Bitdefender- New Content Policy

Bitdefender Modified the existing content filter in November

Network Attack Defense

Key is to be in Partner Mode

The Network Attack Defense module relies on a Bitdefender technology that focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.

Short Version
From the latest updates, the Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.
You can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

Please refer to this article (https://www.bitdefender.com/business/support/en/77209-452409-web-access-control-scheduler.html#UUID-4d237376-d2f8-7403-25fd-59e8bf11a543) from our documentation regarding how to create a scheduler and also assign it to a policy. Note that a scheduler can be assigned to more policies simultaneously.

Long Version
(https://www.bitdefender.com/business/support/en/77211-376315-network-attack-defense.html)

If you need assistance contact me

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

 

Microsoft shares temp fix for Outlook crashes when sending emails

By Sergiu Gatlan November 28, 2023 02:01 PM

Opinion:Proably does not surprise you

Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts.

This confirms customer reports regarding crashing issues when using Outlook.com accounts shared on Microsoft’s community website and other social networks since last Monday, November 20.

According to online reports, restarting, repairing Outlook, reinstalling the application, and creating a fresh Outlook profile for the impacted email account fails to address the issue.

“I’ve tried everything (safe mode, new profile, repair pst, even up to and including a system restore to attempt to roll back a previous installation) to no avail,” one of the affected users said.

These problems only affect Outlook for Microsoft 365 users and those in the Current Channel (Preview) channel using Outlook build 17029.20028.

“The issue is fixed in future builds 17029.20052+. However, this build has not been released yet,” Microsoft said.

While a limited number of customers did report they had successfully worked around this known issue by reinstalling Office, Microsoft suggests reverting to an earlier version.

To do that, type Command Prompt in the Windows search box, right-click Command Prompt and click Run as administrator.

Next, paste the following commands into the Command Prompt window and hit Enter after each:

cd %programfiles%\Common Files\Microsoft Shared\ClickToRun

officec2rclient.exe /update user updatetoversion=16.0.16924.20124

Redmond also started rolling out fixes last week for some of the customers affected by another known Microsoft 365 issue behind ‘Something Went Wrong [1001]’ sign-in errors, rendering desktop Office apps unusable for many affected users.

These ongoing login issues impact customers using Excel, Word, Outlook, and PowerPoint for Microsoft 365, Microsoft 365 Apps for business, and Office apps for iOS and Android, as the company confirmed over a month ago.

Previously, it fixed another bug causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop to a network share.

Earlier this year, Microsoft tackled various other Outlook issues, including ones blocking Microsoft 365 customers from accessing emails and calendars and causing slow starts and freezes during cache re-priming.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-crashes-when-sending-emails/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Google Drive users angry over losing months of stored data

By Bill Toulas November 27, 2023 09:52 AM

My comment: Between Google and Microsoft I have no idea if you are in the frying pan or the fire. Persoanlly I would ask for a full refund if not fixed with 72 hours. I am sure some lawyer will create a class action

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.

Google Drive is a cloud-based storage service that allows people to store and access files from any internet-connected device via their Google account. It is a widely used service by individuals and businesses (as part of Google Workspace).

A trending issue reported on Google’s support forums starting last week describes a situation where people say they lost recent data and folder structure changes.

“There is a serious issue here that needs to escalate urgently. We have a support ticket open, this has not been helpful to date,” said a Google Drive user on the support thread.

“I pay extra each month to store folders in the cloud so that it is safe, so it is devastating that all my work appears to have been lost,” another Google Drive user posted.

The activity logs on impacted accounts do not show any recent changes, confirming that the users themselves didn’t accidentally delete them.

Overall, there are no indications of a user error but rather a problem with the service’s system that prevented the synchronization of data between the local devices and Google Cloud at some point.

Some users have offline caches that might contain the missing data, but no known method exists to restore access to the data within them.

Google’s volunteer support agents have posted an alleged response from Google’s support engineers that confirms they are already investigating the issue. However, an estimate for a fix hasn’t been provided yet.

“Please accept my sincere apologies if I’m unable to join the Google Meet session. I am continously tracking this case and to be transparent with you we totally agree now that you are not the only customer affected by this behavior.

Aside from the thread link you provided there are other admins now that have reported the same behavior we encounter where after the update there are files that went missing. This is now being investigated by our Product Engineers and we are also waiting for a root cause analysis as well on how we can fix it. Due to the ongoing investigation we are unable to provide an ETA yet.

