Cybercrime – more than 50% of companies were phished in 2019

January 25th, 2020 by Stephen Jones No comments »

According to a new report by Proofpoint, ore than half of organisations were successfully phished for valuable intel at least once last year, they state that almost nine in ten organisations worldwide (88 per cent) reported a spear-phishing attempt, while 86 per cent reported BEC attacks (Business Email Compromise).

The same percentage reported being attacked through social media, and 84 per cent were targeted through text and SMS messages.

There were also notable Voice phishing and USB attacks.

More than nine million suspicious emails were reported in 2019 – 67 per cent more compared to 2018.

Ask us about a full protection suite that has never been breached.

Operating system: Windows
Stand out features: Cloud-based scanning, secure shopping, game mode, 24/7 tech support, Firewall included, Realtime protection, expansive feature set.

A solution suited for an expert user, once this program is installed, it is very effective at virus detection, and then keeps them totally isolated with a feature called Auto Sandbox Technology.

The cloud based antivirus scanning detects the latest viruses from across the internet, and does not only rely on local virus signatures being up to date.

Azure Misconfiguration Exposes 250 Million Microsoft Customer Accounts

January 24th, 2020 by Stephen Jones No comments »

Microsoft warned its users this week that their customer support case information might have been exposed at the end of 2019 due to security misconfigurations in an Azure-hosted database. According to Microsoft’s investigation, customer data was left unprotected from Dec. 5, 2019 through Dec. 31, 2019.

Most of the personally identifiable information in these customer support records was “redacted” or obscured by “automated tools.”

However, some customer information, if it was slightly off-format, may then have been exposed. Microsoft’s example of such exposed data is a URL that contained extra spaces. The records contained logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019. All of the data was left accessible to anyone with a web browser, with no password or other authentication needed.

Microsoft took swift action to secure it. ‘I immediately reported this to Microsoft and within 24 hours all servers were secured,” said Bob Diachenko who led the Comparitech security research team that discovered the issue. “< em>I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve.”

Comparitech also gave this good advice:
the dangers of this exposure should not be underestimated. The data could be valuable to tech support scammers, in particular.

Tech support scams entail a scammer contacting users and pretending to be a Microsoft support representative. These types of scams are quite prevalent, and even when scammers don’t have any personal information about their targets, they often impersonate Microsoft staff. Microsoft Windows is, after all, the most popular operating system in the world.

With detailed logs and case information in hand, scammers stand a better chance of succeeding against their targets. If scammers obtained the data before it was secured, they could exploit it by impersonating a real Microsoft employee and referring to a real case number. From there, they could phish for sensitive information or hijack user devices.

Microsoft customers and Windows users should be on the lookout for such scams via phone and email. Remember that Microsoft never proactively reaches out to users to solve their tech problems—users must approach Microsoft for help first. Microsoft employees will not ask for your password or request that you install remote desktop applications like TeamViewer. These are common tactics among tech scammers.

This follows many high profile beaches e.g.:
•267 million Facebook user IDs and phone numbers exposed online
•2.7 billion exposed email addresses from mostly Chinese domains, 1 million of which included passwords
•Detailed personal records of 188 million people found exposed on the web
•7 million student records exposed by K12.com
•5 million personal records belonging to MedicareSupplement.com exposed to public
•2.8 million CenturyLink customer records exposed
•700k Choice Hotels customer records leaked

If you need to improve your system security call Synergy Software Systems on 0097143365589 to learn more of our solutions.

Qatar and Kuwait defer VAT to 2021

January 20th, 2020 by Stephen Jones No comments »

Kuwait and Qatar are the only GCC member countries which have delayed the implementation of the VAT system. The budget committee’s decision is not to implement the VAT before the year 2021, since they don’t see the need to expedite VAT this year..

The IMF has estimated that the revenues from VAT in the UAE may equate to 1.5% of GDP, but Kuwait’s government has no immediate need for fresh revenue with state finances that are the strongest amongst the region.

