Microsoft Update Woes, Marriott Flaw, Hacker Sentenced, Pax8 Leadership Transition

[00:00:02] It's Thursday, May 2nd, 2024, and I'm Dave Sulp.

[00:00:05] Four things to know today.

[00:00:07] Microsoft's April 2024 security updates disrupt BPN services and NTLM across windows.

[00:00:15] A forensic flaw Marriott admits to using outdated SHA-1 hashing instead of encryption.

[00:00:22] The Ukrainian hacker ordered to pay $16 million after pleading guilty in the Kaseya cyber

[00:00:28] attack and, PACS-8 announced leadership transition Scott Chason to take over as CEO as John Street

[00:00:35] steps down.

[00:00:37] This is the Business of Tech.

[00:00:41] This episode sponsored by SkyKick, new sponsor for MSP Radio.

[00:00:46] SkyKick has been helping over 30,000 MSPs for the past 10 years be more successful

[00:00:51] in the cloud, migrating, protecting, securing, and managing their Microsoft 365 customers.

[00:00:57] A highlight in their offerings is their Microsoft 365 data protection solution, Cloud Backup.

[00:01:03] They've recently enhanced it with a new feature called Smart Insights.

[00:01:07] This feature delivers visual insights, empowering partners to engage more efficiently with customers

[00:01:12] on Microsoft 365 data protection.

[00:01:15] And MSP Radio listeners get a special offer.

[00:01:18] Get a free 2M365 email migration for a customer when you bundle it with backup.

[00:01:24] SkyKick.com slash MSP Radio to learn details.

[00:01:29] There's a lot of security news and some of it very tactical.

[00:01:34] Let's start there.

[00:01:36] Microsoft has confirmed that the April 2024 Windows security updates have caused VPN

[00:01:41] connection failures across various Windows versions.

[00:01:44] The affected versions include Windows 11, Windows 10, and Windows Server 2008 and

[00:01:50] later.

[00:01:51] Microsoft is investigating the issue users contemporarily address the problem by uninstalling

[00:01:57] with security updates, although this will also remove other security fixes.

[00:02:02] Microsoft advises affected users to seek support through the Windows Get Help app or

[00:02:07] the Support for Business Portal.

[00:02:09] Microsoft has also confirmed NTLM authentication failures and high load issues after installing

[00:02:16] April 2024 Windows Server security updates.

[00:02:20] This issue affects Windows domain controllers with a lot of NTLM traffic and few primary DCs.

[00:02:27] Microsoft is working on a fix and advises uninstalling the security updates as a temporary

[00:02:32] worth-a-rent.

[00:02:33] On the brighter side, Microsoft is launching Passkeys support for all consumer accounts,

[00:02:38] allowing users to sign in without passwords.

[00:02:41] Passkeys can be generated across Windows, Android, and iOS devices using authentication

[00:02:47] methods such as Face, Fingerprint, Pin, or Security Key.

[00:02:53] WhatsApp has also introduced Passkeys support on iOS following its release on Android.

[00:02:58] To enable Passkeys on WhatsApp for iOS, users can go to the Account section of the app's

[00:03:03] settings.

[00:03:04] This feature will be rolled out gradually to all users in the coming weeks.

[00:03:10] Why do we care?

[00:03:11] First, Microsoft has made many support desks work hard right now.

[00:03:16] That's the tactical.

[00:03:17] Second, I'll keep focusing on the broad consumer support for Passkeys and continue to ask where

[00:03:23] that support is on the commercial side.

[00:03:25] This seems like a pretty obvious need to me.

[00:03:32] Marriott has admitted that it falsely claimed to have used encryption during a 2018 data

[00:03:37] breach when it had been using a hashing mechanism called Secure Hash Algorithm 1

[00:03:42] or SHA-1.

[00:03:43] The revelation came during a court case and Marriott has been ordered to correct the information

[00:03:48] on its website.

[00:03:50] Using SHA-1 instead of encryption raises questions about the company's initial belief and the

[00:03:54] oversight of forensic investigations.

[00:03:57] The admission could have serious implications for Marriott, including potential legal

[00:04:02] consequences and impact on stock prices.

[00:04:05] United Health's congressional testimony reveals significant security failures, including

[00:04:11] paying a $22 million ransom to attackers who breached its systems.

[00:04:16] The breach occurred due to compromised credentials and the lack of multi-factor authentication

[00:04:21] on a change healthcare Citrix portal that exposed a large amount of personally identifiable

[00:04:27] information and personal health information.

[00:04:29] The impact on data security and the potential for follow-on attacks remains unclear.

[00:04:34] According to CEO Andrew Whitty, approximately a third of US citizens may have been

[00:04:40] affected by the hack.

[00:04:42] The company is still investigating the breach to determine the exact number of people impacted.

[00:04:46] It is expected to take several months for victims to be notified.

[00:04:52] Why do we care?

[00:04:54] It's always the lying.

[00:04:56] Marriott lied to cover up a mistake that makes everything worse every time.

[00:05:01] It's also often basic stuff, two-factor authentication, encryption and being ready

[00:05:08] to not pay a ransom.

[00:05:10] Many cybersecurity discussions offer tools-based, complex solutions.

[00:05:14] But instead, it's the basics.

[00:05:17] And wonder why I keep focusing on past keys?

[00:05:20] While it's not a silver bullet, it sure would go a long way.

[00:05:25] Raw stuff?

[00:05:28] Yavinsky, a Ukrainian national accused in the Kaseya ransomware attack, has been

[00:05:32] sentenced to 13 years and seven months in prison in order to pay over $16 million

[00:05:39] in restitution.

