732-926-0112
Login

panda

One of the zero-day flaws patched by Microsoft on Tuesday had been used for some time by a group with suspected Chinese government ties that targets technology companies, CrowdStrike's chief executive said Tuesday.

CEO Dmitri Alperovitch said his CrowdStrike has been battling with the group, which the company dubbed "Hurricane Panda," on a daily basis since earlier this year.

"They've been very persistent actors," Alperovitch said in a phone interview Tuesday. "We believe with confidence they're indeed tied to the Chinese government in their objectives."

Hurricane Panda has targeted technology infrastructure companies, Alperovitch said. He said he could not identify the companies, which use CrowdStrike's services.

CrowdStrike analysts often see attacks in action and work to boot the hackers from networks. It results in a fast-playing offense and defense, which Alperovitch said can lead to mistakes by the hackers seeking to keep their foothold.

"We are able to literally record every command they try and understand immediately what they're doing," he said.

For example, the analysts will often see hackers mistype commands, such as "hsotname" instead of "hostname" and "romote" for "remote," as they hastily try to maintain their access.

Hurricane Panda is noteworthy for using tightly written exploit code, "win64.exe," that allowed the group to move through network systems once a computer had been hacked. That tool would be uploaded using a webshell nicknamed "ChinaChopper" that the attackers had placed on a company's servers, Alperovitch said.

Win64.exe, which runs on 64-bit Windows systems, takes advantage of a privilege escalation vulnerability, which can allow attackers to gain administrative rights to other programs from the account of a user who doesn't have those permissions.

Microsoft patched the vulnerability, CVE-2014-4113, on Tuesday, but Hurricane Panda had been using it for a while. CrowdStrike notified Microsoft of the flaw when it discovered the attackers were using it, Alperovitch said.

If successfully exploited, the flaw allows arbitrary code to be run in kernel mode, allowing an attacker to install programs, view or change data or create new accounts with full administrator rights, according to a blog post from Symantec on Tuesday.

Privilege escalation flaws aren't rare, but it is uncommon to see one used for so long by a group, which indicates that the attackers have "knowledge about non-public exploitable security bugs, which usually means the exploit was either bought from a supplier or developed in-house," Alperovitch wrote in a post on the company's blog.

Win64.exe contained an interesting embedded string of characters, "woqunimalegebi," which translates to a Chinese swear word, Alperovitch said. The word is often misspelled in Chinese to avoid being blocked by the country's filtering equipment, and that intentional error changes the meaning of the vulgarity to "fertile grass mud horse in the Mahler Gobi Desert," according to CrowdStrike.

Alperovitch said it's hard to say why programmers insert such messages, but "perhaps they were trying to send a message to anyone that is reverse engineering the code."

Send news tips and comments to [email protected]. Follow me on Twitter: @jeremy_kirk

View the original article here

b2ap3_thumbnail_microsoft_logo_400.jpgWhat we expected to be Windows 9 has been gradually revealed through leaks over the past several weeks, but Microsoft has thrown a curveball into the mix with Windows 10. The latest information, revealed during a public Microsoft Windows event, has gone into much detail concerning the nature of the newest incarnation of Windows, including its focus on enterprise and cloud-centric policy.

But first, what we already know; Windows 10 appears to look like a funky combination between Windows 7 and Windows 8. While several applications still use the Metro tile user interface used in Windows 8, the operating system has returned to its roots with what appears to be Windows 7 desktop functionality. Also present is the triumphant return of the beloved Start menu with a slick new look, sporting customizable Metro-style shortcuts within the menu. These fix the two most common complaints about Windows 8. While the Metro UI was designed to work well on touch-screen devices, some users who enjoyed the traditional desktop design disliked it, while the absence of the Start menu had Windows users up in arms.

The task bar is back and filled to the brim with features, including a Search function and virtual desktops. The virtual desktops can be customized for specific tasks, like separating casual applications and work-related applications. The Charms bar from Windows 8 is also making a comeback, though it is more user-friendly this time around.