The Qatar Ministry of Finance, stated that it is still evaluating the potential impacts of VAT introduction and therefore did not implement any VAT law in the year 2019. Qatar said in December that it plans to spend 1.9 percent more in 2020 than in 2019, outlining a 210.5 billion Qatari riyal ($58bn) budget and a reduced budget surplus.

As the government of these two countries are in no hurry to implement VAT as of now, businesses have time to plan their investment and expansion strategy and to be prepared and ensure readiness and be VAT compliant.

End of support deadlines -Microsoft

January 15th, 2020 by Stephen Jones No comments »

Businesses running Microsoft’s business software are facing all sorts of end-of-support deadlines at the start of 2020.

Major premises-installed business products are falling out of “extended support” this year, which means they’ll no longer get patches, including security updates, from Microsoft. It’s considered potentially risky to continue to use such “unsupported software” after their end-of-support milestones.

IT pros may have already reacted to address many of these milestones, but some workloads remain as problems to address.
Crashing deadlines are very near this month for organizations using Windows 7 and Windows Server 2008, but other important milestones loom, as well.
Windows 7 Client and Server Deadlines – Jan. 14, 2020 end-of-support date for Windows 7. That support deadline also applies to Windows Server 2008/R2, Dynamics CRM 2015, Dynamics GP 2015 R2, Dynamics NAV 2015,Dynamics SL 2015.
Later this year Office 2016 , and Outlook 2016 versions will also go out of support.

SnapLogic iPaaS in the news

January 14th, 2020 by Stephen Jones No comments »

Snaplogic is a low code integration platform that is particularly suited to hybrid integrations between cloud and on-premise software e.g. for BI, CPM or ecommerce or EDI . several interesting recent news posts:

• Information Age – Should you consider adopting a cloud data warehouse? Craig discusses data lake and data warehouse considerations with Information Age – https://www.information-age.com/should-you-consider-adopting-cloud-data-warehouse-123486561/ In the modern world of data lakes, CDOs and CIOs will face three major challenges: how to migrate their users, how to live with a hybrid infrastructure for a while and how to future-proof their data platform

• IT Brief Australia – How AI bias is holding back adoption – https://itbrief.com.au/story/snaplogic-how-ai-bias-is-holding-back-adoption Brad writes about combating AI bias to retain public trust and ensure AI initiatives advance responsibly.

• Digitalisation World – The Cost of Legacy Technology – https://digitalisationworld.com/blogs/55941/the-cost-of-legacy-technology Neerav explains the risks, and growing costs, of sticking with outdated legacy technologies. In recent times, lack of innovation and adoption of new technology has proven to be the downfall of some well-known high street names – for example, Thomas Cook has littered the headlines following its collapse. In an era when anyone can book their travel, accommodation and holiday entertainment from the comfort of their own home, travel companies can seriously damage themselves by ignoring this reality, failing to innovate and relying on legacy systems.

Businesses need to know the full extent to which using antiquated tech can cost them money and cause them damage. ………

Microsoft to end support for all Windows 10 Mobile applications …the Office app future

January 11th, 2020 by Stephen Jones No comments »

Microsoft plans to end support for all Windows 10 Mobile applications on Jan. 12, 2021, when , Excel, OneNote PowerPoint and Word applications for the Windows 10 Mobile operating system will no longer get patches from Microsoft, including security fixes. The lack of patch support increases risks for those continuing to use those apps since security holes go unpatched. Additionally, the Windows 10 Mobile OS (version 1709) for Windows Phone devices is nearly dead. It went out of support, on Dec. 10, 2019, and patches will stop arriving.

Microsoft will steer mobile app users to its Office App instead on Windows 10, Android and iOS mobile devices. The Office App combines Excel, PowerPoint and Word into a common experience. It’s also better optimized to handle various mobile tasks, Microsoft contends.

The Office App was available as a preview for Android and iOS mobile device users end of last year , although the iOS preview was limited. Microsoft began including the Office App with Windows 10 OS releases earlier this year. Back then, the Office App was described as a “progressive Web app” that use “service worker” Web technology to work with files offline. The experience users get with the Windows 10 Office App and Office.com, Microsoft’s browser-based Office suite, is pretty much the same.. The Office App has integrated search, access to people cards, and can be customized to use organizational templates, which lets organizations more easily brand created documents, such as PowerPoint presentations.

