Security

Security

New Phishing Attack on Microsoft O365

August 26, 2021
New Phishing Attack on Microsoft O365 Users Leverages Open Redirects to Avoid Detection
Widespread credential phishing campaign abuses open redirector links
Microsoft 365 Defender Threat Intelligence Team Link Article

MspPortal Partners along with Barracuda does have  a solution
Read what Essentials complete will provide for you Includes ESS, Message Archiver and O365 Backup
One Drive, Exchange, Sharepoint,Teams (PDF)

MspPortal Partners will be offering to all partners a Bitdefender Gravity Zone Policy review and update

MspPortal Partners

Will be offering to all partners a Bitdefender Gravity Zone Policy review and update

Free of charge

This will only be offered to MspPortal Partners for a limited time through the middle of October 2021 on Tuesdays and Thursdays from 8 am to 11:30 am MST/NO DST

If you are not one of the 425 partners you are more than welcome to change out your existing Distributor/Partner

Existing partners and new partners are welcome go to the website www.mspportalpartners.net and fill out the contact form

MspPortal Partners specializes in Bitdefender Gravity Zone Malware protection

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender / Distributor

“Where Service and Technical Skills Count”

Microsoft Windows Zero-Day Under Attack

Dark Reading Staff 9-8-2021

Microsoft has issued an advisory containing mitigations and workarounds for a remote code execution flaw in Windows it says is being exploited in targeted attacks.

CVE-2021-40444 exists in MSHTML, the proprietary browser engine built into Windows that allows the operating system to read and display HTML files. MSHTML, also known as Trident, was mainly used by Internet Explorer but is also used by Microsoft Office, Broadcom notes in its advisory on the vulnerability. It allows developers to add Web browsing into their applications.

Microsoft reports the targeted attacks it has observed use specially crafted Office documents. In explaining how an attack would work, it says an adversary could create a malicious ActiveX control to be used by an Office document that hosts the MSHTML browser-rendering engine. An attacker would have to convince a victim to open the file. Officials note victims with fewer user privileges on the system could be less affected than those with administrative user rights.

The company credits four external researchers with finding the vulnerability: Dhanesh Kizhakkinan, Genwei Jiang, and Bryce Abdo of Mandiant, and Haifei Li of EXPMON, in addition to Rick Cole with the Microsoft Security Threat Intelligence Center (MSTIC).

Read the full advisory for more details.

FBI Requests to Pass a Bill Over Ransomware Attacks

FBI Requests to Pass a Bill Over Ransomware Attacks – Reporting Ransomware Immediately To Be A Law?

By Consider The Consumer on August 9, 2021
FBI’s Plead for Mandatory Reporting of Ransomware Attacks but in reality nothing has happened

The FBI and Department of Justice are pleading with Americans to assist them in avoiding cyberattacks, stating that companies may withhold information out of fear of being sued.
Appeal for a Bill

Tuesday, during a congressional hearing, top federal cybersecurity officials urged Congress to pass a bill requiring businesses and consumers inside the United States to disclose ransomware attacks when they occur.

Richard Downing, Deputy Assistant Attorney General, told a U.S. Hearing before the Senate Judiciary Committee that investigation opportunities are lost without quick reporting. The capacity to assist other victims experiencing similar attacks is diminished, and the government and Congress lack a complete picture of the threat confronting American companies.

The request follows a series of high-profile assaults on U.S. private and public sites, including hospitals, schools, and a fuel pipeline.

The ransomware attack on Colonial Pipeline Co., which carries over half of the East Coast’s diesel, gasoline, and jet fuel, prompted the pipeline’s temporary shutdown, resulting in significant ripple effects currently being studied.

Based on Tuesday’s testimony, roughly three-quarters of all cyberattacks in the country go unreported, making it more difficult for authorities to counteract.

According to reports, Executive Assistant Director of the Cybersecurity and Infrastructure Security Agency Eric Goldstein stated that without such visibility, they are unable to communicate information efficiently, issue timely alerts, assist victims, or comprehend the consequences of these attacks on the critical national functions on which they all rely.

President Joe Biden decided to sign an executive order, following several high-profile cyberattacks on national utilities and services in May. The order requires government contractors in the information technology industry to disclose cyberattacks.
Persuading the Victims of Ransomware Attacks

On Tuesday, Assistant Director of the FBI’s Cyber Division Bryan Vorndran stated that victims of cybercrime should be compelled to inform authorities about cybercriminals’ ransom requests and whether they paid the extortion.

