Stay Alert

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

Original release date: February 15, 2022

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CVE Number CVE Title Remediation Due Date
CVE-2022-24086 Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability 3/1/2022
CVE-2022-0609 Google Chrome Use-After-Free Vulnerability 3/1/2022
CVE-2019-0752 Microsoft Internet Explorer Type Confusion Vulnerability 8/15/2022 not good
CVE-2018-8174 Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability 8/15/2022 not good
CVE-2018-20250 WinRAR Absolute Path Traversal Vulnerability 8/15/2022
CVE-2018-15982 Adobe Flash Player Use-After-Free Vulnerability 8/15/2022
CVE-2017-9841 PHPUnit Command Injection Vulnerability 8/15/2022
CVE-2014-1761 Microsoft Word Memory Corruption Vulnerability 8/15/2022 not good
CVE-2013-3906 Microsoft Graphics Component Memory Corruption Vulnerability 8/15/2022 not good

The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

Thanks to Bleeping Computer

  1. Implement regular backups of all data to be stored as air gapped, password protected copies offline.
  2. Ensure these copies are not accessible for modification or deletion from any system where the original data resides.
  3. Implement network segmentation, such that all machines on your network are not accessible from every other machine.
  4. Install and regularly update MspPortal Partners/Bitdefender antivirus software on all hosts, and enable real time detection.
  5. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released be careful of this look at KB’s first.
  6. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.
  7. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Do not give all users administrative privileges.
  8. Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs for any unusual activity.
  9. Consider adding an email banner to emails received from outside your organization.
  10. Disable hyperlinks in received emails MspPortal Partners/Barracuda
  11. Use double authentication when logging into accounts or services.
  12. Ensure routine auditing is conducted for all accounts
  13. Ensure all the identified IOCs are input into the network SIEM for continuous monitoring and alerts.
  14. Do you want Security Updates Emailed to you Subscribe to blog (bottom  of News page)

     

    Roy Miehe | MspPortal Partners Inc. | Ceo/President

    Bitdefender /MSP Aggregator – Distributor

    “Where Service and Technical Skills Count”

Bitdefender New Portfolio email

This will not effect MspPortal Partners pricing on all Gravity Zone pricing will remain the same. Per my Distribution Manager 1-6-2021

Yes a la carte refers only to annual enterprise solution – not MSP. You will continue to distribute Cloud Security for MSP + ATS + EDR, etc. with no change 😊

I will let you know details ASAP on the annual pricing changes to the enterprise only (no change to annual bundles).

The message sent was a little confusing and concerning to a lot of MSP and Resellers

The a-la-carte licensing model is being updated: advanced security capabilities (Cloud Sandbox, HyperDetect and Root Cause Analysis) will now be included in the base license to provide an even higher security level with the base tier. We are also consolidating SKUs and will support both on-premises and cloud console deployments from the same SKU/license.

The current a-la-carte products and GravityZone Advanced Business Security will move to End-of-Sale for new customers starting April 1st, 2022. This is due to the introduction of the enhanced a-la-carte licensing mentioned above and to optimize the number of packages in our business solutions portfolio from four to three.

Something to think about as an opinion and comment if you bill your clients annually you might change to monthly as soon as feasible and financially acceptable to you.  Annual contracts both with your vendor and your clients could backfire or be detrimental to you .

Roy Miehe | MspPortal Partners Inc ” Where Service and Technical Skills Count”

 

Bitdefender BEST 7.4.2.142 (Windows) Release Notes – Fast Ring

BItdefender updates The release notes are available here.

Folks stay up to date on Product 7.4.2.142 and  engine 7.90782 last update 1-4-2022

Also Bitdefender alerts via email .. they are still struggling and still using Mailchimp hence you’re not receiving all alerts that you have requested. Very important to login daily..and review your endpoints if they have red on them more then likely it is a  engine update but could be a product update is needed. If you are with a RMM solution using Bitdefender my suggestion is to convert to the real Gravity Zone platform. Not all distributors are the same, pricing should be the same based upon Bitdefender guidelines but some will try to buy your business. Pricing is not always the best way to select your distributor, interview them and find out if you have a questions or issue do they pick up the phone and do they have tech support available to answer and fix your solution and or questions. Safe Safe folks malware is on the rise

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender /Distributor
“Where Service and Technical Skills Count”

You think Apache Log4j Security Vulnerabilities is bad look at Mimikatz Malware

Mimikatz Malware

Attacks everything basically once there it will run additional tools to encrypt and do a search find for all machines to encrypt

The susceptible world is Windows of course.

Keep yourself up to date with Bitdefender (An update process has been completed successfully. (Product version: 7.4.1.111. Engines version: 7.90522 (10841006) This may sound like an add to promote Bitdefender but nobody needs Ransomeware.

Use there Gravity Zone basic with the Add-on of ATS/Sandboxing. Lock down in the policy also with no additional costs. This is a tech dashboard

I am having Bitdefender look at this and possibly develop a unencrypted key for the Ransomeware

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender / – Distributor

“Where Service and Technical Skills Count”

Disclosure MspPortal Partners only sells and works with MSP’s and Resellers.

Security Advisory: Bitdefender Response to Critical Zero-Day Apache Log4j2 Vulnerability 12-11-2021

As normal Bitdefender is on top of this:

Link for Article

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score) – affecting Apache Log4j2, a Java-based logging framework widely used in commercial and open-source software products. The vulnerability affects versions 2.0 through 2.14.1; version 2.15.0 is not vulnerable.  