Windows 10, according to Microsoft, is aiming to become the new standard for future Windows operating systems. By becoming the “threshold,” as its code name implies, it makes Windows 10 the last big operating system for Microsoft’s popular software brand. The fact that Microsoft is aiming high with Windows 10 is seen in their decision to skip Windows 9. On their official blog, Microsoft states,

This new Windows must be built from the ground-up for a mobile-first, cloud-first world. This new Windows must help our customers be productive in both their digital work and their digital life. This new Windows must empower people and organizations to do great things.

It’s also mentioned that Windows 10 will be streamlined to work on all devices, as displayed by Microsoft’s marketing slogan: “One product family. One platform. One store.” All applications will run in windows, which means that you can resize, move, close, maximize, and minimize them at will. Improved Snap features allow you to set shortcuts to certain applications for easy access.

Nobody saw Microsoft skipping Windows 9 to move forward on Windows 10… well, nobody but InfoWorld, that is. The technology news website won the April Fool’s Day lottery in 2013 when they tricked the online community into believing that Microsoft would skip Windows 9. The main gist of the joke was that Windows 9 was “too good” to release to the general public, and that it would be kept on the down-low as an internal perk for Microsoft employees. According to InfoWorld, the fabled Windows 9 was pretty sweet:

Details about Windows 9 are sketchy, but according to internal Microsoft communications obtained by InfoWorld, the OS was fast, intuitive, bug-free, and equally adept with both the Windows Desktop and Metro-style interfaces. "And who would've thought to put the Start button there?!? Genius!" marveled one engineer, though it's unclear where "there" is exactly.

Another engineer likened the OS to the Nintendo Entertainment System's Power Glove accessory, saying, "It's that good a melding of man and machine.”

As of October 1st 2014, the technical preview for Windows 10 has been made available for enterprises looking to sample the new operating system. Of course, the operating system is going to change before its official release in mid-2015. During the technical preview period, Microsoft encourages enterprises to let them know how to improve the operating system to its full potential. You can download the technical preview at preview.windows.com.

View the original article here

Internet Explorer

The seemingly endless stream of Internet Explorer security flaws continues. Is there an end in sight?

Microsoft today released its September Patch Tuesday update, with Internet Explorer topping the list of vulnerabilities.

This month, Microsoft is patching 37 vulnerabilities in IE, of which 36 were reported privately and one was publicly disclosed. Ross Barrett, senior manager of security engineering at Rapid7, told eWEEK that the September IE patch addresses one publicly disclosed issue identified as CVE-2014-7331, which is under limited active attack.

"An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried," a Microsoft security advisory states. "This vulnerability could allow an attacker to detect anti-malware applications in use on a target and use the information to avoid detection."

The CVE-2014-7331 issue is also particularly noteworthy because it is a different type of vulnerability than the other 36 that Microsoft is patching in IE this month, which are memory corruption issues. "Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory," Microsoft stated in its advisory. "These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user."

Craig Young, security researcher for Tripwire, told eWEEK that the CVE-2014-7331 vulnerability is also noteworthy in how it actually exploits a system.

"Unlike most IE information disclosures which are used to bypass ASLR [Address Space Layout Randomization] through memory address disclosure, this vulnerability utilizes a special URL scheme which allowed crafted Websites to determine if specific libraries are available," Young explained.

Young added that the presence or lack of a particular library is used to infer details about the target system's configuration, such as which security tools are installed.

"Armed with this information, the exploit kits can more carefully select which, if any, payload can be used without triggering endpoint protection," he said.

The September patch haul for IE overall is higher than it was for the August patch update, when 26 vulnerabilities were patched. As is the case this month, the bulk of the vulnerabilities were memory-related issues. Whether or not Microsoft can ever completely plug memory-related flaws in IE is a question that is difficult to answer.

