Archive for the ‘Technology’ category

The New Dynamics 365 Project Operations – ask Synergy Software Systems, Dubai

January 16th, 2021

Almost a year ago, Muhammad Alam, Corporate Vice President Dynamics 365, shared the vision for a better product for project and service based businesses and industries. In March, Gurkan Salk was named the new General Manager for Project Operations at Microsoft.

Users of Dynamics 365 Project Operations often ask for a better way to collaborate in Microsoft Teams, and a new app experience has now arrived. (December 2020)

There are many ways in which Teams can be used to boost collaboration and efficiency while reducing reliance on email.
Add the Dynamics 365 App to Teams and use Project Operations inside Teams.
There is no need to step out of Teams for anything related to Dynamics work.
This app in general is for all the Dynamics 365 apps built upon Dataverse and the Power Platform, be it the Sales app, Customer Service, Project Operations, or others.
The benefit of working with Project Operation within Teams is the improved collaboration as project execution is in process. Many of the workflows of a typical project require constant email correspondence. That work can now be done via Teams, keeping inboxes clean and ensuring the right people stay informed.

Extended Events – Security Issue – SQL Server 2019, 2017, 2016, 2014

January 13th, 2021

Microsoft has fixed vulnerabilities in Extended Events that “may cause code to run against the SQL Server process if a certain extended event is enabled.”

-KB 4583468 https://support.microsoft.com/en-us/help/4583468/kb4583468-microsoft-sql-server-elevation-of-privilege-vulnerability
and
- CVE 2021 1636, https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1636
Lots of patching to do :
• SQL Server 2019 CU8 GDR
• SQL Server 2017 CU22 GDR
• SQL Server 2016 SP2 CU15 GDR
• SQL Server 2014 SP3 CU4 GDR
And there are GDRs for other patch levels too, like if you’re on 2016 but not on SP2 yet.

D365 Supply Chain Management: Customer Portal is Available

January 13th, 2021

D365 Supply Chain Management: Customer Portal is now in Generally Available.

The Customer portal acts as a starting point for organizations to use Power Apps portals to build an externally facing website that uses data from their Supply Chain Management installation. It helps organizations connect dual-write, Supply Chain Management, and Power Apps portals.

What is the Customer portal?
Modern supply chain systems rely on integration. They require that inventory, customer demand, and sales departments be integrated instead of residing in separate silos. The Customer portal helps organizations that run Microsoft Dynamics 365 Supply Chain Management enhance this integration and more effectively keep their customers informed.
The Customer portal template has all the customization capabilities that the portals feature of Power Apps offers. The template can easily be modified to represent the company’s brand, add increased functionality, and change the user experience. All the functionality that the template offers out of the box can be modified as desired.By itself, the template isn’t expected to be completely functional. It just serves as an enabler for customers who want to create an externally facing website so that enterprise customers can engage with data from Supply Chain Management.

The Customer portal documentation is directed at admins, customizers, and system integrators who will set up the Customer portal for a Supply Chain Management installation. It uses the terms customer and user to describe people who are customers of the organization that is running Supply Chain Management, and who will use the final portal itself.

Who should use it?
The Customer portal is designed for companies that run Supply Chain Management and have these characteristics:
• They want to build an externally facing website that communicates order processing information (such as order status or account information) directly from their Supply Chain Management system to their enterprise customers.
• They are transitioning from Dynamics AX 2012 to Supply Chain Management and previously used the AX 2012 Customer self-service portal.
The following types of organizations are not good candidates for implementing the Customer portal:
• Companies that want to build a website for non-enterprise customers. These companies should consider creating a Dynamics 365 Commerce e-commerce website.
• Companies that are already using an existing Power Apps portals website for a similar purpose. These companies won’t receive any additional benefits from the Customer portal. The Customer portal is delivered as a template that acts as a guide and a starting point for customers who want to “connect the dots” between dual-write, Supply Chain Management, and Power Apps portals.

If you’ve already set up a website that serves this purpose, then you might not gain much value from using the Customer portal template to re-provision that website.

The Customer portal is provided as a Power Apps portals template. It depends on Power Apps portals and dual-write.

Power Apps portals is a feature that lets users create an externally facing website into which people from outside the organization can sign in . Little to no coding is required to make portals. The Customer portal is one of many Dynamics 365 portal templates that are available from Microsoft.

Dual-write is an out-of-box infrastructure product that provides near-real-time interaction between customer engagements apps and Finance and Operations apps. Dual-write provides bidirectional integration between Finance and Operations apps and Microsoft Dataverse. Therefore, it provides an integrated user experience across the apps. The Customer portal depends on tables that are synced with dual-write. Before data from Supply Chain Management can be surfaced in the Customer portal, dual-write must be enabled for all the appropriate tables.

