This article is contributed. See the original author and article here.
This month, we’re adding new capabilities to make everyone more comfortable in meetings, feel empowered in the diverse hybrid workplace, and be able to switch devices more easily.
This article is contributed. See the original author and article here.
Notification
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
This document is marked TLP:WHITE–Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.
Summary
Description
CISA received six files for analysis: five 32-bit Dynamic-link Library (DLL) files and one 32-bit executable file. These files have been identified as IsaacWiper and HermeticWizard. During analysis of HermeticWizard, another file was dropped and identified as HermeticWiper. The submitted files are designed to spread laterally through a network via Server Message Block (SMB) and Windows Management Instrumentation (WMI). These files attempt to overwrite the first 65536 bytes of data contained on the C: drive as well as any attached storage disks in order to render them useless to the victim user. The malware also creates a file and continuously writes to it until the disk runs out of free space and crashes. Upon reboot, the machine is no longer operable.
This application is a 32-bit DLL and has been identified as HermeticWizard. A filename is generated for the malware using the string ‘c%02X%02X%02X%02X%02X%02X’, which will create a random set of 12 characters, 6 hex bytes beginning with ‘c’. The purpose of the DLL is to spread to other machines over the SMB protocol to the Admin Share (IPC$). The malware attempts to authenticate through SMB using a set of hard-coded usernames and passwords.
–Begin Usernames– guest test admin user root administrator manager operator –End Usernames–
This is a 32-bit DLL file. This DLL spreads laterally through the network via the WMI protocol. The malware copies a file over to the target machine for execution. This copied filename is generated using the string ‘c%02X%02X%02X%02X%02X%02X’ which will create a random set of 12 characters, 6 hex bytes beginning with ‘c’. The copied file has been identified as HermeticWizard. The malware identifies a running process with a desired authority and uses the token for impersonation to create a new process and service to launch the copied file.
This is a 32-bit DLL and has been identified as HermeticWizard. The original filename for the DLL is Wizard.dll. It is designed to use the command-line parameters below for execution:
At runtime, it attempts to detect all active hosts on the victim’s network. It is capable of moving laterally across the network by actively scanning ranges of reachable IP version 4 addresses and ports. It is designed to create and connect to multiple name pipes.
Displayed below are the list of port numbers it attempts to connect to.
–Begin port numbers– 20 21 22 80 135 137 139 443 445 –End port numbers–
Once an active host (system) is found, it attempts to execute the command-line below to move to the reachable machine:
–Begin command– “C:WindowsSystem32rundll32.exe %current directory%<6 randomly generated alphanumerical characters>.ocx #1 -s <path to Wizard.dll> – i <reachable system IP address>” –End command–
It executes the file <6 randomly generated alphanumerical characters>.ocx binary to wipe the drive. This OLE Control Extension (OCX) file has been identified as HermeticWiper. The SHA256 of the OCX file is 0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da. Note: Analysis of this file is included in MAR-10375867.r1.v1.WHITE.
Screenshots
Figure 4 – This screenshot shows the functionalities used to perform local network enumeration.
Cleaner.dll is a 32-bit DLL which has been identified as a variant of the IsaacWiper. It attempts to overwrite the first 65536 bytes of data on the C: drive and on attached storage disks in order to render them useless to the victim user. The malware also overwrites the victim user’s files so they cannot be recovered. The data used to overwrite the disk drives and user files is random data that is generated via the Mersenne Twister algorithm.
Cleaner.dll also attempts to create a directory in the root directory of attached storage disks. The malware will then create a file within this newly created directory and attempt to fill it with random data, generated via the Mersenne Twister algorithm, in an effort to fill the drive up as another destructive method of rendering the storage device unusable to the victim user. The name of the folder created will begin with the letters “Tmd” and the remaining part of the folder name will be randomly generated alphanumerical characters. The filename created will begin with the letters “Tmf” and the remaining part of the filename will be randomly generated alphanumerical characters. Displayed below is the format of the file installed:
Analysis indicates that the application fails to execute if the above tmp file already exists on the victim’s machine.
