With Barracuda Advanced Threat Protection

With Barracuda Advanced Threat Protection
MspPortal Partners blocked 767 Infected attachments in the last 24 hours protecting our partners clients from becoming/getting infected. Thousand of dollars were saved in mitigation costs

Scan Description the file was scanned by the Barracuda Advanced Threat Protection (ATP) service. ATP scans for malware, zero-day exploits, and targeted attacks not detected by other virus scanning features or the intrusion prevention system. ATP analyzes files in a secure cloud environment and makes an overall determination once scanning is complete.

Most of the blocked emails were Microsoft: docx, xlsm , xlsx, pdf, exe and rar

MspPortal Partners is a leader in providing security software to the Tech Community at better then wholesale pricing , service and support

Barracuda RMM 12 SP3 HF1 Release + updated Mac OS support

We are very excited on the 3 releases all happening this week.  Lots of content! 

The upcoming hotfix lays the framework for the related Mac OS support and the new ServiceNow PSA integration release.  Additional details on each one are provided below. 

This hotfix release contains:

– Automation file parameter increase to 25mb.

– Site Prep tool upgrades for Mac OSes Catalina and Big Sur

– Automation scripts for installation of Firefox, Chrome, and Adobe Reader products are now available for download

Mac OS Updates:

– Mac Device Managers are now supported on Catalina and Big Sur

ServiceNow PSA integration:

– Barracuda RMM now supports the ServiceNow PSA integration.  This release focuses on the Event Management product.  This integration includes:

            – 2-way ticket sync – Creating and updating tickets in Barracuda RMM will generate appropriate events in ServiceNow.   A new REST API is available in Barracuda RMM that ServiceNow can be configured to consume to send ticket updates back to.

            – Asset-sync – Barracuda RMM devices can be pushed to a ServiceNow Import Set table on a schedule, where they can then be transformed into the appropriate Configuration Item (CI) tables.

Release Notes now available:

Barracuda RMM 12 SP3 Hotfix 1

English PDF: https://download.mw-rmm.barracudamsp.com/PDF/MW12.3.0/Documentation/RN_RMM_12_SP3_HF1_April2021_EN.pdf

Campus

English: https://campus.barracuda.com/doc/95257799/

MacOS

English PDF:

https://download.mw-rmm.barracudamsp.com/PDF/MW12.3.0/Documentation/RN_BRMM_macOS_DM_EN.pdf

Campus

English: https://campus.barracuda.com/doc/95259524/

 

Managed Workplace Bi-Weekly Status Reports page:

https://wikihub.cudaops.com/display/CAODev/MW+Bi-Weekly+Status+Reports

Bitdefender: Endpoint Security for Mac Version 4.17.16.200166 Release Notes

Please see below release notes for the new Endpoint Security for Mac Version 4.17.16.200166, release on Slow Ring on April 12th.

Endpoint Security for Mac Version 4.17.16.200166 Release Notes

https://www.bitdefender.com/support/Endpoint-Security-for-Mac-Version-4-17-16-200166-Release-Notes-2684.html

Release date:

  • Fast ring: 2021.04.12
  • Slow ring: 2021.04.12

New Features and Improvements

General

Added support for Apple M1 processors, with the following protection modules:

  • Antimalware
  • Device Control
  • Content Control
  • Encryption

Support for other features on Apple M1 will be added in time.

 

Note: 

  • This version of Endpoint Security for Mac has universal binaries and runs natively on both Intel and Apple M1 architectures. In case of existing installations on systems running macOS versions older than Big Sur (11.x), you must first update them to the intermediary version 4.15.139.200139. This will enable migration to the new update location for product versions with universal binaries.
  • This version does not install on OS X El Capitan (10.11), following the Bitdefender announcement regarding the end of support for this operating system. We advise you to upgrade the operating system to a supported version to benefit from the latest Bitdefender protection technologies.