(The Common Data Service was renamed to Microsoft Dataverse in November 2020)

What is the true cost of software development?

January 9th, 2021

There ahs been much talk of both devops and citizen developers.
While these new paradigms are welcome and bring many benefits that does not mean that they replace other proven systems of software development.

There are reason why some consultancies quote significantly lower times to develop than other- usually tis lack of knowledge/awareness of what needs to be considered or they deliberately cut corners in areas like security, validation, documentation, testing, and so on.

If that sounds harsh then take a look a this recent post:
A report published last week by the Consortium for Information & Software Quality (CISQ) estimates poor software quality collectively cost companies in the U.S. an estimated $2.08 trillion in 2020.

Wi-Fi-6E is coming in 2021

January 9th, 2021

Many of this year’s new phones, laptops, TVs, routers, and more will come with support for Wi-Fi 6E,

Wi-Fi 6 and previous generations of Wi-Fi use the 2.4 GHz and 5 GHz radio bands. A “Wi-Fi 6E” device is one that is capable of also operating on the 6 GHz band,

This new upgrade to Wi-Fi is like expanding your wireless connection from a two-lane road to an eight-lane highway. It’s the biggest upgrade to Wi-Fi in 20 years, and connections should be faster and a lot more reliable because of it.

The Wi-Fi Alliance, is starting to certify the first wave of products with support for Wi-Fi 6E. Phones, PCs, and laptops with support should reach the market in the first months of 2021, according to the IDC research group, and TVs and VR devices with support are expected to arrive by the middle of the year. Intel announced that it will have WI-Fi 6E chips available in January 2021, The new Snapdragon 888 processor chip includes support for Wi-Fi 6E so it should be present in many of this year’s top Android phones. It’ll be some time before most new devices are shipping with Wi-Fi 6E, even by the start of 2022, IDC only expects 20 percent of shipping Wi-Fi 6 products to also support Wi-Fi 6E.

Wi-Fi 6E devices will be backward compatible with Wi-Fi 6 and previous Wi-Fi standards. But, to take advantage of those new 6 GHz channels in Wi-Fi 6E, you’ll need to be using devices that support it. In other words, you’ll be using Wi-Fi 6E once you pair a Wi-Fi 6E-enabled client device (like a laptop or smartphone) and a WI-Fi 6E-enabled access point. With Wi-Fi 6 devices and a Wi-Fi 6E-enabled router, none of your devices will communicate over Wi-FI 6E. They’ll all be using Wi-Fi 6 on the typical 5 GHz or 2.4 GHz channels.

Wi-Fi 6E relies on a huge expansion of the wireless airwaves available to consumer devices .Existing Wi-Fi devices operate on two spectrum bands, 2.4GHz and 5GHz. Wi-Fi 6E adds a third — 6GHz — and there’s a lot more of it, thus quadrupling the total amount of airwaves used for typical Wi-Fi. We can have larger, higher-speed connections, and the airwaves are less likely to be congested. In an apartment building, for instance, your neighbors’ Wi-Fi networks might interfere with your own. With Wi-Fi 6E, there’s a lot more bandwidth to go around, so there’s less of fighting over the exact same airwaves.

Though the US has approved use of 6GHz airwaves, communications regulators in other countries also need to approve the spectrum for Wi-Fi use, The UK, EU, South Korea, Chile, and United Arab Emirates have all given a green light on allowing 6GHz usage for Wi-Fi, while regulators in Brazil, Canada, Mexico, and Japan are among others where progress is being made.

Ransomware that is Devastating MySQL Servers – be aware

December 29th, 2020

PLEASE_READ_ME is an active ransomware campaign that has been targeting MySQL database servers and dates back to at least the start of this year. The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers. There are close to 5M internet-facing MySQL servers worldwide.

MySQL servers have often been used as a low cost alternative for applications like Dynamics Ax Retail store databases.

250,000 databases are offered for sale in the attackers’ dashboard, from 83,000 successfully-breached victims.

If you are using MySQl databases then we strongly recommend that you immediately review your credentials security and reference the link above.

Rampant security attacks – be aware

December 18th, 2020

Cyber criminals have been relentless this year. Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks all occurred over 2020. Remote workers account for up to 20% of cybersecurity incidents, and ransomware is on the rise,

This month alone ahs seen amjor breaches:
Leonardo SpA: Italian police arrested suspects believed to have stolen up to 10GB in sensitive corporate and military data from the defense contractor.
Flight Centre: A 2017 hackathon launched by the company was found to be the source of a leak involving credit card records and passport numbers belonging to close to 7,000 people.
Vancouver TransLink: A ransomware attack disrupted Compass metro cards and Compass ticketing kiosks for two days.
Absa: A rogue employee at the South Africa-based bank is thought to be responsible for the leak of personally identifiable information belonging to customers.
HMRC: The UK tax office was branded ‘incompetent’ due to 11 serious data breaches impacting close to 24,000 people.