Additionally, the idea of shielding companies from accountability if they do report law enforcement to the cyberattacks was considered. Certain companies may be hesitant to disclose their cyberattacks for fear of litigation, such as class action lawsuits. Unfortunately they all hide behind EULA agreements on their websites, non-responsibility if you get infected.

Downing stated that victims should not be penalized for cooperating with the government. Victims should retain any legal privilege they may have had over the information before releasing it.

Numerous companies and businesses are facing class action lawsuits over their lack of ransomware protection.
Editor’s Note on FBI Requests to Pass a Bill Over Ransomware Attacks:

This article is written to inform you of the latest FBI’s request to pass a bill that would force companies and citizens to report ransomware attacks immediately.

Bitdefender-Smartphone Safe

Personally I have asked Bitdefender to add to the Enterprise Gravity Zone for 4 years no success
But-7 tips to keep your smartphone safe until Bitdefender adds to Gravity Zone!

Hello Folks,
Your smartphone stores a great deal of personal information. Let’s face it, your whole life is on that thing. You send emails and text messages, make calls, take and share videos and photos, use social media, shop online and so much more.
To make sure you don’t become part of a rising proportion of people targeted by hackers, we’ve compiled a list of seven tips to help you keep your smartphone and your data safe.
1) Keep your smartphone and apps up to date
Software updates protect you from vulnerabilities or loopholes that can be exploited. Install them as soon as they come up.
2) Delete unused apps from your device
If you don’t need/ use it, delete it. Old apps may have severe security flaws that can compromise your device.
3) Back up data
This action is essential in case of theft or malicious compromise such as a ransomware attack.
4) Stay away from SMS scams
Delete any unexpected SMS or email containing links to download something or ask you for personal or financial information, even if they seem to come from legit sources (your bank, delivery companies).
5) Hang up or don’t respond to suspicious phone calls
Scammers may also call you on the phone to convince you to reveal personally identifiable information, bank account numbers, PINs, credit card numbers.
6) Think twice before connecting to public WiFi networks
Public WiFi can face many threats, including theft of personal information such as login and financial data, especially if you don’t use a VPN to encrypt your data.
Use Bitdefender Mobile Security to protect your smartphone
No matter how cautious you are, you can never replace a security software tailor-made to keep you safe from the latest threats.
Find out more about the full protection of your iPhone or Android devices.
Stay Safe,
Roy Miehe
CEO MspPortal Partners Inc

Breach: Microsoft Power Apps records leaked via OData API

The big news this week is the data breach at the Microsoft Power Apps platform, leading to the disclosure of up to 38 million records with Personally Identifiable Information (PII). The details range from names and email addresses to COVID-19 vaccination status, and even Social Security numbers. The breach was discovered by researchers at UpGuard, who detail the underlying issue, the entities impacted, and the response from Microsoft in their recent blog.

Researchers discovered that an OData API that Power Apps used for accessing data publicly exposed sensitive user data which should have been private. The access to data is controlled with the setting called table permissions, which can be set to restrict access to sensitive records. Unfortunately, Microsoft had opted to switch off table permissions by default, meaning that they were publicly accessible unless users realized to switch it on. Microsoft did warn users on the impact of leaving this setting off, but as the breach shows, this might not have been the best call:

Article1_OData

Upon their discovery, UpGuard notified Microsoft about the issue. The initial response was that this public accessibility was by design, not a vulnerability. Not the first time we see this excuse with reported API vulnerabilities, often dressed up in the guise of “improved user experience”.

UpGuard then proceeded to notify the impacted entities, many of whom took swift action to remove the leaked PII data. To add insult to injury, many core Microsoft portals were also affected, and subsequently Microsoft appears to have notified impacted government cloud customers of the issue.

Since the disclosure of the breach, Microsoft has changed their stance here:

They have changed the default setting so that new lists enforce table permissions to protect underlying data.
They have provided a dedicated tool, Portal Checker, for finding OData lists that allow anonymous access.

