Security

This update is a direct message from Roy Miehe, CEO of MspPortal Partners, addressing Managed Service Providers (MSPs). Here are the key points covered:

1. **Beware of AI Technology**: Roy warns MSPs about the rapid advancements in AI, particularly its ability to simplify tasks like writing PowerShell scripts. While this may seem like a positive development, the implication is that AI could affect the income of MSPs by automating tasks that once required specialized skills.

2. **Limited Product Recommendations**: The message advises MSPs to focus on a small selection of essential cybersecurity products, which MspPortal endorses:
– **Firewall**: Meraki is recommended as a reliable, moderately priced solution compared to Palo Alto Networks.
– **Antivirus/Malware Detection**: Bitdefender is praised for being a leader in malware detection.
– **Spam Detection**: Barracuda is recommended for spam detection and remote monitoring solutions.
– **RMM (Remote Monitoring and Management)**: Barracuda’s RMM solution is suggested as a reliable, long-standing option.
– **Anti-Phishing Training**: Phishing Box is suggested as a trusted provider for large corporations.

3. **Cost Efficiency**: MspPortal claims that all these services can be bundled for under $6.50 per month, with flat-rate pricing and no contracts, making it an affordable solution for both workstations and servers.

4. **Support and Expertise**: MspPortal offers 24/7/365 support at no extra charge, with a team that brings 30 years of experience in the industry. The emphasis is on service and technical skills, which they believe will help MSPs survive in the evolving tech landscape.

The message is a call to action, encouraging MSPs to adapt to the changing landscape, focus on essential services, and trust in MspPortal’s offerings to keep their businesses profitable.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

CISA Warns of Hurricane-Related Scams

CISA Warns of Hurricane-Related Scams
09/25/2024 08:00 AM EDT

CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity:

1) Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,

2) Consumer Financial Protection Bureau’s Frauds and scams, and

3) CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.

MspPortal Partners provides a solution that works with the Fortune 500 firms (PhishingBox) the best in the business.
If you are a partner with MspPortal Partners we will set up a full admin panel so you can protect your clients.

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus , Plus Bonus

By Guru Baran –
September 23, 2024

The Infection Chain Of The RansomHub Utilizing EDRKillShifte (This makes me nervous for for weak Networks and great Security Products in place)

“The EDRKillShifter tool functions as a “loader” executable, serving as a delivery mechanism for a legitimate driver that is susceptible to abuse to terminate applications related to antivirus solutions”, researchers said.

The RansomHub ransomware exploits the Zerologon vulnerability (CVE-2020-1472). Researchers said that if left unpatched, it might allow attackers to take over a whole network without requiring authentication.

In a particular instance, RansomHub used for batch script files—named “232.bat,” “tdsskiller.bat,” “killdeff.bat,” and “LogDel.bat”—as a form of evasion.

232.bat turns off Windows Defender’s real-time monitoring capability and uses a brute-force attack method called password spraying.

A batch script called tdsskiller.bat is used to disable antivirus software. Killdeff.bat uses advanced methods to hide notifications and enable or disable Windows Defender’s functionality, including obfuscated inline expressions, environment-variable readings, and conditional logic.

Article (https://cybersecuritynews.com/ransomhub-edr-antivirus-bypass/)

Must Read Article
Kaspersky deletes itself, installs UltraAV antivirus without warning: UltraAV force-installed on Kaspersky users’ PCs
By Sergiu Gatlan
September 23, 2024 01:16 PM
Article (https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/)

FBI-Alert Number I-011822-PSA Public Announcement Cybercriminals Tampering with QR Codes

FBI-Alert Number I-011822-PSA Public Announcement

Cybercriminals Tampering with QR Codes to Steal Victim Funds

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction. However, a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.

While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.

PS: Follow up on CrowdStrike if you are a tech, you will understand this: In this case was a bad SYS file..Since most and CTO’s should know this CrowdSrike has full access to your system (like most AV firms) since everything is cloud based, do you understand how easily CrowdStrike could be compromised. I would think long and hard before adding or for that matter keeping CrowdStrike in my security rollout/arsenal. Ask for a refund and get a good product, not a Wall Street Darling. This is my personal opinion since I have been in the AV industry for 30 years

FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data

Dark Reading Staff, Dark Reading
September 18, 2024
My personal opinion all software providers should be held liable, the claim to hide behind EULA’s

Couple come to mind: Crowd Strike, Microsoft, Cloud Flare, FaceBook, Most RMM Systems (https://cloudstatus.mspportalpartners.net/)

The Federal Communications Commission fined AT&T $13 million and ordered it to tighten up its privacy and security practices in the wake of a catastrophic third-party compromise.