Microsoft Warns Of New Malware That Wants To Infect Your Browser: Security experts at Microsoft have been tracking a new malware campaign that’s targeting Windows computers. It’s already claimed tens of thousands of victims and hijacked their web browsers.
Earlier this month Microsoft issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users

On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security posture of their customers. According to FireEye, the hackers now have an influential collection of new techniques to draw upon.

FireEye, last week also said it had discovered a “global intrusion campaign” that it called “widespread” in a blog post published Sunday evening. “The actors behind this campaign gained access to numerous public and private organizations around the world,” FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST.
The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.”

The U.S. Commerce Department on Sunday confirmed a security “breach” at one of its bureaus, and said federal authorities are investigating.
Reuters, the news agency first reported the hack, and cited sources who said the U.S. Treasury Department was also breached, and that hackers may have broken into other government agencies as well. The sources told Reuters that hackers may have been able to monitor staff emails at the agencies for months. And also Reuters reported that the affected bureau at the Commerce Department was the National Telecommunications and Information Administration. Subsequently the US issued an emergency warning that “nation-state” hackers hijacked software used by almost all Fortune 500 companies and multiple federal agencies to gain entry to secure IT systems.”

On Sunday the Washington Post reported that the attack had been traced to Russian state-backed hacking groups.

Its important that organisations are aware of the threats and have appropriate safeguards, polices and training. in the event of a breach its also important to have clearly defined policies of how to respond -its not just about dealing with the threat but also the consequences. For example Ireland’s Data Protection Commission fined Twitter €450,000 (~$550,000) for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union’s General Data Protection Regulation (GDPR) and to adequately document it.

To cap it all Avast announced this week that more than three million Internet users have installed 15 Chrome plug-ins and 13 Edge plug-ins that contain malicious code, .

These add-ons contain code that can redirect user traffic to ads and phishing sites, collect personal information such as birth dates, email addresses, and active devices, collect search history, and download other malware to the user device., Avast researchers believe that the primary goal of this campaign is to redirect user traffic for money.

Avast said that it discovered the add-ons last month and found evidence that some of these have been active at least since December 2018, when users first started reporting problems with redirection to other websites.

Jan Rubin, a malware researcher at Avast, said they could not determine if the extensions contained malicious code from the beginning or if the code was added by an update when each of them reached a certain level of popularity. Many add-ons have become very popular, with tens of thousands of installations. In the case of most , this is achieved by presenting these as add-ons that can help users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo or Spotify. Avast said that both Google and Microsoft reported their findings and that both companies are still checking the add-ons.

Two days after Avast released its findings,: Google has removed all 15 Chrome add-ons that Avast has found to contain malicious code, while most Edge add-ons are still available for download. Only Pretty Kitty, The Cat Pet and SoundCloud Music Downloader have been removed.

Below is a list of Chrome add-ons that Avast said contain malicious code:

Direct Message for Instagram

DM for Instagram

Invisible mode for Instagram Direct Message

Downloader for Instagram

App Phone for Instagram

Stories for Instagram

Universal Video Downloader

Video Downloader for FaceBook™

Vimeo™ Video Downloader

Zoomer for Instagram and FaceBook

VK UnBlock. Works fast.

Odnoklassniki UnBlock. Works quickly.

Upload photo to Instagram™

Spotify Music Downloader

The New York Times News

Here’s a list of Edge plug-ins that contain malicious code:

Direct Message for Instagram™

Instagram Download Video & Image

App Phone for Instagram

Universal Video Downloader

Video Downloader for FaceBook™

Vimeo™ Video Downloader

Volume Controller

Stories for Instagram

Upload photo to Instagram™

Pretty Kitty, The Cat Pet

Video Downloader for YouTube

SoundCloud Music Downloader

Instagram App with Direct Message DM

Endpoint security against cybercrime – 7 key questions

December 17th, 2020

7 Vital Questions to Ask

Endpoint security has never been more important, more complex—or more challenging— than it is today. Given the multitude of solutions and of vendors , it is very difficult to sort through all of the competing claims to find what’s truly effective.

1. Will this solution run on all the devices in my environment?
2. How long will deployment take?
3. What will the members of my team need to know or learn in order to work with this platform
4. What types of preventative controls are in place?
5.From where does the vendor get its threat intelligence?
6. How does this solution integrate with incident response workflows? 7 Is 24×7 professional support available from the vendor?
7. Can this solution be integrated with other security services, products, or platforms from the same vendor to reduce costs and complexity?

