#StopRansomware: MedusaLocker

by | Jun 30, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Summary

Actions to take today to mitigate cyber threats from ransomware:
• Prioritize remediating known exploited vulnerabilities.
• Train users to recognize and report phishing attempts.
• Enable and enforce multifactor authentication.

Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. The MedusaLocker actors encrypt the victim’s data and leave a ransom note with communication instructions in every folder containing an encrypted file. The note directs victims to provide ransomware payments to a specific Bitcoin wallet address. MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model based on the observed split of ransom payments. Typical RaaS models involve the ransomware developer and various affiliates that deploy the ransomware on victim systems. MedusaLocker ransomware payments appear to be consistently split between the affiliate, who receives 55 to 60 percent of the ransom; and the developer, who receives the remainder. 

Download the PDF version of this report: pdf, 633 kb

Technical Details

MedusaLocker ransomware actors most often gain access to victim devices through vulnerable Remote Desktop Protocol (RDP) configurations [T1133]. Actors also frequently use email phishing and spam email campaigns—directly attaching the ransomware to the email—as initial intrusion vectors [T1566].

MedusaLocker ransomware uses a batch file to execute PowerShell script invoke-ReflectivePEInjection [T1059.001]. This script propagates MedusaLocker throughout the network by editing the EnableLinkedConnections value within the infected machine’s registry, which then allows the infected machine to detect attached hosts and networks via Internet Control Message Protocol (ICMP) and to detect shared storage via Server Message Block (SMB) Protocol. 

MedusaLocker then: 

  • Restarts the LanmanWorkstation service, which allows registry edits to take effect. 
  • Kills the processes of well-known security, accounting, and forensic software. 
  • Restarts the machine in safe mode to avoid detection by security software [T1562.009].
  • Encrypts victim files with the AES-256 encryption algorithm; the resulting key is then encrypted with an RSA-2048 public key [T1486]. 
  • Runs every 60 seconds, encrypting all files except those critical to the functionality of the victim’s machine and those that have the designated encrypted file extension. 
  • Establishes persistence by copying an executable (svhost.exe or svhostt.exe) to the %APPDATA%Roaming directory and scheduling a task to run the ransomware every 15 minutes. 
  • Attempts to prevent standard recovery techniques by deleting local backups, disabling startup recovery options, and deleting shadow copies [T1490].

MedusaLocker actors place a ransom note into every folder containing a file with the victim’s encrypted data. The note outlines how to communicate with the MedusaLocker actors, typically providing victims one or more email address at which the actors can be reached. The size of MedusaLocker ransom demands appears to vary depending on the victim’s financial status as perceived by the actors. 

Indicators of Compromise

Encrypted File Extensions
.1btc .matlock20 .marlock02 .readinstructions
.bec .mylock .jpz.nz .marlock11
.cn .NET1 .key1 .fileslocked
.datalock .NZ .lock .lockfilesUS
.deadfilesgr .tyco .lockdata7 .rs
.faratak .uslockhh .lockfiles .tyco
.fileslock .zoomzoom .perfection .uslockhh
.marlock13 n.exe .Readinstruction .marlock08
.marlock25 nt_lock20 .READINSTRUCTION  
.marlock6 .marlock01 .ReadInstructions  
Ransom Note File Names
how_to_ recover_data.html  how_to_recover_data.html.marlock01
instructions.html  READINSTRUCTION.html 
!!!HOW_TO_DECRYPT!!! How_to_recovery.txt
readinstructions.html  readme_to_recover_files
recovery_instructions.html  HOW_TO_RECOVER_DATA.html
recovery_instruction.html  

 

