Bitdefender

Bitdefender Update

Bitdefender Changes access to Power user

Bitdefender recently made major changes to the Power User capability, and the main driver for this change is security. The 3rd party technology we use for PowerUser could pose some security risks in the future, and we had to act quickly to mitigate those risks. Also, the latest version of the technology is not compatible with any operating system before Windows 10, which does not fall in line with our target to offer backward compatibility.

Therefore, we’ve decided to provide a change which will let us continue PowerUser for all the supported operating systems. The new CLI will help us provide a lighter agent footprint, and much more precise control of all modules going forward.

We are currently working on adding new commands in PowerUser ComandLine to support additional actions and we plan to expend its coverage as we move forward.
Considering the feedback we recently received from some of our customers and partners, we also plan to release example scripts in our documentation, and allow the use of our existing Power User capability. It will be accessible only by running the process EPPowerConsole.exe directly, and it will be limited to Windows 10 and above operating systems.

An important project we have ongoing right now is the development of a new BEST GUI, which will offer some of the Power User capabilities in the endpoint GUI.
We aim to introduce as many settings as possible going forward on this new UI and CLI. Your feedback is most welcome, as it will determine what options will be available in the upcoming BEST GUI.”

I spoke to a nice gentleman in Romaina (BD Head Quarters, and he stated it had changed to only getting to it: By following these steps Windows/program Files/Bitdefender/endpoint security/ run as admin EPPowerConsole.exe-> then put the password in to bring up the UI. A little painful but secure

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishing Simulation & Cyber Security Training
“Where Service and Technical Skills Count”

ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware

Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
BY Tara Seals, Managing Editor, News, Dark Reading February 23, 2024

Just days after initial exploitation reports started rolling in for a critical security vulnerability in the ConnectWise ScreenConnect remote desktop management service, researchers are warning that a supply chain attack of outsized proportions could be poised to erupt.

Once the bugs are exploited, hackers will gain remote access into “upwards of ten thousand servers that control hundreds of thousands of endpoints,” Huntress CEO Kyle Hanslovan said in emailed commentary, opining that it’s time to prepare for “the biggest cybersecurity incident of 2024.”

ScreenConnect can be used by tech support and others to authenticate to a machine as though they were the user. As such, it could allow threat actors to infiltrate high-value endpoints and exploit their privileges.

Even worse, the application is widely used by managed service providers (MSP) to connect to customer environments, so it can also open the door to threat actors looking to use those MSPs for downstream access, similar to the tsunami of Kaseya attacks that businesses faced in 2021.
ConnectWise Bugs Get CVEs

ConnectWise disclosed the bugs on Monday with no CVEs, after which proof-of-concept (PoC) exploits quickly appeared. On Tuesday, ConnectWise warned that the bugs were under active cyberattack. By Wednesday, multiple researchers were reporting snowballing cyber activity.

The vulnerabilities now have tracking CVEs. One of them is a max-severity authentication bypass (CVE-2024-1709, CVSS 10), which allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices. It can be paired with a second bug, a path-traversal issue (CVE-2024-1708, CVSS 8.4) that allows unauthorized file access.
Initial Access Brokers Ramp Up Activity

According to the Shadowserver Foundation, there are at least 8,200 vulnerable instances of the platform exposed to the Internet within its telemetry, with the majority of them located in the US.

“CVE-2024-1709 is widely exploited in the wild: 643 IPs seen attacking to date by our sensors,” it said in a LinkedIn post.

Huntress researchers said a source within the US intelligence community told them that initial access brokers (IABs) have started pouncing on the bugs to set up shop inside various endpoints, with the intent of selling that access to ransomware groups.

And indeed, on one instance, Huntress observed cyberattackers using the security vulnerabilities to deploy ransomware to a local government, including endpoints likely linked to 911 systems.

“The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all,” Hanslovan said. “Hospitals, critical infrastructure, and state institutions are proven at risk.”

He added: “And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”

Bitdefender researchers, meanwhile, corroborated the activity, noting that threat actors are using malicious extensions to deploy a downloader capable of installing additional malware on compromised machines.

“We’ve noticed several instances of potential attacks leveraging the extensions folder of ScreenConnect, [while security tooling] suggests the presence of a downloader based on the certutil.exe built-in tool,” according to a Bitdefender blog post on the ConnectWise cyber activity. “Threat actors commonly employ this tool … to initiate the download of additional malicious payloads onto the victim’s system.”

