Threats

Why Bitdefender MDR

Bitdefender MDR
For the last 6 years Bitdefender has been the #1 rated Antivirus/Antimalware Solution with the best protection, performance and usability according to AV Test and AV Comparatives

At-a-Glance

Bitdefender MDR Foundations for MSPs
is a holistic MDR service designed for
Managed Service Providers to give you
access to our elite team of cybersecurity
experts, working around the clock to keep
you and your customers cyber resilient.
The service includes 24/7 monitoring and
response, proactive research-based threat
hunting, and expert recommendations at an
affordable price point.

Why MSPs choose..

Bitdefender MDR
• Proactive Protection
24/7 monitoring and response –
including threat-intel driven hunts by
our team of experts across your entire
customer base – to ensure organizations
are cyber resilient.
• Robust Response
We provide incident and breach response
that supports your team in all scenarios,
and we automatically take action to stop
any malicious or anomalous activity on
a customer’s behalf. You get the ability
to tune pre-approved actions in our MDR
portal to match your risk appetite.
• Team of Experts
Always ready, highly skilled security
analysts, sourced from the U.S. Air Force,
U.S. Navy, British Intelligence and NSA,
partner with you

MspPortal Partners Is proud to be one of the largest distributors of Bitdefender Products

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda
“Where Service and Technical Skills Count”
e-mail tech@mspportalpartners.net

eScan confirms update server breached to push malicious update

Quick Note MspPortal Partners could have solved issue
With only 2 products
1) Bitdefender (mdr)
2) Barracuda (Total Mail Protection)

Article:
MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month.

The file was delivered to customers who downloaded updates from the regional update cluster during a two-hour window on January 20, 2026.
Scan says the affected infrastructure has since been isolated and rebuilt, authentication credentials have been rotated, and remediation has been made available to impacted customers.

Security firm Morphisec separately published a technical report analyzing malicious activity observed on customer endpoints, which it associates with updates delivered from eScan’s update infrastructure during the same timeframe.

Morphisec states that it detected malicious activity on January 20, 2026, and later contacted eScan. MicroWorld Technologies told BleepingComputer it disputes Morphisec’s claims that it was the first to discover or report the incident.

According to eScan, the company detected the issue internally on January 20 through monitoring and customer reports, isolated the affected infrastructure within hours, and issued a security advisory on January 21. eScan says Morphisec contacted the company later, after publishing public claims about the incident.

eScan also disputes claims that affected customers were unaware of the issue, stating that it conducted proactive notifications and direct outreach to impacted customers while remediation was being finalized.
Article (https://www.bleepingcomputer.com/news/security/escan-confirms-update-server-breached-to-push-malicious-update/amp/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor:
Bitdefender , Barracuda
“Where Service and Technical Skills Count”

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware and More

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware
By
Tushar Subhra Dutta –
January 21, 2026

A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped.

The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use more than 2,500 validly signed variants to quietly disable endpoint detection and response (EDR) and antivirus solutions across Windows systems.

The threat first gained wider attention when Check Point researchers exposed how attackers were abusing legacy driver signing rules to load pre-2015 signed drivers on modern Windows 11 machines.

By doing so, they could run the vulnerable TrueSight driver with full kernel privileges, even though Microsoft’s own security controls were meant to block risky drivers. The result is a reliable way to kill security tools before any payload is delivered.

Soon after this activity surfaced, MagicSword analysts noted that the driver abuse had already spread across multiple threat groups and regions, with fresh driver variants appearing week after week.

Their telemetry showed that financially motivated actors and advanced persistent threat (APT) groups were all adopting the same method to clear the way for ransomware and remote access trojans on compromised hosts.

Article (https://cybersecuritynews.com/hackers-weaponized-2500-security-tools/)

Zendesk ticket systems hijacked in massive global spam wave
By Lawrence Abrams
January 21, 2026 06:46 PM
Article
(https://www.bleepingcomputer.com/news/security/zendesk-ticket-systems-hijacked-in-massive-global-spam-wave/)

Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals.

