Free sample questions of 2V0-31.20 exam at killexams.com

All of us have been dedicated to providing up-to-date and valid Professional VMware vRealize Automation 8.1 (VCP-CMA 2020) examination questions and solutions, along with details. Each 2V0-31.20 Questions plus Answers on killexams.com has already been verified by Vmware specialists. We update plus add new 2V0-31.20 queries as soon as we observe that will there is a modification in real check. Which is important to our achievement and popularity.

Exam Code: 2V0-31.20 Practice test 2022 by Killexams.com team
2V0-31.20 Professional VMware vRealize Automation 8.1 (VCP-CMA 2020)

EXAM NUMBER : 2V0-31.20
PRODUCT : VMware vRealize Automation 8.1
EXAM LANGUAGE : English
Associated Certification : VCP-CMA 2021
Duration : 140 minutes
Number of Questions : 70
Passing Score : 300
Format : Single and Multiple Choice, Proctored

The Professional VMware vRealize Automation 8.1 test (2V0-31.20), which leads to the VMware Certified Professional – Cloud Management and Automation 2021 certification, is a 70-item test with a passing score of 300 using a scaled method. Candidates are given an appointment time of 135 minutes, which includes adequate time to complete the test for non- native English speakers.

The minimally qualified candidate (MQC) has 6-12 months hands-on experience installing and configuring vRealize Automation. The candidate is typically an administrator who is capable of performing a standard deployment of and managing vRealize Automation using Lifecycle Manager and troubleshooting a vRealize Automation 8.1 solution. The candidate possesses an understanding of basic cloud concepts including public/private/hybrid clouds, multitenancy, storage, networking and security. The candidate has working knowledge of each of the individual components, including Cloud Assembly Services, Service Broker, Code Stream and vRealize Orchestrator. The candidate has working knowledge of extensibility, identity and access management and basic knowledge of Kubernetes clusters and zones.

VMware test blueprint sections are now standardized to the seven sections below, some of which may NOT be included in the final test blueprint depending on the test objectives. Section 1 – Architecture and Technologies Section 2 – Products and Solutions Section 3 – Planning and Designing Section 4 – Installing, Configuring, and Setup Section 5 – Performance-tuning, Optimization, and Upgrades Section 6 – Troubleshooting and Repairing Section 7 – Administrative and Operational Tasks

If a section is missing from the list below, please note it is because the test has no testable objectives for that section. The objective numbering may be referenced in your score report at the end of your testing event for further preparation should a retake of the test be necessary.

Section 1 – Architectures and Technologies
Objective 1.1 - Describe the Architecture of vRealize Automation
Objective 1.2 - Differentiate between vRealize Automation and vRealize Automation Cloud
Objective 1.3 – Describe the Services Offered by vRealize Automation
Section 2 – VMware Products and Solutions - There are no testable objectives for this section
Section 3- Planning and Designing - There are no testable objectives for this section
Section 4 – Installing, Configuring, and Setup
Objective 4.1 - Describe the Different Types of vRealize Automation deployments
Objective 4.2 - Prepare the Pre-requisites for an Installation (DNS, NTP, Service Accounts etc.)
Objective 4.3 - Perform a Standard Deployment using vRealize Easy Installer
Objective 4.4 - Configure vRealize Automation using Quickstart
Objective 4.5 - Perform Manual Installation using Lifecycle Manager
Objective 4.6 - Configure Identity Sources
Objective 4.7 - Configure Identity and Access Management
Objective 4.8 - Set up Cloud Accounts
Objective 4.9 - Add Cloud Zones
Objective 4.10 - Add Projects
Objective 4.11 - Add Image Mappings
Objective 4.12 - Add Flavor Mappings
Objective 4.13 - Add Network Profiles
Objective 4.14 - Add Storage Profiles
Objective 4.15 - Describe the Different Out of the Box Integrations Available with vRealize Automation
Objective 4.16 - Integrate vRealize Automation with vRealize Operations
Objective 4.17 - Describe the Onboarding Process
Objective 4.18 - Describe Action-Based Extensibility (ABX)
Objective 4.19 – Describe the Different Types of Tags in vRealize Automation
Objective 4.20 - Configure Capability Tags
Objective 4.21 - Configure Multi-Tenancy
Section 5 – Performance-tuning, Optimization, Upgrades - There are no testable objectives for this section
Section 6 – Troubleshooting and Repairing
Objective 6.1 - Collect Log Bundles
Objective 6.2 - Describe vracli Command Options
Objective 6.3 - Describe kubectl Command Options
Objective 6.4 - Troubleshoot vRealize Automation Configuration Errors
Objective 6.5 - Troubleshoot Provisioning Errors
Objective 6.6 - Monitor Deployments
Objective 6.7 - Monitor vRealize Orchestrator Workflow Execution
Section 7 – Administrative and Operational Tasks
Objective 7.1 - Manage the Identity and Access Management Tab
Objective 7.2 - Manage Cloud Accounts
Objective 7.3 - Manage Cloud Zones
Objective 7.4 - Manage Projects
Objective 7.5 - Manage Image Mappings
Objective 7.6 - Manage Flavor Mappings
Objective 7.7 - Manage Capability and Constraint Tags
Objective 7.8 - Manage Storage Profiles
Objective 7.9 - Manage Network Profiles
Objective 7.10 - Create and Manage Blueprints
Objective 7.11 - Create and Manage Blueprint Versions
Objective 7.12 - Manage Extensibility/Subscription
Objective 7.13 - Deploy Catalog Items
Objective 7.14 - Manage Deployments
Objective 7.15 - Describe Kubernetes Clusters
Objective 7.16 - Customize a Deployment using cloudConfig and cloud-init
Objective 7.17 - Create Service Broker Content Sources
Objective 7.18 - Configure Content Sharing
Objective 7.19 - Create and Manage Custom Forms
Objective 7.20 - Manage Policies
Objective 7.21 – Manage Notifications

Professional VMware vRealize Automation 8.1 (VCP-CMA 2020)
Vmware Professional thinking
Killexams : Vmware Professional thinking - BingNews https://killexams.com/pass4sure/exam-detail/2V0-31.20 Search results Killexams : Vmware Professional thinking - BingNews https://killexams.com/pass4sure/exam-detail/2V0-31.20 https://killexams.com/exam_list/Vmware Killexams : When It Comes to Server Lifecycle Management, Start with a Good Strategy

Server and client virtualization, plus a host of other emerging technology trends, are making server refresh strategies more important than ever. As enterprises become more dependent on high-speed servers, there's almost no wiggle room for downtime or performance dips. So how are IT managers adjusting to this new reality? 