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the bugs to its Known Exploited Vulnerabilities catalog.
Mitigation for CVE-2024-1709, CVE-2024-1708

On-premises versions up to and including 23.9.7 are vulnerable — so the best protection is identifying all systems where ConnectWise ScreenConnect is deployed and applying the patches, issued with ScreenConnect version 23.9.8.

Organizations should also keep a lookout for indicators of compromise (IoCs) listed by ConnectWise in its advisory. Bitdefender researchers advocate monitoring the “C:\Program Files (x86)\ScreenConnect\App_Extensions\” folder; Bitdefender flagged that any suspicious .ashx and .aspx files stored directly in the root of that folder may indicate unauthorized code execution.

Also, there could be good news on the horizon: “ConnectWise stated they revoked licenses for unpatched servers, and while it’s unclear on our end how this works, it appears this vulnerability is still a major concern for anyone running a vulnerable version or who did not patch swiftly,” Bitdefender researchers added. “This is not to say ConnectWise’s actions aren’t working, we’re unsure of how this played out at this time.”

Article ( https://www.darkreading.com/remote-workforce/connectwise-screenconnect-mass-exploitation-delivers-ransomware?_mc=NL_DR_EDT_DR_weekly_20240229&cid=NL_DR_EDT_DR_weekly_20240229&sp_aid=121742&elq_cid=34964379&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_eh=949bacdba1e2c4851acc11df0ff47140b1c6468716621bc723fe5fe498198bd9&sp_cid=52262)

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Phishline Training
“Where Service and Technical Skills Count”

Bitdefender Changes Scanning Techniques

This can be good or Bad..depends on how you look at it

I mange thousand of endpoints of Bitdefender

So i have been running the new changes for about a week ( I am satisfied so far)

Bitdefender is a policy based platform

In this point, there are several things to do:
1. Remove the scan archive from the Quick scans because these are designed to scan some resources fast.
2. Add the scan archives in the Full scan profile if not already done so it can be inherited and the report be populated as desired.
3) With all this, a malware located in an archive doesn’t pose a threat because when resources from the archive are accessed or unpacked they will be scanned and detected by the on access real time protection.

Read this link (https://www.bitdefender.com/business/support/en/71263-85158-contact.html) updates coming and some answers also

LAST IF YOU ARE NOT USING 2FA PLEASE TAKE THE TIME TO SETUP IT IS NOT HARD. personally  I use a high end 2FA program for all sites and I use it from one computer only. I do not use  cell phones to log in, the program that I use allows it.. security is a utmost concern to me in protecting myself and my partners

If you have questions and you are a MspPortal Partner feel free to contact me

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phish Line Training

“Where Service and Technical Skills Count”

 

Bitdefender- New Content Policy

Bitdefender Modified the existing content filter in November

Network Attack Defense

Key is to be in Partner Mode

The Network Attack Defense module relies on a Bitdefender technology that focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.

Short Version
From the latest updates, the Web rules list found in Content Control > Web Access Control Settings > Web Categories Filter has been moved under Policies > Configuration Profiles > Web Access Control Scheduler > Category Scheduler.
You can now create new schedules with multiple time window settings and assign categories to each schedule. The categories will be removed from the policy and the new schedule will be mapped to a policy.

Please refer to this article (https://www.bitdefender.com/business/support/en/77209-452409-web-access-control-scheduler.html#UUID-4d237376-d2f8-7403-25fd-59e8bf11a543) from our documentation regarding how to create a scheduler and also assign it to a policy. Note that a scheduler can be assigned to more policies simultaneously.

Long Version
(https://www.bitdefender.com/business/support/en/77211-376315-network-attack-defense.html)

If you need assistance contact me

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

 

Bitdefender Experiencing Server App Slowness

Write this rule in the policy for the company in question

Network Performance Issues
Rules to write
In the Policy
Sections
Antimalware->Settings->In-policy exclusions->type IP/mask-> ip address of the server machine serving the app->Ransomeware Mitigation
Network Protection->type IP/Mask->ip address of the server machine serving the app.
Save
Do the same on the workstation Policy
The push a task update policy to all machines

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

GravityZone Control Center Update for September (Read Important Changes)

September 2023 (Version 6.43.0-1)
Early Access
YARA detection rules

YARA rules are queries you can use to scan endpoints for patterns of malicious behavior. Use the YARA detection rules feature to generate custom alerts and security incidents based on the results of these scans.

