Search This Blog

Showing posts with label Cyber Data. Show all posts

Microsoft Announces the Microsoft Supply Chain Platform

 

Software as a Service (SaaS) applications from Microsoft that combine artificial intelligence, collaboration, low-code, security, and supply chain management have been launched as the Microsoft Supply Chain Platform.

Dynamics 365, Microsoft Teams, Power BI, Power Automate, Power Apps, Azure Machine Learning,
Azure Synapse Analytics, Azure IoT, the Microsoft Intelligent Data Platform, Azure Active Directory,
Defender for IoT and Microsoft Security Services for Enterprise are among the Microsoft
applications and platforms in this group.
 
Microsoft's PowerApps low-code development platform is intended to let users create a connected supply chain. It enables supply chain information, supply and demand insights, performance tracking, supplier management, real-time collaboration, and demand management to lessen risk.

Additionally, it addresses order tracking and traceability, pricing management, warehouse
management, and inventory optimization. According to Microsoft, businesses are suffering from an overabundance of petabytes of data that are dispersed among legacy systems, enterprise resource planning (ERP) software, and custom solutions, giving them a fragmented view of their supply chain.

The Microsoft Supply Chain Center preview has also been released by Microsoft. It promises to track global events that may impact a customer's supply chain, coordinate actions across a supply chain, and use AI to lessen supply and demand mismatches. According to Microsoft, this constitutes the foundation of the supply chain platform.

"Although supply chain disruption is not new, its complexity and the rate of change are outpacing organizations' ability to address issues at a global scale. Many solutions today are narrowly focused on supply chain execution and management and are not ready to support this new reality," said Charles Lamanna, corporate vice president, of Microsoft Business Applications and Platform, in a press release.

"Businesses are dealing with petabytes of data spread across legacy systems, ERP, supply chain management and point solutions, resulting in a fragmented view of the supply chain," Lamanna stated. 

"Supply chain agility and resilience are directly tied to how well organizations connect and orchestrate their data across all relevant systems. The Microsoft Supply Chain Platform and Supply Chain Center enable organizations to make the most of their existing investments to gain insights and act quickly." 

Even though it wants to serve as a platform for the entire supply chain, it will continue to collaborate with businesses like Accenture, Avanade, EY, KPMG, PwC, and TCS. Data from standalone supply chain systems, SAP and Oracle ERP systems, Dynamics 365, and other systems will be fed into the Microsoft Supply Chain Center.

Data ingestion for supply chain visibility is made possible via the Supply Chain Center's Data Manager capability. FedEx, FourKites, Overhaul, and C.H. Robinson are some of the partners in the preview launch. The supply and demand insights module, the order management module, the built-in Teams connection, and partner modules within the center are just a few of the prebuilt modules that the Supply Chain Center provides to solve supply chain disruptions.

According to Microsoft, the data remains consistent regardless of the module used because the center runs on a Dataverse common data service environment, eliminating the need to check which reports have the most recent data.

The ALMA Observatory has Suspended Operations due to a Cyberattack

 

Following a cyberattack on Saturday, October 29, 2022, the Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline. 

Email services are currently limited at the observatory, and IT specialists are working to restore the affected systems. The organization announced the security incident on Twitter yesterday, saying that given the nature of the incident, it is impossible to predict when normal operations will resume.

The observatory also stated that the attack did not compromise the ALMA antennas or any scientific data, indicating that no unauthorized data access or exfiltration occurred. In an attempt to learn more about the security incident, BleepingComputer contacted ALMA Observatory, and a spokesperson shared the following comment:

"We cannot further discuss the details as there is an ongoing investigation. Our IT team was prepared to face the situation and had the proper infrastructure, although there is no flawless defense against hackers. We are still working hard on the full recovery of services. Thanks for your understanding." - ALMA Observatory.

The ALMA observatory is made up of 66 high-precision radio telescopes of 12 m diameter arranged in two arrays and is located on the Chajnantor plateau at an elevation of 5,000 m (16,400 ft). The project cost $1.4 billion, making it the most expensive ground telescope in the world, and it was created through a collaborative effort involving the United States, Europe, Canada, Japan, South Korea, Taiwan, and Chile.

Since its normal operational status in 2013, ALMA has contributed to a pioneering comet and planetary formation studies, participated in the Event Horizon project to photograph a black hole for the first time in history, and detected the biomarker 'phosphine' in Venus' atmosphere.

The observatory is used by scientists from the National Science Foundation, the European Southern Observatory, the National Astronomical Observatory of Japan, and other organizations from around the world, so any interruption in operations has ramifications for multiple science teams and ongoing projects.

For the time being, users should keep an eye out for status updates on the NRAO's website or the ALMA Observatory's social media channels. Observers can seek assistance from the organization by using this online portal.