Resolved Issues

General

  • Installing the macOS kit (Apple M1) on machines with M1 processors prompted endpoint users to install Rosetta as well.
  • The product failed to connect to Bitdefender cloud services due to an internal issue.

Graphical User Interface

  • The application top menu was not displayed when launching Endpoint Security for Mac from the dock.
  • Events sorting in the History section was not performed by date after making actions such as resizing columns.

MspPortal now provides Encrypt Mail at no extra charge using Barracuda Spam filtering

If you are using with MspPortal Partners Barracuda Spam Filtering you can now do encrypt mail also at no additional cost.

Rackspace, Office 365, Google Apps, Exchange, Lotus Domino, GroupWise, Zimbra, Gmail, postfix, Send Mail, and more can be used as long as you can add a smart host entry.

I will assist in the original setup at no extra charge ( training) Use a word such as I do “secure” in the subject line plus you have the best spam filtering soluion in the industry.

Bitdefender Endpoint Security Tools Version 6.6.25.362 Release Notes (Windows)

Please see below release notes of Bitdefender Endpoint Security Tools Version 6.6.25.362, released on 3/29 on Slow Ring.

Bitdefender Endpoint Security Tools Version 6.6.25.362 Release Notes (Windows)

https://www.bitdefender.com/support/Bitdefender-Endpoint-Security-Tools-Version-6-6-25-362-Release-Notes-(Windows)-2677.html

Release date:

Fast ring: 2021.03.24

Slow ring: 2021.03.29

 

 

Important:      

  • During this update, the Microsoft Exchange Transport service will be stopped.
  • This version also includes on slow ring the improvements and fixes delivered with the Bitdefender Endpoint Security Tools versions 6.6.25.353 and 6.6.25.359 released on fast ring.

 

New features and improvements

Product

  • Specific error messages will be displayed when Product fails to update due to missing critical Windows patches.

Advanced Anti-Exploit

  • The Advanced Anti-Exploit (AAE) technology is now available for Windows Servers. The module will be installed on and removed from servers via the new Install and Reconfigure task.
    The Advanced Anti-Exploit module is deployed, configured and managed via GravityZone using the same management workflows on servers as available for workstations.

Incompatible Software Removal

  • Added support for removing the following security products: 
    • TrustPort Total Protection 17.x
    • Driver Support One 2.x
    • Avast Business Security 20.x
    • VIPRE Antivirus 11.x
    • Sophos Endpoint Agent 2.x (Tamper Protection must be turned off)
    • Endpoint Protector Client 5.x
  • Enhanced support for removing the following security products: 
    • McAfee Total Protection 16.x

Resolved Issues

Product

  • Fixed an incompatibility with Cisco Advanced Malware Protection (AMP) for Endpoints that caused crashes of File Explorer processes and overall performance issues on Windows 7 machines.
  • In some instances, the product blocked websites with untrusted certificates, while not providing the “Accept risks and continue” option.

Antimalware

  • Fixed an issue with the On-Access Scanning feature, where users without administrative rights could restore a quarantined file. These users are now prompted to enter their username and password when using the Restore button.

Content Control

  • The Content Control module failed to report the web category of a blocked website, in the Blocked Websites report.

Firewall

  • The Firewall driver generated a memory leak in EPSecurityService on Windows machines.
  • The Events timeline from the local interface displayed wrong messages for incoming and outgoing connections.
  • Fixed an issue where blockPortScans remained active even when the Firewall module was enabled.
  • Fixed an issue where traffic was received from an unknown profile.

User Interface

  • The graphical user interface showed that three features part of the Content Control module (Application Blacklisting, Web Access Control and Data Protection) were turned off after logging off or rebooting.

Bitdefender Tech Updates

February Updates:

GravityZone (Cloud-based) Release Notes for February 2021 Update:

Minimum requirements:
Security agents: 6.6.24.337 (Windows); 6.2.21.133 (Linux); 4.16.6.200156 (macOS)

Bitdefender Link : Web Page

Apple MAC:

Bitdefender Endpoint Security for Mac: End of Support for OS X El Capitan (10.11)

Bitdefender Endpoint Security for Mac support for MacOS El Capitan (10.11) will end as of September 1st, 2021.

