Security

Microsoft to deprecate WSUS driver synchronization in 90 days BEWARE FOLKS

By Sergiu Gatlan January 24, 2025 03:13 PM

Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now.

The company first announced the deprecation in June 2024, when it also encouraged customers to adopt its newer cloud-based driver services.

“If you’re using driver synchronization updates via Windows Server Update Services (WSUS), prepare for change. This service is scheduled for deprecation on April 18, 2025,” Microsoft said on Friday. “For on-premises contexts, drivers will be available on the Microsoft Update catalog, but you won’t be able to import them into WSUS.

“You’ll need to use any of the available alternative solutions, such as Device Driver Packages, or transition to cloud-based driver services for your organization, such as Microsoft Intune and Windows Autopatch,” the company added.

Redmond also announced in September that WSUS had been deprecated but that it plans to continue publishing updates through the channel and maintain all existing capabilities.

This came after WSUS was listed on August 13 as one of the “features removed or no longer developed starting with Windows Server 2025.”

“Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS,” Microsoft’s Nir Froimovici said at the time. “However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.”

Introduced almost two decades ago, in 2005, as Software Update Services (SUS), WSUS allows IT admins to manage and distribute updates for Microsoft products across corporate networks with large numbers of Windows devices.

WSUS provides centralized control over updates rather than having each endpoint download them from Microsoft’s servers.

After its deprecation, Microsoft encourages enterprises to adopt cloud-based solutions for client and server updates, such as Windows Autopatch, Azure Update Manager, and Microsoft Intune.
Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-to-deprecate-wsus-driver-synchronization-in-90-days/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Microsoft Bets Office Subscribers Will Pay 30% More for AI Tools

By Matt Day, Bloomberg News
January 16, 2025 at 3:41PM EST

My opinion try calling Microsoft for support good luck..they might speak English if you need that language. Let alone being able to solve your issue. Oh how about keeping O365 mail going today alone 497 servers 7 hour ago were down..and they want you to pay more money..its all cloud based so they can gather more information about you..try to keep the spying down to a dull roar Microsoft..You know there are alternatives.

Look at LibreOffice..little work but may be well worth it

(Bloomberg) — Microsoft Corp. is raising the price of its package of Office apps for consumers, a bet that subscribers will be willing to cough up more for access to new artificial intelligence tools.

The Microsoft 365 family subscription, which offers access to Word, Excel and other apps for as many as six people, will now cost $130 a year, a 30% increase, the company said in a blog post Thursday. The version for individuals is rising 43% to $100. The price changes take effect immediately for new subscribers and will affect existing ones when they renew.

The increase is an attempt to wring more revenue from the company’s existing customer base and help justify the tens of billions of dollars it’s spending to develop and operate pricey AI services. The Redmond, Washington-based company, which has partnered with startup OpenAI, is infusing its product lineup with AI tools capable of analyzing documents and generating text and images.

A spokesperson said it was the first price increase for the software bundle – launched as Office 365, but now called Microsoft 365 — in 12 years. “These changes bring the transformative power of AI to the personal productivity tools that millions of people use every day,” Bryan Rognier, a company vice president, said in the blog post.

Rognier said the company has also made “countless enhancements” to the core Office apps and introduced such services as antivirus protection and image- and video-editing tools.

Microsoft previously tested the price hikes in Australia, Singapore and other Southeast Asian markets. They were controversial.

“It’s very annoying, and frankly I’m considering simply canceling entirely and just using Google Docs in the future,” said Daniel Burke, an independent game developer in Australia.

Burke and other users discovered that when they tried to cancel their subscriptions, Microsoft revealed a previously hidden option called Microsoft 365 Classic that rolled back the price increase and new AI features.

Microsoft spokespeople told reporters that the limited rollout gave the company a chance “to listen, learn and improve,” a phrase Rognier repeated in Thursday’s blog post. He said customers in markets now getting the price hike will also be able to opt in to a web- and mobile-based variant, called Basic, or, for a “limited time,” versions of the apps under the Classic brand. Neither option will include the AI services.

“Companies like Microsoft have spent so much on building AI up that now they need to force it on people,” said Kate Littlejohn, an Australian teacher and university tutor who requires the Office apps for her job. “I’m relieved that I found a way to opt out, but it shouldn’t be so difficult.”

John Bennetts, an Australian retiree who uses Office for email, word processing and the occasional spreadsheet, paid up.

“Habit makes me pay up and stay,” he said. “So I keep paying Microsoft and others, though I probably should not.”