Ingram Micro, one of the world’s largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024.

Ingram Micro says ransomware attack affected 42,000 people

In data breach notification letters filed with Maine’s Attorney General and sent to those affected by the incident, the company said the attackers stole documents containing a wide range of personal information, including Social Security numbers.
By Sergiu Gatlan
January 19, 2026 08:33 AM

Article
(https://www.bleepingcomputer.com/news/security/ingram-micro-says-ransomware-attack-affected-42-000-people/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda
“Where Service and Technical Skills Count”

Google is having issues with Google Auth times out

Posted a couple of days ago Here is the solution and facts (run a cron job and resync please)

There have been users facing an issue where Google authenticator codes do not work. As it turns out, this can often happen due to the time correction for codes being out of sync. Google authenticator works on the principle of TOTP which is also known as the Time-based One-time Password Algorithm. If the time of the codes being generated by the application is out of sync, the codes generated won’t work when you try to use them for 2FA or two-factor authentication. As a result, you stumble upon the Google authenticator not working issue.

Your the 3rd firm to have this happen between yesterday and today, Bitdefender, Barracuda

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks
Posted: June 23, 2025 by Pieter Arntz

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG).

The hackers pulled this off by posing as US Department of State officials in advanced social engineering attacks, building a rapport with the target and then persuading them into creating app-specific passwords (app passwords).

App passwords are special 16-digit codes that Google generates to allow certain apps or devices to access your Google Account securely, especially when you have MFA enabled.

Normally, when you sign in to your Google account, you use your regular password plus a second verification step like a code sent to your phone. But since some older or less secure apps and devices—like certain email clients, cameras, or older phones—are unable to handle this extra verification step, Google provides app passwords as an alternative way to sign in.

However, because app passwords skip the second verification step, hackers can steal or phish them more easily than a full MFA login.

Link (https://www.malwarebytes.com/blog/news/2025/06/gmails-multi-factor-authentication-bypassed-by-hackers-to-pull-off-targeted-attacks?utm_source=iterable&utm_medium=email&utm_campaign=b2c_pro_oth_20250630_juneweeklynewsletter_nonpaid_v5_2_175102171575&utm_content=Gmail_logo)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

CrowdStrike announces 5% job cuts, says AI is ‘reshaping every industry’

By Jordan Novet

CrowdStrike, a leading cybersecurity firm, recently announced plans to lay off approximately 500 employees, representing about 5% of its global workforce. CEO George Kurtz attributed this decision to the company’s strategic shift towards leveraging artificial intelligence (AI) to enhance operational efficiency and accelerate innovation. Kurtz emphasized that AI is foundational to CrowdStrike’s operations, streamlining processes across various departments and enabling faster product development .

This move aligns with a broader trend in the tech industry, where companies are increasingly adopting AI to automate tasks and reduce costs. In the first few months of 2025 alone, over 52,000 tech jobs have been cut, with firms like Salesforce, Workday, and Shopify also implementing layoffs to focus on AI-driven strategies .csoonline.com

However, CrowdStrike’s reputation has faced challenges due to a significant incident in July 2024. A faulty update to its Falcon Sensor software led to a global IT outage, affecting approximately 8.5 million Microsoft Windows systems. This disruption impacted various sectors, including airlines, healthcare, and financial services . Delta Air Lines was notably affected, canceling over 7,000 flights and filing a lawsuit against CrowdStrike seeking $500 million in damages .lemonde.fr+5techcrunch.com+5marketwatch.com+5cybersecuritydive.com+2messageware.com+2reuters.com+2asisonline.org+7reuters.com+7en.wikipedia.org+7

In response to the incident, CrowdStrike has taken steps to improve its update processes, including implementing staggered rollouts and allowing customers to choose their update timing . Despite these efforts, the company continues to face scrutiny and legal challenges related to the outage.theguardian.com+1en.wikipedia.org+1reuters.com

Investors and clients are advised to monitor CrowdStrike’s ongoing legal proceedings and operational adjustments as the company navigates the aftermath of the 2024 outage and its strategic pivot towards AI-driven solutions.

