Folks add this to your email alerts. (Bell Top Right hand corner-> Sprocket)
Companies and endpoints need to be licensed IMPORTANT otherwise you will have endpoints not updating correctly
It will appear as Notification Details:
The Customer company XYZ has exceeded the maximum number of endpoints protected by the license key .
Roy
Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers.
Microsoft confirmed last week that attackers were able to view some of its source code, which it found during an ongoing investigation of the SolarWinds breach. While its threat-modeling approach mitigates the risk of viewing code, many questions remain that could determine the severity of this attack.
|
In a blog post published on Dec. 31, 2020, officials said Microsoft has not found evidence of access to production services or customer data, nor has it discovered that its systems were used to attack other companies. The company has not found indications of common tactics, techniques, and procedures (TTPs) linked to abuse of forged SAML tokens against its corporate domains.
It did find an internal account had been used to view source code in “a number of code repositories,” according to the blog post, from the Microsoft Security Response Center (MSRC). This activity was unearthed when investigators noticed unusual activity with a small number of internal accounts, the post explains, and the affected account didn’t have permissions to change any code or engineering systems. The accounts were investigated and remediated, officials noted.
The news began to generate attention in the security community, and with good reason: Microsoft’s software is among the most widely deployed in the world, and organizations of all sizes rely on the company’s products and services. It’s an appealing target, in particular among advanced attackers like those behind the SolarWinds incident.
“It’s something they can’t access themselves, and there’s a lot of assumption that there’s super-secret things there that are going to compromise [their] security,” says Jake Williams, founder and president of Rendition Infosec, regarding why businesses might understandably panic at the news.
While it’s certainly concerning, and we don’t know the full extent of what attackers could see, Microsoft’s threat-modeling strategy assumes attackers already have some knowledge of its source code. This “inner source” approach adopts practices from open source software development and culture, and it doesn’t rely on the secrecy of source code for product security.
“There are a lot of software vendors, and security vendors, that rely on the secrecy of their code to ensure security of applications,” Williams explains. Microsoft made a big push for secure software development in Windows Vista. It didn’t make the decision to open source the code but designed it with the assumption that could possibly happen someday. Source code is viewable within Microsoft, and viewing the source code isn’t tied to heightened security risk.
“If the code is all publicly released, there should not be new vulnerabilities discovered purely because that occurs,” Williams adds.
Microsoft’s practice isn’t common; for most organizations, the process of adopting the same approach and revamping their existing code base is too much work. However, Microsoft is a big enough target, with people regularly reverse engineering its code, that it makes sense.
While attackers were only able to view the source code, and not edit or change it, this level of access could prove helpful with some things — for example, writing rootkits. Microsoft, which did not provide additional detail for this story beyond its blog post, has not confirmed which source code was accessed and how that particular source code could prove helpful to an attacker.
It’s one of many questions that remain following Microsoft’s update. What have the attackers already seen? Where was the affected code? Were the attackers able to access an account that allowed them to alter source code? There is still much we don’t know regarding this intrusion.
This “inner source” approach still creates risk, writes Andrew Fife, vice president of marketing at Cycode, in a blog post on the news. Modern applications include microservices, libraries, APIs, and SDKs that often require authentication to deliver a core service. It’s common for developers to write this data into source code with the assumption only insiders can see them.
“While Microsoft claims their ‘threat models assume that attackers have knowledge of source code,’ it would be far more reassuring if they directly addressed whether or not the breached code contained secrets,” he writes. In the same way source code is a software company’s IP, Fife adds, it can also be used to help reverse engineer and exploit an application.
This is an ongoing investigation, and we will continue to provide updates as they are known. In the meantime, Williams advises organizations to continue applying security patches as usual and stick with the infosec basics: review trust relationships, check your logging posture, and adopt the principles of least privilege and zero trust.
“Supply chain attacks are really difficult to defend against, and it really comes back to infosec foundations,” he says. “If your model of protecting against an attack is ‘give me an indicator of compromise and I will block that indicator,’ that’s ’90s thinking.”
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial
SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.
A class-action lawsuit filed against SolarWinds and some of its executives accuses the company of lying and misleading shareholders about its security posture in the year leading up to its disclosure of a massive breach affecting public and private entities.
|
The suit was filed by shareholders and names SolarWinds, in addition to outgoing CEO Kevin Thompson and CFO Barton Kalsu, as defendants. It alleges Thompson and Kalsu, who were involved with the company’s daily operations and had access to proprietary data, made false and misleading statements to the Securities and Exchange Commission throughout last year.