–With assistance from Dina Bass.

(Updates with price increase criticism beginning in the seventh paragraph.)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count

As I reported earlier Bitdefender MDR is still not ready for Prime Time

If you are Partner with my firm MspPortal Partners will will keep you informed and do a hands on setup for you..

This is now posted on the splash page when you login to Gravity Zone

As you all know I am a strong supporter of Bitdefender but are lacking Developers to make MDR a reality, it all the same products as in Gravity Zone..MDR runs hooks into Gravity Zone..( It is the best possible product to run to protect you clients

Requirements

For a company to enroll others:

The company type must be a Partner.
The company must have all the add-ons and services included in the product trial available for resell.

For a company to be enrolled:
The company type must be a Customer.
The company must be directly managed or using the same license as the company that wants to enroll them.
The company must not have all add-ons and services included in the trial enabled for own use.
The company must be using a monthly subscription, and the Endpoint Security product type.
The company must use the A la carte protection model.
Important
Additional restrictions may apply. If you meet all the trial requirements but are unable to access the feature, contact MspPortal Partners your Partner (mdr@mspportal.net if your interested in finding out more information).
The MDR Product Trial feature will be released in stages and has limited availability at the moment. Check the release notes for news and updates.

Microsoft Is Forcing Its AI Assistant on People—and Making Them Pay

Microsoft is trying a new approach to build excitement for its artificial-intelligence assistant Copilot: Give it to customers whether they want it or not.

The tech company recently added Copilot to its consumer subscription service for software including Word, Excel and PowerPoint in Australia and several Southeast Asian countries. Along with the AI feature, it raised prices for everyone who uses the service, called Microsoft 365, in those countries.

What about people who don’t want to pay for an AI assistant to spruce up their documents and summarize emails? They are out of luck.

Alistair Fleming uses Word to write scripts for his YouTube channel about 1990s Japanese wrestling. The Australian noticed that every time he finished a line, Copilot’s rainbow logo would pop up on screen and ask if it could help with his writing.

“It was very keen to be used, and this was irritating to me as a user,” Fleming said.

Fleming also noticed his monthly bill for 365 increased to 16 Australian dollars from A$11.

Some users said on social media that Copilot pop-ups reminded them of Clippy, Microsoft’s widely derided Office helper from the late 1990s, that would frequently offer unsolicited help.

A Microsoft spokesman wouldn’t comment on the strategy behind the forced addition of Copilot in certain regions and whether the company plans a similar approach in other markets.

The change demonstrates the lengths to which Microsoft is going to try to profit from its huge investments in AI. Copilot, which is built with technology from OpenAI, is a key part of Chief Executive Satya Nadella’s plan to keep expanding Microsoft’s software business for consumer and corporate customers.

Microsoft is OpenAI’s biggest investor, having plowed close to $14 billion into the ChatGPT maker.
Article:
https://finance.yahoo.com/news/microsoft-forcing-ai-assistant-people-103000840.html

Bitdefender MDR Product

I have had several interactions with Dev. Currently as I mentioned it was designed for enterprise not MSP’s I am working with Dev to modify some code to allow MSP’s to sell to there clients..great concept even backed by a million dollar insurance policy (that is the good news), Apparently it will not be ready for prime time till the end of Q1. I am currently working on pricing to prime my partners and get ready for MDR gold code. I will keep you posted.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

This update is a direct message from Roy Miehe, CEO of MspPortal Partners, addressing Managed Service Providers (MSPs). Here are the key points covered:

1. **Beware of AI Technology**: Roy warns MSPs about the rapid advancements in AI, particularly its ability to simplify tasks like writing PowerShell scripts. While this may seem like a positive development, the implication is that AI could affect the income of MSPs by automating tasks that once required specialized skills.

2. **Limited Product Recommendations**: The message advises MSPs to focus on a small selection of essential cybersecurity products, which MspPortal endorses:
– **Firewall**: Meraki is recommended as a reliable, moderately priced solution compared to Palo Alto Networks.
– **Antivirus/Malware Detection**: Bitdefender is praised for being a leader in malware detection.
– **Spam Detection**: Barracuda is recommended for spam detection and remote monitoring solutions.
– **RMM (Remote Monitoring and Management)**: Barracuda’s RMM solution is suggested as a reliable, long-standing option.
– **Anti-Phishing Training**: Phishing Box is suggested as a trusted provider for large corporations.