• The Office App has a special “mobile view” to make reading easier compared with Office Mobile Apps. The Office App is deemed “full fledged,” and will even show comments in a Word document. It has a sticky notes capability.
• The Office Lens solution can be used with mobile device cameras to convert photos of documents into sharable files.
• The Office App is optimized for mobile use via various “actions” that let end users transfer files, scan PDFs or QR codes, and take actions on images.
Office App for Windows 10 and Office.com are already being used by “millions of users and thousands of organizations,” The integrated experience of the Office App on Android and iOS phones, aims to free up storage on mobile devices and means that administrators don’t need to push down as many apps to devices.

Mobile App Redesign
Microsoft recently announced that its Office apps for mobile devices, namely “Outlook, OneDrive, Word, Excel, and PowerPoint,” have all been redesigned and that users can “expect new versions of Teams, Yammer, and Planner soon.” Microsoft is using a Fluent design system for its Office applications that developers can build upon using Microsoft’s Fluent toolkit. The announcement promised the ability of the Fluent mobile design to tap 3-D experiences at some point. These mobile Office application redesigns are taking advantage of the Fluid Framework to improve mobile-use scenarios. The Fluid Framework supports user collaborations via the Microsoft Graph, the SharePoint Framework and Office add-ins.

Why do we need a suite of office apps rather than one? While Word is best suited for text-heavy documents, Word documents can include graphics, too. However, Word isn’t nearly as well-suited to the creation of graphics-heavy documents as Publisher is. Similarly, you can paste tables and charts from Excel into Word, Publisher, PowerPoint and other Office applications, just as you can also add raw text or graphics to an Excel spreadsheet. My point is that with a few exceptions, each of the Office applications can accommodate text, graphics, tables and other types of media. However, each of the Office applications is geared heavily toward one specific type of data. Excel, for example, would not be the best application to use if you were writing a novel, even though you could theoretically compose a long manuscript inside a spreadsheet. Likewise, PowerPoint isn’t the best choice when you need an accounting tool.

The fluid design framework is a step forward to closer integration.

Teams is coming to Office 365 ProPlus and 365 Business……..

January 11th, 2020 by Stephen Jones No comments »

Microsoft will turn on Microsoft Teams for Office 365 ProPlus or Office 365 Business tenancies that follow the semiannual channel update model starting on Jan. 14, 2020. unless it’s blocked beforehand by IT pros. The “semiannual channel” refers to Microsoft biannual update model, where feature updates typically arrive in the spring and fall. Teams will get delivered to organizations using version 1908 or later of Office 365 ProPlus, Microsoft explained, so the version of the product matters.The Teams update process is different from the update process of other Office apps such as Excel or Word.

Organizations using Office 365 ProPlus or Office 365 Business also have an option to follow a monthly feature update model. Those subscribers already may have received Teams months ago, as Microsoft had kicked off Teams for subscribers using version 1906 of those productivity-suite products back on July 9.
Microsoft’s original plans to deliver Teams to Office 365 ProPlus and Office 365 Business subscribers were described back in June. At that time, Microsoft had explained that it was delivering Teams to Office 365 Business users even though they don’t have the use rights for Teams. The version of Teams that Office 365 Business users get is a free one-year trial version, which is called the “Microsoft Teams Commercial Cloud Trial.” Teams gets delivered to Office 365 Business users even if they did not request getting the trial.To block the arrival of Teams for these Office 365 products requires Group Policy settings or the Office Deployment Tool.

After Teams arrives, it’ll start getting feature and quality updates, which will arrive “approximately every two weeks,”

Be prepared for Potential Iranian Cyberattacks

January 10th, 2020 by Stephen Jones No comments »

The drone attack as Suleimani was visiting Baghdad last week is widely expected to prompt counterattacks of some sort from Iran, with Iranian leaders vowing as much in recent days. One of the most rapid ways that Iran can respond is through attacks on computer systems of U.S. businesses and government agencies

The U.S. agency in charge of cybersecurity urges organizations in the United States to prepare for potential attacks from Iran in response to the American drone killing of General Qassim Suleimani.