CrowdStrike Faces Legal and Operational Challenges Amid AI Transition

theguardian.com

CrowdStrike apologizes for global IT outage in congressional testimony

Sep 24, 2024

CrowdStrike's stock posts worst day since 2022 as outage could be world's largest ever

Rooy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

Apple, Google and Facebook Among Services Exposed In Massive Leak of More Than 16 Billion Login Records

Apple, Google and Facebook Among Services Exposed In Massive Leak of More Than 16 Billion Login Records
June 19, 2025 1:57 PM 2 min read
Apple, Google and Facebook Among Services Exposed In Massive Leak of More Than 16 Billion Login Records

by Murtuza J Merchant Benzinga Staff Write

Has surfaced online, marking one of the most extensive exposures of personal data in history, according to cybersecurity researchers tracking infostealer activity.

Cybersecurity researchers have uncovered 30 massive data collections this year alone, each containing tens of millions to over 3.5 billion user credentials, Cybernews reported.

These previously unreported datasets were briefly accessible through misconfigured cloud storage or Elasticsearch instances, giving the researchers just enough time to detect them, though not enough to trace their origin.

The findings paint a troubling picture of how widespread and organized credential leaks have become, with login information originating from malware known as infostealers.

These malicious programs siphon usernames, passwords, and session data from infected machines, usually structured as a combination of a URL, username, and password.

The leaked credentials span a wide range of services from tech giants like Apple, Facebook, and Google, to platforms such as GitHub, Telegram, and various government portals.

Some datasets were explicitly labeled to suggest their source, such as “Telegram” or a reference to the Russian Federation.

Others bore generic names like “logins” or “credentials.”

Researchers say these leaks are not just a case of old data resurfacing.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

Hackers Manipulate Stock Markets in $700 Million Illicit Trading Spree-Plus CloudFlare Issues

Stock Markets and Power Grids issues

Hackers Manipulate Markets in $700 Million Illicit Trading Spree
Aya Wagatsuma, Ryo Horiuchi and Takashi Nakamichi
Mon, April 28, 2025 at 7:12 AM MST 7 min read

(Bloomberg) — Criminals are hijacking online brokerage accounts in Japan and using them to drive up penny stocks around the world. The wave of fraudulent trading has reached ¥100 billion ($710 million) since it started in February and shows no signs of cresting. The scams typically use the hacked accounts to buy thinly traded stocks both domestically and overseas, allowing anyone who has built up a position earlier to cash out at inflated values. In response, some Japanese securities firms have stopped processing buy orders for certain Chinese, US and Japanese stocks. Eight of the country’s biggest brokers including Rakuten Securities Inc. and SBI Securities Co. have reported unauthorized trading on their platforms. The breaches have exposed Japan as a potential weak point in efforts to safeguard global markets from hackers.They also threaten to undermine the Japanese government’s push to get more people to invest for their retirement, particularly since some victims say they are baffled as to how their accounts were broken into and the securities companies have so far largely refrained from covering the losses.

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.
These figures come from Cloudflare’s 2025 Q1 DDoS Report, where the company says it mitigated a total of 21.3 million DDoS attacks in 2024.

However, 2025 is looking to be an even bigger problem for online entities and companies, with Cloudflare already responding to 20.5 million DDoS attacks in just the first quarter of 2025.
These attacks include Cloudflare itself, whose infrastructure was targeted directly in 6.6 million attacks over an 18-day multi-vector campaign.

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.

These figures come from Cloudflare’s 2025 Q1 DDoS Report, where the company says it mitigated a total of 21.3 million DDoS attacks in 2024.

However, 2025 is looking to be an even bigger problem for online entities and companies, with Cloudflare already responding to 20.5 million DDoS attacks in just the first quarter of 2025.