"It sure doesn't seem like an end is in sight, does it? I've heard no indication that it is," Barrett said. "I think in practical terms, this has to trail off sometime, when most of the code base has been overhauled and all the use-after-free type issues have been addressed. However, I don't know when that will be."

While memory corruption issues are likely to remain a concern for some time, Microsoft is taking proactive steps to improve IE security overall. With the August Patch Tuesday update, Microsoft first introduced the capability in IE to block out-of-date ActiveX plug-ins in the browser. At the time, Microsoft said that the blocking feature would not become active for 30 days. Those 30 days are now up, and ActiveX blocking is part of the IE update.

"Applying strict controls around the use of out-of-date software is virtually a surefire way to increase the security of any system," Young said.

Young noted that one of the things that makes Google's Chrome browser robust from a security perspective is Google's attitude toward out-of-date plug-ins and browsers. Chrome has taken steps for a while to prevent users from activating out-of-date Java or Flash components.

"While these types of changes are not the enterprise-friendly policies we tend to see from Microsoft, it is a wise move in the right direction and certainly raises the bar for IE security,” Young said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

View the original article here

b2ap3_thumbnail_powerpoint_for_presentations_400_20140829-202114_1.jpgIf there's one thing that you can learn from today's marketing trends, it's that visual content sells. Images and videos are a powerful marketing tool that should be taken advantage of at all costs, but an infographic can also help you keep a balance between content and visuals. If you can master the art of the infographic, your business will soar high above your competitors.

Integrating infographics into your marketing strategy is easier said than done. Often it requires someone dedicated to graphic design, or the use of expensive software. Often times, infographic-specific software has a high learning curve, making it difficult to learn in a pinch. One way you can achieve all of the benefits of a professional infographic without all of the work (well, most of the work) is with Microsoft PowerPoint. In order to make the most of PowerPoint's infographic potential, you must know how to use three key elements: Text, Picture, and Shape. You will use four tools to edit these three elements: Fill, Line, Effects, and Styles.

Fill: this is the primary color of the object or text, signified by the bucket-type icon.Line: determine what color the outline of an object or entity is with this command.Effects: there are several pre-built effects you can use to give your infographic elements shadows, outlines, and the like.Style: similarly, there are pre-built styles you can use to make good-looking infographics with minimal effort. These can be used for colors, lines, and effects.

Choosing Your Color Scheme
Infographics require a fairly specific color scheme in order to be most effective. You should use four colors at the most, as any more can distract the reader to the point of confusion. There are several shapes, fonts, and clip art images available through Microsoft PowerPoint itself, but don't be afraid to upload and use any photos of your own (keep it simple, though).

Additionally, you can make custom shapes and images to drive the point of your text home. You can change the fill and line of your selected shapes by double-clicking the shape, or in the toolbar at the top of the product. If you are trying to break up ideas into different sections, change up your style to signify a change in content.

Text and Font Size
What's a good infographic without some glaring statistics? When it comes time to display lots of information, pick an interesting font style and go to town on it. Use around three colors and a consistent font for maximum results. Avoid leaving too much white space; it's called an infographic for a reason. If there isn't anything to look at (or it's spread too far apart), your infographic might not resonate with the audience as well as it should. Here are more tips you can try:

Use alternating colors to put an emphasis on particular words. This makes sure that people know what's important in the statistic.Use many different kinds of shapes to create custom graphics. The possibilities are limitless to express your ideas or represent the statistic that makes your point.Large numbers work well for statistics. If you are trying to make a point about a statistic, its size should be commensurate with what it's actually worth.Graphs cause people to lose interest. Instead of using graphs, try using pictures to explain the point.

By taking advantage of these variables, you'll be sure to throw together a powerful infographic that will knock the socks off of your audience.

b2ap3_thumbnail_Excel_for_databases_and_spreadsheets_400.jpg It can be difficult to keep track of your budget and expenses, especially when prices and needs are always changing. But perhaps the biggest annoyance is the intense paper trail that you leave behind when building your budget. By taking advantage of Microsoft Excel's formulas, you can easily keep track of your budget and alter it as prices change and demand increases.

