Archive for May, 2019

Addressing WannaCry risks in your organization

May 30th, 2019

WannaCry—the most damaging cyberattack of 2017—continues unabated, with at least 3,500 successful attacks per hour, globally, according to research published by security firm Armis on Wednesday.
The research estimates that 145,000 devices worldwide continue to be infected, noting that “a single WannaCry infected device can be used by hackers to breach your entire network.”

The primary reason WannaCry persists is an abundance of unpatched Windows versions across healthcare, manufacturing, and retail sectors— a “large number of older or unmanaged devices which are difficult to patch due to operational complexities,” Ben Seri, research vice president at Armis, wrote in a blog post. The number of active Windows 7 (and older) installations across those sectors exceeds 60%,

This is in large part a vendor issue, because these industries rely on third-party hardware with poor lifetime support. There are operational reasons to hold on to old and unsupported Windows devices. Manufacturing facilities rely on the HMI (Human-Machine-Interface) devices that control the factory’s production lines. HMI devices run on custom built hardware, or use outdated software, that hasn’t been adopted to the latest Windows.

In healthcare organizations, many of the medical devices themselves are based on outdated Windows versions, and cannot be updated without complete remodeling.

In retail environments, the Point-of-Sale devices are the weak-link, based on custom hardware, which is late to receive updates if at all.

This is a particularly pressing issue, with the pending end-of-support for Windows 7 in January 2020. This which will serve to further complicate the security posture of many enterprises, especially as other “wormable” vulnerabilities are discovered, such as BlueKeep, which prompted Microsoft to provide patches for Windows XP and Server 2003 due to the potential risk the vulnerability posed.

The WannaCry attack had the potential of being much more damaging than it could have been, though for affected organizations, the damages were quite severe—the NHS reported losses of £92 million ($116 million).

Security researcher Marcus Hutchins, discovered a kill switch domain name in the program that was unregistered by the authors. When WannaCry executes, if the domain resolves, the program exits. While this bought additional time for defenses, WannaCry was reported as “stopped,” which may have lowered concern about the attack. Days later, a variant lacking a kill switch was discovered.

An analysis by GCHQ’s cybersecurity division identified the authors of WannaCry as the Lazarus Group, a North Korea state-sponsored threat actor, also responsible for the 2014 Sony Pictures hack. The US, Australia, New Zealand, Canada, and Japan have criticized North Korea for their involvement in the attack, according to ZDNet.

WannaCry is built on top of a pair of exploits called EternalBlue and DoublePulsar, which were released by an organization called The Shadow Brokers on April 14, 2017. The exploits were originally developed by the NSA Office of Tailored Access Operations and CIA Information Operations Center. The weaponization—rather than responsible disclosure—of those underlying exploits created an opportunity for the WannaCry attack to be waged.

, Microsoft president and chief legal officer Brad Smith condemned the “stockpiling of vulnerabilities by governments,” noting that “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” and “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

To reduce potential risks from WannaCry patch your devices. That requires IT professionals to know that the devices exist. “Without the proper control and monitoring of devices and networks, organizations are bound to lose track of both,you must maintain a continuous asset inventory of all devices, and monitor your network for unknown, suspicious, or misplaced devices connected to it.”

Enhancements to the production order release process in Dynamics 365 for Finance and Operations

May 30th, 2019

When you release a BOM or formula line to the warehouse, the system first determines whether material is already available at the production input location on the shop floor where the material will be consumed for the production process.
• If the material is available at the production input location, then it’s picked from that location immediately after the signal is given for the release of material to the warehouse.
• If the material isn’t available at the production input location, then the material release indicates that material must be moved from locations in the warehouse to the production input location. The material is moved via warehouse work for raw material picking. Therefore, warehouse processes for raw material picking must be configured. For more information, see Replenishment and Control warehouse work by using work templates and location directives.

Configure the release of BOM and formula lines so that it occurs as part of the release of a production order or batch order. Alternatively, control the release either by a batch job or as a manual interaction.

The method that is used to release BOM and formula lines is controlled by the Production line release parameter. You can find this parameter at Production control > Setup > Production parameters.