These attacks include Cloudflare itself, whose infrastructure was targeted directly in 6.6 million attacks over an 18-day multi-vector campaign.
Link Markets
https://finance.yahoo.com/news/hackers-manipulate-markets-700-million-141234302.html

Link CloudFare
https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-record-number-of-ddos-attacks-in-2025/

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”

OAuth Attacks Target Microsoft 365, GitHub

Jai Vijayan, Contributing Writer March 17, 2025

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method.

In one wave of recent attacks, threat actors have been using bogus Adobe Acrobat and Adobe Drive logos on malicious OAuth apps to steer targeted users straight to malware-laden or Microsoft 365 credential phishing sites when clicked on. Another scammer is pulling the same trick but with a DocuSign look-alike app that funnels users to a credential phishing page. And in a third campaign, an attacker is going after developers by hitting thousands of GitHub repositories with a bogus OAuth app disguised as a “security alert.” Anyone who clicks the fake alert unknowingly grants full access to their repositories.
A Long Pattern of OAuth Cyber Abuse

The campaigns fit a long pattern of attackers using rogue OAuth apps masquerading as a legitimate service to trick users into granting them excessive permissions. Attackers have long favored the approach because it allows them to bypass traditional security controls, maintain persistent access to user accounts, move laterally, and harvest sensitive data without needing to steal passwords directly. Security researchers also consider malicious OAuth apps as relatively easy to set up and allowing attackers to execute a range of actions using legitimate API calls rather than easier to detect malicious exploits.

What makes the phishing attacks, involving the fake Adobe and DocuSign apps, somewhat different from other malicious OAuth campaigns, is how the attackers are leveraging them, according to researchers at Proofpoint’s Threat Insight team who spotted the campaigns recently.

In typical OAuth campaigns, the malicious app itself is used to directly exfiltrate the victim’s data or take actions using the victim’s account. But with the recent attacks, “these malicious OAuth apps serve as gateways to the phishing sites,” says one Proofpoint researcher who did not want to be named, in comments to Dark Reading. “Specifically, the threat actors are using Microsoft’s credibility to redirect the victim to a phishing page.”

The attackers behind both the Adobe and DocuSign campaigns have taken care to ensure that the permissions their malicious OAuth apps request — such as profile, email, and OpenID — are limited in scope, and therefore unlikely to be flagged as suspicious, the researcher says. “The purpose appears to be account takeover, which can lead to a variety of post-compromise objectives.”

Article (https://www.darkreading.com/application-security/oauth-attacks-target-microsoft-365-github?_mc=NL_DR_EDT__20250320&cid=NL_DR_EDT__20250320&sp_aid=128689&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25&sp_cid=57260&utm_content=DR_NL_Dark%20Reading%20Weekly%20NEW_03.20.25)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

By Bill Toulas March 16, 2025 10:19 AM

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.

The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X.

The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.

These apps request access to less sensitive permissions such as ‘profile’, ’email’, and ‘openid,’ to avoid detection and suspicion.

If those permissions are granted, the attacker is given access to:

* profile – Full name, User ID, Profile picture, Username
* email – primary email address (no inbox access)
* openid – allows confirmation of user’s identity and retrieval of Microsoft account details

Proofpoint told BleepingComputer that the phishing campaigns were sent from charities or small companies using compromised email accounts, likely Office 365 accounts.

The emails targeted multiple US and European industries, including government, healthcare, supply chain, and retail. Some of the emails seen by the cybersecurity firm use RFPs and contract lures to trick recipients into opening the links.

While the privileges from accepting the Microsoft OAuth app only provided limited data to the attackers, the information could still be used for more targeted attacks.

Furthermore, once permission is given to the OAuth app, it redirects users to landing pages that display phishing forms to Microsoft 365 credentials or distributed malware.

“The victims went through multiple redirections and stages after authorizing O365 OAuth app, until presented with the malware or the phishing page behind,” Proofpoint told BleepingComputer.

“In some cases, the victims were redirected to an “O365 login” page (hosted on malicious domain). In less than a minute after the authorization, Proofpoint detected suspicious login activity to the account.”
Article (https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training

“Where Service and Technical Skills Count”