M3Power

?? New Phishing Threat via Microsoft Teams ?? Microsoft has detected a device code phishing campaign by the Russian-linked group Storm-2372, targeting governments, NGOs, and industries worldwide. Attackers impersonate trusted figures on WhatsApp, Signal, and Teams, sending fake meeting invites that trick victims into entering a device code—granting access to sensitive data. ?? Once inside, attackers steal credentials, search for confidential information, and spread further phishing messages. ?? Microsoft recommends disabling device code flow, enforcing MFA, revoking compromised tokens, and implementing risk-based sign-in policies to mitigate the threat. At M3Power, we specialize in email security and advanced cybersecurity services to help organizations protect against sophisticated phishing campaigns like Storm-2372. We assist in: ? Disabling vulnerable authentication methods ? Strengthening MFA and risk-based sign-in policies ? Monitoring and responding to suspicious activity *Attached is an MSN article for a full read on the Phishing Campaign* Cyber threats are evolving—stay ahead of attackers! If your organization needs expert security guidance, contact M3Power today. #CyberSecurity #PhishingAttack #MicrosoftTeams #MFA #ThreatProtection #M3Power Office: 816-767-9364 | Email: [email protected]

?? Action Required: MSOnline and AzureAD PowerShell Retirement in 2025 ?? Microsoft has announced that MSOnline and AzureAD PowerShell modules will be retired in 2025. To avoid disruptions, users must migrate to the Microsoft Graph PowerShell SDK or Microsoft Entra PowerShell (in preview) before the modules stop working. ?? Key Dates: * MSOnline PowerShell Retirement: April - May 2025 * AzureAD PowerShell: Support ends March 30, 2025, with full retirement after July 2025. ?? Action Steps: 1. Begin migrating to Microsoft Graph PowerShell or Microsoft Entra PowerShell now. 2. Temporary outages will occur from January - March 2025 to prepare for the final retirement. 3. Monitor Microsoft 365 Message Center and Entra Admin Center for updates. *Below is a link to the Microsoft Entra Blog Post - It will be regularly updated with changes and expected impacts as we move through 2025. * We encourage you to prepare and ensure your environment is ready for these changes to avoid service interruptions. If you have any questions about the upcoming changes, potential impacts, or need assistance with the migration process, please reach out to our M3Power team. Office: 816-767-9364 | Email: [email protected]

PowerSchool, a leading provider of educational software for K-12 schools, disclosed a data breach on December 28, 2024, affecting certain clients using its Student Information System (SIS). The breach involved unauthorized access to student and teacher data through a compromised credential in the PowerSource customer support portal. Although PowerSchool stated that the incident has been contained with no evidence of malware or ongoing unauthorized activity, skepticism persists about the deletion of the stolen data. In past cases, threat actors have claimed to delete data in exchange for payment, only for law enforcement to later discover the data was retained or replicated. System administrators have reported unusual activity in their logs around December 22, 2024, including unauthorized data exports associated with an IP address registered in Ukraine. This suggests that the exfiltration may have begun earlier than initially disclosed. PowerSchool continues to investigate the incident and has implemented measures to enhance security and prevent future breaches. *For more information on the incident, please give the article below a read.* If you have any questions about how this may impact your organization or concerns about similar breaches occurring in the future, please don’t hesitate to contact our team. M3Power offers a comprehensive range of security services to help ensure your organization stays as secure as possible. Office: 816-767-9364 | Email: [email protected]

On December 26, 2024, Cyberhaven alerted users that their extension was compromised after an admin account pushed a malicious update to the Chrome web store. Further investigation revealed other extensions had been similarly affected – and we are once again reminded of the security dangers posed by browser extensions. Below is a live blog post from John Tuckner at Secure Annex. John has included an in-depth timeline of the incident and continues to update as more is learned about the incident and attack. John Tuckner Secure Annex If you have questions about how this may impact your organization, or if you're concerned about other browser extensions potentially affecting your environment, please don't hesitate to contact our team. M3Power offers browser extension security services that can detect suspicious or malicious extensions within your network. We provide expert recommendations and support to help ensure your organization remains as secure as possible. Office: 816-767-9364 | Email: [email protected]