Christopher Nowak sums it up in two words: perpetual motion.

Nowak is the chief technology officer for Anthony Marano, a distributor of fresh produce based in Chicago. Although he and his staff try to always be on the move when it comes to maintaining the highest levels of server performance, there's nothing chaotic about their approach to new technologies. 

The Anthony Marano IT team has established a clear three-phase strategy that falls under the heading of server lifecycle management. The approach consists of reserving state-of-the-art servers for the organization's production systems (or prepping the latest and greatest hardware to take over production duties), using the previous generation of hardware for testing and emergency-backup activities and decommissioning older server resources. 

"This means our most critical production loads are on relatively new equipment all the time," Nowak says. "And our secondary applications — the areas that we could restore from a backup and are not going to be a catastrophe if they go down — are on our older equipment. This means we increase capacity as we need to, and we are always planning our next move." 

Nowak contrasts his current server refresh approach with past strategies, where the motion was anything but perpetual. "It used to be, 'OK, we've got new servers. We are good for at least two-and-a-half years. We don't even have to look at them,'" he recalls.   

But those days are long gone. A move to client virtualization and a migration to Microsoft Windows 7 are two latest initiatives that helped make the three-phase strategy the de facto refresh standard for the produce supplier. "We are always ramping up our horsepower and implementing more software packages, which means we are always in a state of server migration at one of those three levels," Nowak says.

Ad Hoc Refresh

When it comes to staying current with the latest server technologies, not all organizations are as diligent as Anthony Marano. This is partially because of the down economy, says Mark Bowker, senior analyst with the Enterprise Strategy Group.

Timing Isn't Everything When Should Enterprises Replace Servers?

"Although many organizations have a formal server refresh strategy in place, some enterprises, especially smaller ones with strained IT budgets, may still try to squeeze as much use out of their existing servers as possible — no matter how long they've been in service," he says. When these organizations do purchase new equipment, it is often on a project-by-project basis meant to address an emerging need, he adds. 

Andrew Jeffries, Lenovo's worldwide ThinkServer product marketing manager, concurs, saying server refreshes remain important, but they're not necessarily automatic for some organizations. 

"Many large enterprises are not ready to make the jump to new servers unless they see new technology that is compelling and has a clear return on investment," Jeffries says. "The good news is that even during the tough economic period that we've been through, leading manufacturers like Intel and others kept up their R&D efforts for next-generation memory technologies, new processor choices and new micro-architectures. The latest generation Xeon platform has a powerful story to tell."

But even given the financial constraints of today's shaky economic times, delaying server upgrades may not be a prudent policy. New, higher-performance server architectures can ensure that enterprises run existing IT workloads using fewer physical servers, which immediately lets a business recoup savings on management, maintenance and utility costs. 

"If I can better manage my server infrastructure with the same IT staff, that is an important benefit," ESG's Bowker says.

Lenovo's Jeffries advises IT managers to also consider power-management innovations that can bring down costs for individual servers and maintain server racks — even entire server farms. 

Incorporating technological innovations into day-to-day operations is another plus. With each refresh "there is an opportunity to see what else is out there on the market," Bowker notes. 

But IT managers need to take two factors into consideration before they make a move to a new server platform: the skill set of their staff and their relationship with their current equipment suppliers. 

"It really comes down to service, support and what ultimately will make the IT professional's job easier," Bowker adds.

Commitment to Blades

The servers that power the Anthony Marano operations are actually clusters of blade servers, which, along with associated storage area networks (SANs), have anchored the infrastructure at the organization since it moved to server virtualization on a large scale. 

Putting Blades on Ice Is Liquid Cooling Making a Comeback for Blade Servers?

In line with Nowak's phased approach, the newest and fastest blade clusters run production applications for about two years before the IT staff transitions them to less critical duties. "The lifespan we figure on for our blades is about three years, but some of that time is devoted to the commissioning and decommissioning processes," he explains.

Nowak says provisioning new blade clusters can take several months because the organization also takes advantage of the time by deploying new software. For example, the organization plans to load the next set of blade servers with VMware vSphere 5, virtualization software released last year. 

Business Benefits

The incentives for Nowak's perpetual refresh strategy aren't surprising. He sees this as the best way to maintain the highest possible levels of performance and reliability and likens the demands placed on IT departments to those placed upon Sisyphus, the mythological king who was condemned to an eternity of labor that had him roll a huge boulder up a hill, only to have it tumble down again, leaving him to start the chore anew. 

"None of our applications are shrinking in terms of their demands on the servers," he says. "Either all of our applications need more resources to run new features, or we are becoming more demanding on the server clusters because of higher usage volumes by our staff."

The move to client virtualization has only increased these server demands. "Having all these virtualized desktops sitting inside virtual server clusters is great. It means that backups and managing the safety of the data is all in the computer room. But this has definitely made the server refresh cycles tighter and changed the dependency that we have on the hardware," Nowak says. "If the server infrastructure isn't spot on with Six Sigma reliability, we don't even have local desktops; we don't have anything running." 

A New Partnership

The more intense pressure for server refreshes is also altering the organization's relationship with hardware suppliers. Nowak relies on them to keep him abreast of new innovations coming to market. 

"Before, I would look at technology that's off the shelf and quick to implement," he says. "With our current refresh model, we are looking out a few months ahead of time to see how we can take advantage of a new product introduction and roll that into our schedule. 

"We are more forward-thinking than we were in the past," he adds. "And that's a good thing. But we have to ask more provocative questions and have a better vendor relationship to ask 'What's on your product roadmap for the next six to nine months?'"