The Cybersecurity and Infrastructure Security Agency (CISA) issued its warning, “Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad,” on Monday afternoon. CISA is a federal agency created in 2018 to coordinate with other government entities and the private sector on cybersecurity and critical infrastructure protection.

The drone attack as Suleimani was visiting Baghdad last week is widely expected to prompt counterattacks of some sort from Iran, with Iranian leaders vowing as much in recent days. One of the most rapid ways that Iran can respond is through attacks on computer systems of U.S. businesses and government agencies. However, proxy attack on perceived USA allies, or major USA technology firms also have to be considered.

A key feature in your defence is the way your anti malware software handles unknown files. All Ransomware/Malware starts as an unknown file. Older protection software uses a detect and remediate approach to stop it. Basically, a default ‘allow’ policy, because they let unknown files come into their system and then try to stop the effect. This is a problem because hackers make new malicious codes every single day, and rely on signature based detection methods.

We offer a solution with a default ‘Deny’ approach. Our auto-containment features is a patented and the one-and-only technology that renders malware useless and to date the Platform and Auto Containment.
has 0 breaches.

With growing and ever more sophisticated and expensive attacks, and increasingly stringent legislation such as GDPR with swinging data breach penalties, the risks of international war by cybercrime have gone up another notch.

If you need to boost your defences then contact us on 0097143365589

Discontinuation of Microsoft Social Engagement

January 3rd, 2020 by Stephen Jones No comments »

As previously announced, Microsoft Social Engagement (MSE) will be discontinued for all customers on January 16, 2020. As a current Dynamics 365 customer, you can continue using the Microsoft Social Engagement service until the expiration of your subscription or January 16, 2020, whichever comes first.

Please refer to FAQ page or email mseeol@microsoft.com for any further assistance related to the end of your Microsoft Social Engagement subscription. Customers are requested to look for other social engagement solutions available in Microsoft AppSource or outside markets.

Facebook can track you when you opt out.

December 19th, 2019 by Stephen Jones No comments »

In a letter US senatorsdated December 12 that was released Tuesday, Facebook explained how it is able to estimate users’ locations used to target ads even when they’ve chosen to reject location tracking through their smartphone’s operating system The letter was widely shared on social media Tuesday
The Facebook social network, which was responding to a request for information by two senators, contended that knowing a user’s whereabouts has benefits ranging from showing ads for nearby shops to fighting hackers and battling misinformation.Facebook said that clues for figuring out a user’s location include being tagged in a photo at a specific place or a check-in at a location such as at a restaurant during a dinner with friends.People may share an address for purchases at a shopping section at Facebook, or simply include it in their profile information.

Along with location information shared in posts by users, devices connecting to the internet are given IP addresses and a user’s whereabouts can then be noted.Those addresses include locations, albeit a bit imprecise when it comes to mobile devices linking through telecom services that might only note a town or city.Facebook said knowing a user’s general location helps it and other internet firms to protect accounts by detecting when suspicious login behavior occurs, such as by someone in South America when a user lives in Europe. IP addresses also help companies such as Facebook battle misinformation by showing the general origin of potentially nefarious activity, such as a stream of politically oriented posts which might be aimed at a particular country.

The California Consumer Privacy Act (CCPA) will give internet users the right to see what data big tech companies collect and with whom it is shared.

At the end of October Australia’s consumer watchdog sued Google on Tuesday alleging the technology giant broke consumer law by misleading Android users about how their location data was collected and used. The Australian Competition and Consumer Commission accused Google of collecting information on users’ whereabouts even after they had switched off the location setting.

An Associated Press investigation last year revealed that several Google apps and websites stored user location even if the user had turned off the Location History setting. To stop Google from saving these location markers, users had to turn off another setting, Web and App Activity. That setting, enabled by default, does not specifically reference location information.Google later clarified in a help page how the Location History works, but it didn’t change the location-tracking practice.