Payment Wallets
14oxnsSc1LZ5M2cPZeQ9rFnXqEvPCnZikc 
1DRxUFhvJjGUdojCzMWSLmwx7Qxn79XbJq 
18wRbb94CjyTGkUp32ZM7krCYCB9MXUq42 
1AbRxRfP6yHePpi7jmDZkS4Mfpm1ZiatH5
1Edcufenw1BB4ni9UadJpQh9LVx9JGtKpP
1DyMbw6R9PbJqfUSDcK5729xQ57yJrE8BC 
184ZcAoxkvimvVZaj8jZFujC7EwR3BKWvf 
14oH2h12LvQ7BYBufcrY5vfKoCq2hTPoev
bc1qy34v0zv6wu0cugea5xjlxagsfwgunwkzc0xcjj
bc1q9jg45a039tn83jk2vhdpranty2y8tnpnrk9k5q
bc1qz3lmcw4k58n79wpzm550r5pkzxc2h8rwmmu6xm
1AereQUh8yjNPs9Wzeg1Le47dsqC8NNaNM
1DeNHM2eTqHp5AszTsUiS4WDHWkGc5UxHf
1HEDP3c3zPwiqUaYuWZ8gBFdAQQSa6sMGw
1HdgQM9bjX7u7vWJnfErY4MWGBQJi5mVWV
1nycdn9ebxht4tpspu4ehpjz9ghxlzipll
12xd6KrWVtgHEJHKPEfXwMVWuFK4k1FCUF
1HZHhdJ6VdwBLCFhdu7kDVZN9pb3BWeUED
1PormUgPR72yv2FRKSVY27U4ekWMKobWjg
14cATAzXwD7CQf35n8Ea5pKJPfhM6jEHak
1PopeZ4LNLanisswLndAJB1QntTF8hpLsD
Email Addresses
willyhill1960@tutanota[.]com  unlockfile@cock[.]li
zlo@keem[.]ne  unlockmeplease@airmail[.]cc 
zlo@keemail[.]me  unlockmeplease@protonmail[.]com 
zlo@tfwno[.]gf  willyhill1960@protonmail[.]com 
support@ypsotecs[.]com support@imfoodst[.]com 
Email Addresses
traceytevin@protonmail[.]com  support@itwgset[.]com
unlock_file@aol[.]com  support@novibmaker[.]com
unlock_file@outlook[.]com  support@securycasts[.]com 
support@exoprints[.]com rewmiller-1974@protonmail[.]com
support@exorints[.]com  rpd@keemail[.]me
support@fanbridges[.]com  soterissylla@wyseil[.]com 
support@faneridges[.]com support@careersill[.]com 
perfection@bestkoronavirus[.]com  karloskolorado@tutanota[.]com
pool1256@tutanota[.]com  kevynchaz@protonmail[.]com 
rapid@aaathats3as[.]com korona@bestkoronavirus[.]com
rescuer@tutanota[.]com lockPerfection@gmail[.]com
ithelp01@decorous[.]cyou lockperfection@gmail[.]com 
ithelp01@wholeness[.]business mulierfagus@rdhos[.]com
ithelp02@decorous[.]cyou [rescuer]@cock[.]li 
ithelp02@wholness[.]business 107btc@protonmail[.]com 
ithelpresotre@outlook[.]com 33btc@protonmail[.]com 
cmd@jitjat[.]org  777decoder777@protonmail[.]com
coronaviryz@gmail[.]com 777decoder777@tfwno[.]gf
dec_helper@dremno[.]com andrewmiller-1974@protonmail[.]com
dec_helper@excic[.]com  angelomartin-1980@protonmail[.]com
dec_restore@prontonmail[.]com  ballioverus@quocor[.]com
dec_restore1@outlook[.]com beacon@jitjat[.]org
