Threats

To all MspPortal Partners Security update news

Folks
As always this is my personal opinion
With so many tech firms that provides cloud software services. From Remote connections to back up , mail..banking ect
If you are a Managed Service Provider, Tech, consultant.
Please do not put all your eggs in one basket. This seems to a now be common theme, please do not be lazy, your clients depend upon you to secure there networks and workstations.
If your clients are paying you for a secure service provide it. Take a look at your RMM solution if you provider keeps coming up with more solution in there dashbards it can only lead to a crash and burn for your clients.
There are 3 solutions that I think are best of breed
1) Bitdefender MDR
2) Barracuda Mail Products and RMM
3) Cisco / Meraki firewall
These 3 products will help you assist your clients adding multiple software solutions (which now a days these solution would prefer you to run no security soltions. To many are using AI ChapGT for writing backend code with no dynamic secure API calls.

Example

“March 2025 SendGrid
Mail Stuck in Processing
Starting around 3:27 PM PT until 3:50 PM PT, our engineers identified an issue that affected mail send. A subset of customers may have experienced latency in mail send getting processed. A fix has been implemented, and this issue has been resolved. All delayed mail send has been processed.
Mar 11, 16:09 – 16:09 PDT
API Authentication issues
Our engineers have monitored the fix and confirmed that the API authentication issues have been resolved. All services are now operating normally.
Mar 6, 08:12 – Mar 7, 12:09 PST
Unsubscribe check failures causing billing issues
Our engineers have monitored the fix and confirmed the issue with Marketing Campaign emails has been resolved. All services are now operating normally at this time.
Mar 6, 11:52 – 15:51 PST”

The relationship with Microsoft, Cloudflare and Crowdstrike was devastating for end users it was like a BlackScreen of death with really no solution available in a timely like fashion except to update one machine at a time

CISA Adds Six Known Exploited Vulnerabilities to Catalog
03/11/2025 03:00 PM EDT

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Latest News 3-14-2025
Week-long Exchange Online outage causes email failures, delays
By Sergiu Gatlan March 14, 2025 02:59 PM
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages.

While the company didn’t publicly share information on this incident, it tagged it as a critical service issue tracked under EX1027675 on the Microsoft 365 Admin Center.

Microsoft has yet to share more information on what regions were affected by this outage, but it said the incident impacted “any user serviced by the impacted portion of infrastructure.”

Customers worldwide also reported experiencing email delivery failures over the last week, with those impacted saying they were receiving a Non-Delivery Report (NDR) with a “554 5.6.0 Corrupt message content” error.

The company first acknowledged the Exchange Online email delivery issues on March 10, 11:14 AM, but the admin center incident report says the outage started on March 7, 12:30 PM UTC.

“A recent service update, intended to improve our message transport services, introduced a code issue that resulted in impact for a portion of service infrastructure,” Redmond said in the final update regarding this incident on Thursday.

“Additionally, users may be unable to send email messages with attached files in any connection method of Exchange Online. Sending attachments as ZIP files allows the email messages to be delivered as expected, serving as a method by which to bypass the issue while we continue to investigate.
Article (https://www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

Microsoft Is Forcing Its AI Assistant on People—and Making Them Pay

Microsoft is trying a new approach to build excitement for its artificial-intelligence assistant Copilot: Give it to customers whether they want it or not.

The tech company recently added Copilot to its consumer subscription service for software including Word, Excel and PowerPoint in Australia and several Southeast Asian countries. Along with the AI feature, it raised prices for everyone who uses the service, called Microsoft 365, in those countries.

What about people who don’t want to pay for an AI assistant to spruce up their documents and summarize emails? They are out of luck.

Alistair Fleming uses Word to write scripts for his YouTube channel about 1990s Japanese wrestling. The Australian noticed that every time he finished a line, Copilot’s rainbow logo would pop up on screen and ask if it could help with his writing.

“It was very keen to be used, and this was irritating to me as a user,” Fleming said.

Fleming also noticed his monthly bill for 365 increased to 16 Australian dollars from A$11.

Some users said on social media that Copilot pop-ups reminded them of Clippy, Microsoft’s widely derided Office helper from the late 1990s, that would frequently offer unsolicited help.

A Microsoft spokesman wouldn’t comment on the strategy behind the forced addition of Copilot in certain regions and whether the company plans a similar approach in other markets.

The change demonstrates the lengths to which Microsoft is going to try to profit from its huge investments in AI. Copilot, which is built with technology from OpenAI, is a key part of Chief Executive Satya Nadella’s plan to keep expanding Microsoft’s software business for consumer and corporate customers.

Microsoft is OpenAI’s biggest investor, having plowed close to $14 billion into the ChatGPT maker.
Article:
https://finance.yahoo.com/news/microsoft-forcing-ai-assistant-people-103000840.html

This update is a direct message from Roy Miehe, CEO of MspPortal Partners, addressing Managed Service Providers (MSPs). Here are the key points covered:

1. **Beware of AI Technology**: Roy warns MSPs about the rapid advancements in AI, particularly its ability to simplify tasks like writing PowerShell scripts. While this may seem like a positive development, the implication is that AI could affect the income of MSPs by automating tasks that once required specialized skills.