Starting with the March 2021 release, the Bitdefender Endpoint Security for Mac kit will no longer install on OS X El Capitan. Customers looking to perform new installations on this legacy macOS version can either save an older version of the Bitdefender Endpoint Security for Mac kit or contact Bitdefender Enterprise Support to receive a compatible version and installation procedure. A KB article will be available here detailing necessary steps.
Existing Bitdefender Endpoint Security for Mac installations on OS X El Capitan will continue to function properly and receive signature and critical product updates until September 1st, 2021.

Note:
OS X El Capitan (10.11) is no longer supported by Apple and has not received security updates since August 2018.

Bitdefender Link : Web Page

 

Experienced Support for Advanced Ransomware Threats

When it comes to your personal or business cybersecurity, you need solutions that you can trust. You need partners and suppliers that exude confidence. This trust comes from experience; a proven history of working with and protecting organizations like yours against all types of cybersecurity threats, from malware to phishing attacks, simple spam to ransomware.

In today’s environment of advanced threats, you need a firm such as MspPortal Partners to assist you in protecting your business, and or your personal computer. MspPortal has more than 400 tech firms and 2,000 techs on the ground, and we work with the leading endpoint security solution providers in the industry.

On February 5th, the National Cyber Investigative Joint Task Force (NCIJTF) released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January 2021 to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware. Please download and read the PDF. Direct PDF Ransomware_Fact_Sheet

 

The NCIJTF fact sheet outlines five best practices to minimize ransomware risks.

  1. Backup your data, system images, and configurations, test your backups, and keep the backups offline
  2. Utilize multi-factor authentication
  3. Update and patch systems
  4. Make sure your security solutions are up to date
  5. Review and exercise your incident response plan

At MspPortal Partners, we supply one, two and even three (when needed) in typically 1-2 hours either by email or a direct call we are here to be of service.

Our technology solutions include Bitdefender, which leads the market in malware protection. There are a lot of firms that use extreme marketing dollars to profess to be the best, but in industry antivirus comparisons and reviews, Bitdefender is always is on top. All resellers and distributors that work with Mspportal Partners are trained by Roy Miehe, a top trainer and antivirus professional that has worked in the anti-virus industry since 1996, and as a tech since 1994, working on many beta Microsoft products. He has propelled MspPortal Partners to a leading MSPs working only with the best-of-breed solutions.

Please take the time to send a note (Contact page link) over and we will find the best tech firm for your needs. MspPortal offers a number of technology services, in addition to security solutions.

 

Buying Power Matters

In their early days, companies such as Groupon and Living Social maximized the concept of buying power. They would rally a number of individuals who need or want certain items, and use their collective buying power to get the items at lower prices than any one person could buy on the open retail market. This is one of many examples of how buying power can save people and businesses money.

When it comes to endpoint security, MspPortal Partners uses its buying power for solutions from Barracuda, Bitdefender and other providers to help resellers and distributors with ways they can offer competitive rates and grow their businesses. Like a consumer going direct to a retailer, resellers can go direct to providers for encrypted mail solutions, remote management software, email security and malware protection, but they are likely to pay retail rates. They simply don’t have the experience, relationships or the volume to justify the solution providers lowering their rates. Entry-point pricing is much closer to retail pricing, making it difficult for resellers and distributors to add enough margin to quickly build a profitable business.

MspPortal Partners leverages years of security industry experience to purchase endpoint security seats at a much lower rate than individual resellers can negotiate. In fact, MspPortalPartners works with 400 MSPs and 3927 resellers customers across the country and Canada, and collectively, the group manages over 200,000 endpoints. The ability to buy seats in larger quantities results in savings that are passed on to MspPortalPartners customers. This savings is in addition to better customer service, tech support and training that can be relied on 24x7x365.

