Sign up for our Technology Newsletter 
Is Microsoft A Risk?
Hewlett Packard Enterprise (HPE) has cast a shade on what it believes to be the biggest risks facing enterprises, and included on that list is Microsoft.
We ain’t surprised, but it is quite a shocking and naked fact when you consider it. The naming and resulting shaming happens in the HPE Cyber Risk Report 2016, which HPE said “identifies the top security threats plaguing enterprises”.
Enterprises, it seems, have myriad problems, of which Microsoft is just one.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian, senior vice president and general manager for security products at HPE.
“We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
Microsoft earned its place in the enterprise nightmare probably because of its ubiquity. Applications, malware and vulnerabilities are a real problem, and it is Windows that provides the platform for this havoc.
“Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction. Similar to 2014, the top 10 vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more,” explained the report.
“In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.”
It is not all bad news for Redmond, as the Google-operated Android is also put forward as a professional pain in the butt. So is iOS, before Apple users get any ideas.
“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year over year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation,” added the firm.
“As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent.
“Apple iOS represented the greatest growth rate with a malware sample increase of more than 230 percent.”
Courtesy-TheInq
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
Oracle Acquires Datalogix
On Monday, Oracle agreed to purchase Datalogix for an undisclosed sum, saying that together the companies will provide marketers with a richer understanding of what consumers do, say and buy, allowing them to measure the effectiveness of their different campaigns and advertising channels.
Oracle plans to link the Datalogix service, which provides the spending data to customers through a cloud-based tool, to its other cloud-based services via Oracle Identity Graph. This, it said, will allow it to connect consumer identities to build better profiles that can be used to personalize online and mobile services — and even to target them offline and via the TV.
It made no commitment to maintain the existing Datalogix product roadmap, saying that it was still reviewing its plans. The companies set no timeline for completing the deal, which they said must meet customary closing conditions including obtaining regulatory approval.
Lightning Took Down Amazon, Microsoft Clouds
August 12, 2011 by admin
Filed under Network Services
Comments Off on Lightning Took Down Amazon, Microsoft Clouds
A lightning strike in Dublin on Sunday caused a power outage in data centers belonging to Amazon and Microsoft, causing the companies’ cloud services to go offline.
Lightning hit a transformer, sparking an explosion and fire which caused the power outage at 10:41 AM PDT, according to preliminary information, Amazon wrote on its Service Health Dashboard. Under normal circumstances, backup generators would seamlessly kick in, but the explosion also managed to disable some of those generators.
By 1:56 PM PDT, power to the majority of network devices had been restored, allowing Amazon to focus on bringing EC2 (Elastic Compute Cloud) instances and EBS (Elastic Block Storage) volumes back online. But progress was slower than expected, Amazon said a couple of hours later.
“We know many of you are anxiously waiting for your instances and volumes to become available, and we want to give you more detail on why the recovery of the remaining instances and volumes is taking so long,” the company wrote at 11:04 PM PDT. “Due to the scale of the power disruption, a large number of EBS servers lost power and require manual operations before volumes can be restored … While many volumes will be restored over the next several hours, we anticipate that it will take 24-48 hours until the process is completed.”
Sony Hacked Again
May 29, 2011 by admin
Filed under Around The Net
Comments Off on Sony Hacked Again
More than 2000 users of Sony Ericsson’s Canadian Website are impacted by the latest hack attack to hit a battle worn Sony. Sony Ericsson is joint mobile phone venture between Sony and Ericsson. According to Sony hackers made off with e-mail addresses, passwords and phone numbers–but no credit card details. Sony has now shut down the affected site. Around 1000 of the stolen records from the Sony Canadian Website are already online, posted by Idahc, a “Lebanese grey-hat hacker”.
“Sony Ericsson’s Website in Canada, which advertises its products, has been hacked, affecting 2000 people,” a Sony spokesperson told AFP. “Their personal information was posted on a Website called The Hacker News. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information.”
“Sony Ericsson has disabled this e-commerce Website,” Sony detailed to IDG News. “We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers.” For security, Sony has shut down the Canadian Sony Ericsson eShop page, which currently reads: “D’oh! The page you’re looking for has gone walkabout. Sorry.”