Why Comodo?- Zero Percent Infection and Breaches for Customers

Comodo offers the only cybersecurity that stops undetectable threats.
Cloud-native cybersecurity with auto-containment stops ro-day threats that AI, ML, & other technologies miss.


Historical s scores and statistics from millions of endpoints on thousands of different networks of enterprise customers. It shows zero percent infection and breaches.

With Comodo you can “Protect without Detection.” The cloud-native framework delivers you zero day protection against undetectable threats while defending your endpoints from known threat signatures. Automatic signature updates simplifies deployment across your entire environment to lower operational costs

Contact us about Advanced Endpoint Protection 0097143365589

Dynamics 365 Supply Chain – Ask Synergy Software Systems – Dubai

December 16th, 2020

“Supply Chain Management” is one of the “Dynamics 365” business applications.
It is known as part of “Microsoft Dynamics 365 for Finance and Operations” which was separated into two different applications to achieve more flexible pricing and licensing.

To learn more about how to build resilience with an agile supply chain see more videos here:
https://dynamics.microsoft.com/en-us/supply-chain-management/overview/ e.g.
Resolve product quality issues and accelerate time to market
Accelerate innovation and respond quickly to quality issues, changing customer specifications, and obsolete parts to ensure compliance and mitigate delays.

Gain planning agility to fulfill customer demand
Predict demand using AI and deliver products on time by planning supply and production in near real time, ensuring the right resources are in the right place.

Optimize inventory and logistics
Improve delivery by using predictive analytics to optimize and automate inventory, warehousing, fulfillment, material sourcing, and supply chain logistics.

Maximize asset uptime and lifespan

Reduce equipment downtime, improve overall equipment effectiveness (OEE), and maximize longevity by performing proactive maintenance.

Innovate with intelligent manufacturing operations
Build agile factories and manufacturing processes with predictive technologies, IoT, and mixed reality to improve throughput, quality, and delivery while reducing costs.

Dynamics 365 Finance and SCM November 2020 wave 2 updates

November 22nd, 2020

Microsoft has announced some major productivity improvements in the Accounts Payable space for Dynamics 365 Finance. Below are the top 3 features from this list:

Match product receipts to invoice lines with 3-way match policy:
We may often receive an Invoice before receiving the goods but AP processors expect these invoices to be matched to the receipts automatically . With this new feature, AP users can have the invoices created and these invoices can be matched automatically to a receipt, for a 3-way match line. More details about this feature here: https://docs.microsoft.com/en-us/dynamics365-release-plan/2020wave2/finance-operations/dynamics365-finance/vendor-invoice-automation-match-product-receipts-invoice-lines-that-have-three-way-matching-policy

Pre-validate vendor invoice posting:
Microsoft is extending this to Vendors Invoice that are related to Purchase orders.
This will allow AP Processors to validate before the posting and resolve any issues that are present. I
This provide a hook for developers to use this feature for pre-validations for integration or vendor invoice automations that may be developed.
More details about this feature here: https://docs.microsoft.com/en-us/dynamics365-release-plan/2020wave2/finance-operations/dynamics365-finance/vendor-invoice-automation-pre-validate-vendor-invoice-posting

Tracking the invoice received date
:
Vendor aging helps to determine how prompt you are in paying vendors/suppliers, which is a crucial measure for a trust relationship. However, business also need to track the progress of an invoice and , invoice received date as field is now included as start point for tracking. For invoices that are automated or imported, this can be included in the schema. For manually entered invoices, this can be specified while keying in the invoice. Businesses can use Power BI to track the trends the progress of the invoices from the point of arriving to the point of payment.
More details about this feature here: https://docs.microsoft.com/en-us/dynamics365-release-plan/2020wave2/finance-operations/dynamics365-finance/vendor-invoice-automation-tracking-invoice-received-date

New Feature: Asset leasing

• Customers can more easily comply with accounting standards for ASC 842/IFRS 16
• Automats complex lease calculation of a lease’s present value
• Automatically classify the lease as either operating or finance, or as a short-term lease or low-value lease
• Centralizes the management of lease information

New Feature: Automatic collection task creation
• Automatically create collection tasks that are based on rules
• Define rules that are based on invoice attributes including payment prediction, due dates, and amounts due

New Feature: Touchless email reminders to customer
• Automatically notify your customers via email with a reminder that an invoice is past due
• Contains overdue invoice information based on email templates

New Feature Generate the trial balance with transactional detail report
This feature lets you generate a trial balance with transactional detail. The transactional detail provides information such as the transaction date, voucher number, and transaction description. This report was available in AX 2012 and now it is available in D365The report includes opening balances, debit or credit amount, a running balance, and the resulting ending balances for a given date range. The report can also be run to include pending ledger transactions, providing a provisional report for analysis of how unposted transactions will impact account balances.
This is available form Version 10.0.13 (Update 37) – Enable the feature through feature management

Dynamics 365 Supply Chain Management obtains a unified view of inventory, warehouse, manufacturing, service, and logistics with predictive analytics.