Wed, 13 Jul 2022 15:11:00 -0500 Alan Joch en text/html https://edtechmagazine.com/higher/higher/higher/higher/article/2012/06/when-it-comes-server-lifecycle-management-start-good-strategy-0
Killexams : VMware Releases Cybersecurity Threat Survey Report Detailing Increased Attack Volume and Breach Levels in the United States

PALO ALTO, CA – VMware, Inc. (NYSE: VMW), a leading innovator in enterprise software, today released the results of its first U.S.-focused cybersecurity threat report, entitled: “Extended Enterprise Under Threat,” based on a survey of 250 U.S. CIOs, CTOs and CISOs.

The research found an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, the survey found.


Data for the report was compiled in March and April 2020 by an independent research company, Opinion Matters, on behalf of VMware Carbon Black.

Key survey findings from U.S. respondents:

  • 92% said attack volumes have increased in the last 12 months, the survey found.
  • 97% said their business has suffered a security breach in the last 12 months. The average organization said they experienced 2.70 breaches during that time, the survey found.
  • 84% said attacks have become more sophisticated, the survey found.
  • 95% said they plan to increase cyber defense spending in the coming year.
  • OS vulnerabilities are the leading cause of breaches, according to the survey, followed by web application attacks and ransomware.
  • US companies said they are using an average of 9 different security technologies to manage their security program, the survey found.

Common breach causes in U.S.

The most common cause of breaches in the U.S. was OS vulnerabilities (27%). This was jointly followed by web application attacks with 13.5% and ransomware with 13%. Island-hopping was the cause of 5% of breaches.

Rick McElroy, Cyber Security Strategist at VMware Carbon Black, said: “Island-hopping is having an increasing breach impact with 11% of survey respondents citing it as the main cause. In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”

Complex multi-technology environments

US cybersecurity professionals said they are using an average of more than nine different tools or consoles to manage their cyber defense program, the survey found. This indicates a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats.

Said McElroy: “Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalization, strategic thinking and clarity over security deployment.”

Supplemental COVID-19 survey in U.S.

The latest research was supplemented with a survey on the impact COVID-19 has had on the attack landscape1. According to the supplemental survey of more than 1,000 respondents from the U.S., UK, Singapore and Italy, 88% of U.S. cybersecurity professionals said attack volumes have increased as more employees work from home. 89% said their organizations have experienced cyberattacks linked to COVID-19 malware.

Key findings from the supplemental U.S. COVID-19-focused survey:

  • 89% said they have been targeted by COVID-19-related malware.
  • Inability to institute multifactor authentication (MFA) was reported as the biggest security threat to businesses during COVID-19, the survey found.
  • 83% reported gaps in disaster planning around communications with external parties including customers, prospects, and partners.

Said McElroy: “The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Those organizations that have delayed implementing multi-factor authentication appear to be facing challenges, as 32% of U.S. respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.”

U.S. survey respondents were asked whether COVID-19 had exposed gaps in their disaster recovery plans, and to indicate the severity of those gaps. Their responses showed that:

  • 83% of respondents reported gaps in recovery planning, ranging from slight to severe.
  • 83% said they had uncovered gaps in IT operations.
  • 84% said they encountered problems around enabling a remote workforce.
  • 83% said they’ve experienced challenges communicating with employees
  • 83% said they had experienced difficulty communicating with external parties.
  • 63% said the situation uncovered gaps around visibility into cybersecurity threats.

Said McElroy: “These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation.”

Risks directly related to COVID-19 have also quickly emerged, the survey found. This includes rises in COVID-19 malware which was seen by 89% of U.S. respondents.

Said McElroy: “The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model. By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”

Read the full executive summary here: https://www.carbonblack.com/resources/global-threat-report-extended-enterprise-under-attack-index/

About VMware’s Intrinsic Security Strategy

Security sprawl – too many products, agents, and interfaces deployed across an organization – has created complexity for security management, opening organizations to significant risk. Most security innovation over the past decade has focused on identifying and reacting to individual attacks. Little innovation has focused on hardening infrastructure itself to make it more secure or using the infrastructure to better protect an organization.

The way forward is an intrinsic security approach that combines detecting and responding to threats, in addition to hardening infrastructure. VMware makes security intrinsic from endpoint to cloud, leveraging the infrastructure to provide visibility for apps, users and devices, and combining that with leading threat detection and response capabilities to deliver a unique (and better) approach to security.

About VMware
VMware software powers the world’s complex digital infrastructure. The company’s cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact. For more information, please visit https://www.vmware.com/company.html

VMware and Carbon Black are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.

Main Survey Methodology
Carbon Black commissioned a survey, undertaken by an independent research organization, Opinion Matters, in March 2020. 3,012 CIOs, CTOs and CISOs, including 250 from the U.S., were surveyed for this global research project across multiple countries including: Australia, Canada, France, Germany, Italy, Japan, The Netherlands, The Nordics, Singapore, Spain, the US and the UK. Companies were from a range of industries including: financial, healthcare, government, retail, manufacturing, food and beverage, oil and gas, professional services, and media and entertainment.

COVID-19 Survey Methodology
1 COVID-19 survey methodology: The COVID-19 survey was conducted by Opinion Matters in March and April 2020. 1002 CIOs, CTOs or CISOs from Italy, Singapore, the UK and the US were asked for their views on the security and operational challenges of COVID-19.

Wed, 22 Jul 2020 01:51:00 -0500 by MyHostNews Senior Editor en-US text/html https://myhostnews.com/2020/07/vmware-releases-cybersecurity-threat-survey-report-detailing-increased-attack-volume-and-breach-levels-in-the-united-states/
Killexams : The SolarWinds Hack

SolarWinds Hack

The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with suspected Russian government hackers gaining access to U.S. government agencies, critical infrastructure entities and private sector organizations.

The injecting of malicious code into Orion between March and June 2020 allowed hackers believed to be with the Russian intelligence service, or APT29, to compromise Microsoft and FireEye, as well as U.S. Departments of Defense, State, Treasury, Homeland Security and Commerce, according to reports from Reuters and others.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies Sunday to power down SolarWinds Orion products until all hacker-controlled accounts and identified persistence mechanisms have been removed. CISA said it has evidence of additional initial access vectors beyond SolarWinds Orion, but noted those other intrusion methods are still being investigated.

