Security

Security

Now is the Time to think about Protecting Mail and Endpoints

Most firms bought in to the idea of purchasing Microsoft Office 365 for financial reasons and convenience. Microsoft promised easy access to Word, Excel and Outlook know matter where you are. Unfortunately, now might be the day of reckoning with the breach of Microsoft cloud products. Hackers, phishing emails and bad actor malware are regularly using O365 to find more victims, and truth is, you’re actually more likely to already be infected via Microsoft’s patching processes. (This is not your fault. Microsoft’s MO is to always do patching on your operating system to keep you secure.)

You need to take a proactive position to:
1) Protect your email (Barracuda Spam Filtering best in breed)
2) Protect your Windows Operating systems (Bitdefender Gravity Zone fully EDR protection The only cybersecurity vendor to prevent all advanced threats AV comparatives.

With both of these layers of security in place, you can limit your exposure to the SolarWinds malware threat, which is bigger than even the media understand. Everyday more and more firms are coming forward with security breaches. Unfortunately for SolarWinds’ customers, the malware used int he attack is a mutating virus and responds to web commands.

If you are the Public, ask your Internet provider or support tech if they use SolarWinds RMM. If they do, ask to have it removed and replaced. Most tech firms will try justify why they should keep SolarWinds. Fight for your protection.

If you are tech company, contact MspPortal Partners, and we will set you up with the proper security to protect you endpoints and clients.

The cost for both lines through us is less than $6.00 a month per endpoint/mailbox. MspPortal Partners is a Value-Add Distributor for both products. MspPortal Partners does not sell direct to the public. MspPortal Partners have over 400 plus tech firms fully trained to implement a security solution to protect you.

Note: More than likely, your tech firm will charge for any modifications to your account because the virus is not their fault.

Side/foot note:
1) We asked and received a confirmation from the legal team at Barracuda that there is was/no integration of SolarWinds Orion software in the ESS spam filtering or RMM solutions.
2) Bitdefender also confirmed it does not use the Orion solution.
3) Sign up for our RSS feed to keep you informed on today’s Security Landscape

SolarWinds Hackers’ Attack on Email Security Company Raises New Red Flags

Customers of Mimecast were targeted in cyberattack, showing the multiple layers of potential victims at risk in massive hack

Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The tools and techniques used in this attack link these operators to those who recently targeted SolarWinds, The Wall Street Journal reports.

The SolarWinds attack affected some 18,000 public and private organizations that downloaded infected versions of legitimate updates to its Orion network management software. However, the attack on Mimecast shows not all victims had to be SolarWinds customers to be targeted.

Mimecast was a SolarWinds customer in the past but no longer uses the Orion software, a person familiar with the matter told WSJ. The company has not determined how attackers got in or whether its earlier use of SolarWinds could have left it vulnerable.

Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Mimecast Comments 

Look at this: on there comment section
Forward-Looking Statements-my interpretation is it is not our fault and no payment relief was made
Do you really want to do business with a firm like this? Or trust your confidential emails to you customers.

Dark Reading Comments and Article

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns
Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

The discovery of a data breach at email service provider Mimecast could indicate attackers behind the massive SolarWinds incident may have pursued multiple paths to infiltrate target organizations, a new report states.

Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The tools and techniques used in this attack link these operators to those who recently targeted SolarWinds,

The SolarWinds attack affected some 18,000 public and private organizations that downloaded infected versions of legitimate updates to its Orion network management software. However, the attack on Mimecast shows not all victims had to be SolarWinds customers to be targeted.

Mimecast was a SolarWinds customer in the past but no longer uses the Orion software, a person familiar with the matter told WSJ. The company has not determined how attackers got in or whether its earlier use of SolarWinds could have left it vulnerable.

Left undisclosed by SolarWinds: Put out of list of the 18,000 companies affected even CISA has not confirmed, maybe folks should contact the FTC they are a publicly traded firm

 

 

RCE Vulnerability Affecting Microsoft Defender

RCE Vulnerability Affecting Microsoft Defender

 

Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647

in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1647 and apply the necessary updates.

Ubiquiti Inc Hacked-

Dear Customer,

We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.

Thank you,
Ubiquiti Team

Personally I have respect for the firm to come out with a announcement

I have tried to contact them via phone and email asking if SolarWinds Orion monitoring tools are used in there network but at the time of this article there has been no response yet

Microsoft Source Code Exposed: What We Know & What It Means

Microsoft says there is no increase in security risk; however, experts say access to source code could make some steps easier for attackers.

Microsoft confirmed last week that attackers were able to view some of its source code, which it found during an ongoing investigation of the SolarWinds breach. While its threat-modeling approach mitigates the risk of viewing code, many questions remain that could determine the severity of this attack. 

On 12-18-2020

SolarWinds on Monday disclosed that attackers had infiltrated its software build system and inserted malicious code into software updates that the company subsequently sent out to 33,000 organizations worldwide — about 18,000 of whom actually installed it. The company has said that updates it released between March and June 2020 were tainted.