bitcoin@sitesoutheat[.]com  beacon@msgsafe[.]io
briansalgado@protonmail[.]com best666decoder@tutanota[.]com 
bugervongir@outlook[.]com bitcoin@mobtouches[.]com 
best666decoder@protonmail[.]com  encrypt2020@outlook[.]com 
decoder83540@cock[.]li fast-help@inbox[.]lv
decra2019@gmail[.]com  fuc_ktheworld1448@outlook[.]com
diniaminius@winrof[.]com  fucktheworld1448@cock[.]li
dirhelp@keemail[.]me  gartaganisstuffback@gmail[.]com 
Email Addresses
emaila.elaich@iav.ac[.]ma gavingonzalez@protonmail[.]com
emd@jitjat[.]org gsupp@onionmail[.]org
encrypt2020@cock[.]li  gsupp@techmail[.]info
best666decoder@protonmail[.]com  helper@atacdi[.]com 
ithelp@decorous[.]cyou helper@buildingwin[.]com 
ithelp@decorous[.]cyoum helprestore@outlook[.]com
ithelp@wholeness[.]business helptorestore@outlook[.]com
TOR Addresses
http://gvlay6u4g53rxdi5.onion/6-iSm1B1Ehljh8HYuXGym4Xyu1WdwsR2Av-6tXiw1BImsqoLh7pd207Rl6XYoln7sId 
http://gvlay6u4g53rxdi5.onion/8-grp514hncgblilsjtd32hg6jtbyhlocr5pqjswxfgf2oragnl3pqno6fkqcimqin
http://gvlay6y4g53rxdi5.onion/21-8P4ZLCsMETPaLw9MkSlXJsNZWdHe0rxjt-XmBgZLWlm5ULGFCOJFuVdEymmxysofwu
http://gvlay6u4g53rxdi5.onion/2l-8P4ZLCsMTPaLw9MkSlXJsNZWdHeOrxjtE9lck1MuXPYo29daQys6gomZZXUImN7Z 
http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-DcaE9HeHywqSHvdcIwOndCS4PuWASX8g 
http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-kB4rQXGKyxGiLyw7YDsMKSBjyfdwcyxo
http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-bET6JbB9vEMZ7qYBPqUMCxOQExFx4iOi 
http://gvlay6u4g53rxdi5. onion/8-MO0Q7O97Hgxvm1YbD7OMnimImZJXEWaG-RbH4TvdwVTGQB3X6VOUOP3lgO6YOJEOW
http://gvlay6u4g53rxdi5.onion/8-gRp514hncgb1i1sjtD32hG6jTbUh1ocR-Uola2Fo30KTJvZX0otYZgTh5txmKwUNe 
http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-OWQwD1w1Td7hY7IGUUjxmHMoFSQW6blg 
http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-uGHwkkWCoUtBbZWN50sSS4Ds8RABkrKy 
http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-Tj3PRnQlpHc9OftRVDGAWUulvE80yZbc 
http://gvlay6u4g53rxdi5.onion/8-Ww5sCBhsL8eM4PeAgsfgfa9lrqa81r31-tDQRZCAUe4164X532j9Ky16IBN9StWTH 
http://gvlay6u4g53rxdi5.onion/21-wIq5kK9gGKiTmyups1U6fABj1VnXIYRB-I5xek6PG2EbWlPC7C1rXfsqJBlWlFFfY
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onion/leakdata/[REDACTED]