This feature is available for Windows and Linux endpoints with the following BEST versions:

Windows: 7.9.5.318 or newer

Linux: 7.0.3.2248 or newer

To create YARA rules, go to Incidents > Custom detection rules, click the Add rule button, and then click YARA. Follow the on-screen instructions.

After you create a YARA detection rule, you cannot convert it into another type of detection rule.

From the Custom detection rules grid, you can enable or disable YARA detection rules, or start on-demand scans by clicking the 151926_1.png vertical ellipsis button and then selecting the Scan option.

Clicking a YARA detection rule from the Custom detection rules grid brings up the YARA details panel. From this panel, you can switch to the Search and Incidents sections to view the alerts and incidents generated by the rule.
Unified Incidents

The Parameter filter is now available in the Incidents section. It contains a series of criteria you can use to further filter your grid results and create highly customized smart views.
Improvements
EDR

The Incidents > Custom Rules section has been divided into two sections: Custom detection rules and Custom exclusion rules.

The grids and rule configuration pages have a new design.
Rule settings now include targets. You can now decide whether to apply the rule to the entire company or to specific groups by endpoint tags.

Clicking a grid entry brings up the details panel of the rule. It contains information about the rule, options for navigating rules and for editing the current rule. For custom detection rules, you can use the View alerts and View incidents buttons to switch to the Search and Incidents sections.

In the Incidents > Search section, you can now look up both custom detection rules and custom exclusion rules by using the other.rule_id field in your search query. You can still use the other.exclusion_id field to identify existing alerts for the next 90 days, after which the field will be deprecated.

The Custom detection rules and the Custom exclusion rules sections are now available to Partners even if they do not have an active EDR license on their account.

Partners can now control rules for their managed companies and can use the Company filter in the grid to view the rules created for each company. Customers can also view the rules Partners have applied on their company.

When switching to a new Partner, all custom rules created by the former Partner are disabled. The new Partner will not be able to view the rules applied by the former Partner.

GravityZone platform

Companies switching from a trial license to a monthly subscription will automatically have the Email redaction setting disabled.

New BEST for Linux installation packages are now available for systems with ARM architecture (AArch64).

Minor UI changes to the Add company and Edit company windows, including a different order for the Add-ons displayed in the Licensing tab.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Bitdefender Gravity Zone Mobile Device Manager is now ready to Activate

I finally met with the Project Manager today, to go over security

If you are a partner of MspPortal Partners Inc I can activate the account and now support it, Bitdefender has no tech support available yet.

We starting playing with the project over 2 weeks ago when it was released..Great Product..Pricing is stellar a must have for your clients

Contact the office for activation

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”

Bitdefender releases MDM protection finally Gravity Zone Portal

Security for Mobile is a cloud-only mobile security solution able to protect mobile devices with Android or iOS operating systems against multiple threat vectors.

  • Features:
  • Advanced malware detection – safeguards mobile devices from a broad variety of threats by offering comprehensive malware detection capabilities.
  • Phishing protection – analyses incoming messages and detects any malicious links or content that could be used to acquire sensitive data or credentials.
  • Network security – offers an extensive set of tools for protecting mobile devices against a variety of network-based hazards. It helps assure the security and integrity of mobile devices in the current threat landscape by monitoring network traffic, providing secure connectivity, and detecting and preventing attacks.·
  • Compliance and policy enforcement – assist organizations in protecting their mobile devices from a variety of threats and ensuring that they are used securely and compliantly by making sure that all applications are properly vetted.
  • Mobile threat intelligence – provides users the real-time security and analytics they need to protect their mobile devices from a variety of threats.
  • Integration with mobile device management (MDM) solutions – enhances mobile security features. Because of the integration, enterprises may install the mobile threat defense solution using their existing MDM infrastructure. The integration also enables mobile device security policies to be enforced automatically.
  • Web content filtering – warns and prevent users from accessing potentially harmful websites and links, such as malware, phishing, botnets, and suspicious domains, or websites that violate your organization’s standards.
  • Are you an ISP, MSP, VAR or reseller?
  • All MspPortal Partners currently can be provisioned upon request, pricing is very aggressive tier pricing available no contract, just monthly usage.
  • Contact Us

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Axcient

“Where Service and Technical Skills Count”

Do You Need To Step Up Zero Trust Strategy?