Screenshots
Figure 5 – This screenshot illustrates the malware overwriting the first 65536 bytes of the C: drive, or attached storage disk, using random encrypted data generated via the Mersenne Twister algorithm.
Figure 6 – This screenshot illustrates a sample file created by the malware. This malware will write random encrypted data to this file until the C: drive and attached storage devices runs out of space. This is just one method the malware utilizes in an attempt to corrupt the victim user’s machine.
Cleaner.exe is a 32-bit executable file (EXE) which has been identified as another variant of the IsaacWiper. It can be executed immediately or has a sleep function for 15 minutes. When executed, it attempts to overwrite the first 65536 bytes of data contained on the C: drive and on attached storage disks in order to render them useless to the victim user. The malware also overwrites the victim user’s files so they cannot be recovered. The data used to overwrite the disk drives and user files is random data that is generated via the Mersenne Twister algorithm.
Cleaner.exe also attempts to create a directory in the root directory of attached storage disks. The malware will then create a file within this newly created directory and attempt to fill it with random data, generated via the Mersenne Twister algorithm, in an effort to fill the drive up as another destructive method of rendering the storage device unusable to the victim user. The name of the folder created will begin with the letters “Tmd” and the remaining part of the folder name will be randomly generated alphanumerical characters. The filename created will begin with the letters “Tmf” and the remaining part of the filename will be randomly generated alphanumerical characters. Displayed below is the format of the file installed:
Analysis indicates that the application fails to execute if the above tmp file already exists on the victim’s machine.
Screenshots
Figure 7 – This screenshot illustrates the malware overwriting the first 65536 bytes of the C: drive, or attached storage disk, using random encrypted data generated via the Mersenne Twister algorithm.
Figure 8 – This screenshot illustrates a sample file created by the malware. This malware will write random encrypted data to this file until the C: drive and attached storage devices runs out of space. This is just one method the malware utilizes in an attempt to corrupt the victim user’s machine.
Figure 9 – This screenshot show the executable’s sleep function.
This application is a 32-bit DLL which has been identified as another variant of the IsaacWiper. It attempts to overwrite the first 65536 bytes of data on the C: drive and on attached storage disks in order to render them useless to the victim user. The malware also overwrites the victim user’s files so they cannot be recovered. The data used to overwrite the disk drives and user files is random encrypted data that is generated via the Mersenne Twister algorithm.
The malware also attempts to create a directory in the root directory of attached storage disks. The malware will then create a file within this newly created directory and attempt to fill it with random encrypted data, generated via the Mersenne Twister algorithm, in an effort to fill the drive up as another destructive method of rendering the storage device unusable to the victim user. The name of the folder created will begin with the letters “Tmd” and the remaining part of the folder name will be random. The filename created will begin with the letters “Tmf” and the remaining part of the folder name will be random.
This malware creates a log file in the location C:ProgramDatalog.txt. This file logs the malware’s process of systematically corrupting the victim user storage disks. Illustrated below is sample data the malware recorded to its log file during runtime:
–Begin log.txt Data–
getting drives…
physical drives: — system physical drive 0: PhysicalDrive0
system physical drive — FAILED start erasing system logical drive C:
–End log.txt Data–
Screenshots
Figure 10 – This screenshot illustrates the malware logging the beginning of its attempt to corrupt the victim user’s storage device. This log data will be recorded within the log file named log.txt.
Figure 11 – This screenshot illustrates the malware overwriting the first 65536 bytes of an attached storage disk using random encrypted data generated via the Mersenne Twister algorithm.
Figure 12 – This screenshot illustrates a sample file created by the malware. This malware will write random encrypted data to this file until the C: drive and attached storage devices runs out of space. This is just one method the malware utilizes in an attempt to corrupt the victim user’s machine.
CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.
Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, “Guide to Malware Incident Prevention & Handling for Desktops and Laptops”.
Contact Information
CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.cisa.gov/forms/feedback/
Document FAQ
What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or CISA Service Desk.
Can I submit malware to CISA? Malware samples can be submitted via three methods:
CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA’s homepage at www.cisa.gov.
This article is contributed. See the original author and article here.