The lessons learned here include:

This is a classic example of Broken Authentication on an API — the impact of having unauthenticated APIs can lead to unintended data disclosure. You could also argue that this falls under API7:2019 — Security misconfiguration, too.
As a developer, always ensure you understand the full impact of your chosen default settings and permissions.
As a platform designer providing API service, always ensure strict access restriction (deny-by-default, least privilege…). Allowing full anonymous access to data or other resources is not a sensible default, regardless of any warnings that you glue on top.
Subscribe to API Articles

Windows Privilege Escalation Vuln Puts Admin Passwords At Risk

July 21 2021

Microsoft has issued a temporary workaround for systems vulnerable to CVE-2021-36934, also known as “HiveNightmare” and “SeriousSAM.”

Microsoft has issued a temporary workaround for a privilege escalation vulnerability that could expose administrator passwords to non-admin users.

CVE-2021-36934, also called “HiveNightmare” and “SeriousSAM,” appears to have been first detected by security researcher Jonas Lykkegaard, Forbes reports. Lykkegaard noticed the Security Account Manager (SAM) file had become read-enabled for all users, meaning an attacker with non-admin privileges could access hashed passwords and elevate privileges.

Lykkegaard and other security researchers found the issue affected the Windows 11 preview as well as Windows 10. Microsoft has confirmed the problem affects Windows 10 version 1809 and newer operating systems and has provided workarounds for systems affected by the flaw.

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” the company wrote in its CVE.

An attacker who successfully exploited the flaw could run arbitrary code with system privileges and then install programs; view, change, or delete data; or create new accounts with full user rights. They also have the ability to execute code on a target system to exploit the bug. So far Microsoft has not detected exploits in the wild, though it notes exploitation is “more likely.”

Microsoft has stated it will update the CVE as its investigation continues.
Article: Dark Reading

Little about MspPortal Partners and Bitdefender relationship

1) We do 1,2,3 line tech support for Bitdefender Gravity Zone we average 60 tech cases a week just on 1 and 2nd level support we typically solve our case load within 15-30 minutes
2) We do the hands on Training (1 hour) no power point live. When we are done you can start selling that day. We write a default policy that will keep you out of trouble and avoid Crypto. We also do a lot of Bitdefender’s beta work. Helps us to be better service to you
3) We do the licenses (reality we just keep your bucket full so it’s nothing more than adding more licenses when needed (just send an email to us) You only pay for what you use/install
4) Last we do the invoicing 2nd of the month we make sure you receive a report of the breakdown for your billing on the first. for the prior month (arrears)
5) The reality is even though we are a distributor we are really a VAD value add we work for a living 😉
6) Techs since 1994 when Roy Miehe started this firm

We will be glad to answer any questions you may have and also share some best practices with you.

Bitdefender has a great program with solutions specifically tailored for MSPs..

Experienced Support for Advanced Ransomware Threats

When it comes to your personal or business cybersecurity, you need solutions that you can trust. You need partners and suppliers that exude confidence. This trust comes from experience; a proven history of working with and protecting organizations like yours against all types of cybersecurity threats, from malware to phishing attacks, simple spam to ransomware.

In today’s environment of advanced threats, you need a firm such as MspPortal Partners to assist you in protecting your business, and or your personal computer. MspPortal has more than 400 tech firms and 2,000 techs on the ground, and we work with the leading endpoint security solution providers in the industry.

On February 5th, the National Cyber Investigative Joint Task Force (NCIJTF) released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January 2021 to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware. Please download and read the PDF. Direct PDF Ransomware_Fact_Sheet

 

The NCIJTF fact sheet outlines five best practices to minimize ransomware risks.

  1. Backup your data, system images, and configurations, test your backups, and keep the backups offline
  2. Utilize multi-factor authentication
  3. Update and patch systems
  4. Make sure your security solutions are up to date
  5. Review and exercise your incident response plan

At MspPortal Partners, we supply one, two and even three (when needed) in typically 1-2 hours either by email or a direct call we are here to be of service.

Our technology solutions include Bitdefender, which leads the market in malware protection. There are a lot of firms that use extreme marketing dollars to profess to be the best, but in industry antivirus comparisons and reviews, Bitdefender is always is on top. All resellers and distributors that work with Mspportal Partners are trained by Roy Miehe, a top trainer and antivirus professional that has worked in the anti-virus industry since 1996, and as a tech since 1994, working on many beta Microsoft products. He has propelled MspPortal Partners to a leading MSPs working only with the best-of-breed solutions.

Please take the time to send a note (Contact page link) over and we will find the best tech firm for your needs. MspPortal offers a number of technology services, in addition to security solutions.