Huge tech companies are under increasing scrutiny over their data practices, following a series of privacy scandals at Facebook and new data-privacy rules in Europe. Critics say Google’s insistence on tracking its users’ locations stems from its drive to boost advertising revenue. It can charge advertisers more if they want to narrow ad delivery to people who’ve visited certain locations. The Australian commission began proceedings in the Federal Court of Australia alleging Google breached the law through a series of on-screen representations made as users set up Google accounts on their Android phones and tablets.

The AP investigation found that even with Location History turned off, Google stores user location when, for instance, the Google Maps app is opened, or when users conduct Google searches that aren’t related to location. Automated searches of the local weather on some Android phones also store the phone’s whereabouts.

Earlier, the business news site Quartz found that Google was tracking Android users by collecting the addresses of nearby cellphone towers even if all location services were off. Google changed the practice and insisted it never recorded the data anyway.

RYUK nasty and expensive ransomware

December 17th, 2019 by Stephen Jones No comments »

The Ryuk Ransomware is a data encryption Trojan that was first identified on August 13th, 2018. The NCSC is investigating current Ryuk ransomware campaigns targeting organisations globally, including in the UK, Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files.

Ryuk ransomware had a disturbingly successful debut, being used to hit at least three organizations in its first two months of activity for more than $640,000 in ransom. Several attacks followed, where the attackers demanded even greater amounts of ransom. The attackers were able to demand and receive high ransoms because of a unique trait in the Ryuk code: the ability to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint. By carrying out these actions, the attackers could disable the Windows System Restore option, making it impossible for users to recover from the attack without external backups. Looking at the encryption process and ransom demands, Ryuk is targeting big enterprises in the hopes of large payoffs. A recent flash update from the FBI revealed that over 100 organizations around the world have been beset by Ryuk

The origins of Ryuk ransomware can be attributed to two criminal entities: Wizard Spider and CryptoTech. The former is the well-known Russian cybercriminal group and operator of TrickBot; the latter is a Russian-speaking organization found selling Hermes 2.1 two months before the $58.5 million cyber heist that victimized the Far Eastern International Bank (FEIB) in Taiwan.

Unlike other ransomware, Ryuk is distributed by common botnets, such as Trickbot and Emotet, which have been widely used as banking trojans.
Analysis. Ryuk dropper contains both 32-bit and 64-bit payloads. The dropper checks whether it is being executed in a 32-bit or 64-bit OS by using the “IsWow64Process” API a. It also checks the version of the operating system. Next, it executes the payload using the ShellExecuteW API.

Persistence mechanism
Ryuk adds the following registry key so it will execute at every login. It uses the command below to create a registry key:
“”C:\Windows\System32\cmd.exe” /C REG ADD “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v “svchos” /t REG_SZ /d “C:\Users\Public\{random-5 char}.exe” /f”

Process injection
Ryuk injects its main code into several remote processes. Ryuk enumerates the process by calling the CreateToolhelp32Snapshot API and injecting its code in all the processes except the ones named explorer.exe, lsaas.exe and csrss.exe, telling it that it should not be executed by the NT AUTHORITY.
Ryuk ransomware terminates processes and stops services contained on a predefined list. These processes and services are mostly antivirus tools, databases, backups, and other software. The screenshot below shows the list of services stopped by Ryuk. Ryuk also deletes shadow copies and other backup storage files by using a .BAT file so that the infected system can’t restore data. Below is the list of commands used by Ryuk to perform these deletions.

Encryption and similarity with Hermes ransomware
Ryuk uses a combination of RSA (asymmetric) and AES (symmetric) encryption to encrypt files. Ryuk embeds an RSA key pair in which the RSA private key is already encrypted with a global RSA public key. The sample generates an AES-256 key for each file and encrypts the files with an AES key. Further, the AES key is encrypted with an embedded public key and is appended at the end of the encrypted file. If all the samples contain the same RSA key pair, then after getting access to one private key, it’s easy to decrypt all of the files. But Ryuk contains a different RSA key pair for every sample. Some samples append the “.RYK” extension and some don’t append any extensions after encrypting the files.
Ryuk has a common feature with Hermes ransomware. During encryption, Ryuk adds a marker in the encrypted file using the keyword “HERMES”.
Ryuk checks for the HERMES marker before encrypting any file to know if it has been already encrypted.