The commission also used its authority under the Communications Act of 1934 to extend consumer protections to the cloud, finding AT&T failed to maintain proper oversight of a third-party provider.

That vendor, data warehousing provider Snowflake, reportedly was compromised in January 2023, exposing a host of organizations’ sensitive data, among them AT&T’s. In the weeks that followed the breach, AT&T acknowledged “nearly all” its customers were affected by exfiltrated call and text records, phone numbers, and other personally identifiable information.

Following an investigation, the FCC ruled on Sept. 16 that Snowflake should have been required to “destroy or return” the information years prior to the incident, and finding AT&T responsible for failing to appropriately protect its customer data.

ArticleATT Fined 13 million (https://www.darkreading.com/cybersecurity-operations/fcc-att-did-not-protect-cloud-data?_mc=NL_DR_EDT_DR_weekly_20240919&cid=NL_DR_EDT_DR_weekly_20240919&sp_aid=125812&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=55121)

“Should MSPs manage antivirus (AV) products separately from RMM software?

Improved Prompt Example: “Should MSPs manage antivirus (AV) products separately from RMM software? Many MSPs and CTOs try to manage everything in one platform, but I believe this leads to reduced quality in both support and security. RMM software was designed for remote management, but investor pressure has caused it to integrate AV products, which leads to issues like lack of third-level support.Along misconfiguration

A recent Crowdstrike issue involving a sys file was worsened by delivery mechanisms from Microsoft and Cloudflare. EULAs are often written to discourage lawsuits rather than compensate users for developer errors.

As a distributor of security products like Bitdefender and Barracuda, MspPortal Partners provides comprehensive support. We believe in training partners properly to manage AV and Mail solutions effectively, and our 24/7 support service sets us apart.”

Market share held by the leading computer (desktop/tablet/console) operating systems worldwide from January 2012 to February 2024

Long Short if the statics are correct 68.15 percent of the world uses Microsoft OS’s

Published by
Ahmed Sherif,
May 22, 2024

Microsoft’s Windows is the most widely used computer operating system in the world, accounting for 68.15 percent share of the desktop, tablet, and console OS market in February 2024. Apple’s macOS ranks as the next most widely used operating system, while its iOS mobile operating system, the standard installation on all iPad devices, ranks fourth. Linux OS versions serve as the primary option for users who prefer open-source software and intend to avoid the influence of major OS developers.
Operating Systems

Operating systems serve as the underlying platforms which connect computer hardware and software. They provide users with the graphical interface through which they issue commands and perform tasks on electronic devices. Billions of people make use of these devices and their operating systems on a regular basis, meaning that the companies that develop these widely used technologies have a great deal of influence on the daily lives of internet users around the world. Although Microsoft Windows is the clear leader in terms of desktop operating systems,

Article
(https://www.statista.com/statistics/268237/global-market-share-held-by-operating-systems-since-2009/)

Which we are and still are dealing with having even more security issue’s because the CrowdStrike debacle
Based upon what I do for a living I see more Large Mega Cap Firms down to SMB firms struggling more then ever before.

Personally some attorney with a class action filed should request a huge Liquidated damages (LDs): Which is a sum of money specified in some contracts that are to be paid by one party to another as compensation for intangible losses.

Hopefully this will put huge firms like Crowdstrike, Microsoft, Cloudflare all on notice,if you are going to take money from clients/enduser you are responsible for damages and please do not try to hide behind a EULA..I still have not heard back about how many techs Crowdstrike or Microsoft were sending over to Delta Airlines,considering each machine had to be touched and continue to be touched since you cannot write a Power Shell Script nor remote to a machine, that is Blue Screened (BOD). There has been a lot of LIP SERVICE

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count

Continued from July 19th 3 Cause’s of the Crowdstrike down in reality

Keep in mind this is my personal opinion..please prove me wrong if you can.

3 Cause’s of the CrowdStrike down
1) Bad Developer file uploaded/downloaded
2) Microsoft Software runs the operating systems sort of like a monopoly, we all know it in reality it is.
3) Distribution of software via Cloudflare

Keep in mind this is my personal opinion..please prove me wrong if you can.

I read something today that shocked me. CloudStrike was going pay techs globally $10.00 coffee vouchers to remove sys file issue. I work with four hundred plus tech firms through out the US I have never heard of a computer Tech working for a $10.00 coffee voucher.
Normal Tech rates run from entry level $50.00 to $500.00 a hour.