2. **Limited Product Recommendations**: The message advises MSPs to focus on a small selection of essential cybersecurity products, which MspPortal endorses:
– **Firewall**: Meraki is recommended as a reliable, moderately priced solution compared to Palo Alto Networks.
– **Antivirus/Malware Detection**: Bitdefender is praised for being a leader in malware detection.
– **Spam Detection**: Barracuda is recommended for spam detection and remote monitoring solutions.
– **RMM (Remote Monitoring and Management)**: Barracuda’s RMM solution is suggested as a reliable, long-standing option.
– **Anti-Phishing Training**: Phishing Box is suggested as a trusted provider for large corporations.

3. **Cost Efficiency**: MspPortal claims that all these services can be bundled for under $6.50 per month, with flat-rate pricing and no contracts, making it an affordable solution for both workstations and servers.

4. **Support and Expertise**: MspPortal offers 24/7/365 support at no extra charge, with a team that brings 30 years of experience in the industry. The emphasis is on service and technical skills, which they believe will help MSPs survive in the evolving tech landscape.

The message is a call to action, encouraging MSPs to adapt to the changing landscape, focus on essential services, and trust in MspPortal’s offerings to keep their businesses profitable.

CISA Warns of Hurricane-Related Scams

CISA Warns of Hurricane-Related Scams
09/25/2024 08:00 AM EDT

CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity:

1) Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,

2) Consumer Financial Protection Bureau’s Frauds and scams, and

3) CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.

MspPortal Partners provides a solution that works with the Fortune 500 firms (PhishingBox) the best in the business.
If you are a partner with MspPortal Partners we will set up a full admin panel so you can protect your clients.

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus , Plus Bonus

By Guru Baran –
September 23, 2024

The Infection Chain Of The RansomHub Utilizing EDRKillShifte (This makes me nervous for for weak Networks and great Security Products in place)

“The EDRKillShifter tool functions as a “loader” executable, serving as a delivery mechanism for a legitimate driver that is susceptible to abuse to terminate applications related to antivirus solutions”, researchers said.

The RansomHub ransomware exploits the Zerologon vulnerability (CVE-2020-1472). Researchers said that if left unpatched, it might allow attackers to take over a whole network without requiring authentication.

In a particular instance, RansomHub used for batch script files—named “232.bat,” “tdsskiller.bat,” “killdeff.bat,” and “LogDel.bat”—as a form of evasion.

232.bat turns off Windows Defender’s real-time monitoring capability and uses a brute-force attack method called password spraying.

A batch script called tdsskiller.bat is used to disable antivirus software. Killdeff.bat uses advanced methods to hide notifications and enable or disable Windows Defender’s functionality, including obfuscated inline expressions, environment-variable readings, and conditional logic.

Article (https://cybersecuritynews.com/ransomhub-edr-antivirus-bypass/)

Must Read Article
Kaspersky deletes itself, installs UltraAV antivirus without warning: UltraAV force-installed on Kaspersky users’ PCs
By Sergiu Gatlan
September 23, 2024 01:16 PM
Article (https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/)

FBI-Alert Number I-011822-PSA Public Announcement Cybercriminals Tampering with QR Codes

FBI-Alert Number I-011822-PSA Public Announcement

Cybercriminals Tampering with QR Codes to Steal Victim Funds

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction. However, a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.

While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.

PS: Follow up on CrowdStrike if you are a tech, you will understand this: In this case was a bad SYS file..Since most and CTO’s should know this CrowdSrike has full access to your system (like most AV firms) since everything is cloud based, do you understand how easily CrowdStrike could be compromised. I would think long and hard before adding or for that matter keeping CrowdStrike in my security rollout/arsenal. Ask for a refund and get a good product, not a Wall Street Darling. This is my personal opinion since I have been in the AV industry for 30 years

FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data

Dark Reading Staff, Dark Reading
September 18, 2024
My personal opinion all software providers should be held liable, the claim to hide behind EULA’s

Couple come to mind: Crowd Strike, Microsoft, Cloud Flare, FaceBook, Most RMM Systems (https://cloudstatus.mspportalpartners.net/)

The Federal Communications Commission fined AT&T $13 million and ordered it to tighten up its privacy and security practices in the wake of a catastrophic third-party compromise.

The commission also used its authority under the Communications Act of 1934 to extend consumer protections to the cloud, finding AT&T failed to maintain proper oversight of a third-party provider.

That vendor, data warehousing provider Snowflake, reportedly was compromised in January 2023, exposing a host of organizations’ sensitive data, among them AT&T’s. In the weeks that followed the breach, AT&T acknowledged “nearly all” its customers were affected by exfiltrated call and text records, phone numbers, and other personally identifiable information.

Following an investigation, the FCC ruled on Sept. 16 that Snowflake should have been required to “destroy or return” the information years prior to the incident, and finding AT&T responsible for failing to appropriately protect its customer data.

