Bitdefender Gravity Zone

Folks make sure you check the companies you manage and have allocated enough license’s

Below is an alert that you should have sent to you immediately

Bitdefender Gravity Zone
Deployments have reached Customer’s license limit

Notification Details
The Customer company ABC & Company has reached the maximum number of endpoints protected by the license key IABCF3.
To protect more endpoints for this company, you should extend its service subscription.

Provided by MspPortalPartners Inc
We hope you enjoy using the #1-ranked security technology!

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow

Microsoft Releases October 2022 Security Updates
10/11/2022 02:15 PM EDT

Original release date: October 11, 2022
Link (https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct)

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.

Meta warns 1 million Facebook users their login info may have been compromised

Naomi Nix- Washington Post
Fri, October 7, 2022 at 3:09 PM

Suggestion folks in the IT industry keep Facebook out the company network , if they need it for marketing get them another computer/laptop and keep off the network. It bad enough we have issue’s with Microsoft and Google for security issues. Facebook is a non essential, my personal opinion.

Facebook parent Meta is warning 1 million users that their login information may have been compromised through malicious apps.

Meta’s researchers found more than 400 malicious Android and Apple iOS apps this year that were designed to steal the personal Facebook login information of its users, the company said Friday in a blog post. Meta spokesperson Gabby Curtis confirmed that Meta is warning 1 million users who may have been affected by the apps.

Meta said the apps they identified were listed in Apple’s app store and Google Play Store as games, photo editors, health and lifestyle services and other types of apps to trick people into downloading them. Often the malicious app would ask users to “login with Facebook” and later steal their username and password, according to the company.
“This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” wrote Meta’s Threat Disruption Director David Agranovich, and Malware Discovery and Detection Engineer Ryan Victory.

Meta said it reported the apps to Apple and Google and the apps had since been taken down. Google spokesperson Edward Fernandez said in a statement that the “apps identified in the report are no longer available on Google Play.” A representative for Apple responded but didn’t comment.

Meta has faced scrutiny over its privacy practices for years. In 2019, the Federal Trade Commission approved a roughly $5 billion settlement with Facebook after reports found the political consultancy Cambridge Analytica improperly accessed personal data of millions Facebook users.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Hackers Have It Out for Microsoft Email Defenses

Tara Seals Managing Editor, News, Dark Reading
October 06, 2022

If you insist in Using O365 at least have a filter in front to protect yourselves , I recommend Barracuda Advance Spam/Phishing  filtering they clean it and then deliver to your mailbox

“Many hackers think of email and Microsoft 365 as their initial points of compromise, [so they] will test and verify that they are able to bypass Microsoft’s default security,” according to a new report from Avanan that flags an uptick in its customer telemetry of malicious emails landing in Microsoft-protected email boxes.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Update to Bitdefender SSL Cert Issue 10-6-22 11:44AM

1) Turn SSL Cert back on in the policy

2) Do a agent update it will do a roll back see notes attached

We want to inform you about an update on October 6 that temporarily caused web browsing slowdown for some users of our Bitdefender Endpoint Security Tools – for Windows. Customer systems remained protected at all times and the issue has been resolved.  

Details 

On October 6, 2022 at 16:04 UTC, Bitdefender released engines version 7.92965 (9952880) for Bitdefender Endpoint Security Tools – Windows via live update. This update included changes to Network Protection module that handles web content inspection over SLL connections.  

The update included a flaw in the inspection mechanism which caused some customers to experience significant slowdown when browsing webpages. Our teams identified the issue soon after release and took immediate action to remediate the issue. The slowdown did not impact any of the prevention, detection and response layers provided by Bitdefender Endpoint Security Tools and customer systems remained protected at all times.  

Remediation 

The Bitdefender product engineering team executed a product update rollback at 18:14 UTC. The Bitdefender Endpoint Security Tools product version remained unchanged, the engines version that resolves the issue is 7.92964 (9950697). 

Customers who experienced the issue and have “Security Content Update” enabled will have the issue fixed via live update without any additional action required. For customers that disable Security Content Update, manual update task is required.  

Next Steps 

The Bitdefender engineering teams are working on a full root cause analysis of this incident and based on our findings we will promptly harden our release process accordingly so that similar situations will not occur.  

We apologize for any interruptions this event may have caused our customers. While we take pride in our track record of reliability, we acknowledge that faulty updates may seldom occur and we will use this event to learn from it and improve our products and processes moving forward.  

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Microsoft to retire Exchange Online client access rules in a year BEWARE

By Sergiu Gatlan September 27, 2022 03:11 PM
Microsoft announced today that it will retire Client Access Rules (CARs) in Exchange Online within a year, by September 2023.

Microsoft also recently warned customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.

CARs are sets of conditions, exceptions, actions, and priority values that allow Microsoft 365 admins to filter client access to Exchange Online based on many factors.

Connections can be allowed or blocked based on the client’s IP addresses and authentication type, as well as the protocol, application, or service they’re using to connect.

In short, once configured, they help control who can access what resources in an Exchange Online organization.

“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the Exchange Team said.

“We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”

The company will begin the deprecation process by first disabling client access rules in tenants where they’re unused starting October 2022.

Until September 2023, Microsoft plans to help migrate all remaining tenants from CARs to use new access control features like continuous access evaluation (CAE).
Client access rules deprecation timeline
Client access rules deprecation timeline (Microsoft)

​”If you do not currently use CARs, cmdlets will be disabled for your tenant after October 2022,” the Exchange Team added.

“If you currently have CARs configured in your tenant you will be able to keep using them until September 2023, which provides you with time to migrate other, more resilient options.”