If you release materials by using the On production order release parameter setting, then when you do a manual release, you have two options for controlling the material release:
•Release material per operation number.
•Release material in proportion to the amount of finished goods. You can release raw material for a partial quantity of finished goods . For example, a production order is created and scheduled for 1,000 pieces (pcs.). The shop floor supervisor is planning the production of 100 pcs. for the next shift and wants to release materials only for that shift. In this case, the supervisor can use the Quantity field to release materials for the 100 pcs. that are planned for the next shift.

•To release raw material in a specific unit, select Production control > Production orders > All production orders, select a production order, and then, on the Warehouse tab, select Release to warehouse. Then use the Unit field to select the unit of the finished good to release material in. The units that are available are defined in the unit sequence group ID of the finished good.

Major SQL updates don’t skip – SQL Server 2016 SP2 CU7 and SQL Server 2017 CU 15

May 26th, 2019

This week, Microsoft released two major updates.

SQL Server 2016 SP2 CU7 has multiple fixes including:

• Filtered index corruption
• Access violations in sys.dm_exec_query_statistics_xml, sys.dm_hadr_availability_replica_states, sys.availability_replicas, sys.dm_db_xtp_hash_index_stats, sys.fn_dump_dblog, sys.dm_db_xtp_checkpoint_files
(I.e. if you monitor your servers, which you should, then you should apply this CU to avoid problems caused by the monitoring tool’s queries)
• AG failover fails
• Incorrect query results on columnstore indexes, and also this

SQL Server 2017 CU 15 has even MORE fixes, read the full list. https://support.microsoft.com/en-us/help/4498951/cumulative-update-15-for-sql-server-2017

Note also, that from SQL Server 2017, the Analysis Services build version number and SQL Server Database Engine build version number do not match

There are some CUs you might be tempted to skip because they don’t affect you. These releases will affect a wide range of features and you should plan to apply these sooner than later.

Dubai F@B – calorie content menus, and QR codes to choose safe hygenic food,

May 24th, 2019

Dubai: Food establishments in Dubai should declare in their menus the calorie content of all ready-to-eat food items, Dubai Municipality has said in a circular last Saturday.

The new rule is applicable to restaurants, cafeterias and cafes with more than 5 branches from November.

All other restaurants, catering establishments and hotels should implement it in the second phase in January 2020, the civic body said in a press release on Saturday.

There are more than 18,000 food businesses in various categories according to Dubai Municipality.

.On Sunday a new QR Code system was also launched by the Dubai Municipality which will allow you to choose food based on hygiene and safety in Dubai-based food outlets. Under this system, Dubai’s Food Safety Department will issue smartphone-readable codes to food outlets through its “Food Watch” digital platform. It will be mandatory for food outlets to display the QR codes in their premises as and when they are issued one.

In the next phase, people will be able to see what kind of a license is issued to an outlet. So, if somebody is making cakes or taking up catering services, you can ask for the code and find out if they are licensed to do it. Accessibility, location, web address, contact details etc. are the other details of food outlets available through QR code scanning. Dubai Municipality’s hotline number to register complaints 800900 is also shown.

If you need a proven software solutions for your F@B operations, then contact us.

General Availability of Unified Service Desk 4.1

May 22nd, 2019

Many new features.

https://blogs.msdn.microsoft.com/usd/2019/03/08/public-preview-of-unified-service-desk-4-1/

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/unified-service-desk/admin/whats-new-unified-service-desk-administrators?view=dynamics-usd-4.1

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/unified-service-desk/what-s-new-in-unified-service-desk?view=dynamics-usd-4.1

Unified Service Desk has an annual release cadence for the major version upgrades. Customers on Unified Service Desk 3.2 or a lower version, should plan to migrate to the latest/supported release of Unified Service Desk. Some features of earlier versions will be deprecated from earlier versions ofUnified Service Desk

Going forward, Unified Service Desk will support the last three releases (N-2 format). On the release of the next version of Unified Service Desk, the oldest supported version will be deprecated. For example, with the release of Unified Service Desk 4.2, Unified Service Desk 3.3 version will stand deprecated.1.) Unified Service Desk 3.2 and any lower versions

Hosted controls
• Hosted Control and Web Hosted Application of CCA Hosted Application
For the CCA Hosted Application type of hosted control, there are four types of Hosted App Type. Out of those, Hosted Control and Web Hosted Application are deprecated.