ArticleATT Fined 13 million (https://www.darkreading.com/cybersecurity-operations/fcc-att-did-not-protect-cloud-data?_mc=NL_DR_EDT_DR_weekly_20240919&cid=NL_DR_EDT_DR_weekly_20240919&sp_aid=125812&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=55121)

“Should MSPs manage antivirus (AV) products separately from RMM software?

Improved Prompt Example: “Should MSPs manage antivirus (AV) products separately from RMM software? Many MSPs and CTOs try to manage everything in one platform, but I believe this leads to reduced quality in both support and security. RMM software was designed for remote management, but investor pressure has caused it to integrate AV products, which leads to issues like lack of third-level support.Along misconfiguration

A recent Crowdstrike issue involving a sys file was worsened by delivery mechanisms from Microsoft and Cloudflare. EULAs are often written to discourage lawsuits rather than compensate users for developer errors.

As a distributor of security products like Bitdefender and Barracuda, MspPortal Partners provides comprehensive support. We believe in training partners properly to manage AV and Mail solutions effectively, and our 24/7 support service sets us apart.”

Are industrywide claims of cybersecurity as a board-level discussion little more than lip service to stakeholders?

COMMENTARY; By Roy Miehe and Raja Mukerji

No organization is immune to today’s looming cybersecurity threats. Whether a large enterprise or a small business, building proactive defenses is critical to day-to-day functions. It’s just as essential to manage cyber-risks as it is to manage other business risks, since successful attackers have the power to financially cripple businesses, damage reputation, and affect continuity.

Amid today’s rising threats — from ransomware and data breaches to the impact of geopolitical and nation-state threats — true cyber preparedness requires the right internal collaboration and tools to bolster business resilience. The responsibility for managing cyber-risk is a collective effort, and everyone plays a role — especially the C-suite.

Are industrywide claims of cybersecurity as a board-level discussion little more than lip service to stakeholders?

My personally comment; MspPortal Partners Inc
Managing over 420 MSP Partners and over 4000 firms amongst them, It is imperative that MspPortal Partners offer best of breed Security Solutions
Firewall Solution on premise
Email Protection (Phishing Malware, detection even phishing training, Backup O365 and GSuite
AntiMalware protection that techs can control, Not like Crowdstrike nor Sentinal One,
that caused one of the biggest tech issue’s/breach over a sys file update, that was distributed by Microsoft and Cloudfare.

AND certainly not Symantec nor Mcaffee..to many startups trying to capture market share with out world like experience let alone providing service and Tech Support via Phone Support. C-Suite are paid way to much for being actors and politics with little or no knowledge of Real Company Security.

MspPortal Partners, does no advertising, has not moved our prices up since we reduced them at the beginning of COVID. We only carry 5 products on purpose..so we can provide level 3 support if needed..most cases are level 1. In most cases we are smarter then the product manufacturers techs

Long Short please do not allow salespeople convince you that there product is better even over pricing; RMM’s are now the leading issue of distributing malware with bad API Hooks beside being over priced and understaffed.

Market share held by the leading computer (desktop/tablet/console) operating systems worldwide from January 2012 to February 2024

Long Short if the statics are correct 68.15 percent of the world uses Microsoft OS’s

Published by
Ahmed Sherif,
May 22, 2024

Microsoft’s Windows is the most widely used computer operating system in the world, accounting for 68.15 percent share of the desktop, tablet, and console OS market in February 2024. Apple’s macOS ranks as the next most widely used operating system, while its iOS mobile operating system, the standard installation on all iPad devices, ranks fourth. Linux OS versions serve as the primary option for users who prefer open-source software and intend to avoid the influence of major OS developers.
Operating Systems

Operating systems serve as the underlying platforms which connect computer hardware and software. They provide users with the graphical interface through which they issue commands and perform tasks on electronic devices. Billions of people make use of these devices and their operating systems on a regular basis, meaning that the companies that develop these widely used technologies have a great deal of influence on the daily lives of internet users around the world. Although Microsoft Windows is the clear leader in terms of desktop operating systems,

Article
(https://www.statista.com/statistics/268237/global-market-share-held-by-operating-systems-since-2009/)

Which we are and still are dealing with having even more security issue’s because the CrowdStrike debacle
Based upon what I do for a living I see more Large Mega Cap Firms down to SMB firms struggling more then ever before.

Personally some attorney with a class action filed should request a huge Liquidated damages (LDs): Which is a sum of money specified in some contracts that are to be paid by one party to another as compensation for intangible losses.

Hopefully this will put huge firms like Crowdstrike, Microsoft, Cloudflare all on notice,if you are going to take money from clients/enduser you are responsible for damages and please do not try to hide behind a EULA..I still have not heard back about how many techs Crowdstrike or Microsoft were sending over to Delta Airlines,considering each machine had to be touched and continue to be touched since you cannot write a Power Shell Script nor remote to a machine, that is Blue Screened (BOD). There has been a lot of LIP SERVICE

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count