Michael Dell: Public Cloud Isn’t More Secure Than On-Premise
‘The things that led to a lot of these attacks are human-induced that can occur in a public cloud, can occur in a private cloud – it can occur anywhere,’ says Dell Technologies CEO Michael Dell.

Mimecast Axes SolarWinds Orion For Cisco NetFlow After Hack
Mimecast has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system after hackers compromised a Mimecast certificate used for Microsoft authentication.

Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
‘There are other companies that... have not even alerted their customers or others that they were a victim of a SolarWinds-based attack. These are companies where their own infrastructure was used to launch the attack,’ says Microsoft’s Brad Smith.

AWS: SolarWinds Hackers Used Our Elastic Compute Cloud
‘The actors used EC2 just like they would use any server they could buy or use anywhere (on-premises or in the cloud). And, in fact, the actors did use several different service providers in this manner,’ AWS tells CRN.

SolarWinds To Spend Up To $25M On Security Following Attack
SolarWinds says the money will be put toward security initiatives as well as used to cover higher costs around both insurance and professional fees stemming from the massive cyberattack.

Partners: AWS Must Come Clean On Role In SolarWinds Hack
‘I do wonder whether AWS has made a judgment error in not coming out to publicly defend their position in this high-profile case with such far reaching consequences,’ says Karl Robinson of AWS partner Logicata.

10 Boldest Statements From The SolarWinds Senate Hearing
Senators and tech executives discussed how the SolarWinds hackers used AWS’ infrastructure, took advantage of Microsoft’s authentication process, dwelled in FireEye’s systems and remained undetected for months.

U.S. Senators: AWS Infrastructure Used In SolarWinds Attack
‘The operation we’ll be discussing today uses [Amazon’s] infrastructure, [and], at least in part, required it to be successful. Apparently they were too busy to discuss that here with us today,’ says Sen. Marco Rubio, R-Fla.

U.S. Plans Russian Sanctions For SolarWinds Breach: Report
The Biden administration plans to classify the SolarWinds campaign as ‘indiscriminate’ and ‘disruptive’ to distinguish it from espionage activities the U.S. conducts against adversaries, The Washington Post reported.

Microsoft On-Premises Warning: Customers Must Protect Their Own Identity Infrastructure
‘We were also reminded of the importance of cloud technology over on-premises software. Cloud technologies like Microsoft 365, Azure and the additional premium layers of services available as part of these solutions Strengthen a defender’s ability to protect their own environment,’ writes Vasu Jakkal, Microsoft’s corporate vice president of security, compliance and identity, in a blog post.

SolarWinds Hackers Kept Going After Microsoft Until January
The SolarWinds hackers first viewed a file in a Microsoft source repository in November, and were able to get source code for its Azure, Exchange and Intune cloud-based products.

SolarWinds MSP Building New IT Systems Prior To N-able Launch
‘As we look to design the new N-able systems, we‘re going to have the benefit of all that [threat actor] knowledge and these world class experts to help us design this,’ says SolarWinds MSP President John Pagliuca.

SolarWinds MSP Hunts For New Security Chief Following Split
‘Tim [Brown, VP of Security] has been a fantastic advisor to the 25,000 MSPs that we have. So, we’re bummed. But we understand. So, we’re looking to see if we can clone him,’ says SolarWinds MSP President John Pagliuca.

10 Bold Statements From SolarWinds MSP After The Orion Hack
From comments on switching up CEOs and weeks of silence to building new IT systems and giving MSPs free security products, here’s a look at 10 notable remarks made by SolarWinds MSP President John Pagliuca and VP of Security Tim Brown.

SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised
‘As a country, we choose to have both privacy and security. [As a result], the intelligence community largely has no visibility into private sector networks,’ says Anne Neuberger, a top Biden administration cybersecurity official.

Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
‘The wording of the SolarWinds 8K [regulatory] filing was unfortunately ambiguous, leading to erroneous interpretation and speculation, which is not supported by the results of our investigation,’ Microsoft said Thursday.

Alex Stamos Attributes SolarWinds Hack To Russian Intel Service
New SolarWinds consultant Alex Stamos says the Russian foreign intelligence service is responsible for the massive hacking effort, although SolarWinds itself isn’t attributing the attacks to a specific group or nation.

SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad Based Attack
SolarWinds CEO Sudhakar Ramakrishna has Tested suspicious activity in its Office 365 environment, with a company email account compromised and used to access accounts of targeted SolarWinds staff in business and technical roles.

Mimecast To Lay Off 80 Workers Weeks After Disclosing Hack
Mimecast CEO Peter Bauer says cutting 4 percent of its workforce will help the company provide more resources to enterprises while leveraging automation and efficiency for mid-market and SMB customers.

Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’
‘This breach got everybody to recognize there‘s a way to compromise some of the most secure organizations on the planet in a surreptitious way, and that alarmed people,’ says FireEye CEO Kevin Mandia.

Chinese Hackers Exploit SolarWinds To Steal Federal Payroll Info: Report
Suspected Chinese hackers took advantage of another SolarWinds Orion vulnerability to spread across networks and break into computers at the National Finance Center and other U.S. agencies, Reuters said.

Sophos CEO Kris Hagerman’s 10 Boldest Remarks From Best Of Breed Virtual Winter 2021
From surging sales and profitability and securing the supply chain to combating complexity and doubling down on detection and response, here’s a look at 10 notable statements made by Sophos CEO Kris Hagerman.

SolarWinds Hack ‘One Of The Most Dramatic’ In Last Decade: Sophos CEO
‘You cannot think about your security only in the context of, ‘How well am I secured?’ You’ve got to go beyond that to say, ‘How well am I secured and how well am I securing everything that I connect to?’’ says Sophos CEO Kris Hagerman.

Fidelis Targeted By SolarWinds Hackers After Installing Orion
Fidelis Cybersecurity was a target of interest to the SolarWinds hackers after downloading an evaluation copy of trojanized SolarWinds Orion network monitoring software in May, the company disclosed Tuesday.

Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
Mimecast said Tuesday that its certificate compromise was carried out by the same threat actor behind the SolarWinds attack and provided hackers with access to customers’ on-premises and cloud services.

5 Security Vendors That Have Reported Cyberattacks Since December
Five cybersecurity vendors disclosed in latest weeks that hackers have attacked their internal systems, compromised their certificates or attempted to access their email accounts. Here’s a rundown of what happened when.

SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
‘Attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,’ Malwarebytes CEO Marcin Kleczynski wrote in a blog post.

SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
‘Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,’ says BitSight’s Samit Shah.

5 Things To Know About The Mimecast Hack And Stock Drop
From the type of certificate likely compromised to the impact of this hack on Mimecast’s email security rivals to whether the attack is tied to the SolarWinds breach, here are five big things to know about the Mimecast hack.

Hackers Compromise Mimecast Certificate For Microsoft Authentication
The certificate used to authenticate Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365 has been compromised by a sophisticated threat actor.

Hackers Taunt FireEye’s Kevin Mandia At Home With Postcard: Report
The FBI is investigating a mysterious postcard sent to CEO Kevin Mandia’s home days after FireEye found initial evidence of a hacking operation on federal agencies and private businesses, Reuters reports.

SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History
Hackers first accessed SolarWinds in September 2019 and went out of their way to avoid being detected by the company’s software development and build teams, SolarWinds CEO Sudhakar Ramakrishna says.

SolarWinds’ New CEO Will Make These 5 Changes Post-Hack
From resetting privileged credentials and re-signing all digital certificates to manually checking source code and rolling out threat hunting software, here are five critical security improvements new SolarWinds CEO Sudhakar Ramakrishna plans to make.

SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires
‘Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review,’ SolarWinds tells CRN.

SolarWinds Hackers Compromise Confidential Court Filings
The Russian hackers behind the SolarWinds attack have apparently compromised the federal courts’ electronic case filing system, putting ‘highly sensitive non-public documents’ at great risk.

SolarWinds To Pay Ex-CEO $312K To Assist With Investigations
SolarWinds has agreed to pay former CEO Kevin Thompson $62,500 for each of the next five months as the embattled company faces a likely wave of lawsuits and government probes into its conduct around the hack.

SolarWinds Hackers Got Into U.S. Justice Department’s Emails
‘At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3 percent, and we have no indication that any classified systems were impacted,’ the Justice Department announces.

Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort
Nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious SolarWinds Orion update, the Cyber Unified Coordination Group says.

SolarWinds Hit With Class-Action Lawsuit Alleging Securities Violations
The first class-action lawsuit brought against SolarWinds following its colossal breach accuses the company of making materially false and misleading statements about its security posture throughout 2020.

SolarWinds Hackers Gain Access To Microsoft’s Source Code
One Microsoft account compromised by suspected Russian hackers had been used to view source code in a number of source code repositories, but none of the code itself was altered, Microsoft disclosed Thursday.

Here Are 24 Reported Victims Of The SolarWinds Hack (So Far)
From tech giants, internet service providers and IT solution providers to federal agencies and county governments, here’s a deeper look at 24 of the publicly identified victims of the colossal SolarWinds hack.

CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers
The suspected Russian hackers behind the massive SolarWinds attack attempted to hack CrowdStrike through a Microsoft reseller’s Azure account but were ultimately unsuccessful, CrowdStrike says.

Five Solution Providers Breached By SolarWinds Hackers: Researchers
The SolarWinds hackers called for proceeding with the second stage of their attack on Stratus Networks, Digital Sense, ITPS and Netdecisions, and had an unknown response to compromising Deloitte, Truesec says. Digital Sense said it wasn’t impacted by the campaign since the company doesn’t use SolarWinds.

Top Treasury Email Accounts Exposed In SolarWinds Hack: Report
The hackers performed a complex step inside Microsoft Office 365 to create an encrypted “token” that tricked the Treasury’s system into thinking the hackers were legitimate users, The New York Times said.

Microsoft: A 2nd Group May Have Also Breached SolarWinds
A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.

Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack
FireEye CEO Kevin Mandia acknowledges the SolarWinds hack ‘is an attack very consistent with’ what the Russian foreign intelligence service is known for, but didn’t want to officially blame the campaign on them.

Intel, Nvidia Swept Up In SolarWinds Attack: WSJ
The chipmakers say they are investigating the impact of downloading a software update containing malicious code for SolarWinds Orion — the trigger that has left many SolarWinds customers vulnerable — though there is no evidence of any negative impact.

Unclassified Treasury Systems Hit By SolarWinds Hack: Mnuchin
‘At this point, we do not see any break-in into our classified systems. Our unclassified systems did have some access,’ Secretary of the Treasury Steve Mnuchin tells CNBC Monday morning.

Trump Downplays SolarWinds Hack, Pompeo Blames Russia
‘Russia, Russia, Russia is the priority chant when anything happens because Lamestream [Media] is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),’ Trump tweeted.

Cisco Hacked Through SolarWinds As Tech Casualties Mount
Roughly two dozen computers in a Cisco lab were compromised through malicious SolarWinds Orion updates, Bloomberg reported. Cisco says there isn’t currently any known impact to its offers or products.

Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
‘Now is a time to remain vigilant and take an active role in hardening systems against these, now known, tactics,’ Datto CISO Ryan Weeks writes in a blog post announcing the scanner.

VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of this happening.

SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
‘I am not going to deliver them a free pass,’ says Palo Alto Networks CEO Nikesh Arora. ‘They should have been more vigilant and diligent, but I think this is a very sophisticated, very complex attack. The fact they (the Russians) got in there not only did they do sophisticated things, they also got lucky that this is a piece of software which then went unnoticed for six to nine months, and now it’s embedded in the infrastructure of thousands of customers.’

SolarWinds Hack Compromised 40-plus Microsoft Customers
A decisive plurality – 44 percent – of the Microsoft customers compromised through SolarWinds are actually in the IT sector, and include software and security firms as well as IT services and equipment providers.

Microsoft Breached Via SolarWinds As Scope Of Destruction Widens: Report
Suspected Russian hackers capitalized on Microsoft’s wide use of SolarWinds to infiltrate the software giant, and then used Microsoft’s own products to further their attacks on other victims, Reuters said. Microsoft pushed back on the report.

SolarWinds Deploys CrowdStrike To Secure Systems After Hack
SolarWinds says its breached Orion network monitoring platform now meets the security requirements of U.S. federal and state agencies following the release of a final hotfix Tuesday night.

Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
The U.S. government says it has evidence of additional initial access vectors beyond the SolarWinds Orion supply chain compromise, but noted that those other attack methods are still being investigated.

SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues
‘I think they’re afraid. They’ve got liability, and they don’t know what to say, so everybody’s told to keep their mouth shut. Instead of being focused on the issue at hand, they’re worried about lawsuits,” SolarWinds MSP partner Rich Delany tells CRN.

SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
‘There are a lot of white knuckles around this attack ... Even though much of it is unknown, right now people are fearing the worst,’ Daniel Ives of Wedbush Securities tells CRN.

Malware Used In SolarWinds Attack Can Now Be Blocked: FireEye
‘Under certain conditions, the malware would terminate itself and prevent further execution... This killswitch will affect new and previous... infections by disabling... deployments that are still beaconing to avsvmcloud[.]com,’ FireEye tells CRN.

Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
Microsoft has become ensnared in probes surrounding the colossal U.S. government hack, with media reports and company messages focusing on Office 365, Azure Active Directory and a key domain name.

$286M Of SolarWinds Stock Sold Before CEO, Hack Disclosures
Silver Lake and Thoma Bravo said they weren’t aware of the cyberattack at the time of the sale, but didn’t respond to questions about whether they knew Sudhakar Ramakrishna had been selected as SolarWinds’ next CEO.

10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
From how nation-state hackers evaded detection to why federal agencies were ordered to immediately power down Orion to its impact on the SolarWinds MSP business, here are the most important things to know about the SolarWinds breach.

Homeland Security Latest Breach Victim Of Russian Hackers: Report
A spokesman said the Department of Homeland Security is aware of reports of a breach and is currently investigating the manner. The U.S. Treasury and Commerce Departments were also reportedly hacked.

US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach
An emergency directive issued by the U.S. government calls on all federal civilian agencies to disconnect or power down SolarWinds Orion IT management tools because they are being used to facilitate an active exploit.

Infected SolarWinds Updates Used To Compromise Multiple Organizations: FireEye
Nation-state hackers gained access to government, consulting, technology and telecom firms around the world through trojanized updates to SolarWinds’ Orion network monitoring tool, according to FireEye .

8 Big Things To Know About The State-Sponsored FireEye Hack
From who’s suspected to be behind the FireEye hack and how they remained hidden, to what FireEye and intelligence officials are doing to minimize the fallout from the attack, here’s a look at what partners need to know.

FireEye Hacked By Nation-State Group Seeking Government Info
‘This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye,’ says CEO Kevin Mandia.

Fri, 18 Dec 2020 04:17:00 -0600 en text/html https://www.crn.com/the-solarwinds-hack
Killexams : Group Advocates Innovation for Organisational Growth

Emma Okonji

The Agile Practitioners Association has stressed the need for disruptive thinking, innovation to enhance organisational growth.
Speaking at a forum organised by the Agile Practitioners of Nigeria (APAON), with the theme: “Accelerating Your Delivery,” held recently in Lagos, the Director, Cognetiks Consulting, Obi Ikegulu, said DevOps has a culture of practice in systems development and Agile helps to increase velocity, reduces downtime and human errors during program processes.

Ikegulu, noted that the inability of companies to fully adopt Agile practice, DevOps and Cloud computing, would make it difficult for competition in the market.
According to him, “Consider DevOps as the tool for continuous production, integration, delivery.
“Cloud is a tool that makes a whole lot of processes easier.

The Google Cloud, the Azure Cloud for instance are meant to make life easier for companies and even save costs. So, cloud makes automation easier.”
Ikegulu added: “That’s why we have come to remove those fears and assist companies to adapt cloud, even though both the government and private sector driven organisations in Nigeria are skeptical about cloud.

“Today, data centres are coming up in Lagos. You also have virtual cloud solutions by VMWare, and others who can build a custom-made cloud system, for you, in order to eliminate all fears about cloud computing.

“Applications like Facebook, Gmail, Instagram, WhatsApp, among others are also positioned in the cloud and these applications offer seamless services that deliver customers the right confidence about cloud computing.”

Cloud Solution Architect at Microsoft Nigeria, Ifeanyi Aneke, stated that with DevOps, organisations could be assured of end-to-end advantages, as it offers them the software development and information technology operations opportunity to shorten the systems development life cycle and Strengthen continuous delivery with higher software quality.

“Just like every other organisations within and outside Nigeria, they are beginning to adopt DevOps because of the big advantages is offers.

“Emphasis here is that every organisation, no matter the size, will benefit from that tool. It has end-to-end advantage to the company using it; starting from when they conceptualise the project to the point of planning, developing and managing it, upto building, testing and deploying it to the environment where it will run like Azure.

“The difference is in the problem it solves. We use it in Microsoft and we have seen tremendous changes internally. We built it for ourselves but now want others to join us in enjoying the advantages. Our solutions are better and we release more often now than previously and much more responsive to customer-feedback. This is being reflected in our processes, ” Aneke said.

The Founder/Chief Executive Officer, The Agile Advisor in charge of Canada and Nigeria, Mrs. Abiodun Osoba, said the conference was convened to enable practitioners learn from and connect with people who are passionate about uncovering better ways of working and executing projects.

Sat, 16 Jul 2022 12:00:00 -0500 en-US text/html https://www.thisdaylive.com/index.php/2020/03/09/group-advocates-innovation-for-organisational-growth/
Killexams : HCL Technologies Teams with VMware to Launch a New Dedicated VMware Business Unit

Companies expand efforts to help enterprises accelerate cloud and app transformation

NOIDA, India & PALO ALTO, Calif., July 27, 2022--(BUSINESS WIRE)--HCL Technologies (HCL), a leading global technology company, and VMware, Inc (NYSE: VMW) announced the launch of HCL’s dedicated VMware business unit to help enterprises unlock the untapped value of multi-cloud and app modernization. The new unit combines the power of HCL’s CloudSMART Framework with VMware’s Cross-Cloud services to help enterprises accelerate cloud transformation, scale cloud-native platform operations and empower hybrid workforces.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20220727005618/en/

HCL’s new VMware business unit is part of its Strategic Alliance Partner Ecosystem, which leverages the CloudSMART Framework to provide multi-cloud and app modernization solutions. HCL will help enterprises pursue the path of digital dominance by aligning transformation with overall business objectives while remaining agile through cloud freedom and enterprise control enabled by VMware product and service offerings.