Folks if you are reading this you have to lock down your security products
Quick Outline please do not be lazy and take to heed my comments. Most companies I have seen lately are calling your clients, As I have instructed my own MSP’s/Resellers make up these accounts in the DB, you own them they do not.. but legally if you provide that information to them you grant them access

See 6 new breaches below

RMM

RMM programs are hurting and trying to entice you into one window pane of glass RMM is nothing more the remote management with some reports as to the health of a machine/device that is it even there Remote tools are 3rd party API’s or hooks remote tools should only be Point to Point from a dashboard to the endpoint. The best program is Barracuda ( over 50% or more off SRP through MspPortal Partners Inc) no security breaches like Kaseya and Enable(formally Solarwinds, GFI, LogicNow, Houndog). Kaseya is on a spend Spree and is acquiring firms to add to there portfolio’s churn and burn at your expense. Read the EULA’s all they have to do is apologize and not compensate you a dime for your time to fix.

Every Security company out there has escape clauses WRONG. QUIT Signing contracts We do 3rd line support ourselves.

Mail-Filtering and Backups of O365

O365 is a joke. If you let your client sway you and setup O365 for them you have better protect yourself and your clients.
Barracuda has 3 mail programs Essentials, Complete Mail Protection, Total Mail Protection, MspPortal Partners Inc is a major player Barracuda Arena we offer almost 50% off of SRP if you were to buy direct thru Barracuda that is if a Salesperson contacts you back. We do 3rd line support ourselves.

Malware Detection/Antivirus

Bitdefender is the only product rated # 1. All other firms do extensive marketing with pretty pictures. This is truly a tech dashboard you control the client and the actions. Bitdefender claims (per article they wrote) that MspPortal Partners Inc is there largest provider to MSP’s. We do 3rd line support ourselves.

Hosted Mail
Last we are a partner with ZOHO. We have worked for over 4 months with them fixing there bugs to make it a competitor to O365..Downfall no US support they are based out of India. You need somebody like MspPortal to support you.

If you need pricing contact us, no contracts only month to month we believe if we are doing our job you stay if not you leave no grief. All we expect is you pay your invoices once a month.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Phone: 480-275-6900
tech@mspportal.net

Related Articles Breachs:

Food distribution giant Sysco warns of data breach after cyberattack

Cold storage giant Americold outage caused by network breach

Dole discloses employee data breach after ransomware attack

Western Digital says hackers stole customer data in March cyberattack

Hackers leak images to taunt Western Digital’s cyberattack response

T-Mobile discloses second data breach since the start of 2023

Bitdefender – MDR w/ XDR, unique in the cybersecurity industry

Are you talking about MDR yet? Managed Detection and Response (MDR) is one of the fastest-growing areas of cybersecurity, delivering superior security outcomes to businesses spanning all sizes and industries. Threat intelligence is real people, not automated. Our pricing on this solution is better than the competition, and we offer full partner margins. Need competitive battlecards? Let me know, and I will get that for you.

Need more info…

What the MDR Landscape Will Look Like in 2023

The managed services industry has made a huge impact and is one of the most significant trends coming out of cybersecurity in the last few years. Gartner® predicts that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities”, while the MDR industry will hit revenues of $1.9B. You can check out our MDR Threat Assessment to be prepared for what lies ahead in 2023

Bitdefender Named Notable Vendor in the New Forrester Landscape for MDR

The new and exciting Forrester Landscape for MDR, Q1 2023 has just been launched!

Access the full report to discover Bitdefender’s positioning and to read Forrester’s analysis of MDR’s market dynamics and evolution, the business values and core capabilities of MDR, as well as Notable MDR Providers by geography, industry and offering type.

MDR & XDR: A Consolidated Approach to a Fully Managed Threat Detection and Response Program Webinar Watch On Demand Now

XDR – or Extended Detection & Response – entered the cybersecurity lexicon roughly five years ago. According to Gartner, by the end of 2027, XDR will be used by up to 40% of end-user organizations – up from 5% today. Why such strong adoption? Though still an emerging technology, XDR integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components, and because it’s cloud-delivered, XDR can provide organizations faster and more accurate detections.

While today’s technology does a great job of protecting against many threats, they cannot fully protect against advanced attackers purposefully attempting to breach your customers systems.

Let me know what additional information or resources you may need to support your customer conversations. I’m just a phone call or email away.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”