Disclaimer: Many of these observed IP addresses are several years old and have been historically linked to MedusaLocker ransomware. We recommend these IP addresses be investigated or vetted by organizations prior to taking action, such as blocking.

IP Address Last Observed
195.123.246.138 Nov-2021
138.124.186.221 Nov-2021
159.223.0.9 Nov-2021
45.146.164.141 Nov-2021
185.220.101.35 Nov-2021
185.220.100.249 Sep-2021
50.80.219.149 Sep-2021
185.220.101.146 Sep-2021
185.220.101.252 Sep-2021
179.60.150.97 Sep-2021
84.38.189.52 Sep-2021
94.232.43.63 Jul-2021
108.11.30.103 Apr-2021
194.61.55.94 Apr-2021
198.50.233.202 Apr-2021
40.92.90.105 Jan-2021
188.68.216.23 Dec-2020
87.251.75.71 Dec-2020
196.240.57.20 Oct-2020
198.0.198.5 Aug-2020
194.5.220.122 Mar-2020
194.5.250.124 Mar-2020
194.5.220.124 Mar-2020
104.210.72.161 Nov-2019

MITRE ATT&CK Techniques

MedusaLocker actors use the ATT&CK techniques listed in Table 1.

Table 1: MedusaLocker Actors ATT&CK Techniques for Enterprise

Initial Access
Technique Title ID Use
External Remote Services T1133 MedusaLocker actors gained access to victim devices through vulnerable RDP configurations.
Phishing T1566 MedusaLocker actors used phishing and spearphishing to obtain access to victims’ networks.
Execution
Technique Title ID Use
Command and Scripting Interpreter: PowerShell

T1059.001

 MedusaLocker actors may abuse PowerShell commands and scripts for execution.
Defense Evasion
Technique Title ID Use
Impair Defenses: Safe Mode Boot

T1562.009

 MedusaLocker actors may abuse Windows safe mode to disable endpoint defenses. Safe mode starts up the Windows operating system with a limited set of drivers and services.
Impact
Technique Title ID Use
Data Encrypted for Impact T1486 MedusaLocker actors encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
Inhibit System Recovery T1490 MedusaLocker actors may deny access to operating systems containing features that can help fix corrupted systems, such as backup catalog, volume shadow copies, and automatic repair.

Mitigations

  • Implement a recovery plan that maintains and retains multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, or the cloud).
  • Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization.
  • Regularly back up data and password protect backup copies stored offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Install, regularly update, and enable real time detection for antivirus software on all hosts.
  • Install updates for operating systems, software, and firmware as soon as possible.
  • Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
  • Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege. 
  • Disable unused ports.
  • Consider adding an email banner to emails received from outside your organization.
  • Disable hyperlinks in received emails.
  • Enforce multifactor authentication (MFA).
  • Use National Institute of Standards and Technology (NIST) standards for developing and managing password policies:
    • Use longer passwords consisting of at least 8 characters and no more than 64 characters in length.
    • Store passwords in hashed format using industry-recognized password managers.
    • Add password user “salts” to shared login credentials.
    • Avoid reusing passwords.
    • Implement multiple failed login attempt account lockouts.
    • Disable password “hints”.
    • Refrain from requiring password changes unless there is evidence of password compromise. Note: NIST guidance suggests favoring longer passwords and no longer require regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher.
    • Require administrator credentials to install software.
  • Only use secure networks; avoid using public Wi-Fi networks.
  • Consider installing and using a virtual private network (VPN) to establish secure remote connections.
  • Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities, such as ransomware and phishing scams.

 
Resources

  • Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
  • Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide
  • No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment

Reporting

  • To report an incident and request technical assistance, contact CISA at cisaservicedesk@cisa.dhs.gov or 888-282-0870, or FBI through a local field office. 
  • Financial Institutions must ensure compliance with any applicable Bank Secrecy Act requirements, including suspicious activity reporting obligations. Indicators of compromise (IOCs), such as suspicious email addresses, file names, hashes, domains, and IP addresses, can be provided under Item 44 of the Suspicious Activity Report (SAR) form. For more information on mandatory and voluntary reporting of cyber events via SARs, see FinCEN Advisory FIN-2016-A005, Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, October 25, 2016; and FinCEN Advisory FIN-2021-A004, Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, November 8, 2021, which updates FinCEN Advisory FIN-2020-A006.
  • The U.S. Department of State’s Rewards for Justice (RFJ) program offers a reward of up to $10 million for reports of foreign government malicious activity against U.S. critical infrastructure. See the RFJ website for more information and how to report information securely.

Contact Information

To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at www.fbi.gov/contact-us/field-offices. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To report incidents and anomalous activity or to request incident response resources or technical assistance related to this threat, contact CISA at report@cisa.gov.

Revisions

June 30, 2022: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.

Announcing the availability of Quick Access filters in Office app for Android

Announcing the availability of Quick Access filters in Office app for Android

by | Jun 30, 2022 | Technology

This article is contributed. See the original author and article here.