All Organisations Must Report Cybersecurity Beaches Within 6 Hours: CERT-In

 

CERT-In, India's computer, and emergency response team released new guidelines on Thursday that mandate that service providers, intermediaries, data centres, and government institutions disclose cybersecurity incidents, including data breaches, within six hours.

The government said in a release, "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents [...] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents."

Compromise of critical systems, targeting scanning, unauthorised access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances such as routers and IoT devices are among the types of incidents covered.

The government stated  it was taking these steps to ensure that the required indicators of compromise (IoC) associated with security events are easily accessible to "carry out the analysis, investigation, and coordination as per the process of the law”

Concerned organisations are also required to synchronise ICT system clocks to the National Informatics Centre (NIC) or National Physical Laboratory (NPL) Network Time Protocol (NTP) Server, maintain ICT system logs for a rolling period of 180 days, and necessitate VPN service providers to maintain data such as names, addresses, phone numbers, emails, and IP addresses of subscribers for a minimum of five years, according to the guidelines.

The guidelines also require virtual asset service, exchange, and custodian wallet providers to preserve records on Know Your Customer (KYC) and financial transactions for a period of five years, starting in 60 days.

India's Ministry of Electronics and Information Technology (MeitY) said in a statement, "These directions shall enhance overall cyber security posture and ensure safe and trusted Internet in the country."

McMenamins Struck by Ransomware Attack, Employee Data at Risk

 

McMenamins, a Portland hotel and brewpub chain, was struck by a ransomware attack on Wednesday that may have stolen employees' personal information, but no customer payment information seems to have been compromised. 

The ransomware attack was discovered and stopped on December 12, according to McMenamins. The company stated it alerted the FBI and contacted a cybersecurity firm to figure out where the attack came from and how extensive it was. 

Employee data such as names, residences, dates of birth, Social Security numbers, direct deposit bank account information, and benefits records may have been acquired, according to the firm in a news release, but "it is not currently known whether that is the case." 

"To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated helpline through Experian," the company stated. "A payment processing service manages the collection of such information. Further, this information is not stored on company computer systems impacted by the attack."  

Many operational systems have been taken offline, including credit card scanners, necessitating temporary alterations in payment procedures at some McMenamins sites. There is "no indication" that consumer payment data has been hacked, according to the firm. 

The co-owner, Brian McMenamin stated, “What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years.” 

“We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach.” 

The company stated that it is unclear when the problem would be rectified and systems restored. There are a few things firms can do to assist mitigate these attacks, according to Kerry Tomlinson, a cyber news reporter with Ampere News. 

"As a business, you need to have backups," Tomlinson said. "If ransomware hits and they're demanding ransom for you to get your files back, you can say thanks a lot but I already have backups." 

"It will happen more and more and it's only going to get bigger. If you're not paying attention now, you need to pay attention." 

Employees should be especially cautious to help prevent cyber assaults, according to Tomlinson, by avoiding questionable emails, setting unique passwords for each website visited, and adding a multi-factor authentication process to offer an extra layer of security. It is worth noting that despite the breach, all McMenamins locations are open.

US SEC Alerts Investors of Ongoing Fraud

 

The Securities and Exchange Commission (SEC) is alerting investors about scammers posing as SEC officials and attempting to mislead them. 

Fraudsters are contacting investors via phone calls, voicemails, emаils, and letters, according to the SEC's Office of Investor Educаtion and Advocаcy (OIE). 

The alert stated, “We аre аwаre thаt severаl individuаls recently received phone cаlls or voicemаil messаges thаt аppeаred to be from аn SEC phone number. The cаlls аnd messаges rаised purported concerns аbout unаuthorized trаnsаctions or other suspicious аctivity in the recipients’ checking or cryptocurrency аccounts. These phone cаlls аnd voicemаil messаges аre in no wаy connected to the Securities аnd Exchаnge Commission.” 

The SEC warned it never asks for payments linked to enforcement activities, offer to confirm trades, or seek sensitive personal and financial information in unsolicited communication, including emails and letters. It further stated that SEC officials will not inquire about shareholdings, account numbers, PINs, passwords, or other personal information. 

Scammers appear to be employing a growing number of strategies in order to boost their chances of success. Investors should not disclose any personal information if they get communication that seems to be from the Securities and Exchange Commission, as per the notice. They are encouraged to contact the commission directly.

Investors can use the SEC's personnel locаtor at (202) 551-6000, call (800) SEC-0330, or emаil help@SEC.gov to confirm the identity of people behind calls or messages. Investors can also register a complaint with the Securities and Exchange Commission's Office of Inspector General by visiting www.sec.gov/oig or calling (833) SEC-OIG1 (732-6441). 