?? Browser Extension Security ?? A popular Chrome extension designed to hide YouTube Shorts has been found to contain malicious code after a recent update. Originally well-regarded for blocking Shorts on YouTube, the extension now exhibits harmful behavior, including requesting unnecessary permissions and running suspicious activities in the background. Security experts have advised users to uninstall the extension immediately to protect their devices from potential risks. This incident underscores the security dangers posed by browser extensions, highlighting the need for caution when installing third-party tools. If you have questions about how this may impact your organization, or if you're concerned about other browser extensions potentially affecting your environment, don't hesitate to contact our team! M3Power offers browser extension security services that can detect suspicious or malicious extensions within your network. We provide expert recommendations and support to help ensure your organization remains as secure as possible. Office: 816-767-9364 | Email: [email protected]

CISA Alert: Large-Scale Spear-Phishing Campaign A foreign threat actor is running a significant spear-phishing campaign that targets various sectors, including government and IT. The campaign involves sending emails with malicious remote desktop protocol (RDP) files to gain unauthorized access to networks and potentially deploy harmful code. CISA advises restricting outbound RDP connections, blocking the execution of RDP files, enabling multi-factor authentication, and using phishing-resistant methods like FIDO tokens. Organizations are also encouraged to deploy endpoint detection systems, conduct user training, and monitor for suspicious activities. Below is an article that outlines the issue and recommendations made by CISA. M3Power offers email security and a suite of security services designed to help protect against sophisticated phishing attacks like the one outlined by CISA. If you're concerned about the impact of such threats on your organization or need assistance implementing CISA's recommended protective measures, please contact our team for expert guidance and support. Office: 816-767-9364 | Email: [email protected]

?? Mandatory Azure MFA ?? On August 15th, a 60-day advance notice was issued to inform Entra global admins the start date of Azure MFA enforcement and the actions required to do so. Required MFA for all Azure users will be rolled out in phases, with Phase 1 starting this month. With the mandatory Phase 1 enforcement date approaching, MFA will be required to sign-in to?the Azure portal,?Microsoft Entra admin center,?and?Intune admin center. As cyber threats continue to evolve, MFA is a crucial tool in safeguarding sensitive data and ensuring that only authorized users can access resources. There are several ways to enable MFA, but we understand that complex environments or technical barriers may make this process a little more difficult. If you have any questions about your environment, what this process looks like, or how to stay complaint, please don't hesitate to reach out. Our goal is to ensure customers are as informed as possible and to assist in avoiding any potential business interruptions. *Attached below is an article that goes more in-depth on the situation* Office: 816-767-9364 | Email: [email protected]

We are excited to be part of the TribalNet conference in Las Vagas NV. #TribalNet

Vulnerabilities in Microsoft apps for macOS: Cisco Talos discovered eight security flaws in Microsoft apps for macOS that could be exploited by attackers to gain access to app permissions, such as the microphone, camera, and screen recording, by injecting malicious libraries. These permissions, regulated by the macOS Transparency, Consent, and Control (TCC) framework, are critical for protecting user data. If exploited, these vulnerabilities could lead to unauthorized access and privilege escalation. Despite these risks, Microsoft has classified these vulnerabilities as low risk and has declined to address them. After Microsoft Updates, of the 8 applications with reported vulnerabilities – Excel, Outlook, PowerPoint and Word are still vulnerable to the issues described in the article. If you have any questions about the potential security impacts or ways to mitigate the risks of these vulnerabilities, please reach out to our team. Office: 816-767-9364 | Email: [email protected]

M3Power Protect: Our Managed Security Platform M3Power MDR provides comprehensive threat detection, investigation, and response across various telemetry sources within an organization. MDR goes beyond endpoint detection and response (EDR) solutions by integrating telemetry from multiple sources and applying advanced analytics to provide a more holistic and proactive approach to cybersecurity. This platform approach allows M3Power to customize a solution around an organization’s needs. Some key features and capabilities of M3Power’s MDR solution include: * Integration of Telemetry Sources - Windows event logs - AV and EDR - Firewall, Proxy and Network monitoring solutions (Zeek) - Email Security solution (Defender, Sophos, etc) - Cloud providers (Entra/M365, GCP, AWS) - Password vaults (1Password) - MFA providers (Duo) - Chromium based browsers * One year telemetry retention * 24x7 triage and alert investigation, allowing your team to focus on actionable detections * Bidirectional capabilities allow customized and automated response actions across endpoints and cloud providers - triggered based on specific detection logic * Incident response capabilities from artifact collection and incident analysis to forensic timeline creation For more information on M3Power Protect, please feel free to reach out to our team. Office: 816-767-9364 | Email: [email protected]