The Office Mobile team is excited to announce the availability of Quick Access filters in Office Mobile on Android phones and tablets! This feature can help you increase your productivity while customizing Office on your Android mobile device, so it works best for you.


 


Locate your content easily with Quick Access filters


 


We heard you! We know that you would like to navigate your Office app more efficiently, especially when it comes to accessing your content. Quick Access filters provide you with easy navigation and personalization options, helping you locate your content more quickly.


 


With Quick Access, you can utilize multiple filters to view different content types. Content-usage filters, such as, “RECENT”, “SHARED”, and “OPENED” help users find their content based on interactions, while content-type filters, such as, “WORD”, “EXCEL”, and “PDF” make it easier to filter by file type. Users can personalize their home screen by adding, removing, or organizing these filters for quick access.


 


How to get Quick Access filters in Office app for Android


 


If you don’t have the Office app, you can download it from the Google Play store. If you already have the Office app on your Android device, download the latest version. The next time the app is launched, you will immediately see a guided experience introducing you to this new feature.


 


To start using the new Quick Access filters experience in the Office app for Android, follow these steps:


 



  1. Open the Office app on your Android device and locate the Quick Access options at the top of your home screen.


An image demonstrating the Quick Access options available on the Office app home screen on an Android device.An image demonstrating the Quick Access options available on the Office app home screen on an Android device.


NOTE: These options have replaced the “Recent” and “Shared” options on the home screen.


 



  1. Tap on a Quick Access option to see filtered content based on the filter you choose. You can add or remove options on the Quick Access bar by tapping the […] More option at the end. 


An image demonstrating the additional options available when users click the "More" option on the Quick Access bar on the Office app home screen on an Android device.An image demonstrating the additional options available when users click the “More” option on the Quick Access bar on the Office app home screen on an Android device.


Availability


 


Quick Access for the Office app for Android has been rolled out worldwide and is available on app versions 16.0.5102.20000 and later. To learn more about Office app for Android, check out this helpful Microsoft Support article


   


Last but not the least, we are always listening to feedback from users. You can send us in-app feedback or leave us a comment below!


 


Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected! 

From Viva Sales to new Office experiences—here’s what’s new in Microsoft 365

From Viva Sales to new Office experiences—here’s what’s new in Microsoft 365

by | Jun 30, 2022 | Business, Microsoft 365, Microsoft Search, Technology

This article is contributed. See the original author and article here.

The ways we work have changed dramatically over the past several years, and those changes go so much further than whether work happens at home, in an office, or somewhere in between. In this collaboration-first world, every organization needs a digital fabric that binds people together—from the C-suite to the frontline, and across every role and function.

The post From Viva Sales to new Office experiences—here’s what’s new in Microsoft 365 appeared first on Microsoft 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Customers share their stories on migrating to Dynamics 365

Customers share their stories on migrating to Dynamics 365

by | Jun 30, 2022 | Dynamics 365, Microsoft 365, Technology

This article is contributed. See the original author and article here.

At some point, we’ve all experienced regret over not doing something.

Opportunity passes us due to our over analysis, indecision, and uncertainty. Even though we’ve all done this, we rarely seek the advice of others, thinking our situation is somehow unique or different.

This rationale is common among the on-premises organizations we speak to. They understand the benefits for moving to the cloud but chose to focus on all the reasons not toaging infrastructure, manual processes, and siloed data notwithstanding.

Hearing how others are approaching this critical technological evolution can be invaluable. Not to mention relatable. Here are a few customer stories we’ve collected; perhaps you might recognize yourself or the circumstances?

Discover other Dynamics AX and Dynamics CRM customer stories to learn about migration best practices and the benefits others are seeing in the cloud.

A small company with sizeable goals

Three teenagers playing soccer in a dirt field. There are apartment buildings and other people in the background.

Sonee Sports, is a small 28-year-old, family-run retail chain in the Maldives. The company moved its Microsoft Dynamics AX to Dynamics 365 in the cloud to streamline its resource planning, point of sale, and relationship management activities. Sonee Sports has grown from a single desk in a hardware store to 10 stores across the Maldives however, this growth didn’t come without challenges, particularly when it came to technology.