"We are in a macroeconomic environment where ecosystems must collaborate to provide innovative and effective solutions that the industry requires," said Anand Swamy, Senior Vice President, Head of Tech OEM Ecosystems, HCL Technologies. "Our new VMware business unit leverages the HCL and VMware synergies to incubate, construct and architect innovative, customized cloud implementation strategies with our CloudSMART approach as the baseline."

"Today, we are witnessing the unstoppable forces of digital transformation in almost every industry, and VMware is providing the trusted foundation to accelerate customers’ innovation," said Zia Yusuf, Senior Vice President, Strategic Ecosystem and Industry Solutions, VMware. "With HCL, we are helping our mutual customers by providing the smartest path to app, cloud and edge modernization and a more secure, frictionless experience for the distributed workforce. VMware preserves customer choice and protects against lock-in through multi-cloud services that offer businesses the freedom and flexibility they need to build the future."

Over the past 14 years, HCL and VMware have driven successful client outcomes with services and solutions built for the modern enterprise. HCL has more than 8,000 professionals trained on VMware technologies, manages three VMware centers of excellence and has created four cloud-native labs. These dedicated environments and resources help customers accelerate the deployment of VMware solutions and allow enterprises to experience next-generation VMware technologies. Recently, HCL won the VMware 2022 Partner Value Award for delivering business growth through VMware solutions and providing customers with high-value results and support. VMware and HCL Technologies also recently announced efforts to deliver Telco transformation powered by vRAN, ORAN & 5G.

About VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda. For more information, please visit www.vmware.com/company.

VMware and VMware Cross-Cloud are registered trademarks or trademarks of VMware, Inc. in the United States, and other jurisdictions. This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.

About HCL Technologies

HCL Technologies has a broad focus across the key themes of digital, engineering, and cloud. The organization offers its services and products through three business units: IT and Business Services (ITBS), Engineering and R&D Services (ERS), and Products & Platforms (P&P). ITBS enables global enterprises to transform their businesses through offerings in the areas of applications, infrastructure, digital process operations, and next generational digital transformation solutions. ERS offers engineering services and solutions in all aspects of product development and platform engineering. P&P provides modernized software products to global clients for their technology and industry-specific requirements. Through its cutting-edge co-innovation labs, global delivery capabilities, and broad global network, HCL delivers holistic services in various industry verticals, categorized as Financial Services, Manufacturing, Technology & Services, Telecom & Media, Retail & CPG, Life Sciences & Healthcare, and Public Services.

As a leading global technology company, HCL takes pride in its diversity, social responsibility, sustainability, and education initiatives. For the 12 months ended June 30, 2022, HCL had consolidated revenue of US$ 11.79 billion. Its nearly 211,000 ideapreneurs operate out of 52 countries.

For more information, visit www.hcltech.com

View source version on businesswire.com: https://www.businesswire.com/news/home/20220727005618/en/

Contacts

For further details, please contact:

HCL Technologies

Meenakshi Benjwal, US
meenakshi.benjwal@hcl.com

Elka Ghudial, Europe
Elka.ghudial@hcl.com

Devneeta Pahuja, India and APAC
Devneeta.p@hcl.com

VMware, Inc.

Roger T. Fortier
VMware Global Communications
+1 408-348-1569
rfortier@vmware.com

Wed, 27 Jul 2022 02:32:00 -0500 en-US text/html https://finance.yahoo.com/news/hcl-technologies-teams-vmware-launch-143300314.html
Killexams : Virtual possibilities!

Growing up in Karachi, I remember coming across various hoardings plastered across walls, poles and buildings. One particular advertisement which always caught my attention was that of a virtual school. Yes, that’s what it was and being a kid, I used to think what kind of an educational institute would it be? Will students be learning sitting at their homes or will they be attending a lecture from a teacher on the other side of the world. I couldn’t figure out how that particular institution worked but it was my first encounter to the word ‘virtual’ and I derived its meaning to be something which is ‘remote’ or, in simple words, ‘not there’.

Fast forward to 2018, ‘Virtualization’ is the next best thing which can possibly happen to the human race. Thinking about the literal meaning of virtual education, the teacher is present in, let’s say Canada, and his lecture is being delivered to various parts of the world through a webinar. The single real physical source is the genuine classroom where that teacher is physically present and the lecture being viewed by students in different parts of the world are all virtual sources. There is only one physical source, but the impact is huge as hundreds of students are reaping the benefits of it at their own convenience.

In technical terms, Virtualisation allows creation of multiple simulated (replicated) environments based on a single physical source. Companies such as Oracle and VMware are the leading ones in terms of server-grade virtualization.

Explaining virtualisation

With all the technical gibberish, the concept cannot be understood in one go. Therefore, think of the film The Matrix Reloaded which would perhaps be a top favorite of millions of people. In one scene, the protagonist Neo is surrounded by hundreds of clones of the bad guy Mr Anderson.

There was one real Mr Anderson divided into multiple ones who were all doing different things and not particularly limited to a single task. This is how virtualisation works when a physical source is used to create multiple artificial sources to do different tasks.

For those of you who are not a fan of The Matrix, we can simply think of virtualisation as growing a plant. The initial growth of a tree starts by planting a plant shoot or seeds. Watered and nurtured correctly, you will soon see that seed growing into a sprout with multiple leaves from a single shoot. The main source is the seed which is now extended to a plant with multiple branches and leaves. Again, it works like a ripple effect where an initial state expands, leaving a larger impact.

Virtualisation, our savior!

Now that we have understood the concept of virtualisation, we need to move on to how it actually benefits us. Such a development brings with it endless benefits as the physical server footprint can be consolidated and reduced, leading to savings in money, power resource, cooling, and space.

Now, instead of installing 1000 physical servers for 1000 applications, only 25 physical servers would need to be installed. Moreover, instead of having hundreds of physical servers, the data can be stored in virtual storage which serves as a great backup in case the physical servers are compromised.