If you are using Hosted Control Hosted App Type of CCA Hosted Application, then use the USD Hosted Control type of hosted control.

Similarly, for Web Hosted Application Hosted App Type, use the Standard web application type of hosted control. The Web Hosted Application uses the paradigm of UII Web Application Adapter (UII action protocols) to talk and interact with Unified Service Desk. With the direction to use the Standard web application type of hosted control, use RunScript actions.

CRM Dialog hosted control
The CRM Dialog hosted control type is used to work with Dynamics 365 for Customer Engagement apps dialog. Microsoft is deprecating the CRM Dialog hosted control. As an alternative to Dialogs, use Business Process Flows or Canvas Apps.
In the Unified Service Desk, either use Unified Interface page ,or Standard Web Application type of hosted control. https://docs.microsoft.com/en-us/dynamics365/get-started/whats-new/customer-engagement/important-changes-coming#dialogs-are-deprecated

•Interactive Service Hub Page hosted control
The Interactive Service Hub Page hosted control is used to host interactive service hub forms within Unified Service Desk. Upgrade to Unified Interface forms and use the Unified Interface Page hosted control.

end-of-life for Dynamics Field Service (online) legacy versions by February, 2020

May 22nd, 2019

Last week Microsoft announced the retirement of all legacy versions (web client and mobile) of Dynamics 365 for Field Service (online) by the end of February, 2020. This change aims to provide all users access to the latest capabilities and improvements, and offer a better support experience.

All customers must update to Field Service version 8.x by February, 2020

These versions are impacted:
• Field Service web client versions 7.x and 6.x
Field Service mobile (2017) on all platforms including iOS and Android

Regular updates on these versions will continue until October, this year and Microsoft will continue to provide support until December, 2019.

This change does not impact Dynamics 365 for Field Service (on-premises) versions.

Most of the Recent improvements are only available in Field Service version 8.x onwards, so organizations using earlier versions are missing out on new capabilities such as:
• Improved scheduling experiences
• Improved IoT scenarios and enablement
• Multi-resource work orders
• Crew scheduling
• Pools
• Facilities-based scheduling
• Geo-fencing
• SLA improvements
• Entitlements
• and more…

Field Service 8.x has been available via opt-in on the insider portal (https://experience.dynamics.com/insider) since last August. There are significant changes to the user interface as part of the move to the Dynamics 365 Unified version. https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/about-unified-interface

Consider:
• Do not install this directly on your production environment. This upgrade should initially be done in a non-production environment with change management and release controls.
We don’t anticipate any breaking changes, but i test to ensure that no customizations are impacted by the upgrade process. Run the Solution Checker to assess potentially problematic customizations.
• Field Service version 8 relies entirely on the Unified Interface. All navigation is controlled by model driven apps.
Field service version 7 had significantly different navigation which will no longer be available when using Field Service.
• Field Service mobile in version 8 takes advantage of the new Field Service Mobile app and a new mobile project.

Use of previous project templates or mobile apps, including Field Service Mobile (2017) and Field Service Mobile (2016), on Field Service version 8 is not supported.

Plan to follow Microsoft’s detailed steps to build a derivative mobile project against the new project template and then move your mobile users to the new app.

• Update internal documentation and conduct internal training to manage the organizational impact of changes from the navigation, mobile app, and any potential functionality impacts discovered by testing or the Solution Checker.

• Once ready, enable on your production environments.

Note. There is a trials version. When Field Service is not installed on an org, then you can install the Field Service Trial from App Source. However, do not attempt this on an org with Field Service version 7 because this install will fail. It is blocked by Microsoft to protect organizations from accidentally upgrading to the latest version, without an understanding of the impact of this upgrade.