Maumoon Abdullah, Sonee Sports’s co-founder, has long advocated for using technology to understand, retain, and engage new customers. “In 2016, we had a customer churn rate of 10 percentnot good. We knew that technology was key to keeping our business afloat,” Abdullah said. However, their previous enterprise resource planning (ERP) took hours to generate reports, the data was inaccurate, so decision makers stopped using it. In time, Sonee Sports realized it had to move its entire business to the cloud.

With help from Mumbai-based CloudFronts, a Microsoft Partner Network partner, Sonee Sports upgraded to Microsoft Dynamics 365, deployed Microsoft Power BI for analytics, and rolled out a cloud-based e-commerce system. “We needed an all-around ERP system that was reliable, easy to use, and mobile-friendly and that offered a host of options for accessing information. Dynamics 365 Retail fits these criteria very well.” Abdullah says. 

With this setup, Sonee Sports has cut its IT maintenance costs by 38 percent and improved customer retention by over 8 percent.

“With Dynamics 365, we finally have the data we need to understand our customers.” Abdullah says. “The value of this is priceless.”

Read more about Sonee Sport’s migration to Dynamics 365.

A growing city with changing needs

Bird's eye-view of urban cityscape including various size buildings.

It can be easy to forget that cities are a lot like corporationsthey provide services to their “customers,” often relying on technology to deliver the goods.

Bristol is a diverse city in southwest England, with more than 90 languages spoken and a population of just over 463,000. Bristol City Council is the unitary authority and is responsible for a wide range of services including taxation, waste management, education, etc. Like many struggling municipalities, Bristol City Council felt it could no longer rely on its IT system to meet day-to-day demands of the city. Its systems weren’t agile or mobile-friendly and lacked a unified platform to support collaboration or leverage data insights.

“The council was historically, deeply dissatisfied with its IT systems and processes.” says Simon Oliver, Director of Digital Transformation at Bristol City Council. 

Bristol City Council realized the only way forward was to modernize its Dynamics CRM 2016 instance to Dynamics 365, which would improve efficiency and collaboration. Moving, however, was a significant undertaking, involving migrating 54 workloads and orchestrating nearly 500 ecosystem partners, and staff.

Built on Microsoft Azure, with Microsoft Power Platform and Office 365, Bristol City Council deployed Dynamics 365 alongside toolsets to increase productivity. “Working with Microsoft has given us an opportunity to look at our entire approach to delivering IT services, to reshape our way of thinking and the culture of the IT department,” explains Oliver. 

Read more about the Bristol City Council transformation.

An industry leader looking to drive purpose

Australian subdivision including houses, landscaped area with trees, and football (soccer) court.

Peet Limited, a leader in Australia’s property industry, believes in helping people gain peace of mind through property ownership. And their commitment to IT innovation has enabled them to remain competitive through market disruptions.

As part of its ongoing mission to offer quality service, the company partnered with Microsoft to upgrade its IT systems and move critical line-of-business applications to the cloud. Justyn Bridge, IT Manager at Peet Limited, explained, “Microsoft 365 is a complete, intelligent solution…it empowers Peet employees to be creative and work together.” Peet Limited had confidence in Microsoft because the organization was already using both Dynamics CRM and Dynamics AX, for its customer relationship management (CRM) and ERP, respectively.

Peet Limited designed its cloud strategy around security with the goal of end-to-end protection in mind; for them, security promoted value. Bridge explains that one of the best benefits of using Microsoft 365 is having a “single pane of glass” to view Peet Limited’s security landscape. Using Microsoft’s Advanced Threat Analytics, Peet Limited had a succinct, real-time view of an attack timeline with the ability to analyze and identify normal versus suspicious user or device behavior.

Considering the project, Bridge notes, “We sought better end-to-end protection, and Microsoft 365 gave us that. Our business has gained security in both protection and mindset.”

