Detecting compromised Microsoft 365 applications is about to become more easier

Recently new Security tools have been released for administrators by both CISA and CrowdStrike.

New PowerShell – based tool is released by the Cybersecurity and Infrastructure Security Agency (CISA).

This tool is smart enough to detect any compromised account or application in both Azure and Microsoft 365 environments.

This new tool was released right after Microsoft pointed out of how cybercriminals are misusing stolen credentials and getting access to Azure customers. This whole issue is discussed twice in recent blog posts earlier this month i.e. December 2020.

Azure admins can easily gain knowledge about how to spot anomalous behavior in their tenants.

Azure security tools

CISA’s advanced PowerShell-based tool is created by the Cloud Forensics team and is known as the “Sparrow”.

This tool itself can be used to simplify large sets of investigation modules and telemetry specifically in reference to recent attacks on federated identity sources and applications.

Sparrow is also able to check the unified Azure and Microsoft 365 audit log for indicators of compromise (IoCs). Also, to list Azure AD domains and to check Azure service principals and their Microsoft Graph API permissions in order to detect any potential malicious activity.

Other than Azure, CrowdStrike has also released free CrowdStrike Reporting Tool for Azure – CRT. It is released in order to help admins to have better control and to help them analyse the Azure environment in a more protective way.

If you want to operate in an environment that is secure and you want to store unlimited data then Cloud VPS Server is the best option available.

Share it on Social Media:

Follow by Email
Facebook
Twitter
LinkedIn
Share

Could Intel Regain Dominance in 2021?

As we all know 2020 has been a rollercoaster for everyone including businesses, even the giant tech companies have faced several issues during this global pandemic that is Covid-19.

In 2020, Intel got a lot of negative attention, it happened mostly because of the latest the most stunning releases of tech devices by its competitors. Intel’s releases were great in 2020, but the actual problem came from the launch of AMD and Apple’s outshining Team Blue’s hardware.

Although, Intel’s Core i3 had HyperThreading this feature meant that Intel users will enjoy great multi-threaded performance. However, it was not enough when AMD Ryzen 5000 series were launched.

As we know, Intel’s latest mobile chips are brilliantly developed to provide excellent battery life, provided the fact that a lot of mobile applications are used by users at the same time. In November 2020, Intel’s mobile progress was reduced slightly when it’s major competitor and tech giant – Apple announced MacBook Air, Mac mini and 13-inch MacBook Pro which directly impacted the progress of intel’s silicon for processors that were designed in-house at Apple.

Few of the releases in 2020 might stay the same in 2021, for instance Intel Xe. It did allow consumers to use graphics themselves, however it still do not provide enough graphics to run an application or game such as, Cyberpunk 2077.

Considering the rapid change in technology and intel’s competitors are launching new products quickly with stunning new features, Intel users are looking forward to Intel graphics cards, but it feels like we have been waiting for this our entire life. I guess, we’ll have to wait and see if their concepts will translate into an actual product or not in 2021.

Apart from desktop applications that are often used by all consumers and are working quite well on Intel’s devices, their mobile side is also still competitive. Intel will face a hard time to stay competitive especially due to the heavy competition coming from both AMD and ARM.

Share it on Social Media:

Follow by Email
Facebook
Twitter
LinkedIn
Share

Will DaaS Substitute VPNs in 2021?

Recently, Desktop-as-a-Service has become extremely popular in the tech world.

Virtual Private Networks (VPNs) are being used since decades ago and they are still pretty much same that we used to have in Windows XP.

In future there’s a possibility that VPNs will finally go the way of other 1990s-era technology and retrocede into history. Why is that’s so? Well, the reason is that Desktop-as-a-Service (DaaS) is growing popular, which is in turn allowing businesses to shift their dependence on VPNs.

What is a VPN?

A VPN is a software-defined networking layer that separates the resources running on a private network, for instance as a company’s internal corporate network, from the public internet.

Virtual Private Networks offers many benefits;

  1. Ability to access resources on a local network from an offsite location
  2. VPNs offers encryption that ensures that nobody can eavesdrop on emails, voice conversations etc
  3. Provides security as most networks do not offer features to encrypt traffic by default
  4. Gives the ability to anonymize users’ identities
  5. Remote access and data encryption are provided in a business environment which is one of the most important benefits offered by VPNs

Drawbacks of VPNs:

  1. It is difficult to set up a VPN server as well as VPN client software and run it on the local network
  2. Configuring a VPN server that is secure as well as routes traffic efficiently is no simple task
  3. VPNs are not always secure and, in some cases, can be hacked which allows intruders to gain unauthorized access to private network resources

Keeping in mind the shortcomings of VPNs, and alternate method has been introduced by IT Consultants that is DaaS.