[00:05:40] Vynsky conducted over 2,500 ransomware attacks and demanded more than $700 million

[00:05:47] in ransom payments as part of the RIVAL ransomware gang.

[00:05:51] The attacks involved hacking into computers worldwide, encrypting them with ransomware

[00:05:55] and threatening to disclose victims' data if they refuse to pay publicly.

[00:05:59] According to the FBI, another man involved in the RIVAL ransomware attacks,

[00:06:04] Yavinsky Polinian, a now 31-year-old Russian national, remains at large.

[00:06:10] Why do we care?

[00:06:12] This is a huge moral victory and one we're celebrating.

[00:06:16] But I will leave it to Robert Jaffee, who was a guest on the show and his words

[00:06:22] on LinkedIn.

[00:06:23] Quote, was it emotional for me?

[00:06:25] You cannot imagine the surrealness but I was stoic,

[00:06:28] electing to concentrate on the court proceedings and listening for details.

[00:06:32] Then the judge spoke about what she considered in this case to determine punishment.

[00:06:36] My name and my victim impact statement were among the people and facts she listed.

[00:06:41] For that I was humbly grateful but the moment hit me again, at least momentarily.

[00:06:46] Is there closure?

[00:06:48] Don't think so linearly.

[00:06:50] This story has many branches and intersections.

[00:06:52] Think of it as simply one limb that has been cauterized.

[00:06:56] There are other chapters that may never end or heal.

[00:06:59] I want to remind you all that our collective work remains unfinished but now you can proceed

[00:07:03] with greater hope and perhaps a little victory in your heart.

[00:07:07] And remember, there's no shame in victimhood.

[00:07:09] There is strength in vulnerability.

[00:07:11] The missing element in our cyber defenses is community.

[00:07:15] Please invest more of yourselves there.

[00:07:18] End quote.

[00:07:21] Pax 8 founder and CEO John Street has stepped down and named current CTO Scott Chazin

[00:07:27] the new CEO.

[00:07:29] It will remain chairman of the board and focus on strategic initiatives.

[00:07:33] The leadership change came after Pax 8 implemented layoffs and aimed to position the company for

[00:07:38] long term success.

[00:07:40] Jason, who joined Pax 8 in 2021 is described as a visionary and will lead the company's

[00:07:45] innovation efforts.

[00:07:47] Pax 8 raised $96 million in 2021 from investors including catalyst investors in Sageview

[00:07:53] Capital.

[00:07:54] In April 2022, the company raised another $185 million from SoftBank Vision Fund 2 bringing

[00:08:01] its valuation to $1.7 billion.

[00:08:04] In September 2023, Pax 8 secured a $50 million line of credit with HSBC innovation banking

[00:08:11] does not anticipate using it immediately due to its strong cash position.

[00:08:16] Why do we care?

[00:08:17] Two reasons.

[00:08:18] First, entrepreneurial success is always worth celebrating so congratulations to

[00:08:22] John.

[00:08:23] Second, more than a sale.

[00:08:26] A change in CEO can result in a strategic direction change.

[00:08:30] This is the time to watch for potential changes over the coming months.

[00:08:34] This isn't a panic moment, it's an observation walk.

[00:08:37] The company's beyond event is next month.

[00:08:39] We'll all keep an eye on things.

[00:08:43] Today's episode is supported by Corview.

[00:08:46] Your customers need your Microsoft 365 expertise and Corview has the only M365

[00:08:52] management platform designed for MSPs.

[00:08:56] Manage hundreds of tenants, automate manual tasks and monitor compliance all while intelligently

[00:09:01] comparing to the baseline.

[00:09:03] With a no-coat control approach, Corview revolutionizes your Microsoft 365 administration.

[00:09:09] This powerful platform enables automatic reporting and remediation ensuring optimal performance

[00:09:15] and security.

[00:09:16] The best part?

[00:09:17] You achieve this high level of service without the need for a large workforce allowing

[00:09:22] you to focus on growing your business through efficiency.

[00:09:26] Want to know more?

[00:09:27] Visit Corview.com slash MSP and find out more.

[00:09:32] Thanks for listening.

[00:09:34] Today is National Brothers and Sisters Day so a shout out to mine all across the country.

[00:09:40] Have a question you want answered?

[00:09:41] We do take lists for questions, sending them ideally as a voice memo or video to

[00:09:45] question at MSPradio.com.

[00:09:47] I answer those live each week on our Wednesday live show on YouTube and LinkedIn

[00:09:52] at 3pm Eastern next week.

[00:09:53] And if you got a comment or a thought, put it in the comments if you're on YouTube or

[00:09:57] reach out on LinkedIn if you're listening to the podcast.

[00:10:00] I'll talk to you again tomorrow.

[00:10:03] The business of tech is written and produced by me Dave Sobel under Ethics Guidelines,

[00:10:08] post it at businessof.tech.

[00:10:11] If you like the content please make sure to hit that like button, follow or subscribe.

[00:10:16] It's free and easy and the best way to support the show and help us grow.

[00:10:21] You can also check out our Patreon where you can join the business of tech community at

[00:10:25] patreon.com slash MSP radio or buy our Why Do We Care merch at businessof.tech.

[00:10:33] Finally, if you're interested in advertising on this show, visit mspradio.com slash engage.

[00:10:40] Once again, thanks for listening to me and I will talk to you again on our next

[00:10:45] episode of The Business of Tech.

[00:10:50] Part of the MSP radio network.