3. **Cost Efficiency**: MspPortal claims that all these services can be bundled for under $6.50 per month, with flat-rate pricing and no contracts, making it an affordable solution for both workstations and servers.

4. **Support and Expertise**: MspPortal offers 24/7/365 support at no extra charge, with a team that brings 30 years of experience in the industry. The emphasis is on service and technical skills, which they believe will help MSPs survive in the evolving tech landscape.

The message is a call to action, encouraging MSPs to adapt to the changing landscape, focus on essential services, and trust in MspPortal’s offerings to keep their businesses profitable.

CISA Warns of Hurricane-Related Scams

CISA Warns of Hurricane-Related Scams
09/25/2024 08:00 AM EDT

CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity:

1) Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,

2) Consumer Financial Protection Bureau’s Frauds and scams, and

3) CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.

MspPortal Partners provides a solution that works with the Fortune 500 firms (PhishingBox) the best in the business.
If you are a partner with MspPortal Partners we will set up a full admin panel so you can protect your clients.

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus , Plus Bonus

By Guru Baran –
September 23, 2024

The Infection Chain Of The RansomHub Utilizing EDRKillShifte (This makes me nervous for for weak Networks and great Security Products in place)

“The EDRKillShifter tool functions as a “loader” executable, serving as a delivery mechanism for a legitimate driver that is susceptible to abuse to terminate applications related to antivirus solutions”, researchers said.

The RansomHub ransomware exploits the Zerologon vulnerability (CVE-2020-1472). Researchers said that if left unpatched, it might allow attackers to take over a whole network without requiring authentication.

In a particular instance, RansomHub used for batch script files—named “232.bat,” “tdsskiller.bat,” “killdeff.bat,” and “LogDel.bat”—as a form of evasion.

232.bat turns off Windows Defender’s real-time monitoring capability and uses a brute-force attack method called password spraying.

A batch script called tdsskiller.bat is used to disable antivirus software. Killdeff.bat uses advanced methods to hide notifications and enable or disable Windows Defender’s functionality, including obfuscated inline expressions, environment-variable readings, and conditional logic.

Article (https://cybersecuritynews.com/ransomhub-edr-antivirus-bypass/)

Must Read Article
Kaspersky deletes itself, installs UltraAV antivirus without warning: UltraAV force-installed on Kaspersky users’ PCs
By Sergiu Gatlan
September 23, 2024 01:16 PM
Article (https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/)

FBI-Alert Number I-011822-PSA Public Announcement Cybercriminals Tampering with QR Codes

FBI-Alert Number I-011822-PSA Public Announcement

Cybercriminals Tampering with QR Codes to Steal Victim Funds

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction. However, a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.

While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.

PS: Follow up on CrowdStrike if you are a tech, you will understand this: In this case was a bad SYS file..Since most and CTO’s should know this CrowdSrike has full access to your system (like most AV firms) since everything is cloud based, do you understand how easily CrowdStrike could be compromised. I would think long and hard before adding or for that matter keeping CrowdStrike in my security rollout/arsenal. Ask for a refund and get a good product, not a Wall Street Darling. This is my personal opinion since I have been in the AV industry for 30 years

FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data

Dark Reading Staff, Dark Reading
September 18, 2024
My personal opinion all software providers should be held liable, the claim to hide behind EULA’s

Couple come to mind: Crowd Strike, Microsoft, Cloud Flare, FaceBook, Most RMM Systems (https://cloudstatus.mspportalpartners.net/)

The Federal Communications Commission fined AT&T $13 million and ordered it to tighten up its privacy and security practices in the wake of a catastrophic third-party compromise.

The commission also used its authority under the Communications Act of 1934 to extend consumer protections to the cloud, finding AT&T failed to maintain proper oversight of a third-party provider.

That vendor, data warehousing provider Snowflake, reportedly was compromised in January 2023, exposing a host of organizations’ sensitive data, among them AT&T’s. In the weeks that followed the breach, AT&T acknowledged “nearly all” its customers were affected by exfiltrated call and text records, phone numbers, and other personally identifiable information.

Following an investigation, the FCC ruled on Sept. 16 that Snowflake should have been required to “destroy or return” the information years prior to the incident, and finding AT&T responsible for failing to appropriately protect its customer data.

ArticleATT Fined 13 million (https://www.darkreading.com/cybersecurity-operations/fcc-att-did-not-protect-cloud-data?_mc=NL_DR_EDT_DR_weekly_20240919&cid=NL_DR_EDT_DR_weekly_20240919&sp_aid=125812&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=55121)