Mathematical Orders
Excel operates similarly to a calculator, and it has several mathematical functions that it can run:

Addition: +
Subtraction: -
Multiplication: *
Division: /
Exponents: ^

In order to initiate a calculation sequence, begin the formula with an equals sign (=). The cell which holds the formula will equal the result of the calculation. For example: =5+3 would create the number 8 in the selected cell.

Cell References
While you can enter Excel formulas into cells manually, you can also use cell addresses to enter a formula into a spreadsheet. Cell addresses generally use a combination of letters and numbers to determine the location of the cell on the chart. If you take a look at the columns and rows, you'll notice they are marked with letters and numbers, and these determine the address of the cell. By using a combination of cell addresses when entering formulas, you can guarantee accurate results for calculations. This is imperative when working with a strict budget. For example: =A3*A5 or =B2-A1

These cell addresses are used to represent the value of the entered cell. You can also use a combination of cell addresses and set values, like so: =C6/2 or D1*4 or B6^2

Brewing Formulas
It has never been easier to build a basic budget spreadsheet in Microsoft Excel 2013.

Select a cell. This is the beginning point for the formula. We'll use B3 as an example.Enter a formula into the formula bar at the top of the spreadsheet. Notice that the data entered into the formula bar will also appear in the selected cell.Type the cell address of a cell that is to be used in the formula. Let's say that cell B1 has the information for a budget surplus from December 2013, while B2 has January 2014's budget. Those numbers will be added together. All you need to do is type B1 into the formula bar, and the cell will gain a blue border. This indicates that the cell will be used in the formula.Type the address of another cell with a mathematical operator. For example, we want to add B1 and B2. The second reference cell will gain a red border.Press Enter. The formula will be calculated and place the value in the selected cell. If the formula is too big to display the selected cell, it may appear as pound signs (or, for those who are unfamiliar with this enigma, it can also be called a #hashtag). To fix this, increase the width of the column.

Easily Modify Values and Formulas
Perhaps you have decided to increase the marketing budget for the next year, and you need the spreadsheet to represent this change. It's as easy as changing the value in one cell. Excel will automatically recalculate the value of the formula after you edit one of the cells. It's important to make sure that the calculation is correct, though, since Excel will not inform you if the recalculated value is invalid or not.

Optimizing your use of spreadsheets can contribute to more productivity in the long run for both your business and your employees. You can plan for the future and get ahead on your company's asset management. You'll be surprised by how much time you can save by taking advantage of the latest Microsoft Office applications.

debuggingAnother month of security updates from Microsoft means, once again, another round of fixes for the company's Internet Explorer (IE) Web browser, as well as a set of updates for the Windows operating system, for both the server and desktop editions.

Overall, Microsoft has issued six bulletins in July's "Patch Tuesday" collection of software fixes. Microsoft issues these collections on the second Tuesday of each month, hence the name "Patch Tuesday."

Two of the patches are marked as critical, meaning they address defects in Microsoft's software that could be readily exploited by malicious attackers to compromise systems. One of the critical bulletins is for IE, and the other one is for Windows.

Three of the remaining bulletins are denoted as "important" by Microsoft and one as "moderate." These bulletins cover Windows and the messaging component of Windows Server.

A single bulletin may cover multiple patches for a single piece of software, such as Microsoft Windows.

Wolfgang Kandek, chief technology officer for security firm Qualys, advised administrators to look at the IE patches first. IE update MS-14-037 addresses one publicly disclosed vulnerability and 23 privately reported vulnerabilities. The critical patches in this set all address vulnerabilities that could lead to remote code execution, which would allow an attacker to gain privileges on a machine by tricking a user to view a specially crafted Web page using the browser.