Google has released Chrome version 101.0.4951.41 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
This article is contributed. See the original author and article here.
CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.
CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity.
This article is contributed. See the original author and article here.
Notification
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
This document is marked TLP:WHITE–Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.
Summary
Description
CISA received one unique file for analysis. This file is a malicious 32-bit Windows Portable Executable (PE). During runtime, this malware attempts to overwrite the victim user’s files with null bytes. The malware also attempts to overwrite the Master Boot Record of attached drives with null bytes, thereby corrupting them and rendering it impossible for the victim to access the victim’s stored data.
This file is a 32 bit Windows PE that has been identified as a variant of the malware family known as Caddy Wiper. Static analysis of this application indicates its primary purpose is to destroy victim user data. First the malware attempts to enumerate all files in the directory “C:Users”. The malware will then attempt to recursively overwrite files that it can access in this directory with null bytes, effectively “zeroing” the files out.
The malware will then attempt to access drives attached to the target system, starting with the drive “D:”, and recursively “zero” out all the files it can access on those drives too. Finally, the malware attempts to use the API DeviceIoControl to directly access the physical memory of attached drives. If it is able to access these drives, the malware will zero out the first 1920 bytes of the physical drives, effectively wiping its Master Boot Record and corrupting the drive.
Screenshots
Figure 1. – This screenshot illustrates the main structure of the malware. As illustrated, the malware’s main purpose is to recursively overwrite victim user’s files and physical drives with null bytes.
Figure 2. – Structure that malware uses to build null buffer. This buffer is utilized to overwrite the victim user’s target files.
Figure 3. – Malware trying to zero out .PHYSICALDRIVE7
Figure 4. – Malware trying to zero out .PHYSICALDRIVE4
Figure 5. – Malware trying to zero out .PHYSICALDRIVE3
Figure 6. – Malware attempting to zero out first 1920 bytes of a physical drive attached to the target system.
Recommendations
CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.
Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, “Guide to Malware Incident Prevention & Handling for Desktops and Laptops”.
Contact Information
CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.cisa.gov/forms/feedback/
Document FAQ
What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or CISA Service Desk.
Can I submit malware to CISA? Malware samples can be submitted via three methods:
CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA’s homepage at www.cisa.gov.
This article is contributed. See the original author and article here.
On March 15, Synaptiq and Microsoft issued a press release announcing a new Machine Vision pilot program for hospitals. In collaboration with Microsoft, Synaptiq built a demo solution to proactively inform care teams of potential Central Line dressing compliance issues.
The pilot program is designed to help reduce preventable injuries from hospital-borne Central Line-Associated Bloodstream Infections (CLABSIs) and improve speed of care and patient outcomes. It also helps providers standardize care for new and existing staff, identify education opportunities, and decrease documentation time.
According to the NIH, CLABSIs are largely preventable infections that occur in more than 400,000 patients annually in the United States alone, resulting in over 28,000 deaths and costing U.S. hospitals $2 billion. A key piece of preventing CLABSIs is maintaining Central Line dressings as clean and intact as possible.
Machine vision is a type of artificial intelligence (AI) that enables computers to derive information from visual inputs. It is able to collect more precise visual data than human vision ever could, and uses processing power to analyze the visual data faster and more thoroughly than the human mind.
Because visual cues play such a vital role in ensuring patient safety and preventing CLABSIs, machine vision has the potential to exponentially enhance care teams’ ability to recognize and respond to possible infections – before the human eye can even detect a problem is present.
I am truly excited to provide our Voices of Healthcare viewers with a first-look at this incredibly important pilot. I had the opportunity to assist in building the demo solution alongside Synaptiq and cannot wait to see how it helps save many, many lives in the years to come.
For this session on May 11, 2022, Synaptiq’s CEO Stephen Sklarew and Mariana Gattegno, Quality and Patient Safety consultant at Volpini Solutions LLC, will discuss the current status of Central Line dressing maintenance in hospitals today, review the pilot program details, and demo the solution. They will also answer questions and discuss how hospitals joining this effort will benefit.