The complaint states that SolarWinds “failed to disclose the following adverse facts pertaining to the Company’s business, operations, and prospects, which were known to Defendants or recklessly disregarded by them.”
It continues to say SolarWinds failed to disclose that since mid-2020, its Orion monitoring tools had a vulnerability that enabled attackers to compromise the server on which its products ran. It also notes the company’s update server had an easily accessible password of “solarwinds123.” Consequently, SolarWinds customers would be vulnerable to hacks and, as a result, the company would suffer “significant reputational harm,” the suit states.
“As a result, Defendants’ statements about SolarWinds’s business, operations and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times,” according to the suit.
Read more details here.
Release date:
Fast Ring: 2020.12.15
Slow Ring: 2020.12.17
New Features and Improvements
General
• Added improvements for product crash scenarios.
Antimalware
• Added improvements for better resource consumption.
Resolved Issues
Installation
• The security agent failed to install on a Red Hat Enterprise 6.5 Korean system.
Antimalware
• The Antimalware module appeared as disabled in the local interface when the mount point used NFSv4.
• The product caused system crashes on Red Hat Enterprise 8.3.
Endpoint Detection and Response (EDR)
• The security agent consumed a large amount of memory triggering Linux Out of Memory Killer on some Ubuntu systems
By now, you have seen the disaster that is the breach caused by the tainted SolarWinds update. Earlier today, even Microsoft confirmed that its network was hacked. SolarWinds said earlier in the week that attackers penetrated its software build system and inserted malicious code into software updates. The updates were then sent out to more than 33,000 organizations around the world, of which 18,000 actually installed the update. Among the organizations were thousands of managed service providers responsible for supporting thousands of companies.
It’s no secret that as a managed service provider, MspPortal Partners, has a vested interest in this story and potentially the organizations that were overconfident in their network security. Because the update came from what was a trusted partner, SolarWinds, more than half of those organizations targeted likely installed the update without a second thought. Unfortunately, the number and locations of the victims of this attack are likely going to grow over the next several days and weeks. Now is a time for SolarWinds customers to consider their security partners, and if a partner with a more hands-on approach can prevent these attacks from happening in the future.
MspPortal Partners, a boutique distributor of security solutions, has already started to support dozens of SolarWinds customers and is prepared to support as many as are ready to change. In addition to live training and support 24x7x365, MspPortal can add and scale accounts as needed as a result of our negotiating power with our solution providers and our bulk licensing agreements. We offer security through one of the most established and trusted platforms in the industry, and with attacks only increasing, now may be the best time to switch.
3 month migration pricing available
Contact us for more information.
We know you have options when it comes to deploying Bitdefender software. In fact, you could buy from multiple brand name distributers in the United States. Some of them are Remote Management and Monitoring providers working with a number of solution providers while others are simply generating sales for Bitdefender passing the money back and and support back to Bitdefender. Pricing for these distributors is the same, so you’re not going to find many differences in working with one or the other.
MspPortal is a boutique distributor that specializes in Bitdefender, along with other complementary product lines. We are a top hands-on trainer in the United States, offering three levels of support 24x7x365. MspPortal never refers you back to Bitdefender; rather we use our expertise working with the software for the past several years to support your software needs. Our largest deployment of Bitdefender was to a reseller for 60,000 endpoints in 26 different locations across California. We negotiated the pricing with Bitdefender for a three-year contract. The customer, the reseller and Bitdefender walked away satisfied in the contract and the ongoing level of support from MspPortal.
We can provide all licenses within minutes and scale your account as needed because of our negotiating power that allows us to acquire buckets of licenses in our monthly Gravity Zone.
If you are in the market for endpoint security software or better support, look no further than MspPortal.
Contact us at…our contact page on the web site
December 17 2020
Bitdefender’s Response to FireEye and SolarWinds Breaches and Recommendations for Organizations (Article)
Measures Bitdefender took to ensure its internal operations were not impacted:
An audit of our suppliers, partners, contractors and outsources concluded SolarWinds solutions are not incorporated into any products or services we procure.
Although Bitdefender does not use any SolarWinds solutions in its operations, a thorough systems check concluded no indication of compromise from the attack.
We have hardened our environment against specific techniques used in this attack and will continue to fortify through evaluations and tabletop exercises as new information becomes available.
Bitdefender is an undisputed world leader in its field, with its technology used in 38% of all security solutions worldwide. Acknowledged by prestigious independent testing labs as the world’s best prevention firm, Bitdefender is the provider of the first and only integrated security platform that unifies hardening, prevention, detection, response and services across endpoint, network and cloud.