New Feature: Vendor RFQ search by procurement category
• Easier for vendors to find relevant RFQs to bid on
• Vendors find open requests for quotations (RFQs) based on their procurement category

Dynamics 365 Guides for Manufacturing
Deliver mixed-reality, holographic step-by-step instructions for production processes using Dynamics 365 Guides.
Setup the guides parameters and then define the guides, then the worker can use their HoloLens to scan the QR code and the guide will get launched.

To configure how Guides appear on the shop floor, go to Mixed Reality > Dynamics 365 Guides > Configure Guides integration.
Attach guides to various aspects of production control like Resources ,Resource groups, Released products, Formulas, Routes, Route versions. etc.
When a worker opens a job list on the shop floor execution interface, Supply Chain Management finds the relevant guides for the jobs shown. Use the Guides button to view the relevant guides.
Put on a HoloLens and access the respective guide by glancing at the QR code and activating the respective Guide.

New Feature: Extend analytics capabilities with new time-tracking entities.
• Provide easy access to product usage analytics that enable Dynamics 365 Guides to be part of the larger enterprise ecosystem
• Leverage product usage information for use cases that extend beyond the current Power BI template

Dynamics 365 Project Operations unifies operational workflows to provide the visibility, collaboration, and insights needed to drive success across
teams.

New Feature: Create project invoice proposals by funding source from the periodic area
• Create project invoice proposals by selecting the customer account associated with funding sources
• Creates multiple project invoice proposals regardless of the number of project contracts where the customer is a funding source

Project type will be moved to the contract line.
Project group will become optional
The setup related to tracking of work in process and revenue calculation will be moved to a new entity – Project revenue profiles.
The project revenue profile rules will determine which project revenue profile to use.
Internal projects will be projects without a contract and only costs will be tracked.

Test this in SBOX environment – these should be enabled only when using synchronous integration with the Common Data Service.

New Feature: New Invoice summary page available from Project invoice proposals and Project invoices list pages
• Add additional information on the Project invoice proposals/list pages determines what documents to process for a single customer
• Add an Invoice summary to the Project invoice proposals and Project invoices list pages

New Feature: Public sector – Project invoice proposal selection parameter by funding source
• Create any number of project invoice proposals, regardless of the number of project contracts the customer is a funding source for
• Creates project invoice proposals by selecting the customer account associated with funding sources

(Preview) Vendor invoice automation :
The automation processes can be used to perform these tasks:
· Automatically submit imported invoices to the workflow system.
· Match product receipts to pending vendor invoice lines.
· Simulate posting before a vendor invoice is posted.
· Quickly and efficiently view workflow history.
· View and analyze the results of automating vendor invoice processing.

Dynamics 365 Dubai partner Synergy Software Systems

November 12th, 2020

There is much talk about digital transformation but what does it mean for your company?
For selected Enterprise clients we work with Microsoft to deliver curated workshops to ‘inspire-quantify-empower- achieve’

Further to our recent seminar contact us now to avail of free upgrade and migration reviews to Dynamics 365 Finance and Supply Chain

Synergy Software Systems is the oldest Dynamics. partner in the EMEA region and has implemented solutions on Axapta 2.3 Axapta 3 Dynamics Ax4, Ax 2009, Ax2o12, Ax2012 R2, Ax2012 r3, and of course Dynamics 365.

We have also implemented every version of Dynamics CRM since version 3.

As Microsoft partners we also implement and support Office 365 and Microsoft365 . Exchange server, Teams, and the azure stack

We also have a practise for Power Bi/Power Apps/Power Automate, so we are able to help you to fully leverage the entire Dynamics 365 platform.

To take your business on the first step into the cloud with Dynamics call us: 009714 3365589

Massive increase in cybercrime.

November 6th, 2020

Disturbing increase in cyberthreats in the second quarter of the year, more than 400 new cyberthreats were recorded every minute, according to a new report from cybersecurity firm McAfee. Nw malware samples also grew by 11.5 percent for the period.

PowerShell malware and Covid-19-themed attacks dominated the landscape. Malicious Donoff Office document attacks propelled new PowerShell malware upwards by 117 percent. The documents behave as TrojanDownloaders by using Windows Command to launch PowerShell, which then downloads and executes malicious files.
McAfee claims Donoff also played a “ critical role” in driving the 689 percent surge in PowerShell malware in the quarter prior to this one.