Synaptiq’s solution to assess Central Line dressings using Microsoft Technologies
Synaptiq’s Machine Vision Pilot Program for Central Line Dressing Maintenance is an example of how Microsoft Cloud for Healthcare can rapidly deliver a machine vision application that works seamlessly with care teams to help provide superior patient experiences.
We see many benefits, such as:
Hospitals in the pilot program will have an exclusive early adopter opportunity to test the solution first-hand, and their care teams will be able to help design the future solution that best meets their needs.
It is powered by Microsoft Cloud for Healthcare and leverages many Microsoft technologies that are already licensed by most major hospital systems in the United States.
There are three applications that are part of the solution that support this process: The Central Line Assessment app (Microsoft PowerApps); CLABSI Prevention Team (Microsoft Teams); and Central Line Maintenance dashboard (Microsoft Power BI)
The Central Line Assessment app runs on a smartphone for convenient bedside access and is used to capture and analyze photos of patients’ dressings. If a potential compliance issue is identified, the care team is alerted to take action. Over time, data from the provider’s electronic medical record (EMR) system accumulates information from the Central Line Assessment app and the patient’s medical record, and the Central Line Maintenance dashboard provides canned reports and ad hoc analysis capabilities to identify trends.
Most importantly, Synaptiq’s Pilot Program for this solution is an example of how Microsoft Cloud for Healthcare can rapidly deliver a machine vision application that works seamlessly with care teams to help provide superior patient experience – and help save lives.
Come join us to hear how this hospital pilot program will work and how your organization can get involved.
This session will be on May 11th at 11:00 PT / 12:00 MT/ 1:00 CT / 2:00 ET
As always, we will record the session and post the recording afterward for future consumption. We have a new landing page for this series, so favorite or follow https://aka.ms/VoicesofHealthcareCloud to make sure you never miss a future session.
Please follow the aka.ms/HLSBlog for all this great content.
This article is contributed. See the original author and article here.
Healthcare providers around the world are accelerating their digital journey and embracing secure solutions that empower health team collaboration and boost clinician productivity. Embracing mixed realitya set of technologies that superimposes digital data and images in the physical worldbrings new opportunities for healthcare providers to work together more effectively, optimize operations, and accelerate learning all while improving patient care.
With HoloLens 2 and mixed reality, health professionals can connect with remote experts, and call up patient data and go beyond x-rays to consult Magnetic Resonance Imaging (MRI) images in 3D at the point of care. Microsoft’s comprehensive ecosystem of mixed reality solutions, including Microsoft HoloLens 2, Microsoft Dynamics 365 Remote Assist, and Microsoft Dynamics 365 Guides, empower teams to cooperate more effectively and reduce time-to-care.
The benefits of adopting mixed reality in healthcare are significant. According to the commissioned Total Economic Impact of Mixed Reality Using Microsoft HoloLens 2 (“HoloLens 2 TEI study”), Forrester found that healthcare organizations experienced the following benefits:
Improved efficiency to complete ward rounds by 30 percent at an average savings of $41 per hour.
Reduced training time by 30 percent, at an average savings of $63 per labor hour.
Reduced average annual PPE costs by 75 percent, saving $954 per employee.
Forrester also estimates an ROI of 177 percent and a net present value of $7.6 million over three years with a payback of 13 months with HoloLens 2 and mixed reality.
Adapt to the speed of change and improve clinical operations
Dynamics 365 mixed reality on HoloLens 2 is enabling healthcare providers to train medical staff more effectively and efficiently with holographic step-by-step guidance. Dynamics 365 Guides on HoloLens 2 enables medical institutions to provide continuous learning and widespread knowledge sharing while removing the need for subject matter experts to be physically present. Simply use your PC and the HoloLens app to author instructions and easily place 2D and 3D content in the real-world environment, showing users how and where to complete tasks.
Dynamics 365 Guides on HoloLens 2 empowers doctors, nurses, and technicians to train and to practice using hands-on, simulated learningensuring the entire organization keeps pace with the technological advances in science and technology. According to the HoloLens 2 TEI study, Healthcare providers reduced 80 hours of training time by 30 percent, at an average savings of $63 per labor hour.
