor of Barracuda there security mail which is by far the best in the industry. Built from scratch using open source. For a very inexpensive dollar amount you could be protected> Call your MSP/Tech firm for pricing and then have them call MspPortal Partners to assist in implementing a secure solution at no additional cost.

1) Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four already. Do you really want to use Chrome or Google period let alone Google Mail
2) Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)
3)Microsoft Releases April 2022 Security Updates (112)
4) Apple Releases Security Updates (its getting worse)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

 

More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it.

A new study shows that in 2021 more organizations experienced at least one successful email-based phishing attack than the year before. There were also more opportunistic and targeted phishing attacks last year compared with 2020, as well as phishing attacks involving ransomware and business email compromise (BEC).

Researchers recently analyzed data from a survey of 600 IT and security professionals and another survey of 3,500 employees from seven countries, including the US, UK, France, Germany, and Australia. The researchers also analyzed data gathered from some 100 million simulated phishing attacks and more than 15 million emails that end users reported as being suspicious.

Seventy-eight percent of organizations experienced a ransomware attack in which a phishing email was the initial infection vector. Seventy-seven percent reported a phishing-related BEC incident — an 18-point increase from 2020. Overall, 12% more organizations reported being victims of an indiscriminate or opportunistic phishing attack, while organizations reporting more targeted spear-phishing and BEC attacks went up 20%.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender and Barracuda Distributor for Msp’s
“Where Service and Technical Skills Count”