The critical Windows update MS14-038 covers a remote execution vulnerability that originates in a faulty way for how Windows opens files in the Windows Journal file format. Windows Journal is Microsoft's software for capturing handwritten notes on a computer. It can be used not only for touch-enabled devices, but also for other non-touch Windows computers to read files in that format.

If an organization does not use the Journal format, it may be a good idea to turn off the capability altogether in its Windows machines, so as to reduce the "attack surface" of these computers, Kandek said. In general, it is a good idea to turn off any unneeded services in computers if an administrator has the time to do this, he said.

While administrators are in the mode of testing and applying software patches, they should also take a close look at the critical patches Adobe has issued Tuesday for its Flash player.

Oracle shops should also prepare for Oracle's quarterly round of patches, due to be issued Thursday.

IE tends to get the most of the fixes in Patch Tuesday not necessarily because it is inherently more buggy than other Microsoft software, but because it is widely used software that could provide an entry point for outsiders to break into the computers that run the browser. As a result, it is under such scrutiny by both malicious attackers and security researchers.

IE is not necessarily any more buggy than other popular browsers, such as Google Chrome or Mozilla's Firefox. Both Google and Mozilla have automatic updates for their browsers, so a vulnerability can get addressed as soon as the developers create a patch to fix the problem, noted Amol Sarwate, the director of Qualys' Vulnerability Labs. As a result, such bugs and their attendant fixes are rarely called out in the press, unless they are critical in nature.

View the original article here

Yet another critical security flaw has been found for Adobe's notoriously sieve-like Flash plug-in, this time by Google Engineer Michele Spagnuolo. His exploit tool, called "Rosetta Flash" is just a proof of concept, but could allow hackers to steal your cookies and other data using malicious Flash .SWF files. The exploit is well known in the security community, but had been left unfixed until now as nobody had found a way to harness it for evil. So how does this affect you? Many companies like Twitter, Microsoft, Google and Instagram have already patched their sites, but beware of others that may still be vulnerable. Adobe now has a fix, and if you use Chrome or Internet Explorer 10 or 11, your browser should automatically update soon with the latest versions of Flash, 14.0.0.145 (check your version here). However, if you have a browser like Firefox, you may want to grab the latest Flash version from Adobe directly (watch out for unwanted add-ons with pre-checked boxes). Finally, if you use apps like Tweetdeck or Pandora, you'll need to update Adobe AIR -- that should happen automatically, but the latest version is 14.0.0.137 for Windows, Mac and Android.

Via: Krebson Security

Source: Michele Spagnuolo, Adobe

Microsoft pledges to do better after frustrating customers with last week's Exchange Online and Lync Online outages.
Microsoft Office For iPad Vs. iWork Vs. Google(Click image for larger view and slideshow.)

Microsoft has provided more details to explain the outages suffered last week by its Exchange Online and Lync Online hosted services. Some customers were unable to reach Lync for several hours Monday, and some Exchange users went nine hours Tuesday without access to email. Many customers took to Microsoft's online forums and social media accounts to voice displeasure, not only at the service outage, but also at Microsoft's handling of the situation.

In a blog post, VP of Office 365 engineering Rajesh Jha said both outages affected Microsoft's North American data centers but that the issues were unrelated. "Email and real-time communications are critical to your business, and my team and I fully recognize our accountability and responsibility as your partner and service provider," he wrote.

[Microsoft VP predicts the cloud will evolve into just a few big players. Read more from the Structure conference: Cloud Trends To Watch: Structure 2014.]

Jha said the June 23 Lync Online disruption stemmed from external network failures that caused a short loss of client connectivity in Microsoft's data centers. The connectivity problem persisted only a few minutes, but Microsoft claims the ensuing traffic spike caused networking elements to become overloaded, which led to some customers' extended service issues.

The June 24 Exchange Online disruption, meanwhile, was caused by a periodic failure that caused a directory partition to stop reacting to authentication requests. Jha said "a small set of customers" lost email access altogether, and that others -- due to another, previously unknown flaw -- experienced email delays. Jha did not divulge how many customers were directly affected by Exchange Online's root error, nor how many dealt with the larger ripple-out effects.