When the pandemic hit, like many hospitals, Sheba Medical Center, a comprehensive hospital in the Middle East, sought solutions that would allow it to scale its workforce and expedite task shifting. With Dynamics 365 Guides on HoloLens 2, Sheba Medical Center deployed a self-serve training solution that supported staff to learn to operate physical ventilators quickly and easily. With holographic instructions overlaid in their physical environment, hospital staff were able to walk through a guided training simulation proficiently and successfully without requiring a supervisor. As a result, Sheba Medical Center was able to expedite task shifting across medical staff and meet staffing demands, enabling over 60 members of its staff to learn how to operate new devices in just 20 minutes.
“One of the key advantages of the technology is that it works on several layers of the brain you hear it talk, see the presentation in front of you, and also physically touch the ventilator. The more senses involved simultaneously, the better the brain can recall. I ‘tested’ myself later to check what my brain remembered, and it was incredible. It also gave me a sense of empowerment that I can learn and embrace new technologies.”Shiraz Shushan, Neonatal Intensive Care Unit (NICU) nurse, Sheba Medical Center. Learn more about how Sheba Medical Center optimized staff training.
Empower care teams to collaborate effectively and securely from anywhere
Multidisciplinary care teams encompassing specialized clinicians, clinical staff, and healthcare administrators often span multiple hospitals or locations, adding time, cost, and complexity to patient care. Enable care teams to collaborate remotely and conduct virtual patient consultations with real-time spatial information to accelerate diagnoses and reduce time-to-treatment with HoloLens 2 and Dynamics 365 mixed reality solutions.
Using Dynamics 365 mixed reality solutions on HoloLens 2, medical staff can consult colleagues’ heads-up, hands-free through an interactive collaborative experience from anywhere in the world. Additionally, healthcare providers can improve access and care delivery to aging and underserved populations with remote assisted care consultations. These remote consultations also lead to major cost savingsthe HoloLens 2 TEI study shows that healthcare providers reduced ward round time by 30 percent saving $41 per hour.
Each year, Imperial College Healthcare NHS Trust provides acute and specialist healthcare in northwest London for over a million and a half people. Like many healthcare providers around the world, when the COVID-19 pandemic started, Imperial College Healthcare NHS Trust rapidly began to redeploy and retrain its staff while at the same time coping with an increasing number of affected patients. With Dynamics 365 Remote Assist on HoloLens 2, Imperial College Healthcare NHS Trust was able to successfully conduct virtual ward rounds and treat very ill patients while limiting staff exposure to the deadly virus. Imperial College Healthcare NHS Trust reduced ward rounds from four doctors to one doctor by holding video calls with colleagues and experts from anywhere in the world heads-up, hands free. Doctors were also able to simultaneously access patient data such as medical notes, X-rays, and MRIs to effectively treat patients.
“What it means is that you have all the information, all the specialist care you need at the patient’s bedside there and then and it’s all in one headset.”Dr. James Kinross, consultant surgeon and senior lecturer, Imperial College Healthcare NHS Trust. Learn more about how Imperial College NHS Trust enabled virtual ward rounds.
Preparing the next generation of healthcare professionals while reducing costs
According to World Health Organization (WHO), to achieve the goal of universal health coverage by 2030, the world needs nine million more nurses and midwives.2 Dynamics 365 mixed reality and HoloLens 2 are advancing the learning of nurses and removing location barriers of in-person training while reducing costs.
Dynamics 365 Guides on HoloLens 2 enables healthcare providers and institutions to enhance the upskilling of nurses and reduce PPE costs with continuous, hands-on learning experiences remotely. Instructors and supervisors can track and monitor student and faculty progress with Power BI dashboards that pull in real-time performance data to maximize participant development and identify areas for operational improvements. The HoloLens TEI study reports that healthcare providers reduced annual PPE costs by 75 percent, saving $954 per employee.