We don’t recommend as well to make changes on the root/data folder while we wait for instructions from our Engieers. I will continue to monitor the behavior of reported issue from other admins and schedule a callback tommorow same time hoping there are progress within the day that I can deliver before our Google Meet session.” – Google Support Team.

The recommendation for those affected is to avoid making changes to the root/data folder until the situation clears up and the root cause of the problem is determined.

Understandably, many users are frustrated by the loss of critical data they entrusted to the cloud-based service and, in many cases, paid for the hosting of their files.

A notable aspect of the situation is that Google’s support forums are backed by volunteers with limited insight or understanding of the cloud service, so the lack of effective assistance in critical problems like this makes it all the worse.

BleepingComputer has contacted Google for an update on the status of the internal investigation and whether the lost files are recoverable or irreversibly lost, but we have not received a response by publication time.

In this situation, Google Drive users should refrain from changing their cloud storage as it might complicate the recovery process. Instead, your best bet would be to contact Google Support, open a new case, and monitor for official updates.

Until the problem is resolved, it would be more prudent to backup important files locally or use a different cloud service.
Article (https://www.bleepingcomputer.com/news/google/google-drive-users-angry-over-losing-months-of-stored-data/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender Experiencing Server App Slowness

Write this rule in the policy for the company in question

Network Performance Issues
Rules to write
In the Policy
Sections
Antimalware->Settings->In-policy exclusions->type IP/mask-> ip address of the server machine serving the app->Ransomeware Mitigation
Network Protection->type IP/Mask->ip address of the server machine serving the app.
Save
Do the same on the workstation Policy
The push a task update policy to all machines

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

DP World cyberattack blocks thousands of containers in ports

This could affect the economy

By Bill Toulas November 13, 2023 02:06 PM

A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.

DP World has an annual revenue of over $10 billion and specializes in cargo logistics, port terminal operations, maritime services, and free trade zones.

It is responsible for operating 82 marine and inland terminals in 40 countries. It handles about 70 million containers carried annually by 70,000 vessels, corresponding to roughly 10% of the global container traffic.

DP World has a significant presence in Australia, handling 40% of the nation’s container trade. It operates logistics terminals in the ports of Bing Bong, Fremantle, Brisbane, Sydney, and Melbourne.

According to a statement the firm shared with BleepingComputer, a cyberattack on Friday, November 10 disrupted landside freight operations at its ports.

In response, the company activated its emergency plans and engaged with cybersecurity experts to overcome problems caused by the incident. It is currently testing key systems required to resume normal business operations.

Since Friday, roughly 30,000 shipping containers of varying importance and value remained unmoved and crowded to the brim the available storage spaces. At the moment, operations are being restored gradually.

The estimated damages are in the millions of dollars, as many of the stranded containers hold time-sensitive goods such as blood plasma, wagyu beef, and lobsters
Article (https://www.bleepingcomputer.com/news/security/dp-world-cyberattack-blocks-thousands-of-containers-in-ports/)

Related Articles:

Pizza Hut Australia warns 193,000 customers of a data breach
Article (https://www.bleepingcomputer.com/news/security/pizza-hut-australia-warns-193-000-customers-of-a-data-breach/)

Pharmacy provider Truepill data breach hits 2.3 million customers
Article (https://www.bleepingcomputer.com/news/security/pharmacy-provider-truepill-data-breach-hits-23-million-customers/

Maine govt notifies 1.3 million people of MOVEit data breach
Article (https://www.bleepingcomputer.com/news/security/maine-govt-notifies-13-million-people-of-moveit-data-breach/)

McLaren Health Care says data breach impacted 2.2 million people
Article (https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/)

Kyocera AVX says ransomware attack impacted 39,000 individuals
Article (https://www.bleepingcomputer.com/news/security/kyocera-avx-says-ransomware-attack-impacted-39-000-individuals/)

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs What a leak
Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-azure-cli-flaw-that-leaked-credentials-in-logs/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Security Articles to Read

1) SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks
The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.
Article (https://www.darkreading.com/attacks-breaches/sec-charges-against-solarwinds-ciso-send-shockwaves-through-security-ranks?_mc=NL_DR_EDT_DR_weekly_20231102&cid=NL_DR_EDT_DR_weekly_20231102&sp_aid=119087&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=50368)

2) Boeing Confirms Cyberattack, System Compromise
The aerospace giant said it’s alerting customers that its parts and distribution systems have been impacted by cyberattack.
Article (https://www.darkreading.com/endpoint/boeing-confirms-system-compromise-alerting-customers?_mc=NL_DR_EDT_DR_weekly_20231102&cid=NL_DR_EDT_DR_weekly_20231102&sp_aid=119087&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=50368)