In a blog post published on Dec. 31, 2020, officials said Microsoft has not found evidence of access to production services or customer data, nor has it discovered that its systems were used to attack other companies. The company has not found indications of common tactics, techniques, and procedures (TTPs) linked to abuse of forged SAML tokens against its corporate domains. 

It did find an internal account had been used to view source code in “a number of code repositories,” according to the blog post, from the Microsoft Security Response Center (MSRC). This activity was unearthed when investigators noticed unusual activity with a small number of internal accounts, the post explains, and the affected account didn’t have permissions to change any code or engineering systems. The accounts were investigated and remediated, officials noted. 

The news began to generate attention in the security community, and with good reason: Microsoft’s software is among the most widely deployed in the world, and organizations of all sizes rely on the company’s products and services. It’s an appealing target, in particular among advanced attackers like those behind the SolarWinds incident.

“It’s something they can’t access themselves, and there’s a lot of assumption that there’s super-secret things there that are going to compromise [their] security,” says Jake Williams, founder and president of Rendition Infosec, regarding why businesses might understandably panic at the news.

While it’s certainly concerning, and we don’t know the full extent of what attackers could see, Microsoft’s threat-modeling strategy assumes attackers already have some knowledge of its source code. This “inner source” approach adopts practices from open source software development and culture, and it doesn’t rely on the secrecy of source code for product security.

“There are a lot of software vendors, and security vendors, that rely on the secrecy of their code to ensure security of applications,” Williams explains. Microsoft made a big push for secure software development in Windows Vista. It didn’t make the decision to open source the code but designed it with the assumption that could possibly happen someday. Source code is viewable within Microsoft, and viewing the source code isn’t tied to heightened security risk.

“If the code is all publicly released, there should not be new vulnerabilities discovered purely because that occurs,” Williams adds.

Microsoft’s practice isn’t common; for most organizations, the process of adopting the same approach and revamping their existing code base is too much work. However, Microsoft is a big enough target, with people regularly reverse engineering its code, that it makes sense. 

While attackers were only able to view the source code, and not edit or change it, this level of access could prove helpful with some things — for example, writing rootkits. Microsoft, which did not provide additional detail for this story beyond its blog post, has not confirmed which source code was accessed and how that particular source code could prove helpful to an attacker.

It’s one of many questions that remain following Microsoft’s update. What have the attackers already seen? Where was the affected code? Were the attackers able to access an account that allowed them to alter source code? There is still much we don’t know regarding this intrusion.

This “inner source” approach still creates risk, writes Andrew Fife, vice president of marketing at Cycode, in a blog post on the news. Modern applications include microservices, libraries, APIs, and SDKs that often require authentication to deliver a core service. It’s common for developers to write this data into source code with the assumption only insiders can see them.

“While Microsoft claims their ‘threat models assume that attackers have knowledge of source code,’ it would be far more reassuring if they directly addressed whether or not the breached code contained secrets,” he writes. In the same way source code is a software company’s IP, Fife adds, it can also be used to help reverse engineer and exploit an application.

This is an ongoing investigation, and we will continue to provide updates as they are known. In the meantime, Williams advises organizations to continue applying security patches as usual and stick with the infosec basics: review trust relationships, check your logging posture, and adopt the principles of least privilege and zero trust.

“Supply chain attacks are really difficult to defend against, and it really comes back to infosec foundations,” he says. “If your model of protecting against an attack is ‘give me an indicator of compromise and I will block that indicator,’ that’s ’90s thinking.”

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial

SolarWinds Hit With Class-Action Lawsuit Following Orion Breach

SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.

A class-action lawsuit filed against SolarWinds and some of its executives accuses the company of lying and misleading shareholders about its security posture in the year leading up to its disclosure of a massive breach affecting public and private entities.

Related Content:

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

How Data Breaches Affect the Enterprise

The suit was filed by shareholders and names SolarWinds, in addition to outgoing CEO Kevin Thompson and CFO Barton Kalsu, as defendants. It alleges Thompson and Kalsu, who were involved with the company’s daily operations and had access to proprietary data, made false and misleading statements to the Securities and Exchange Commission throughout last year.

The complaint states that SolarWinds “failed to disclose the following adverse facts pertaining to the Company’s business, operations, and prospects, which were known to Defendants or recklessly disregarded by them.” 

It continues to say SolarWinds failed to disclose that since mid-2020, its Orion monitoring tools had a vulnerability that enabled attackers to compromise the server on which its products ran. It also notes the company’s update server had an easily accessible password of “solarwinds123.” Consequently, SolarWinds customers would be vulnerable to hacks and, as a result, the company would suffer “significant reputational harm,” the suit states. 

“As a result, Defendants’ statements about SolarWinds’s business, operations and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times,” according to the suit.

Read more details here.