Ryuk encrypts files in every drive and network shared from the infected system. It has whitelisted a few folders, including “Windows, Mozilla, Chrome, Recycle Bin, and Ahnlab” so it won’t encrypt files inside these folders. Ryuk drops its ransom note, named RyukReadMe.txt, in every directory. Ryuk asks for the ransom in bitcoin, providing the bitcoin address in the ransom note. Ryuk contains different templates for the ransom note. After completing the encryption, Ryuk creates two files. One is “Public” and contains an RSA public key while the second is “UNIQUE_ID_DO_NOT_REMOVE” and contains a unique hardcoded key.

Malwarebytes Labs director Adam Kujawa said that, while instances of consumer ransomware infections are down 25 per cent over the last year, attacks on businesses are skyrocketing, up a whopping 235 per cent over the same period.Overall, the numbers would show that ransomware numbers have fallen. After peaking at more than 5.7 million total detections in August of 2018, just over 3 million attacks by lockup malware were detected in June 2019.This is not, because criminals are losing interest in using ransomware. Rather, they are getting a much better return from fewer attempts on higher-value targets: namely, enterprises.

Prior to running any ransomware decryptor – whether it was supplied by a bad actor or by a security company – be sure to back up the encrypted data first. Should the tool not work as expected, you’ll be able to try again Ryuk is a particularly horrible software nasty. It works by finding and encrypting network drives as well as wiping Windows volume snapshots to prevent the use of Windows System Restore points as an easy recovery method.

Whatever the size of your company and whatever industry you’re in, we recommend you follow these best practices to minimize your risk of falling victim to a ransomware attack:
• Educate your users. Teach them about the importance of strong passwords and roll out two-factor authentication wherever you can.
• Protect access rights. Give user accounts and administrators only the access rights they need and nothing more.
• Make regular backups – and keep them offsite where attackers can’t find them. They could be your last line of defense against a six-figure ransom demand.
• Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
• Lock down your RDP. Turn off RDP if you don’t need it, and use rate limiting, 2FA or a VPN if you do.
• Ensure tamper protection is enabled. Ryuk and other ransomware attempt to disable your endpoint protection. Tamper protection is designed to prevent this from happening.
• Educate your team on phishing. Phishing is one of the main delivery mechanisms for ransomware.
• Use anti-ransomware protection
• Ensure tamper protection is enabled. Ryuk and other ransomware attempt to disable your endpoint protection. Tamper protection is designed to prevent this from happening.”

.

Microsoft yesterday announced plans to establish a new cloud datacenter region in Qatar

December 15th, 2019 by Stephen Jones No comments »

Microsoftannounced plans to establish a new cloud datacenter region in Qatar to deliver its intelligent, trusted cloud services and expand the Microsoft global cloud infrastructure to 55 cloud regions in 20 countries. The new region is anticipated to be available starting with Microsoft Azure in 2021, and Office 365, Dynamics 365 and Power Platform to follow.

The announcement was made by HE Minister of Transport and Communications Jassim Saif Ahmed Al-Sulaiti and EVP and President, Microsoft Global Sales, Marketing and Operations, Microsoft Corp., Jean-Philippe Courtois. HE the Minister said in his opening remarks, “This collaboration with Microsoft comes as part of accelerating the efforts led by the Government of Qatar to implement the country’s digital transformation agenda and build a knowledge-based economy as laid down in the Qatar National Vision 2030.”

Government entities, organizations, public and private enterprises and developers will have access to scalable, highly available, and resilient cloud services to accelerate their digital transformation journeys – better engage customers, empower employees, optimize operations, and transform products and services – from the new cloud region in Qatar. The new cloud region is anticipated to play a pivotal role in bridging the skills gap in Qatar. Microsoft is also collaborating with the Qatar Digital Government to launch a nationwide upskilling program that will train government employees enhancing their technical acumen in cloud technologies.