So, when we talk about buying power, we lean on the relationships MspPortalPartners has built over the last several years with providers to negotiate pricing that benefits our network. And while the buying-power pricing often attracts resellers and distributors to MspPortalPartners, it is our technical knowledge and service that keeps them as a partner.

For more information about our Partner Program and how MspPortalPartners operates, visit…

SonicWall Breached Via Zero-Day Flaw In Remote Access Tool

Sophisticated hackers compromised SonicWall’s NetExtender VPN client and SMB-oriented Secure Mobile Access 100 series product, which are used to provide employees and users with remote access to internal resources.

SonicWall disclosed Friday night that highly sophisticated threat actors attacked its internal systems by exploiting a probable zero-day flaw on the company’s secure remote access products.

The Milpitas, Calif.-based platform security vendor said the compromised NetExtender VPN client and SMB-oriented Secure Mobile Access (SMA) 100 series products are used to provide employees and users with remote access to internal resources. The SMA 1000 series is not susceptible to this attack and utilizes clients different from NetExtender, according to SonicWall.

“We believe it is extremely important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall wrote in an “Urgent Security Notice” posted to its product notifications webpage at 11:15 p.m. ET Friday. The company said the coordinated attack on its systems was identified “recently.”

SolarWinds Hackers Access Malwarebytes’ Office 365 Emails

SonicWall declined to answer questions about whether the attack on its internal systems was carried out by the same threat actor who for months injected malicious code into the SolarWinds Orion network monitoring tool. The company, however, noted that it’s seen a “dramatic surge” in cyberattacks against firms that provide critical infrastructure and security controls to governments and businesses.

The company said it is providing mitigation recommendations to its channel partners and customers. Multi-factor authentication must be enabled on all SonicWall SMA, firewall and MySonicWall accounts, according to SonicWall.

Products compromised in the the SonicWall breach include: the NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls; as well as SonicWall’s SMA version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

SonicWall partners and customers using the SMA 100 series should either use a firewall to only allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs or configure whitelist access on the SMA directly itself, according to the company.

For firewalls with SSN-VPN access using the compromised version of the NetExtender VPN client, partners and customers should either disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs, according to SonicWall.

SonicWall is the fifth pure-play cybersecurity vendor to publicly disclose an attack over the past seven weeks. FireEye blew the lid off what would become the SolarWinds hacking campaign Dec. 8 when company said that it was breached in an attack designed to gain information on some of its government customers. The attacker was able to access some of FireEye’s internal systems, the company said.

Then CrowdStrike disclosed Dec. 23 that it had been contacted eight days earlier by Microsoft’s Threat Intelligence Center, which had identified a reseller’s Microsoft Azure account making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago, according to CTO Michael Sentonas.

The reseller’s Azure account was used for managing CrowdStrike’s Microsoft Office licenses, and the hackers failed in their attempt to read the company’s email since CrowdStrike doesn’t use Office 365 email, according to Sentonas.

Then Mimecast announced Jan. 12 that a sophisticated threat actor had compromised a Mimecast-issued certificate used to authenticate several of the company’s products to Microsoft 365 Exchange Web Services. The compromised certificate was used to authenticate Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365, the company disclosed.

Mimecast declined to answer CRN questions about whether its breach was carried out by the same group who attacked SolarWinds. But three cybersecurity officials told Reuters Jan. 12 they suspected the hackers who compromised Mimecast were the same group that broke into SolarWinds. The Washington Post reported that the SolarWinds attack was carried out by the Russian foreign intelligence service.

Most recently, Malwarebytes disclosed Tuesday that the SolarWinds hackers leveraged a dormant email production product within its Office 365 tenant that allowed access to a limited subset of internal company emails. Malwarebytes doesn’t itself use SolarWinds Orion, and learned about the attack from Microsoft following suspicious activity from a third-party application in the company’s Office 365 tenant

 

By Michael Novinson January 23, 2021, 11:20 AM EST (Article)