DaaS substitute to VPNs

When any business or enterprise migrates to DaaS, it substitutes its physical, on-premises workstations with virtual workstations that are hosted in the cloud. It is transformed into cloud-based desktop environments that can be accessed from anywhere, without using VPN. Only a Web browser is required to log in. Network communications are fully encrypted at the web browser level which is one of the major advantages that is offered by DaaS. That offers security between the cloud desktop and remote devices, which means that all communications are protected.

As we enter 2021, DaaS will be adopted and VPNs will be eliminated as they provide secure Cloud Virtual Servers environment.

Share it on Social Media:

Follow by Email
Facebook
Twitter
LinkedIn
Share

Major security flaws found in Dell Wyse ThinOS

Occurrence of technical issues are very common when any sort of system or device is developed. According to recent findings two critical vulnerabilities have been found in Dell’s Wyse thin clients. These vulnerabilities could easily be exploited by an attacker to run malicious code and gain access to arbitrary files.

As compared to old PCs, now small form factor PCs have grown more powerful. In recent years, a lot of organizations more commonly the ones in healthcare industry have turned to thin clients in order to fulfill their computing needs.

Why do they choose thin clients?

Many organizations choose to turn to thin clients because they take up far less space than a traditional desktop PC. Dell Wyse thin clients are one of the popular choices among enterprises and it’s estimated that over 6,000 organizations have deployed them on their networks, hence network monitoring is an added factor that all enterprises needs.

Dell ships two critical vulnerabilities, tracked as CVE-2020-29492 and CVE-2020-29491, reside in its OS. ThinOS can also be kept remotely and the Austin-based company mentions that users set up an FTP server for its Wyse devices in order to download updates including firmware, packages and configurations.

However, according to cybersecurity firm CyberMDX, which focuses on the healthcare sector, found that accessing almost a dozen Dell Wyse thin clients via FTP was possible with no credentials by using an anonymous user profile. According to their findings only the firmware and packages are signed which clearly means that an attacker can use the INI configuration files to target vulnerable machines.

In recent times, we all are facing malware, cyberattacks and really wants our websites and confidential files to be protected from attackers. IT Consultants are always working for better IT solutions along with providing technical support to their clients.

FTP access is possible without credentials on some Dell Wyze thin clients

Share it on Social Media:

Follow by Email
Facebook
Twitter
LinkedIn
Share

Google’s acquisition undertaking for Fitbit buy failed to gain Australian Regulatory Support

Eight months ago, we had seen this news circulating around that Google gobbled up fitness tracker firm Fitbit worth of $2.1 billion.

Google is planning to acquire Fitbit, but it still needs to assure Australian regulators that their acquisition won’t cause any sort of competition or privacy issues. Unfortunately, their draft was knocked back by the court.

The company, which is looking forward to buy Fitbit for US$2.1 billion (A$2.77 billion), was able to win EU antitrust approval last week. However, their transaction is yet to be cleared by authorities in the US and Australia.

Google had submitted a “long-term behavioural undertaking” at the end of last month i.e. November in order to address concerns raised by the Australian Competition and Consumer Commission (ACCC).

The undertaking included certain important points concerning on how Google will behave “towards rival wearable manufacturers” and further included a commitment not to use health data for advertising.

But the ACCC rejected their draft undertaking on Tuesday as they thought and analysed that it will be difficult to monitor for compliance.

Apart from rejecting the “current proposed undertaking”, the ACCC also extended the date to 25 March 2021 in order to continue its investigation and consider its legal options.

One of the spokespersons of Google Australia said that the company was “disappointed at this delay.” Considering the fact that Gmail hosting is massively used in the corporate  world and it has huge market share and is well know for quality services and good reputation.

According to relevant sources it is evident that “The acquisition may result in Google becoming the default provider of wearable operating systems for non-Apple devices and give it the ability to be a gatekeeper for wearables data, similar to the position it holds for smartphones which licence the Android operating system.”

Along with the Apple devices and android operating systems, all smartphones definitely need mobile applications.

Final decision will be taken at the end of March 2021.

Share it on Social Media:

Follow by Email
Facebook
Twitter
LinkedIn
Share