Covid-19 was another theme exploited by cybercriminals in the second quarter of the year. McAfee’s network, boasts more than a billion sensors, and registered a 605 percent increase in Covid-19-related attacks compared to Q1.

“,,,,,,,,, a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on Covid-19 as an entry mechanism into systems across the globe,” said Raj Samani, McAfee Fellow and Chief Scientist.

McAfee said there were almost 7.5 million external attacks on cloud user accounts in the quarter. According to the firm, all major industries were affected, including: financial services, healthcare, public sector, education, retail, technology and more.

In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. ther ransomware operations, who began to create data leak sites used to publish victims’ stolen files.As part of this double-extortion tactic, most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen files.Some ransomware operations, like AKO/Ranzy, demand two ransom payments, one for the decryptor and another not to publish stolen data.

In the recently released Coveware Q3 2020 ransomware report r we learn that some ransomware gangs do not keep their promise to delete stolen data after a ransom is paid. Certain groups are leaking stolen data after a ransom was paid, using fake data as proof of deletion, or even re-extorting a victim using the same data that was paid not to be released.

Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.

Netwalker: Data posted of companies that had paid for it not to be leaked

Mespinoza: Data posted of companies that had paid for it not to be leaked

Conti: Fake files are shown as proof of deletion

Unlike a ransomware decryptor, which a threat actor can’t take away once given, there is no way for a victim to know for sure if a ransomware operation is deleting stolen data after a ransom payment is made. Due to this, Coveware says that it does not make sense to pay a ransom as there is no way to know for sure it will not be used to extort you further in the future. With this in mind, Coveware tells victims to expect the following even if they do decide to pay, so their data is not released:

– The data may not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or held for a second/future extortion attempt

– Stolen data custody held by multiple parties and not secured. Evenwhenf the threat actor deletes a volume of data following a payment, other parties that had access to it may already have made copies so that they can extort the victim in the future

- The data may get posted anyway by mistake or on purpose before a victim can even respond to an extortion attempt

Companies should automatically assume that their data has been shared among multiple threat actors and that it will be used or leaked in some manner in the future, regardless of whether they paid. They should treat the attack as a data breach and properly inform all customers, employees, and business partners that their data was stolen as required by law.

Doing this may b e embarrassing and painful but at least the companies look better for trying to do the right thing and gives those who were exposed the ability to monitor and protect their accounts from fraud.

A recent example of such an attack is Campari Campari Group an Italian beverage company known for its popular liquor brands, including Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier. It was recently hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files was allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.

As proof that they stole data, the ransom note contains eight URLs to screenshots of some of the stolen data. These screenshots are for sensitive documents, such as bank statements, a UK passport, employee U.S. W-4 tax forms, a spreadsheet containing SSNs, and a confidentiality agreement.

Ragnar Locker claims to have encrypted most of Campari Group’s servers from twenty-four countries and are demanding $15,000,000 in bitcoins for a decryptor. This price also includes a promise to delete data from their file servers and not publish or share the data, as well as a network penetration report and recommendations to improve security.

Ragnar Locker has been involved in other large attacks this year, including ones on Portuguese multinational energy giant Energias de Portugal (EDP) and French maritime transport and logistics company CMA CGM.

We advise all companies to regularly review and update their security policies, training and cyberdefence solutions.
Ask us about end point solutions or consider whether managed cloud hosted systems is preferable.

009714336589

Power Bi- October Server update, discounted Synergy training, and end of support for PBi on Windows 7

November 6th, 2020

After 10 years, support for Windows 7 ended on January 14, 2020. In line with this, Microsoft will stop support for Power BI Desktop on Windows 7 on Jan 31st 2021. After that, Power BI Desktop will only be supported on Windows 8 or later version.

The January 2021 release of Power BI Desktop Optimized for Report Server will be supported in accordance with the Modern Lifecycle Policy i.e. supported until the next release (currently scheduled for May 2021), after which it will only receive security updates until January 2022, after which support will stop.

As always there were many enhancements to Power BI Report Server in the latest monthly update (October 2020)

Reporting

Modern ribbon
Canvas watermarks
Total labels for stacked visuals
Added general visual option to maintain layer order
Gradient legend
Relative time filter
Slicer improvements
New options for expand/collapse icons
Icons now scale with font size
Ability to customize indentation for child items
Ability to further customize slicer header text
Mobile authoring enhancements
New phone emulator
Updated visualization pane
Support for overlaid visuals
Bookmark available in the Mobile layout view
Turn off gridlines and snap to grid
Visualizations

Line chart dot formatting options
Modeling

Enhanced Dataset Metadata
Performance improvements to IF and SWITCH functions
Support for Excel financial functions
Model view enabled for live connect
Updates to Model view
Data preparation