Bitdefender is already seeing and monitoring several malicious actors running active exploitation campaigns. 

The CVE-2021-44228 vulnerability has been assigned the highest possible risk score (CVSS 10) due to its exploitation impact (ability to remotely execute code on targeted hosts). Likely, this vulnerability will linger in computing infrastructures for an extensive period of time due to the widespread use of the Log4j2 logging framework. It is important to note this vulnerability is easy to exploit and applications using the affected Log4j2 versions are subject to an extensive attack surface. Immediate action is advisable.

Double check you other Vendors and RMM systems or remote Control programs

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender /MSP  – Distributor

“Where Service and Technical Skills Count”

CyberSecurity & Infrastructure Security Agency Catalog

CyberSecurity & Infrastructure Security Agency
Known Exploited Vulnerabilities Catalog
Great place to start if you are curious if you need to do an update. Lot of Apple and Google and of course Microsoft updates.
Even Solarwinds now called N-able name change..go figure lastest 11-17-2021
Known Exploited Vulnerabilities Catalog
Site URL

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Bitdefender /MSP Aggregator – Distributor

“Where Service and Technical Skills Count”

Microsoft Windows Zero-Day Under Attack

Dark Reading Staff 9-8-2021

Microsoft has issued an advisory containing mitigations and workarounds for a remote code execution flaw in Windows it says is being exploited in targeted attacks.

CVE-2021-40444 exists in MSHTML, the proprietary browser engine built into Windows that allows the operating system to read and display HTML files. MSHTML, also known as Trident, was mainly used by Internet Explorer but is also used by Microsoft Office, Broadcom notes in its advisory on the vulnerability. It allows developers to add Web browsing into their applications.

Microsoft reports the targeted attacks it has observed use specially crafted Office documents. In explaining how an attack would work, it says an adversary could create a malicious ActiveX control to be used by an Office document that hosts the MSHTML browser-rendering engine. An attacker would have to convince a victim to open the file. Officials note victims with fewer user privileges on the system could be less affected than those with administrative user rights.

The company credits four external researchers with finding the vulnerability: Dhanesh Kizhakkinan, Genwei Jiang, and Bryce Abdo of Mandiant, and Haifei Li of EXPMON, in addition to Rick Cole with the Microsoft Security Threat Intelligence Center (MSTIC).

Read the full advisory for more details.

Windows Privilege Escalation Vuln Puts Admin Passwords At Risk

July 21 2021

Microsoft has issued a temporary workaround for systems vulnerable to CVE-2021-36934, also known as “HiveNightmare” and “SeriousSAM.”

Microsoft has issued a temporary workaround for a privilege escalation vulnerability that could expose administrator passwords to non-admin users.

CVE-2021-36934, also called “HiveNightmare” and “SeriousSAM,” appears to have been first detected by security researcher Jonas Lykkegaard, Forbes reports. Lykkegaard noticed the Security Account Manager (SAM) file had become read-enabled for all users, meaning an attacker with non-admin privileges could access hashed passwords and elevate privileges.

Lykkegaard and other security researchers found the issue affected the Windows 11 preview as well as Windows 10. Microsoft has confirmed the problem affects Windows 10 version 1809 and newer operating systems and has provided workarounds for systems affected by the flaw.

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” the company wrote in its CVE.

An attacker who successfully exploited the flaw could run arbitrary code with system privileges and then install programs; view, change, or delete data; or create new accounts with full user rights. They also have the ability to execute code on a target system to exploit the bug. So far Microsoft has not detected exploits in the wild, though it notes exploitation is “more likely.”

Microsoft has stated it will update the CVE as its investigation continues.
Article: Dark Reading

Experienced Support for Advanced Ransomware Threats

When it comes to your personal or business cybersecurity, you need solutions that you can trust. You need partners and suppliers that exude confidence. This trust comes from experience; a proven history of working with and protecting organizations like yours against all types of cybersecurity threats, from malware to phishing attacks, simple spam to ransomware.

In today’s environment of advanced threats, you need a firm such as MspPortal Partners to assist you in protecting your business, and or your personal computer. MspPortal has more than 400 tech firms and 2,000 techs on the ground, and we work with the leading endpoint security solution providers in the industry.

On February 5th, the National Cyber Investigative Joint Task Force (NCIJTF) released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January 2021 to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware. Please download and read the PDF. Direct PDF Ransomware_Fact_Sheet

 

The NCIJTF fact sheet outlines five best practices to minimize ransomware risks.

  1. Backup your data, system images, and configurations, test your backups, and keep the backups offline
  2. Utilize multi-factor authentication
  3. Update and patch systems
  4. Make sure your security solutions are up to date
  5. Review and exercise your incident response plan

At MspPortal Partners, we supply one, two and even three (when needed) in typically 1-2 hours either by email or a direct call we are here to be of service.

Our technology solutions include Bitdefender, which leads the market in malware protection. There are a lot of firms that use extreme marketing dollars to profess to be the best, but in industry antivirus comparisons and reviews, Bitdefender is always is on top. All resellers and distributors that work with Mspportal Partners are trained by Roy Miehe, a top trainer and antivirus professional that has worked in the anti-virus industry since 1996, and as a tech since 1994, working on many beta Microsoft products. He has propelled MspPortal Partners to a leading MSPs working only with the best-of-breed solutions.

Please take the time to send a note (Contact page link) over and we will find the best tech firm for your needs. MspPortal offers a number of technology services, in addition to security solutions.