(Bloomberg) — Microsoft Corp. said Delta Air Lines Inc. turned down repeated offers for assistance following last month’s catastrophic system outage, echoing claims by CrowdStrike Holdings Inc. in an increasingly contentious conflict between the carrier and its technology partners.
Now I am not a strong proponent of Ed Bastien (to full of himself) nor do I fly Delta.

If read/sift through all the garbage it really was all 3 firms that caused the outage.
No matter what OS Delta was running, Windows, Apple, Linux, The Falcon Platform runs on all 3. So in my opinion Delta does deserve the money for the down time.

Even thou in my opinion Mark S Cheffo when :“Even though Microsoft’s software had not caused the CrowdStrike incident, Microsoft immediately jumped in and offered to assist Delta at no charge,” I did not hear they were going to fly Techs to fix all Delta’s machines, for that matter globally let alone Delta

When does a end user or SMB company ever able to talk to Microsoft Support and receive a response within a reasonable amount of time?

So right now I see 2 parties at fault (Microsoft & CroudStrike)
But there is a 3rd party involved, CloudFlare, have you ever asked yourself what they do:Protecting it from online threats and optimizing performance there web Site.

Cloudflare is a company that provides services like content delivery network (CDN), cloud cybersecurity, DDoS mitigation, Domain Name Service (DNS), and domain registration. They help improve website speed, security, and reliability by acting as a mediator between a website’s server and its visitors, protecting it from online threats and optimizing performance.

Cloudflare
American internet infrastructure and website security company
cloudflare.com

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare’s headquarters are in San Francisco, California. According to The Hill, Cloudflare is used by more than 20% of the Internet for its web security services, as of 2022. Wikipedia

Now all this is my opinion but should help create and finish a Class Action Law Suit, all 3 need to named as defendants.

Last Pay Your developers and Tech Support folks more money, Take it out of the C-Levels paychecks/bonuses. It appears that most firms have forgotten with out staff the company would be nothing.

Windows update may present users with a BitLocker recovery screen

Posted: July 25, 2024 by Pieter Arntz

Some Windows users may see a BitLocker Recovery screen after applying the Microsoft patch Tuesday updates. BitLocker is a Windows security feature that encrypts entire drives. It prevents someone that has obtained a stolen or lost device from reading the files stored on that drive.

Unfortunately, though, Microsoft launched an update this month that has caused problems for some Windows systems. Without telling the public what, exactly, has gone wrong, Microsoft provided some details about what might happen on the Windows release health dashboard.

Affected systems are running Windows 10 and 11 or one of the server versions (Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.). And the affected systems are very likely to have Device Encryption enabled.

You can find out if you have Device Encryption enabled by looking at:
Settings
Privacy & Security
Device encryption

If Device encryption doesn’t appear under Privacy & Security, it isn’t available for your system.

Under normal circumstances you wouldn’t see the BitLocker Recovery screen unless you enter the wrong PIN too many times or when you’ve made some hardware or firmware changes.

If you are affected by this faulty update, you will be presented with a screen similar to this one when you boot the system.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

CrowdStrike Blames Crash on Buggy Security Content Update

It is amazing that a security company would even make this type of comment.
They are a Wallstreet “darling” CrowdStrike Response & Mitigation Continues, this will go on for a longer period of time then affected companies will disclose publicly.

CrowdStrike remains in the hot seat — quite literally, as the company’s CEO George Kurtz has been called on to testify before Congress about the incident — and has considerable work to do to salvage its reputation in the wake of the incident

Personally I believe the next shoe to fall will be Sentinel One also wall street traded

A buggy “security content configuration update” to CrowdStrike’s Falcon sensor, which is aimed at gathering telemetry on novel threat techniques for Windows, has been confirmed as the root cause of the problem that crashed computers around the world on July 19, and is still having an impact on global IT teams, the vendor says.

Personal opinion
Uninstall and cancel your agreement with Crowdstrike strike 2 with the current CEO
If a Class action lawsuit is actually filed join in at least try to recoup some of your losses.
In todays world of Antivirus/Malware there is only one product that allows full control of your environment

Lead Article=Elizabeth Montalbano, Contributing Writer

https://www.darkreading.com/endpoint-security/crowdstrike-crash-buggy-security-content-update?_mc=NL_DR_EDT_DR_weekly_20240725&cid=NL_DR_EDT_DR_weekly_20240725&sp_aid=124803&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=54465