Automatic Table Detection from Excel files
Automatic Table Detection from JSON files
Global option to disable automatic type detection
Other

Export data source to PBIDS in Power BI Desktop
Desktop splash screen dismiss

To learn more about Power BI there is still time to join our discounted webinar introduction course on 14th November – $100

contact us for details: 0097143365589

Dynamics 365 Finance and SCM upgrade and migration offer from Synergy Software Systems

November 4th, 2020

Over 60 companies tuned into our Webinar with Microsoft last week about the benefits of Dynamics 365 cloud and the upgrade or migration journey.
Note that the special subscription offer incentive, and free uggrade assessments are only available till year end, for a limited number of applicants and first come first served basis . There were also additional discounts offered by Synergy Software Systems till end November 2020.

Some of the reasons for upgrade include:

As of October 2021, Microsoft will no longer support Dynamics AX 2012 R3. That’s not so far away, and now is the time for remaining AX 2009 and 2012 users to move to a new ERP (Enterprise Resource Planning) solution. Such a project will seem daunting, but Microsoft Dynamics 365 Supply Chain & Finance Management will be your last and best upgrade.

An immediate reason Dynamics AX users who have a current Microsoft Dynamics annual enhancement plan to choose Microsoft Dynamics 365 at this time is that can currently receive an intial discount on the Dynamics 365 cloud subscription.

Contact us today to learn more. Keep reading to find out why we think you’ll love Microsoft Dynamics 365.

Advantages of the Microsoft Cloud
When you move from on-premise Dynamics AX to the Dynamics 365, its more than an update of patches or even an upgrade of features. It’s a paradigm shift to compete in the modern digital economy. Dynamics Ax 2was always very versatile and could be customised to meet your specific needs. However that flexibility came at the cost of upgrades to a later version. There might be statutory changes such as introduction of Vat or Revenue recognition, or patches need to fight cybercrime, or business expansion that outgrow existing features and hardware. However the significant challenges, of upgrade constrained the business from making timely ‘agile’ changes.

Additional complexity arose to update integrations, ISV modules and specialist reports, and integrations. With Dynamics 365 Finance & Supply Chain
Management on the Microsoft Cloud, – you will continuously update. The updates are automatic, performed in the background, immediately available, and accommodate your customizations and integrations. You’ll be able to lower your ERP costs, while always benefiting from the latest innovations Microsoft has to offer.

Apps in the Microsoft app store will deploy rapidly without worry about code conflict.

Seamless remote connectivity
Cloud-based solutions such as Dynamics 365 Finance & Supply Chain Management allow out-of-the-box mobile access and anytime, anywhere connectivity. Empower your teams to do their jobs even while working remotely. Give them access to the information and processes they need, whether working from home, on the road, or in the field. Seamless operations provide increased user and customer satisfaction, and increase efficiency.

Built-in disaster recovery
The pandemic and recent natural disasters have shown us that calamity can strike without warning and affect any business. Locating your information and processes in Microsoft’s secure Cloud gives you high-performance, remote access to all your ERP data and processes.
It also guarantees built-in disaster recovery for your organization. You’ll be able to be up and running even if you can’t get to the office. Your information will be secure from both physical disasters and cyberattacks.

Easier integrations
Dynamics 365 Finance & Supply Chain Management is built on a Common Data Service, which connects, ERP, Power Platform (including Power BI) and all the other Microsoft business productivity tools such as Microsoft 365. That enables all of those programs to work together seamlessly. Send and receive data, build workflows, automate processes, and create custom functionality. Your teams will be connected using processes with which they are familiar.

Lower IT costs
A cloud-based solution eliminates the expense of owning and maintain on-premises hardware.
- Hidden but significant savings Include” SQL licenses and support, Windows Server licences, Anti malware software for servers, back up software.
- Save on server room costs for space, electricity, and IT resources.
- No additional BREP charge,

Enhanced performance
The Microsoft Cloud guarantees high performance and ongoing improvements.
Your environment is primarily managed and maintained by Microsoft.
You will never again have the expense of upgrading servers, buying extra data storage, and paying for external hosting. All that will be covered as part of your Dynamics 365 subscription.

Stronger Security
Microsoft’s cloud platform has unparalleled security to safeguard your data.
Dynamics 365 Finance & Supply Chain Management has built-in, role-based security features such as Segregation of Duties (SODs).
Count on Dynamics 365 Finance & Supply Chain Management to support your compliance efforts and meet all your security requirements.

