FBI Requests to Pass a Bill Over Ransomware Attacks

FBI Requests to Pass a Bill Over Ransomware Attacks – Reporting Ransomware Immediately To Be A Law?

By Consider The Consumer on August 9, 2021
FBI’s Plead for Mandatory Reporting of Ransomware Attacks but in reality nothing has happened

The FBI and Department of Justice are pleading with Americans to assist them in avoiding cyberattacks, stating that companies may withhold information out of fear of being sued.
Appeal for a Bill

Tuesday, during a congressional hearing, top federal cybersecurity officials urged Congress to pass a bill requiring businesses and consumers inside the United States to disclose ransomware attacks when they occur.

Richard Downing, Deputy Assistant Attorney General, told a U.S. Hearing before the Senate Judiciary Committee that investigation opportunities are lost without quick reporting. The capacity to assist other victims experiencing similar attacks is diminished, and the government and Congress lack a complete picture of the threat confronting American companies.

The request follows a series of high-profile assaults on U.S. private and public sites, including hospitals, schools, and a fuel pipeline.

The ransomware attack on Colonial Pipeline Co., which carries over half of the East Coast’s diesel, gasoline, and jet fuel, prompted the pipeline’s temporary shutdown, resulting in significant ripple effects currently being studied.

Based on Tuesday’s testimony, roughly three-quarters of all cyberattacks in the country go unreported, making it more difficult for authorities to counteract.

According to reports, Executive Assistant Director of the Cybersecurity and Infrastructure Security Agency Eric Goldstein stated that without such visibility, they are unable to communicate information efficiently, issue timely alerts, assist victims, or comprehend the consequences of these attacks on the critical national functions on which they all rely.

President Joe Biden decided to sign an executive order, following several high-profile cyberattacks on national utilities and services in May. The order requires government contractors in the information technology industry to disclose cyberattacks.
Persuading the Victims of Ransomware Attacks

On Tuesday, Assistant Director of the FBI’s Cyber Division Bryan Vorndran stated that victims of cybercrime should be compelled to inform authorities about cybercriminals’ ransom requests and whether they paid the extortion.

Additionally, the idea of shielding companies from accountability if they do report law enforcement to the cyberattacks was considered. Certain companies may be hesitant to disclose their cyberattacks for fear of litigation, such as class action lawsuits. Unfortunately they all hide behind EULA agreements on their websites, non-responsibility if you get infected.

Downing stated that victims should not be penalized for cooperating with the government. Victims should retain any legal privilege they may have had over the information before releasing it.

Numerous companies and businesses are facing class action lawsuits over their lack of ransomware protection.
Editor’s Note on FBI Requests to Pass a Bill Over Ransomware Attacks:

This article is written to inform you of the latest FBI’s request to pass a bill that would force companies and citizens to report ransomware attacks immediately.

Bitdefender-Smartphone Safe

Personally I have asked Bitdefender to add to the Enterprise Gravity Zone for 4 years no success
But-7 tips to keep your smartphone safe until Bitdefender adds to Gravity Zone!

Hello Folks,
Your smartphone stores a great deal of personal information. Let’s face it, your whole life is on that thing. You send emails and text messages, make calls, take and share videos and photos, use social media, shop online and so much more.
To make sure you don’t become part of a rising proportion of people targeted by hackers, we’ve compiled a list of seven tips to help you keep your smartphone and your data safe.
1) Keep your smartphone and apps up to date
Software updates protect you from vulnerabilities or loopholes that can be exploited. Install them as soon as they come up.
2) Delete unused apps from your device
If you don’t need/ use it, delete it. Old apps may have severe security flaws that can compromise your device.
3) Back up data
This action is essential in case of theft or malicious compromise such as a ransomware attack.
4) Stay away from SMS scams
Delete any unexpected SMS or email containing links to download something or ask you for personal or financial information, even if they seem to come from legit sources (your bank, delivery companies).
5) Hang up or don’t respond to suspicious phone calls
Scammers may also call you on the phone to convince you to reveal personally identifiable information, bank account numbers, PINs, credit card numbers.
6) Think twice before connecting to public WiFi networks
Public WiFi can face many threats, including theft of personal information such as login and financial data, especially if you don’t use a VPN to encrypt your data.
Use Bitdefender Mobile Security to protect your smartphone
No matter how cautious you are, you can never replace a security software tailor-made to keep you safe from the latest threats.
Find out more about the full protection of your iPhone or Android devices.
Stay Safe,
Roy Miehe
CEO MspPortal Partners Inc

Breach: Microsoft Power Apps records leaked via OData API

The big news this week is the data breach at the Microsoft Power Apps platform, leading to the disclosure of up to 38 million records with Personally Identifiable Information (PII). The details range from names and email addresses to COVID-19 vaccination status, and even Social Security numbers. The breach was discovered by researchers at UpGuard, who detail the underlying issue, the entities impacted, and the response from Microsoft in their recent blog.

Researchers discovered that an OData API that Power Apps used for accessing data publicly exposed sensitive user data which should have been private. The access to data is controlled with the setting called table permissions, which can be set to restrict access to sensitive records. Unfortunately, Microsoft had opted to switch off table permissions by default, meaning that they were publicly accessible unless users realized to switch it on. Microsoft did warn users on the impact of leaving this setting off, but as the breach shows, this might not have been the best call:

Article1_OData

Upon their discovery, UpGuard notified Microsoft about the issue. The initial response was that this public accessibility was by design, not a vulnerability. Not the first time we see this excuse with reported API vulnerabilities, often dressed up in the guise of “improved user experience”.