3) Boeing Breached by Ransomware, LockBit Gang Claims
LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn’t given evidence of the compromise.
Article (https://www.darkreading.com/endpoint/boeing-breached-ransomware-lockbit-gang-claims?_mc=NL_DR_EDT_DR_weekly_20231102&cid=NL_DR_EDT_DR_weekly_20231102&sp_aid=119087&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=50368)

4) OpenAI confirms DDoS attacks behind ongoing ChatGPT outages
During the last 24 hours, OpenAI has been addressing what it describes as “periodic outages” linked to DDoS attacks affecting its API and ChatGPT services.
By Sergiu Gatlan November 09, 2023 03:18 AM
Article (https://www.bleepingcomputer.com/news/security/openai-confirms-ddos-attacks-behind-ongoing-chatgpt-outages/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Microsoft: Some Outlook.com users can’t send emails with attachments

Microsoft: Some Outlook.com users can’t send emails with attachments

 

By Sergiu Gatlan November 7, 2023 12:04 PM
Probably does not surprise you

In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments.

Outlook.com users impacted by this known issue are seeing “Error code 550 5.7.520 Message blocked” errors when trying to send emails.

“Some users may not be able to send emails that contain attachments from their Outlook.com mailbox,” the company said.

Redmond suggested an alternative method that enables affected users to share files: uploading them to OneDrive and sharing the link with the intended recipients.

To implement this workaround, users must click the attachment button while composing their message and click OneDrive to add previously uploaded files or the ‘Upload and share’ button to add the attachment to their online storage drive.

Alternatively, those affected by this issue could copy the link of an Office or OneDrive file and paste it directly into their email.

At the time, impacted users also reported having issues contacting Microsoft 365 support and being caught in a loop of sign-in and Office 365 service choice prompts.

One month earlier, Redmond fixed another issue blocking customers across the Americas from accessing their Exchange Online mailbox through Outlook on the web.

Last year, in October 2022, the company also addressed login issues affecting some Outlook for Microsoft 365 customers using their Outlook.com accounts.

Article (https://www.bleepingcomputer.com/news/microsoft/microsoft-some-outlookcom-users-cant-send-emails-with-attachments/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

October Windows Server updates cause Hyper-V VM boot issues

By Sergiu Gatlan October 17, 2023 08:31 AM

Read this article for some update patches

According to customer reports, this month’s Patch Tuesday updates are breaking virtual machines on Hyper-V hosts, causing them to no longer boot and display “failed to start” errors.

According to complaints from Windows admins, the issue is triggered after installing KB5031361 and KB5031364 on Windows Server 2019 and Windows Server 2022 systems.

A Microsoft spokesperson told BleepingComputer that the company is aware of the issue and is investigating.

The following errors will be logged to the event viewer when trying to start a VM on an affected Hyper-V system:

Failed to start virtual machine TOOLS. Error: ‘TOOLS’ failed to start.
Failed to Power on with Error ‘Incorrect function.’
Failed to open attachment ‘vhdx_path’. Error: ‘Incorrect function.’

Administrators with impacted devices have noted that uninstalling the problematic updates resolves the issue, allowing all virtual machines (VMs) to start up without any problems.

This can be accomplished using the Windows Update Standalone Installer (WUSA) tool, which helps install and remove update packages through the Windows Update Agent API.

To fix the Hyper-V boot issues, open an elevated command prompt by clicking the Start menu, typing cmd, right-clicking the Command Prompt application, and choosing ‘Run as Administrator.’
Microsoft has yet to add this as a known issue to the Windows Health Dashboard, but, nonetheless, when it released the buggy cumulative updates, the company revised the support document for KB5031364, including and removing a known issue related to VMware ESXi.

“After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up,” the now-removed known issue said.

“Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.”

Redmond also released emergency out-of-band Windows Server updates in January and December 2022 to fix known issues that caused Hyper-V VMs to no longer start and problems creating new VMs on some Hyper-V hosts.

Microsoft acknowledged a similar issue earlier this year affecting VMware ESXi VMs with Secure Boot after installing February 2023 cumulative updates. VMware issued emergency vSphere ESXi updates that fixed a bug causing boot issues after failing to locate a bootable operating system.