SolarWinds Malware Security Breach Spares No One

December 16 2020

Details about the Russian-based malware security threat that infected an estimated 18,000 organizations continue to unfold. Over the last several days, targets and victims of the campaign, which originated from a seemingly legitimate software update of the Orion network management product from SolarWinds, have emerged and include a who’s who of the U.S. government, numerous Fortune 500 companies and potentially over 22,000 managed service providers. The U.S. Treasury Department, the Department of Homeland Security, the State Department, the Justice Department, and potentially entities from all five branches of the U.S. military installed the compromised software on their systems. SolarWinds also counts 499 of the top Fortune 500 companies as customers, so the extent of the security breach is extensive.

According to stories published on DarkReading.com and ZDNet, security vendor FireEye uncovered the malware campaign while investigating a breach on its own network. FireEye recently published a description of the malware, “SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.

“After an initial dormant period of up to two weeks, it retrieves and executes commands, called ‘Jobs,’ that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”

On Monday, Dec. 16th, the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive, only the fifth since 2015, advising “all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

DarkReading.com reported, “The targeted attack has once again focused attention on the long-standing issue of supply chain and third-party security. It has also raised alarm about the extent to which Russian advanced persistent threat (APT) actors and threat actors from other countries may have insinuated themselves into, and are lurking on, U.S. critical infrastructure and networks, ready to activate at a moment’s notice.”

SolarWinds’ Orion technology monitors networks of hundreds of thousands of organizations in government, banking, healthcare and other industries..

During the past month, more than 30 SolarWinds’ MSPs have signed up with MspPortal Partners Inc, and they are now protected on one of the oldest, most established and trusted security platforms.

Have recent Microsoft O365 downtime’s and outages impacted your customers’ productivity?

Protection with pricing below market place by MspPortal Partners Inc who now partners with Barracuda Essentials

MspPortal Partners manages with partners over 15,000 MB’s. From The East coast to the West Coast including Alaska and Canada

Has recent Microsoft O365 downtimes and outages impacted your customers’ productivity?

MspPortal Partners Barracuda Essentials includes business continuity with data spooling, at no charge, eliminating downtime. The Email Continuity Service ensures email operations continue by failing over to our cloud-based email service, in the event primary email services, like Office 365, become unavailable. During email server outages, an emergency mailbox allows users to continue sending, receiving, reading, and responding to email.

Barracuda Essentials can also help your customers:
•Stop advanced threats: protect your customers from volumetric threats like malware and spam, as well as advanced threats like targeted spear phishing and ransomware
•Stay compliant and productive: on top of email continuity, our tamper-proof archiving ensures compliance with email retention policies
•Keep their data safe: protect your customers’ data from corruption and deletion with full cloud backup and recovery of every email and file. keep sensitive data safe with data leak prevention and encryption.
I believe Barracuda Essentials can help add value to your business, and can not only keep your customers up and running during downtime, but can keep them safe.

If you have any questions around the solution, how to sell it, or any other questions, we will be more than happy to assist.
As always MspPortal Partners does the intial best practice spin up, training and first and second line tech support.
MspPortal Partners has been using Barracuda Spam filtering for over 8 years with MspPortal Partners.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender – Distributor
“Where Service and Technical Skills Count”

MspPortal Partners Secures 700 Endpoint Agreement with California Secondary School

August 17, 2020

MspPortal Partners Inc. has closed on a 700-endpoint agreement with a school in California. We worked exclusively with a local reseller partner to negotiate the Bitdefender agreement that will provide endpoint security for teachers and students at the school over the next three years. Our ability to acquire endpoint security seats in bulk resulted in savings for our partners, as well as for the school.

This new contract, which was taken from a competitor, reflects our commitment to supporting large enterprise-level accounts in the education, healthcare and government markets. Earlier this month, we announced our expansion into the enterprise space with Bitdefender and our national network of reseller partners.

MspPortal Partners is building its enterprise email security business on Barracuda, which is a trusted security provider protecting millions of e-mail mailboxes systems worldwide. In addition to the benefits of better pricing, resellers receive tech support across North America, five-star training, no upfront setup fees normally.

About MspPortal Partners Inc.
MspPortal Partners is a Managed Service Provider/Value Added Distributor for a number of security products, including Barracuda and global security leader, Bitdefender. Currently, MspPortal manages more than 400 tech firms and thousands of seats of antivirus/malware protection software and thousands of spam/malware filtering mailboxes. The company’s Managed Protection is a subscription security service that removes the cost and management overheads of hardware, people and other resources dedicated to antivirus/antispam /backups and security flaws for SMBs. MspPortal Partners service is complemented with in-depth malware audits, benefiting from its technology partners unique sandboxing and collective technologies. For more information, visit www.mspportalpartners.net.

MspPortal Partners Enters Enterprise Space Anchored by Bitdefender Technology

SCOTTSDALE, AZ. – August 4, 2020 – MspPortal Partners Inc. today announced that it is expanding into the enterprise space with long-time technology partner, Bitdefender. Currently, more than 400 tech firms across the country rely on MspPortal Partners managed services, as well as the support of the company’s more than 3,000 trained techs across the U.S. and Canada. MspPortal Partners is launching an initiative to help current and new reseller partners find enterprise opportunities within the healthcare industry, and education and government markets.

Continue reading