Archive for the ‘MSP’ Category

Introducing IT Accelerant

Monday, February 26th, 2024

I’m very proud and excited to announce that I’ve started a new Managed IT Services company named IT Accelerant. I’ve worked in IT since 2000, in 2018 I started working for an MSP in Annapolis Maryland and learned to love the business of helping other businesses succeed with technology. I’ve been in the Managed IT Services space ever since and love it.

IT Accelerant will focus on serving small to mid-sized business (5-100 people) in Colorado. We’ve just launched a new website that explains our focus and the types of businesses we support. We look forward to serving other business in our area!

Another day another critical Fortigate vulnerability

Friday, February 9th, 2024

At this point, it’s beyond ridiculous. The device that is supposed to provide security is the one requiring constant updates due to vulnerabilities that are exposed to the internet. Every software vendor has bugs, many of them are security related. It happens. Which is why it is essential that your systems can be quickly and easily updated. Other firewall vendors have provided such automatic updates for over a decade, it’s time we stop using technology that is so difficult to keep updated. Rant over, go update your firewalls now and while you are at it, upgrade to modern solutions that don’t require a VPN at all (like SaaS).

How attackers can bypass Office 365 MFA

Wednesday, September 6th, 2023

I’ve always found a good hack fascinating (remember reading 2600?) but while it can be scary, understanding how a good hack works can help you avoid being a victim. This interesting hack against Office 365 accounts uses a few new tricks. One is to embed malicious links in attachments (the attachment itself is safe and the email security tool only scans the embedded URLs), the next is to use the attachment to launch a man-in-the-middle attack to capture a session token when a user goes to the legit Microsoft site to be authenticated. See in the case of MFA, the username and password by themselves aren’t useful without the additional factor, but once you have a token they can access the account until it expires (default 90 days). Anyways, evidently these tactics and more have been in use for years. It’s worth your time to read the whole thing at Bleeping Computer.

TLDR: don’t open attachments or click on links you aren’t expecting, better to call your contact and ask them if they actually meant to send it to you.

Pax8 Marketplace will send leads to MSPs

Wednesday, June 14th, 2023

The key to any great business — in my mind — is finding as many Win/Win scenarios as possible. The revamp of the Pax8 cloud marketplace does that by enabling customers searching for solutions on SaaS providers websites to automatically get matched up with MSPs who can support that product. The SaaS provider wins because they sell software, Pax8 wins because they get to resale said software and provide more value to cloud marketplace customers. The MSP wins because they get qualified leads from interested buyers. Finally, the customer wins because they can easily find an MSP to support the software they found doing their own research. Of course time will tell how well it all works, but so far it seems like another example of why an MSP and a SaaS provider should do business with Pax8.


Another Fortinet vulnerability requiring immediate action

Monday, June 12th, 2023

This was already beyond being old after the last one, but here we go again with Fortinet CVE-2023-27997 requiring immediate action. Who knows how many thousands of Fortigate firewalls are out, they’re deployed by MSPs to protect their client’s, are now a major attack vector that requires everyone to stop what they are doing to mitigate. This is about the 4th in the last year, for those counting (CVE-2022-42475, CVE-2022-40684, CVE-2023-25610). Sure hope you have an automated way to address this, if not, now maybe it’s time to start searching an alternative for your standard technology platform.