MspPortalPartner is proud to be one of Bitdefenders Largest MSP Distributors in the US “Where Service and Technical Skills Count” From pricing to training and tech support level 1,2,3
December 16 2020
Details about the Russian-based malware security threat that infected an estimated 18,000 organizations continue to unfold. Over the last several days, targets and victims of the campaign, which originated from a seemingly legitimate software update of the Orion network management product from SolarWinds, have emerged and include a who’s who of the U.S. government, numerous Fortune 500 companies and potentially over 22,000 managed service providers. The U.S. Treasury Department, the Department of Homeland Security, the State Department, the Justice Department, and potentially entities from all five branches of the U.S. military installed the compromised software on their systems. SolarWinds also counts 499 of the top Fortune 500 companies as customers, so the extent of the security breach is extensive.
According to stories published on DarkReading.com and ZDNet, security vendor FireEye uncovered the malware campaign while investigating a breach on its own network. FireEye recently published a description of the malware, “SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.
“After an initial dormant period of up to two weeks, it retrieves and executes commands, called ‘Jobs,’ that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”
On Monday, Dec. 16th, the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive, only the fifth since 2015, advising “all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”
DarkReading.com reported, “The targeted attack has once again focused attention on the long-standing issue of supply chain and third-party security. It has also raised alarm about the extent to which Russian advanced persistent threat (APT) actors and threat actors from other countries may have insinuated themselves into, and are lurking on, U.S. critical infrastructure and networks, ready to activate at a moment’s notice.”
SolarWinds’ Orion technology monitors networks of hundreds of thousands of organizations in government, banking, healthcare and other industries..
During the past month, more than 30 SolarWinds’ MSPs have signed up with MspPortal Partners Inc, and they are now protected on one of the oldest, most established and trusted security platforms.
It should go without saying that when it comes to cybersecurity, if you use a computer or mobile device, you shouldn’t let your guard down this holiday season. Unfortunately, when it comes fighting to be the first who gets the new Sony PS5 or Apple Air Pods Max, sometimes commonsense goes out the window. Add a global pandemic, which has consumed everyone’s attention, and it’s no surprise why personal privacy and cybersecurity are not a focus or priority.
With more people working remotely and companies extending their networks to home offices around the world, nefarious practitioners have also shifted their focus. Again, no surprise that the response of businesses to send people home because of COVID-19, created a gap in cybersecurity, forcing organizations to invest even more time and resources in protective measures. In addition, phishing emails related to COVID-19 have surged, along with scams and attacks related to stimulus payments.
One editor wrote, “Ask almost anyone what the top global story was for 2020, and they will likely start with the COVID-19 pandemic. But there is much more to this story.
“2020 will also be remembered as the year that security events exploded and cyber incidents transformed society in numerous ways.”
So, as we head into and slowly out of the most vulnerable time of the year, pay a little more attention to what website you are sharing your personal information with, and what email you are responding to. As you focus on taking care of your personal health and doing your part to prevent the spread of the COVID-19 virus, consider your approach to cybersecurity and do your best to avoid falling victim to or spreading digital viruses as well.
Protection with pricing below market place by MspPortal Partners Inc who now partners with Barracuda Essentials
MspPortal Partners manages with partners over 15,000 MB’s. From The East coast to the West Coast including Alaska and Canada
Has recent Microsoft O365 downtimes and outages impacted your customers’ productivity?
MspPortal Partners Barracuda Essentials includes business continuity with data spooling, at no charge, eliminating downtime. The Email Continuity Service ensures email operations continue by failing over to our cloud-based email service, in the event primary email services, like Office 365, become unavailable. During email server outages, an emergency mailbox allows users to continue sending, receiving, reading, and responding to email.
Barracuda Essentials can also help your customers:
•Stop advanced threats: protect your customers from volumetric threats like malware and spam, as well as advanced threats like targeted spear phishing and ransomware
•Stay compliant and productive: on top of email continuity, our tamper-proof archiving ensures compliance with email retention policies
•Keep their data safe: protect your customers’ data from corruption and deletion with full cloud backup and recovery of every email and file. keep sensitive data safe with data leak prevention and encryption.
I believe Barracuda Essentials can help add value to your business, and can not only keep your customers up and running during downtime, but can keep them safe.
If you have any questions around the solution, how to sell it, or any other questions, we will be more than happy to assist.
As always MspPortal Partners does the intial best practice spin up, training and first and second line tech support.
MspPortal Partners has been using Barracuda Spam filtering for over 8 years with MspPortal Partners.
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender – Distributor
“Where Service and Technical Skills Count”