Micro-architecture data sampling a new security threat to chips

May 16th, 2019

To address a novel set of side-channel attacks that allow microarchitecture data sampling (MDS).
this week Intel released a set of processor microcode fixes, for operating system and hypervisor patches from vendors like Microsoft and those distributing Linux and BSD code

These side-channel holes can be potentially exploited extract information, such as passwords and other secrets, from memory it is not allowed to touch. Browser histories can be sniffed, virtual machines snooped on, disk encryption keys stolen, and so on.

MDS can expose sensitive data held in a processor’s internal buffers: store buffers, fill buffers, and load buffers. MDS samples snippets of data as opposed to grabbing it all at once – more like eavesdropping on privileged communications than breaking in. It’s not easy to target specific data or to differentiate valuable information from background noise. Chipzilla maintains the vulnerabilities are difficult to exploit outside of a laboratory environment.

However Tech Republic commented “MDS attacks are as pernicious a threat as Spectre and Meltdown, and like those security vulnerabilities, the extent to which devices are vulnerable depends on vendor (i.e., Intel vs. AMD) and product generation. These vulnerabilities also affect cloud computing services, as they can be leveraged by attackers to escape software containers, hypervisors, paravirtualized systems, and virtual machines.”

To make such attacks more efficient, an attacker might seek to have a targeted app running on the same physical core. on an adjacent thread from the malware so as to run load and flush operations repeatedly

Speculative execution is a shortcut used by modern processors to execute software instructions before they’re needed. That boosts performance but creates vulnerabilities – however those appear to be limited to Intel hardware; and have not been replicated on Arm or AMD-designed processors.
.
The researchers who identified the flaws argue that hardware fixes for the Meltdown vulnerability implemented in Whiskey Lake and Coffee Lake CPUs are not enough and that software-based isolation of user and kernel space – which comes with a performance hit – need to be enabled even on current processors.

Intel acknowledges there may be a performance hit due to the microcode fixes in some circumstances for some workloads.

- Whiskey Lake and Coffee Lake CPUs have mitigations built in
- Earlier processors need to install microcode fixes.
- Operating systems and hypervisors need to be updated to work with the microcode updates to ensure those function properly.

Patches are rolling out today from Microsoft, Apple, Google, Linux distributions, and others.

The store buffer is a microarchitecture element that turns a stream of store operations into serialized data and masks the latency from writing the values to memory. It stores data asynchronously so the CPU can do out-of-order execution. The operations for reassembling everything in the right order make Meltdown-like unauthorized memory reads possible.A technique called Data Bounce can access supposedly inaccessible kernel addresses and break KASLR (Kernel address space layout randomization), reveal the address space of Intel SGX enclaves, and even break ASLR (address space layout randomization) from JavaScript.Data Bounce is also invisible to the operating system- it doesn’t involve a syscall and it doesn’t trigger an exception.

Intel disagrees about the need to disable hyperthreading, and says it plans to add additional hardware defenses to address these vulnerabilities into future processors.

Synergy Software Systems, Iftar 2019

May 13th, 2019

About 120 staff and families joined together for an Iftar celebration over the weekend.

Security threats

May 13th, 2019

Security threats continue to haunt us.

Systems at a number of Baltimore’s city government departments were taken offline on May 7 by a ransomware attack. As of 9:00am today, email and other services remain offline. Police, fire, and emergency response systems have not been affected by the attack, but nearly every other department of the city government has been affected in some way.

Calls to the city’s Office of Information Technology are being answered by a recording stating, “We are aware that systems are currently down. We are working to resolve the issue as quickly as possible.”

Meanwhile this post on identify theft https://www.schneier.com/blog/archives/2019/05/protecting_your_2.html
and this one on credit card skimming on vulnerable e commerce sites make sobering reading https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/

Ramadan working hours 2019 – Synergy Software Systems

May 2nd, 2019

The holy month of Ramadan is expected to start from 6th May, and to end on the evening of 3rd June.
During this period of fasting and spiritual reflection there will be several changes to our office routine,
In line with Ministry directives our working hours will be reduced.
Our office will open Sun-Thu from 9am to 4pm for support calls.
We will be closed on Fridays and Saturdays.

سائلين الله عـز وجـل أن يرزقكـم فيه مغـفـره ورحمه وعتق من النار.

May all your prayers be answered.