The new cloud region will adhere to Microsoft’s trusted cloud principles and become part of one of the largest cloud infrastructures in the world, already serving more than a billion customers and 20 million businesses. Microsoft’s cloud services are compliant with the European Union’s General Data Protection Regulation (GDPR) and are certified for a large portfolio of international security and privacy standards, some of which form the basis of Qatar government policies, including the Ministry of Transport and Communications’ National Information Assurance Policy and the Cloud Security and Information Privacy Protection regulations.

The new Microsoft region in Qatar will offer Microsoft’s scalable, trusted and reliable cloud services combined with in-country customer data residency. Microsoft will help empower customers through its deep expertise in protecting customer data to meet extensive security and privacy requirements as well as the broadest set of compliance certifications and attestations in the industry.

This news follows the recent announcement at QITCOM 2019, where MOTC announced its choice of Azure as its preferred cloud platform – a collaboration the two sides see as an opportunity to encourage government entities and institutions in Qatar to embark on or continue their digital transformation journey.
Microsoft Azure is an ever-expanding set of cloud services that offers computing, networking, databases, analytics, and Internet of Things (IoT) services. Office 365 enables cloud-based productivity with email, collaboration, conferencing, enterprise social networking and business intelligence. Dynamics 365 and Power Platform is the next generation of intelligent business applications that enable organizations to grow, evolve and transform to meet the needs of customers and capture new opportunities.

Microsoft has accelerated the pace of global expansion with the opening of cloud regions in five new markets in 2019, including being the first global cloud provider to deliver services from datacenter regions located in Africa.

SQL 2016 Sp2 CU11 release

December 15th, 2019 by Stephen Jones No comments »

The 11th cumulative update release for SQL Server 2016 SP2 is now available for download at the Microsoft Downloads site.
Please note that registration is no longer required to download Cumulative updates.
CU11 KB Article: https://support.microsoft.com/en-us/help/4527378
• Microsoft® SQL Server® 2016 SP2 Latest Cumulative Update: https://www.microsoft.com/download/details.aspx?id=56975
• Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx

Forrester sees SnapLogic as a strategic for Enterprise integration – hybrid- cloud and on premise

December 14th, 2019 by Stephen Jones No comments »

SnapLogic iPaaS provides integration in continuously evolving data environments,

According to Forrester, “The strategic iPaaS/HIP market is growing because more EA professionals see strategic iPaaS/HIP as a key element of their digital transformation agility.” Forrester adds that “vendors that can make integration easier as well as provide a broad set of integration scenarios position themselves to successfully deliver in any public, private, hybrid, and/or multicloud environment.”

In the report, SnapLogic has received the highest score possible in the “market approach” criterion.

SnapLogic’s intelligent integration platform uses AI-powered workflows to automate all stages of IT integration projects – design, development, deployment, and maintenance – whether on-premises, in the cloud, or in hybrid environments.

The platform’s easy-to-use, self-service interface enables both expert and citizen integrators to manage all application integration, data integration, and data engineering projects on a single, scalable platform.

With SnapLogic, you can connect all of your enterprise systems quickly and easily to automate business processes, accelerate analytics, and drive transformation.

For more details of why ask SnapLogic Partner Synergy Software Systems 009714 3365589

Malware, Deepfakes, Snatch ……the threats keep coming

December 12th, 2019 by Stephen Jones No comments »

Over the last decade when malware exploded from a casual semi-amateur landscape into highly organised criminal operations, capable of generating hundreds of millions of US dollars per year.Malware strains like Necurs, Andromeda, Kelihos, Mirai, or ZeroAccess have made a name for themselves after they’ve infected millions of devices across the globe.

The next couple of years will bring a new range of threats that will take tech security far beyond its traditional boundaries and will require a whole new set of skills and alliances. One example: tech analyst Forrester predicts that deepfakes could end up costing businesses a lot of money next year: as much as $250m.

There’s the risk to your share price if someone creates a deepfake of your CEO apparently resigning from the company. Alternatively, a convincing deepfake of a celebrity well known for using your products seemingly being rude about your brand could easily hurt sales if it spreads widely. But there’s also the risk that deepfakes could be added to the toolkits used by phishing gangs. There have already been a few cases of crooks using AI tools to fake the voices of CEOs to trick workers into transferring money to their accounts. The next step would be to create a convincing video of an executive asking for an emergency funds transfer.