Innovations
Such as AI, virtual agents, connected field service, and more
Advanced tools such as machine learning, artificial intelligence, virtual agents, and connected field service were once out of reach for mid-sized company. Now with Dynamics 365 Finance & Supply Chain Management, you too can leverage the latest technology advancements to unlock new opportunities and gain a competitive edge

Contact us on 0097143365589

Important considerations for a ransomware attack

October 31st, 2020

This post contains general information only offered in good faith and cannot consider every customers’ environment or risk. Synergy Software Systems is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, consult a qualified professional advisor. You acknowledge that Synergy Software Systems shall not be responsible for any loss sustained by you or any person who relies on this publication.

If your network experiences a ransomware attack, then it is likely that your IT staff will want to immediately research and work to stop the attack before they get assistance from an outside incident response firm. This guidance is to help you to prepare your strategy, policies and and responses procedure and checklists to aid your first responders to identify important response priorities for containing a ransomware attack and to avoid common pitfalls that can hinder later investigation and recovery activities.

• Notify your incident response partner and cyber insurance agent (if you have these relationships in place).
• Be aware of any statutory and legal or contractual requirements e.g. to notify authorities, or trading partners relying on your services or integrated systems perhaps with SLAs and financial penalties, or perhaps GDPR related.
• Stop any malicious encryption software that may still be running.
• If you suspect servers and workstations are still encrypting data, power down as quickly as possible to reliably stop further encryption.
• If continued encryption is not a concern on a system, leave the system powered on but disconnect it from the network (as RAM may contain forensic data).
• Disconnect network attached storage (NAS) systems from the network immediately and until you can validate that all systems are free of ransomware.
• Isolate critical systems to prevent further spread of the malware.
• Isolate backups and backup servers.
• Shut down servers or disconnect them from networks.
• Shut down wide area network tunnels.
• Disable any employee remote access services that do not use multi-factor authentication (MFA).
• Disable VPNs or whitelist source IPs to known employees.
• Disable Remote Desktop Protocol (RDP) services or whitelist source IPs to known employees.
• Disable existing domain administrator accounts.
• Create new domain administrator accounts for critical IT staff.
• Disable all other domain administrator accounts (to prevent logins and use of issued Kerberos tickets).
• Disable malware command-and-control channels.
• Disable outbound web traffic.
• Disable all other outbound services/protocols through the firewall.
• Collect and retain logs that are not already in a centralized archive.
• As Windows security event logs can by default be overwritten within days, copy the folder c:\windows\system32\winevt\logs from any domain controllers, RDP servers and other key impacted servers to a safe place.
• Since many firewall logs and VPN are also overwritten quickly, work to export VPN access logs and firewall traffic logs to a safe place.

DEVELOP A RECOVERY STRATEGY
At this point evaluate and develop an investigation and recovery strategy. Examples of key next steps include:
• When needed, completing contracting with a legal firm and/or incident response firm
• Determining the state of storage systems and status of online and offline backups
• Creating an inventory of impacted systems
• Prioritizing applications for recovery
• Creating an inventory of sensitive or high-risk data that could have been stolen
• Evaluating potential risk to cloud email accounts or other cloud services

PITFALLS TO AVOID
In the case of an incident, your organization will want to avoid the following.
• DESTROYING CRITICAL DATA
Many times, IT staff may delete encrypted files or impacted virtual machines to free space for recovery, only to learn that the associated backups are missing or corrupt. Be sure to retain copies of all encrypted or impacted files and systems until after backups are validated and restores are complete, even if it means you have to slow down recovery to add temporary storage and copy potentially unneeded data.

• DESTROYING EVIDENCE
Deleting files or virtual machines, or performing other recovery activities before taking steps to preserve disk images, logs and other evidence, can destroy artifacts that could be used later to help tell the story of how the attacker got in and what data they stole.

• OPTIMISTIC ASSUMPTIONS
There is often a tendency to underestimate an attacker early on and to assume that it is unlikely that the attacker accessed some critical system or set of sensitive data. Perhaps because of a belief that the data would have been too hard to find or too difficult to extract. The organization, may then base its decisions about investigation and notification activities on these optimistic assumptions.

• LEAKING INFORMATION TO THE ATTACKER
Be aware that the attacker may be monitoring your communications during and after the attack. For example, don’t disclose your insurance policy’s ransom coverage limit in a public board meeting discussing the community’s response options, or the attacker will increase their demand to match the policy limit. Social media comments by staff may worry your customers. So, consider also how you will handle communications to your trading partners.

As cybercrime becomes ever more targeted and resourced ensure you have a strategy in place- just in case. Review the security tools you use. Define policies and ensure they are followed for example:
• use of secure regularly changed passwords, or dual authentication passwords
• back ups
• training of new users, and refresher training

Install and use security systems e.g.
• Physical access controls
• Firewalls,
• Anti-malware tools
Consider whether cloud migration or managed services are a better option.