Read more about Peet Limited’s story.

When you’re ready to migrate, Microsoft is here to help

We all have stories that define us. Organizations are no different. Whether you’re looking to grow your footprint, improve services, or modernize your underlying technology, the Microsoft Cloud can meet your changing needs. While migrating to the cloud should be a business priority, the experiences above illustrate the importance of planning. When you’re ready to migrate your on-premises solution to the cloud, Microsoft is here to support your journey.

Learn from the other Dynamics AX and Dynamics CRM migration stories in our library. Visit the Dynamics 365 Migration Community to access partner discovery resources and other assets to help you migrate with confidence.

The post Customers share their stories on migrating to Dynamics 365 appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Help us shape our products for Government organizations

by | Jun 29, 2022 | Technology

This article is contributed. See the original author and article here.

Microsoft is looking to understand employee experience sentiment in government organizations. Fill out our quick poll question below to help shape our products! Microsoft would love to hear from you! Which answer best fits you?


 


https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR0Hi6pBULXhKuqk2vjrgjgxUMlZFVVBTV0RNSDNSTVNDWkFGNkpaMk5VVi4u&embed=true


 


* Please take a few minutes to complete our survey. Please ensure you are authorized to provide this information and not violating any company policies. Your responses will be kept confidential with restricted access. For more information, see the Microsoft Privacy Statement. If you have questions about this survey, please contact TechCommunity@microsoft.com 

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

by | Jun 29, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird 91.11 and 102 and apply the necessary updates.

OneDrive Roadmap Roundup Q2 CY2022

OneDrive Roadmap Roundup Q2 CY2022

by | Jun 28, 2022 | Technology

This article is contributed. See the original author and article here.

The OneDrive team is excited to share all the recent OneDrive updates and feature releases we’ve released between April and June 2022. We’re continuing to do everything we can to provide you with a seamless experience for accessing and sharing files with your teammates and external colleagues, to keep you productive in this new world of hybrid work.


Here are the OneDrive features we’ve released in full or in preview in Q2 of 2022:


 


April 2022


 


Easily navigate to all your Teams files from OneDrive (88912)


In OneDrive, we are adding a “Your Teams” section to the “More Places” page to allow you to easily find and work with all your files in Teams.


 


Your Teams.png


 


Deleting large folders (88979)


To help you keep your workspace uncluttered, we’ve added the ability for you to delete large folders (with up to 10,000 items) at one time. This means that when you’re finished with a project, you can quickly remove all the files you no longer need from your OneDrive and SharePoint libraries.  


 


Microsoft Stream: Comment on a video or audio file in SharePoint and OneDrive (88521 )


Now, users with view permissions can leave comments in video or audio files. This can be helpful when collaborating on files to share with a larger audience, or for addressing questions of people who were unable to attend a call or meeting.


 


May 2022


 


Shift between work and personal files in OneDrive 


We’ve made it simpler for you to switch between your professional and personal OneDrive accounts, or even between separate professional accounts you might maintain for multiple clients if you’re a consultant or freelancer. By selecting your profile picture at the top right of the OneDrive page, you’ll see a list of all your Microsoft accounts, or the option to add a new one.


 


OneDriveWebAccountSwitching (1).gif


 


 


Quickly switch between document libraries


We’ve added a dropdown to OneDrive and SharePoint that lets you easily switch between multiple document libraries associated with a Teams team or a SharePoint Site. You can easily select the Dropdown library icon to switch between document libraries.


 


doclib dropdown.png


 


Pin important files to Quick Access


To easily find and access the places where you regularly work, you can pin shared libraries to the Quick Access section in the left nav of OneDrive. Pinning a document library adds it to the top of the Quick Access section. You can also un-pin document libraries from the Quick Access section.


 


quick access.gif


 


June 2022


 


File browsing in Teams


Now when you browse to a Teams channel and click the Files tab at the top, this experience will be powered by OneDrive. For example, you’ll be able to leverage familiar controls to easily move or copy your file to another library within Microsoft Teams.
You can also switch between document libraries associated with specific Teams channels (standard or private) directly in Microsoft Teams and access your files as you would directly in OneDrive and SharePoint.