UpGuard then proceeded to notify the impacted entities, many of whom took swift action to remove the leaked PII data. To add insult to injury, many core Microsoft portals were also affected, and subsequently Microsoft appears to have notified impacted government cloud customers of the issue.

Since the disclosure of the breach, Microsoft has changed their stance here:

They have changed the default setting so that new lists enforce table permissions to protect underlying data.
They have provided a dedicated tool, Portal Checker, for finding OData lists that allow anonymous access.

The lessons learned here include:

This is a classic example of Broken Authentication on an API — the impact of having unauthenticated APIs can lead to unintended data disclosure. You could also argue that this falls under API7:2019 — Security misconfiguration, too.
As a developer, always ensure you understand the full impact of your chosen default settings and permissions.
As a platform designer providing API service, always ensure strict access restriction (deny-by-default, least privilege…). Allowing full anonymous access to data or other resources is not a sensible default, regardless of any warnings that you glue on top.
Subscribe to API Articles

From CVS to Chevron, FDA decision triggers vaccine mandates

PAUL WISEMAN and JOSEPH PISANI
Tue, August 24, 2021, 1:10 PM

From Walt Disney World and Chevron to CVS and a Michigan university, a flurry of private and public employers are requiring workers to get vaccinated against COVID-19 after the federal government gave full approval to the Pfizer shot. And the number is certain to grow much higher

Food for thought/opinion if all firms require employees be vaccinated or find a new job..then have your employer re-write there contract with you if you get sick..they pay for all medical expenses with no out of pocket expenses and they continue to pay you your full salary

Associated Press writers Carla K. Johnson, Anne D’Innocenzio, Tom Krisher and Ricardo Alonso-Zaldivar contributed to this story.

Opinion

Bitdefender Requirement Important

Please read your Security Alerts:

Deployments have reached Customer’s maximum license limit:

Notification Details:

The Customer company XYZ FD has reached the maximum number of endpoints protected by the license key (Company Key).
To protect more endpoints for this company, you should extend its service subscription or add more licenses.
Otherwise your endpoints will not be protected and are subject to malware

Windows Privilege Escalation Vuln Puts Admin Passwords At Risk

July 21 2021

Microsoft has issued a temporary workaround for systems vulnerable to CVE-2021-36934, also known as “HiveNightmare” and “SeriousSAM.”

Microsoft has issued a temporary workaround for a privilege escalation vulnerability that could expose administrator passwords to non-admin users.

CVE-2021-36934, also called “HiveNightmare” and “SeriousSAM,” appears to have been first detected by security researcher Jonas Lykkegaard, Forbes reports. Lykkegaard noticed the Security Account Manager (SAM) file had become read-enabled for all users, meaning an attacker with non-admin privileges could access hashed passwords and elevate privileges.

Lykkegaard and other security researchers found the issue affected the Windows 11 preview as well as Windows 10. Microsoft has confirmed the problem affects Windows 10 version 1809 and newer operating systems and has provided workarounds for systems affected by the flaw.

“An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database,” the company wrote in its CVE.

An attacker who successfully exploited the flaw could run arbitrary code with system privileges and then install programs; view, change, or delete data; or create new accounts with full user rights. They also have the ability to execute code on a target system to exploit the bug. So far Microsoft has not detected exploits in the wild, though it notes exploitation is “more likely.”

Microsoft has stated it will update the CVE as its investigation continues.
Article: Dark Reading

Windows Print Spooler Remote Code Execution Vulnerability

MspPortal Reported the issue on 7-7-2021

For PrintNightmare we currently have the following detections live:
Exploit.RPRN.CVE-2021-1675.PrintNightmare — from our NAD module (I know the CVE in the name differs, but it still detects the attack)
Alert.RPRN.AddPrinterDriver — from our EDR module
We are also working on detection from our behavioral engine. However, that will take a bit more time as it requires extensive testing but will be available soon.

 

Solution 7-12 Bitdefender Solved the issue

Bitdefender technologies will now protect against this vulnerability. 

Little about MspPortal Partners and Bitdefender relationship

1) We do 1,2,3 line tech support for Bitdefender Gravity Zone we average 60 tech cases a week just on 1 and 2nd level support we typically solve our case load within 15-30 minutes
2) We do the hands on Training (1 hour) no power point live. When we are done you can start selling that day. We write a default policy that will keep you out of trouble and avoid Crypto. We also do a lot of Bitdefender’s beta work. Helps us to be better service to you
3) We do the licenses (reality we just keep your bucket full so it’s nothing more than adding more licenses when needed (just send an email to us) You only pay for what you use/install
4) Last we do the invoicing 2nd of the month we make sure you receive a report of the breakdown for your billing on the first. for the prior month (arrears)
5) The reality is even though we are a distributor we are really a VAD value add we work for a living 😉
6) Techs since 1994 when Roy Miehe started this firm

We will be glad to answer any questions you may have and also share some best practices with you.

Bitdefender has a great program with solutions specifically tailored for MSPs..