As Redmond explains, the switch to CAE access control to Exchange Online resources is designed to add extra resiliency by proactively terminating active user sessions and ensuring tenant policy change enforcement in almost real-time.

“Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization,” the Exchange Team said.

Microsoft also recently warned customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-to-retire-exchange-online-client-access-rules-in-a-year/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Microsoft shares workarounds for Windows Group Policy issues (PLUS OTHER ISSUES)

By Sergiu Gatlan September 23, 2022 07:28 AM

Microsoft has acknowledged a known issue where copying files/shortcuts using Group Policy Preferences on Windows client devices might not work as expected after installing recent Windows cumulative updates released during this month’s Patch Tuesday.

On affected systems, files or shortcuts will not copy to the target drives or end up as zero-byte files when using Group Policy file operations.

“File copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes,” Microsoft explained.

“Known affected Group Policy Objects are related to files and shortcuts in User Configuration -> Preferences -> Windows Settings in Group Policy Editor.”

The list of affected platforms includes client (from Windows 8.1 up to Windows 11 22H2) and server releases (from Windows Server 2008 SP2 and up to Windows Server 2022).

Microsoft acknowledged the issue following a stream of Windows admin reports across multiple social networks and on Microsoft’s online community regarding issues with Group Policy settings after deploying September 2022 Patch Tuesday updates.

At the time, some of the affected admins suggested a radical fix requiring manually uninstalling and hiding the offending cumulative updates. Unfortunately, this would also remove all fixes for recently patched security vulnerabilities.

However, multiple admins have also reported that un-checking the “Run in user security context” option on the affected GPOs will help address the file copying and shortcut creation problems.
Official workarounds are also available

Microsoft confirmed the last workaround shared by impacted customers before the issue was acknowledged, together with a couple of additional ways to mitigate the issue (any one of them is enough for mitigation) :

Uncheck the “Run in logged-on user’s security context (user policy option).” Note: This might not mitigate the issue for items using a wildcard (*).
Within the affected Group Policy, change “Action” from “Replace” to “Update.”
If a wildcard (*) is used in the location or destination, deleting the trailing “\” (backslash, without quotes) from the destination might allow the copy to be successful.

Redmond also added that its developers are working on a resolution for this known issue and will provide a fix with an upcoming update.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workarounds-for-windows-group-policy-issues/)

Microsoft: Windows KB5017383 preview update added to WSUS by mistake
(https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5017383-preview-update-added-to-wsus-by-mistake/)
Microsoft rolls out emergency fix for blocked Windows logins (https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-emergency-fix-for-blocked-windows-logins/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

 

Microsoft: Exchange servers hacked via OAuth apps for phishing

By Sergiu Gatlan September 22, 2022 01:13 PM
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails.

“The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access,” the Microsoft 365 Defender Research Team said.

“The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server.”

The attacker then used this inbound connector and transport rules designed to help evade detection to deliver phishing emails through the compromised Exchange servers.

The threat actors deleted the malicious inbound connector and all the transport rules between spam campaigns as an additional defense evasion measure.

In contrast, the OAuth application remained dormant for months between attacks until it was used again to add new connectors and rules before the next wave of attacks.

These email campaigns were triggered from Amazon SES and Mail Chimp email infrastructure commonly used to send marketing emails in bulk.
The attacker used a network of single-tenant applications as an identity platform throughout the attack.

After detecting the attack, Redmond took down all apps linked to this network, sent alerts, and recommended remediation measures to all affected customers.

Microsoft says this threat actor was linked to campaigns pushing phishing emails for many years.

The attacker was also seen sending high volumes of spam emails within short timeframes through other means “such as connecting to mail servers from rogue IP addresses or sending directly from legitimate cloud-based bulk email sending infrastructure.”

“The actor’s motive was to propagate deceptive sweepstakes spam emails designed to trick recipients into providing credit card details and signing up for recurring subscriptions under the guise of winning a valuable prize,” Microsoft further revealed.

“While the scheme possibly led to unwanted charges for targets, there was no evidence of overt security threats such as credential phishing or malware distribution.”

Article (https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-via-oauth-apps-for-phishing/)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”

Google, Microsoft can get your passwords via web browser’s spellcheck

Google, Microsoft can get your passwords via web browser’s spellcheck
By Ax Sharma September 17, 2022 02:39 PM

Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.

While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.

Both Chrome and Edge ship with basic spellcheckers enabled. But, features like Chrome’s Enhanced Spellcheck or Microsoft Editor when manually enabled by the user, exhibit this potential privacy risk.
Spell-jacking: That’s your spellcheck sending PII to Big Tech

When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Josh Summitt, co-founder & CTO of JavaScript security firm otto-js discovered this issue while testing his company’s script behaviors detection.

In cases where Chrome Enhanced Spellcheck or Edge’s Microsoft Editor (spellchecker) were enabled, “basically anything” entered in form fields of these browsers was transmitted to Google and Microsoft.

“Furthermore, if you click on ‘show password,’ the enhanced spellcheck even sends your password, essentially Spell-Jacking your data,” explains otto-js in a blog post.

“Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure.”
Users may often rely on the “show password” option on sites where copying-pasting passwords is not allowed, for example, or when they suspect they’ve mistyped it.

To demonstrate, otto-js shared the example of a user entering credentials on Alibaba’ Cloud platform in the Chrome web browser—although any website can be used for this demonstration.

With enhanced spellcheck enabled, and assuming the user tapped “show password” feature, form fields including username and password are transmitted to Google at googleapis.com.

Article (https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”