The pandemic disrupted the operations of institutions around the world casting a clear gap in the effectiveness of hybrid learning tools. The School of Nursing at the University of Michigan (the University) turned to Dynamics 365 Guides on HoloLens 2 to support hybrid learning because of its ability to provide hands-on skills to nursing students remotely. The University piloted a program allowing students to conduct simulated, repeatable augmented medical procedures one step at a time. Dynamics 365 Guides on HoloLens 2 enabled students to follow the guided training heads-up, hands-free and simultaneously perform the procedures on mannequins. The University is continuing to develop and scale the program for more advanced nursing procedures.
“Once we were introduced to HoloLens 2 we learned about Dynamics 365 Guides, and it was pretty exciting because we realized that we could use the guides to create training tools to teach the nursing students how to do these necessary, rudimentary, required skills, and procedures that they have to do in order to move to the next level and go out and practice.”Deborah Lee, clinical assistant professor, School of Nursing at the University of Michigan. Learn more about how University is transforming nursing education.
Next steps
Our customer evidence stories, in addition to the material ROI showcased above, demonstrate that Microsoft offers not only innovative results, but long-term and sustainable solutions for healthcare organizations and beyond.
Request a Dynamics 365 Mixed Reality demo on Microsoft HoloLens 2. Book an appointment with our Microsoft Stores team today. Select ‘Other’ under Choose topic and reference HoloLens 2 demo in “What can we help with”.
This article is contributed. See the original author and article here.
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.
Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.
To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.
Top 15 Routinely Exploited Vulnerabilities
Table 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include:
CVE-2021-44228. This vulnerability, known as Log4Shell, affects Apache’s Log4j library, an open-source logging framework. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows a cyber actor to take full control over the system. The actor can then steal information, launch ransomware, or conduct other malicious activity.[1] Log4j is incorporated into thousands of products worldwide. This vulnerability was disclosed in December 2021; the rapid widespread exploitation of this vulnerability demonstrates the ability of malicious actors to quickly weaponize known vulnerabilities and target organizations before they patch.
CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065. These vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination (i.e., “vulnerability chaining”) allows an unauthenticated cyber actor to execute arbitrary code on vulnerable Exchange Servers, which, in turn, enables the actor to gain persistent access to files and mailboxes on the servers, as well as to credentials stored on the servers. Successful exploitation may additionally enable the cyber actor to compromise trust and identity in a vulnerable network.
CVE-2021-34523, CVE-2021-34473, CVE-2021-31207. These vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft’s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers.
CVE-2021-26084. This vulnerability, affecting Atlassian Confluence Server and Data Center, could enable an unauthenticated actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a POC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021.
Three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021
Additional Routinely Exploited Vulnerabilities
In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021.
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.
Table 2: Additional Routinely Exploited Vulnerabilities in 2021
Vulnerability and Configuration Management
Update software, operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching known exploited vulnerabilities, especially those CVEs identified in this CSA, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. For patch information on CVEs identified in this CSA, refer to the appendix.
If a patch for a known exploited or critical vulnerability cannot be quickly applied, implement vendor-approved workarounds.
Use a centralized patch management system.
Replace end-of-life software, i.e., software that is no longer supported by the vendor. For example, Accellion FTA was retired in April 2021.
Organizations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs). Reputable MSPs can patch applications—such as webmail, file storage, file sharing, and chat and other employee collaboration tools—for their customers. However, as MSPs and CSPs expand their client organization’s attack surface and may introduce unanticipated risks, organizations should proactively collaborate with their MSPs and CSPs to jointly reduce that risk. For more information and guidance, see the following resources.
Identity and Access Management
Enforce multifactor authentication (MFA) for all users, without exception.
Enforce MFA on all VPN connections. If MFA is unavailable, require employees engaging in remote work to use strong passwords.
Regularly review, validate, or remove privileged accounts (annually at a minimum).
Configure access control under the concept of least privilege principle.
Ensure software service accounts only provide necessary permissions (least privilege) to perform intended functions (non-administrative privileges).
Properly configure and secure internet-facing network devices, disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices.
Harden commonly exploited enterprise network services, including Link-Local Multicast Name Resolution (LLMNR) protocol, Remote Desktop Protocol (RDP), Common Internet File System (CIFS), Active Directory, and OpenLDAP.