Further, the alert stated, “Bewаre of government impersonаtor schemes. Con аrtists hаve used the nаmes of reаl SEC employees аnd emаil messаges thаt fаlsely аppeаr to be from the Securities аnd Exchаnge Commission to trick victims into sending the frаudster’s money. Impersonаtion of US Government аgencies аnd employees (аs well аs of legitimаte finаnciаl services entities) is one common feаture of аdvаnce fee solicitаtions аnd other frаudulent schemes. Even where the frаudsters do not request thаt funds be sent directly to them, they mаy use personаl informаtion they obtаin to steаl аn individuаl’s identity or misаppropriаte their finаnciаl аssets.”

This New Phishing Attack Uses a Weaponized Excel File

 

A new phishing campaign is targeting financial sector employees by using links to download a ‘weaponized’ Excel document.

MirrorBlast, a phishing effort, was discovered in early September by security firm ET Labs. Morphisec, a fellow security firm, has now studied the malware and warns that the malicious Excel files might escape malware-detection systems due to "extremely lightweight" embedded macros, making it especially risky for businesses that rely on detection-based protection and sandboxing. 

Macros, or scripts for automating activities, have grown in popularity among cybercriminals. Despite the fact that macros are disabled by default in Excel, attackers employ social engineering to deceive potential victims into allowing macros. Despite appearing to be a simple approach, macros have been employed by state-sponsored hackers because they frequently work. 

Microsoft earlier this year extended its Antimalware Scan Interface (AMSI) for antivirus to combat the rise in macro malware and a recent phenomenon by attackers to utilise outdated Excel 4.0 XLM macros (rather than newer VBA macros) to circumvent anti-malware systems. 

As per Morphisec, the MirrorBlast attack chain is similar to tactics used by TA505, a well-established, financially focused Russia-based cybercriminal group. The group has been active since at least 2014 and is well-known for its usage of a wide range of tools. 

Morphisec researcher Arnold Osipov stated in a blog post, "TA505 is most known for frequently changing the malware they use as well as driving global trends in malware distribution." 

While the MirrorBlast attack begins with a document attached to an email, it afterwards uses a Google feed proxy URL with a SharePoint and OneDrive trap that masquerades as a file-sharing request. When the user clicks the URL, they are sent to a hacked SharePoint site or a bogus OneDrive site. Both versions will take to the malicious Excel document. 

The sample MirrorBlast email demonstrates how the attackers are capitalising on company-issued data on COVID-related modifications to working conditions. Morphisec points out that due to compatibility issues with ActiveX components, the macro code can only be run on a 32-bit version of Office. The macro itself runs a JavaScript script meant to avoid sandboxing by determining if the computer is in administrator mode. The msiexec.exe process is then launched, which downloads and instals an MSI package. 

Morphisec discovered two MIS installation versions that employed legal scripting tools named KiXtart and REBOL. The KiXtart script transmits information about the victim's workstation to the attacker's command and control server, including the domain, computer name, user name, and process list. It then answers with a number indicating whether the Rebol version should be used. Morphisec states that the Rebol script leads to a remote access tool called FlawedGrace, which the group has previously utilised. 

Osipov added, "TA505 is one of many financially motivated threat groups currently active in the marketplace. They are also one of the most creative, as they have a tendency to constantly shift the attacks they leverage to achieve their goals." 

Google: Android Apps Must Provide Privacy Information By April 2022

 


Some days back Google has announced that the company is about to launch its Google Play ‘Safety Section’ feature that will provide information regarding the data collected and used by an Android app. Now Google has announced more details about the upcoming feature. 

Under the new policy app developers have to share the details — what information apps collect, how collected data is used, and what privacy/security features the apps utilize. The upcoming feature can be used in the first quarter of 2022, this feature will display on the app itself. 

With the feature, customers will be able to see all security-privacy relating information including what data is shared with third parties, whether an app uses data encryption, follows Google's Families policies, or whether it has been independently audited against global security standards. Following the announcement, Google will also provide the timeline to App developers — when they will be able to submit information, and when customers can see the Safety section, and it has also given the deadline for App developers to provide the info data. 

What is the timeline for App Developers? 

According to Google, the policy will take place in the first week of October 2021, the "App privacy & security" will display on an app's content page on Play Console. Then Developers will be able to attempt a questionnaire on data collection, security features, and the app's privacy policy. However, the whole procedure will complete in April 2022. 

What must be disclosed under this feature? 

• Encryption in transit 
• Deletion mechanism 
• Families policy 
• Independent security review and How data collected 

Some of the data types that app developers must disclose include personal information like user name, phone number, and email address, location data like users' approximate or precise location, financial info like user credit card number and bank account number, Health and fitness information, Storage like files and docs, emails or texts, audio files like sound recordings and music files, calendar information, App performance like crash logs and performance diagnostics, and Identifiers like device id.