AnkitaKirti_1-1656436922941.png


 


Add to OneDrive in Teams


You can now use Add shortcut to OneDrive in Teams to give yourself quick access in OneDrive to the Teams files you work with most frequently. Any changes that occur in Teams are also synced, so your files are also up to date. This feature helps you keep all your files organized in one place, no matter where they are stored.


OneDrive and SharePoint: Access your Teams standard and private channel files (88911)


When you navigate to a site in SharePoint or OneDrive, you’ll be able to access the files stored in the Teams standard and private channels associated with that site.


 


AnkitaKirti_0-1656435478699.png


 


 


OneDrive Sync Admin reports for macOS in Public Preview (81982)


OneDrive Sync Admin Reports for macOS give you more visibility into who in your organization is running the OneDrive Sync client on macOS and any errors they might be experiencing. When you open the OneDrive Sync health dashboard, you’ll see an executive summary of what’s going on with OneDrive Sync in your organization. On the left, you can see how many devices have at least one sync error. In the middle, you can see at a glance what percentage of the devices in your organization have known folders OneDrive is helping to protect. You can see what percentage of devices have the Desktop and Documents folders syncing with OneDrive, which have only one  and which have not opted in to sync those folders at all, meaning if something were to happen to those devices, all the contents of those folders would be lost. On the right, you can see how many devices are running on the current version of OneDrive, meaning they have all the latest and greatest fixes and features from Microsoft.


 


Sync health dashboardSync health dashboard


 


Rename shortcuts (93279)


We’ve added the ability to rename shortcuts you’ve added using the “Add to OneDrive” feature within OneDrive web.


 


Access your Teams standard and private channel files (88911)


When you navigate to a site in SharePoint or OneDrive, you’ll be able to access the files stored in the Teams standard and private channels associated with that site.


 


AnkitaKirti_0-1656436661440.png


 


Microsoft Stream Generate captions for a video uploaded to SharePoint and OneDrive for GCC and GCC High (85644)


Users with edit permissions to a video file uploaded to SharePoint and OneDrive can click a button in the player to generate closed captions in English.


 


OneDrive File Picker v8


The OneDrive File Picker lets you connect your custom web apps to content stored in OneDrive (both the commercial and business versions) and SharePoint. With File Picker v8, you can integrate directly with the Microsoft 365 service, saving you complexity and time during the development phase and providing your users with the same rich, familiar user experience of OneDrive or SharePoint. Users who are already logged into Microsoft 365 can seamlessly access files and content through your web app, without having to log into the Microsoft 365 account a second time.


 


File picker v8 experienceFile picker v8 experience


 


 


Learn more..


We hope you’re as excited as we are about these new features. Join us for a free webinar tomorrow to learn more about these innovations.


Register here: What’s new in OneDrive: Q2 roadmap roundup


 


FVTU--4XEAAN5Yl.jpg


 


We continue to evolve OneDrive as a place to access, share, and collaborate on all your files in Office 365, keeping them protected and readily accessible on all your devices, anywhere.


You can stay up-to-date on all things via the OneDrive Blog and the OneDrive release notes.


Check out the new and updated OneDrive documentation.


Take advantage of end-user training resources on our Office support center.


Thank you again for your support of OneDrive. We look forward to your continued feedback and hope to connect with you at another upcoming Microsoft or community-led event.


 


Thanks,


Ankita

2022 CWE Top 25 Most Dangerous Software Weaknesses

by | Jun 28, 2022 | Security, Technology

This article is contributed. See the original author and article here.

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list also incorporates updated weakness data for recent Common Vulnerabilities and Exposure records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog.

CISA encourages users and administrators to review the 2022 CWE Top 25 Most Dangerous Software Weaknesses and evaluate recommended mitigations to determine those most suitable to adopt.