The Exchange outage was compounded by a problem in Microsoft's Service Health Dashboard publishing process. The dashboard indicated to some customers that their services were fully functional, even as those services refused to load.

Jha said Microsoft has a full understanding of the problems that caused the disruptions, and is "working on further layers of hardening" to protect against future outages. He said customers can expect a Post-Incident Report in their Service Health Dashboards. Jha promised it will contain a detailed analysis of what went wrong, how Microsoft reacted, and how the company plans to avoid similar problems going forward. Though Jha's failure to detail how many customers were affected doesn't suggest a particularly transparent tone, Microsoft has a good record for sharing technical details following a service disruption.

Though Microsoft's cloud products experience few outages, this week's problems demonstrate why service lapses can be a big concern when they occur. Microsoft, Google, and others want companies to use cloud services to handle data and applications that have traditionally been hosted and managed in-house. The big cloud players have made progress over the last year, but all it takes is one outage to make professionals reconsider whether they want essential data and services to be handled by a third party.

During Tuesday's Exchange outage, a number of customers made such concerns abundantly clear. Microsoft didn't acknowledge the problems, which started around 6:00 a.m. EDT, for several hours. Even then, communications were labored; the company relied on user forums and social media to spread the word, which, given the Service Health Dashboard problem, left some customers confused and frustrated. Some criticized the company for euphemistically calling the disruption a mere "delay" in email deliveries.

"If by 'delays' you mean 6+ hours of complete outage," wrote Twitter user JD Wallace in response to a Microsoft tweet that acknowledged some Exchange customers were "experiencing email delays."

Others complained that Microsoft was slow to estimate when service might be restored. Some customers said they waited more than hour to talk via phone with Microsoft reps, only to be given no new information.

"Microsoft needs to work more with us. IT people are getting crazy without having [anything] to tell our users," a user with the handle JanetsyLeandro wrote in an Office 365 community forum. "We need a real update... [It's] causing a big problem to our business."

Time will tell whether the service outage affects the momentum of Exchange Online, Office 365, and other Microsoft cloud products. Was your business hit by last week's outages, and were you satisfied with Microsoft's response? Let us know in the comments.

View the original article here

image

Outcries, over the privacy implications of accessing private Hotmail accounts, came shortly after Microsoft defended itself against how it accessed a bloggers private account to find out if a former employee stole trade secrets.

Microsoft is now making a change to its privacy policy. This change would require its legal team to look into individual cases to see if a court order is absolutely required to access private user data. The company would then proceed to have the evidence “audited” if you will, by an outside lawyer, and then perform the search - only if a judge allows it by signing off on the evidence. Microsoft will also publish a bi-annual transparency report that will highlight these types of searches.

Recently, reports emerged that previous Microsoft staffer Alex Kibkalo is confronting elected criminal chargers over assertions that he stole competitive advantages throughout his residency at the organization. The prosecution states Kibkalo "transferred restrictive programming and prerelease programming overhauls for Windows 8 RT and also the Microsoft Activation Server Software Development Kit (SDK)" to his particular Skydrive (now Onedrive) record in August 2012.

In 2012, a French blogger tipped off Microsoft that he gained a code from the Microsoft Server SDK, which had initially hailed from a Hotmail client and implied Microsoft could get to his record without a court request. This was lawful on the grounds that an explanation in Microsoft's terms of administration permitted the move to make place assuming that it was to ensure the security of its clients. In the long run, the move prompted an examination where, as stated by court archives, Kibkalo was recognized as the source and conceded spilling Microsoft code to outcasts.

Source: http://mashable.com/2014/03/21/microsoft-privacy-hotmail/

Copyright © 2024 QWERTY CONCEPTS, Inc   |   All Rights Reserved   |   Sitemap   |   Managed IT services provider for New Jersey and New York City businesses