Article (https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Cloud Services Status (https://mspportalpartners.net/cloud-service-status/)

Microsoft O365 Exchange Online mail delivery issues caused by anti-spam rules

By Sergiu Gatlan October 11, 2023 12:10 PM 0

Microsoft is investigating Exchange Online mail delivery issues causing “Server busy” errors and delays when receiving emails from outside organizations.
According to user reports online, the Exchange Online problems started this morning, affecting Microsoft 365 customers worldwide, across the Americas, Europe, and Asia.
Microsoft confirmed the ongoing issues this morning, at 6 AM GMT+2, saying that “some users may encounter delays receiving external email messages in Exchange Online. Affected users may see a ‘451 4.7.500 Server busy’ error message.”
“We’re analyzing sample throttling IPs from simple messages to confirm whether the issue with the portion of SOL infrastructure is causing impact, before we begin formulating a remediation plan,” the company added.
“Impact is specific to some users who are served through the affected infrastructure.”
More information on these ongoing Exchange Online issues is available under EX680695 in the Microsoft 365 admin center.
Linked to IP-address anti-spam rules

In a subsequent update, Redmond said the cause of the issues could be linked to the erroneous enforcement of IP address anti-spam rules for affected customers.
“We’ve identified that a recent service update, applied to a section of infrastructure responsible for enforcing IP address anti-spam rules, contains a change which is inadvertently causing impact,” Microsoft said.
This confirms user reports saying that, in some cases, they’re seeing thousands of emails added to the outbound queue because of Exchange Online’s spam filter.
Microsoft has yet to confirm the regions affected by this Exchange Online outage and if it also impacts Exchange Online outgoing mail delivery.

Today’s incident follows Article emultiple Exchange Online outages since the start of the year,(https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-causes-exchange-online-connectivity-issues/) blocking customers worldwide from accessing their mailboxes and sending or receiving emails.

Article (https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-causes-exchange-online-connectivity-issues/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

We do have a solution..

Microsoft 365 admins warned of new Google anti-spam rules

By Sergiu Gatlan October 8, 2023 11:09 AM

After you read this article you will understand why I do not carry O365 nor Google products in my security lines.
To all MSP’s/ Vars get ready you work load is about to get very heavy supporting you clients

Microsoft 365 email senders were warned by Microsoft this week to authenticate outbound messages, a move prompted by Google’s recent announcement of stricter anti-spam rules for bulk senders.

“By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com,” the Microsoft Defender for Office 365 team said.

“This is especially important when sending bulk email (large volume email), as it helps maintain the deliverability and reputation of your email campaigns.”

Failure to follow newly announced email authentication standards might lead to emails being rejected or tagged as spam.

Microsoft also warned that the Microsoft 365 service should not be used for bulk emailing, as emails not following sending limits will be blocked or sent to special high-risk delivery pools by outbound spam controls built within Exchange Online Protection (EOP).

Those who want to send bulk emails should use their own on-premises email servers or third-party mass mailing providers, which will help ensure good email-sending practices.

Organizations that want to deliver bulk emails through EOP will have to abide by this outbound spam protection guidance:

Exercise caution not to exceed the sending limits in the service by sending emails at a high rate or volume. This includes refraining from sending emails to a large list of BCC recipients.
Refrain from using addresses in your primary email domain as senders for bulk emails, as it may impact the delivery of regular emails from senders within the domain. Instead, consider utilizing a custom subdomain exclusively for bulk email.
Ensure that any custom subdomains are configured with email authentication records in DNS, including SPF, DKIM, and DMARC.
However, Microsoft cautioned that even “following these recommendations does not guarantee delivery. If your email is rejected as bulk, send it through on-premises or a third-party provider instead.”

Redmond’s warning was prompted by Google’s announcement regarding the introduction of new anti-spam guidelines targeting senders of over 5,000 daily emails to Gmail users.

Starting February 1st, 2024, Google will mandate senders exceeding this threshold to implement SPF/DKIM and DMARC email authentication for their domains. This measure aims to bolster defenses against email spoofing and phishing attempts.

Furthermore, bulk senders must provide Gmail recipients with a one-click option to unsubscribe from commercial emails and promptly address unsubscription requests within two days.

As part of these efforts to combat spam, Google said it will also closely monitor spam thresholds and, in cases where abusive bulk senders are identified, it will mark their emails as spam to protect users from unsolicited and potentially harmful messages.

“If you don’t meet the requirements [..], your email might not be delivered as expected, or might be marked as spam,” Google warned.

Article (https://www.bleepingcomputer.com/news/security/microsoft-365-admins-warned-of-new-google-anti-spam-rules/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”