Manage Windows Key Distribution Center (KDC) accounts (e.g., KRBTGT) to minimize Golden Ticket attacks and Kerberoasting.
Strictly control the use of native scripting applications, such as command-line, PowerShell, WinRM, Windows Management Instrumentation (WMI), and Distributed Component Object Model (DCOM).
Segment networks to limit or block lateral movement by controlling access to applications, devices, and databases. Use private virtual local area networks.
Continuously monitor the attack surface and investigate abnormal activity that may indicate lateral movement of a threat actor or malware.
Use security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools. Consider using an information technology asset management (ITAM) solution to ensure your EDR, SIEM, vulnerability scanner etc., are reporting the same number of assets.
Monitor the environment for potentially unwanted programs.
Reduce third-party applications and unique system/application builds; provide exceptions only if required to support business critical functions.
Implement application allowlisting.
Resources
Disclaimer
The information in this report is being provided “as is” for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
Purpose
This document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
ADC and Gateway version 13.0 all supported builds before 13.0.47.24
NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12
SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b
This article is contributed. See the original author and article here.
You’ve probably been told that Azure Synapse is just for very large data projects. Which is true. It is designed for limitless storage and super powerful compute. But there are ways to start with smaller datasets and grow from there by integrating new data engines to the workspace. In this episode of Data Exposed: MVP Edition with Armando Lacerda and Anna Hoffman, you will learn how to tailor Synapse to your data volume profile and position your cloud data pipeline for growth and expansion when needed.
About Armando Lacerda: Armando Lacerda is a 30+ years computer geek. He’s been working with SQL Server since version 6.5, Azure SQL DB since 2010 and Azure SQL DW / Synapse Dedicated SQL pool since 2017. As an independent contractor he has helped multiple companies to adopt cloud technologies and implement data pipelines at scale. Armando also contributes with multiple local user groups around the Bay Area in San Francisco/CA and around the world. He has presented in multiple conferences on data platform topics as well as Microsoft certification prep. You can also find him riding his motorcycle up and down highway 1.
About MVPs: Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real-world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries/regions and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that’s what sets them apart. Learn more: https://aka.ms/mvpprogram
This article is contributed. See the original author and article here.
There’s no doubt about it: technology has revolutionized how we do business. But the same technologies that allow consumer goods brands to reach customers worldwide have created an environment in which change happens fast and continually, competition is fiercer than ever before, and even incremental adjustments in strategy can significantly impact a company’s profitability and growth. At the same time, the past two years’ events have laid bare how companies of all sizes are vulnerable to global, social, political, and economic disruptions. With so much change it can be difficult to understand what trends are worth the investment, which is why we’ve taken a data-driven approach to cut through the noise. Four key trends are highlighted below and a more in-depth look can be read in the Consumer Goods Trends in 2022 report by Microsoft Dynamics 365 Commerce.
1. Social commerce makes every online touchpoint a potential storefront
Social media has revolutionized how people connect and is now transforming the way consumers discover and engage with brands. One clear example is social commerce, which is an integrated and seamless strategy for allowing customers to discover, browse, share, and purchase without ever leaving a social media platform. Now brands are opening significant new revenue streams by delivering seamless purchasing experiences to consumers on the social media platform of their choice. The results are staggering, with the value of social commerce sales worldwide in 2021 hitting an estimated $732 billion and projected to grow to $2.9 trillion by 2026.1
Unsurprisingly, social commerce, or live commerce according Gartner Hype Cycle for Retail Technologies, 2021, “can increase brand awareness and generate a large amount of traffic in a short time.”2 One country that is leading the live commerce trend is China.
Dynamics 365 Commerce can help organizations consistently deliver great customer experiences on any social channel or front-end application. This is because Dynamics 365 Commerce can utilize both headless and other modern commerce architectures to seamlessly connect enterprise systems, such as payment processing, content management, and omnichannel inventory.