If employees are regularly tricked into handing money over to fraudsters on the strength of a bogus email (and they still are), imagine how easy it would be to be fooled by a deepfaked video chat with the CEO instead?

The Internet of Things will greatly increase the number of devices and applications that security teams will have to protect. That’s hard for teams that have used to protecting just PCs and servers to have to worry about everything from smart air-conditioning units or vending machines in the canteen, right through to power plants and industrial machinery.

A new threat has arisen with Snatch ransomware which uses a new trick to bypass antivirus software and encrypt victims’ files without being detected – it relies on rebooting an infected computer into Safe Mode, and to run the ransomware’s file encryption process within Safe mode.The reason is that most antivirus software does not start in Windows Safe Mode, a Windows state that is meant for debugging and recovering a corrupt operating system. Snatch uses a Windows registry key to schedule a Windows service to start in Safe Mode. This service ill run the ransomware in Safe Mode without the risk of being detected by antivirus software, and having its encryption process stopped. Snatch sets itself up as a service that will run even during a Safe Mode reboot, then reboots the box into Safe Mode. This effectively neuters the active protection of most endpoint security tools. Devious! and evil.

The Safe Mode trick was discovered by the incident response team at Sophos Labs, who were called in to investigate a ransomware infection in the past few weeks. Its research team says this is a big deal, and a trick that could be rapidly adopted by other ransomware..

Snatch never targeted home users and was not spread by use of mass-distribution methods like email spam campaigns or browser-based exploit kits — that get a lot of attention from cyber-security firms. Snatch targets a small list of carefully selected companies and public or government organizations.This type of targeting and methodology is known in the cyber-security field as “big-game hunting” and is a strategy that’s been widely adopted by multiple ransomware.
The idea behind big-game hunting is that instead of going after the small ransom fees malware authors can extract from home users, crooks go after large corporations and government organizations, from where they can ask for ransom fees that are hundreds of thousands of times bigger.
Ransomware like Ryuk, SamSam, Matrix, BitPaymer, and LockerGoga are big-game hunters.

The group buys their way into a company’s network. Researchers tracked down ads the Snatch team has posted on hacking forums, to recruit partners for their scheme. According to a translation of the ad, the Snatch team was “looking for affiliate partners with access to RDP\VNC\TeamViewer\WebShell\SQL inj [SQL injection] in corporate networks, stores and other companies.” the Snatch team will buy access to a hacked network, or work with another hacker to breach a desired company. Once in, they rarely install the ransomware and encrypt files right away. Instead, the Snatch team bide their time and slowly escalate access to internal domain controllers, from where the spread to as many computers on an internal network as possible. To do this, the Snatch crew use legitimate sysadmin tools and penetration testing toolkits to get the job done, tools such as Cobalt Strike, Advanced Port Scanner, Process Hacker, IObit Uninstaller, PowerTool, and PsExec. Since these are common tools, most antivirus products failed to raise any alarms.

Once the Snatch gang has all the access they need, they add the registry key and Windows service that starts Snatch in Safe Mode on all infected hosts, and force a reboot of all workstations — reboot that begins the file encryption process.Unlike most ransomware gangs who are primarily focused on encrypting files and asking for ransoms, the Snatch crew also engaged in data theft. This makes Snatch cunique and highly dangerous, and companies also stand to lose from their data being sold or leaked online at a later date, even should they pay the ransom fee and decrypted their files. This type of behavior makes Snatch one of today’s most dangerous ransomware strains.

Combing a company’s internal network for files to steal takes time, and a reason why Snatch has not made the same amount of victims as other “big game hunting” strains/gangs. The number of Snatch victims is very small. The only known public case of a Snatch ransomware infection was SmarterASP.NET, a web hosting company that boasted to have around 440,000 customers.

Secure ports and services that are exposed on the internet with either strong passwords or with multi-factor authentication. Snatch may experiment with e.g. VNC, TeamViewer, or SQL injections, so securing a company’s network for these attack points is also a must.

Ask us about our security solutions.

0097143365589