2. Digital shelf analytics improve online merchandising
In 2021, US merchants recorded a record $870.8 billion in online sales, an increase of 14.2 percent compared to the year prior.3 As online sales continue to increase in volume and importance, brands will need to collect, measure, and monitor product and sales data from a growing variety of sources. One way brands can stay on top of this information is by using digital shelf analytics (DSA) to improve online merchandising.
DSA applications give retailers the ability to monitor data and metrics from all their digital sales channels, including retail digital commerce sites and online marketplaces. DSA solutions may often provide product data from social sites and collect competitive pricing data. These applications use API connections and automated website scraping to ingest data on metrics such as ratings and reviews, product availability and placement, search rankings, and product information content quality, alerting users to updated content.
Another technology related to DSA is the Smart Shelf. According to Gartner, “Smart shelf refers to the connected shelf in a physical retail store, which can include computer vision, weight or other sensors, electronic shelf labels (ESL) or LCD displays.” Gartner classifies the technology as “emerging” with a “high” benefit rating,2 which we believe makes it a technology to watch in the near future.
3. Immersive commerce helps retailers combat the rising cost of returns
One technology trend helping companies improve how they interact with consumers is immersive commerce (IC). IC reinvents customer experiences by integrating physical and virtual worlds via augmented reality (AR), virtual reality (VR), and mixed reality. With IC, brands can give customers a new way of visualizing a product in their space, such as seeing the way a Microsoft Surface Laptop looks on a desk in a home office or how different shades of makeup look before ordering online. Experts believe that AR-enabled shopping will soon become a must-have for furniture retailers. Home Depot, Wayfair, Target, Overstock, and Houzz have already adopted the technology.4 Significantly though, IC goes beyond improving and augmenting the customer experience. It also presents opportunities to solve costly inefficiencies, the most obvious and expensive being returns.
The growth in e-commerce and virtual shopping that accompanied the pandemic led to a corresponding increase in returns. In 2020, total return losses, including the value of lost sales, reached $428 billion, with an estimated $101 billion purely from returns.5 The loss from returns is expected to increase in the next several years, eventually reaching $1 trillion annually. According to Gartner, “Size and ‘best fit’ recommendations using AR can drastically reduce return rates and improve conversion.”2 We agree and believe that in the face of growing losses from returns, brands will likely increase their investments in AR because of its ability to help consumers avoid returns altogether. For example, by allowing customers to see how furniture will look in their house or how clothes will look in a virtual fitting room, they are more likely to purchase the product they need and will enjoy.
Add AR, VR, and mixed reality capabilities to your digital storefronts using apps available in Microsoft AppSource, like Web AR with D365 Commerce from Hexaware Technologies.
4. Supply chain resilience is more crucial than ever
The events of 2020 unleashed a series of disruptions to global supply chains, such as border closures, stay-at-home orders, severely depressed demand in industries like travel and in-person services, and demand booms in others, such as healthcare equipment and operating supplies. The cost of these disruptions is significant: in a study conducted by Deloitte, 32 percent of chief financial officers (CFOs) said that shortages and delays were responsible for depressed sales, and 44 percent said that their costs have increased by 5 percent or more this year as a result.6
For retailers and consumer packaged goods (CPG) brands, a primary beneficiary of supply chain resilience is the consumer, who will switch retailers if an item is out of stock and expects to be able to order from any channel with fast and convenient delivery to anywhere. This means that retailers need technology solutions that enable omnichannel retail and fulfillment while also ensuring inventory availability.
Interested in learning more about live commerce or digital shelf analytics? Need to cut through market hype to prioritize your retail technology investments? Download Gartner Hype Cycle for Retail Technologies, 2021.
What’s next?
These are just a few trends that you can find inside our report on Consumer Goods Trends in 2022. In the full report, you’ll find relevant and impactful insights drawn from extensive research curated by industry professionals, subject matter experts, and thought leaders. Download your copy of the Consumer Goods Trends in 2022 report. And, be sure to register for the corresponding webinar on Top Retail Trends which you can attend live on Wednesday, May 4, 2022, 11:00 AM to 12:00 PM Pacific Time or watch afterward on-demand.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER and HYPE CYCLE are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Recent Comments