Through a virtual operating system, users can test new configurations, software and run upgrades before the go-live on their main operating system. It makes a lot of room for error detection and testing for the ease of users. Since hardware is always underutilised, whether it is the server, storage or network, better utilisation can be made by decoupling the intelligence of traditional storage and network and putting all the functions in a hypervisor.

Virtualisation is changing the way we do business!

Organisations and businesses in this dynamic world face extreme challenges as they work towards improving operational efficiencies and generate more revenue.

In order to stay competitive, businesses are now coping with disruption of technology through transformative strategies which requires them to continuously evolve with time.

Companies in Pakistan conduct seminars for capacity building and in order to educate people about virtualisation. The fact remains that it has become critical to now explore opportunities to support new ideas and agile services at lower costs.

For instance, VMware is an industry-leading virtualisation technology that provides cloud computing and platform virtualisation software and services. It has produced all this by virtualising all three major components: servers, storage, and network. This eliminates the need to use expensive storage devices, having a definite life, which have to be replaced to get the latest features.

The target audience for this technology is major players in the market such as telecom companies as well as companies in the aviation, textile, and financial sector. Even though in Pakistan we are still taking baby steps towards technology, VMware licenses are now easily available and implemented here as well. A number of companies in Pakistan, such as Jaffer Business Systems Ltd., have been providing professional services for acquiring licenses in the field of virtualisation for many years and have success stories across the country. License providers are now coming up with the highest number of certified resources to help their customers plan, design and implement VMware based virtualisation, automation and network security solutions.

The writer is a communications practitioner

Sun, 23 Sep 2018 11:55:00 -0500 en text/html https://www.thenews.com.pk/magazine/money-matters/372140-virtual-possibilities
Killexams : U.K. Firms Transform Networks for Competitive Edge

LONDON--(BUSINESS WIRE)--Jul 27, 2022--

Enterprises in the U.K. are treating networks less as a commodity and more as a strategic asset since the COVID-19 pandemic disrupted work modes and many industries, according to a new research report published today by Information Services Group ( ISG ) (Nasdaq: III ), a leading global technology research and advisory firm.

The 2022 ISG Provider Lens™ Network — Software Defined Solutions and Services report for the U.K. finds many companies are adopting software-defined networking (SDN) as part of broader modernization programs aimed at becoming more agile and competitive under new business conditions. SDN, as a technology or a managed service, allows organizations to address the unique needs of each user, including the access, applications and priority they require.

“It’s increasingly common for British companies to transform their networks as part of a move to software-defined everything,” said Jon Harrod, director, Network Advisory, for ISG in the U.K. “More flexibility and personalization are needed to serve remote workers and customers better.”

Business transformations at most U.K. enterprises are taking place in two phases, the report says. First, organizations assess and standardize their people, processes and tools, a step that typically includes migrating from traditional networks controlled by command-line interfaces to software-defined services. Then they transform the operations that surround the technology.

While several U.K.-based telecommunications carriers had already built products to implement software-defined-everything (SDx) and render it as a service, some customers complained that the carriers’ product partners created limitations on scaling services up and down, ISG says. Gradually, carriers’ incumbent relationships with enterprises became open for renewal. Now more system integrators are building customized solutions and rendering them as services to the carriers.

The number of enterprises that buy solutions directly to manage and operate on their own is still growing in the U.K., but the trend is now moving toward fully managed or co-managed solutions, the report says. Some DIY organizations are moving back to suppliers for a co-managed approach.

Over the last 12 to 18 months, the market has also been shifting from private to public networking, ISG says. This change was triggered by the adoption of distributed networking during the pandemic, which has also led to integration of LAN and WAN domains.

The report examines a wide range of trends and issues around software-defined networking in the U.K., which also include the rise of now-standardized secure access service edge (SASE) and the growth of intelligent edge networking.

The 2022 ISG Provider Lens™ Network — Software-Defined Solutions and Services report for the U.K. evaluates the capabilities of 53 providers across five quadrants: Managed SD-WAN Services, SDN Transformation Services (Consulting and Implementation), Enterprise Networks Technology and Service Suppliers, Edge Technologies and Services, and Secure Access Service Edge (SASE).

The report names BT, Deutsche Telekom, HCL, Orange Business Services, Tech Mahindra, Vodafone and Wipro as Leaders in all five quadrants. It names Colt, Tata Communications and VMO2B as Leaders in three quadrants each and Aryaka, Cisco and NTT as Leaders in two quadrants each. Lumen, Microland, Nokia, TCS, Verizon, Versa and VMware are named as Leaders in one quadrant each.

In addition, Microland is named as a Rising Star — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in three quadrants. Computacenter and Tata Communications are named as Rising Stars in one quadrant each.

Customized versions of the report are available from Microland, Tata Communications and Virgin Media O 2.

The 2022 ISG Provider Lens™ Network — Software-Defined Solutions and Services report for the U.K. is available to subscribers or for one-time purchase on this webpage.

About ISG Provider Lens™ Research

The ISG Provider Lens™ Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG’s global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG’s enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage.

A companion research series, the ISG Provider Lens Archetype reports, offer a first-of-its-kind evaluation of providers from the perspective of specific buyer types.

About ISG

ISG (Information Services Group) (Nasdaq: III ) is a leading global technology research and advisory firm. A trusted business partner to more than 800 clients, including more than 75 of the world’s top 100 enterprises, ISG is committed to helping corporations, public sector organizations, and service and technology providers achieve operational excellence and faster growth. The firm specializes in digital transformation services, including automation, cloud and data analytics; sourcing advisory; managed governance and risk services; network carrier services; strategy and operations design; change management; market intelligence and technology research and analysis. Founded in 2006, and based in Stamford, Conn., ISG employs more than 1,300 digital-ready professionals operating in more than 20 countries—a global team known for its innovative thinking, market influence, deep industry and technology expertise, and world-class research and analytical capabilities based on the industry’s most comprehensive marketplace data. For more information, visit www.isg-one.com.

View source version on businesswire.com:https://www.businesswire.com/news/home/20220727005222/en/

CONTACT: Press:Will Thoretz, ISG

+1 203 517 3119

will.thoretz@isg-one.comKate Hartley, Carrot Communications for ISG

+44 (0)20 3457 6403

kate.hartley@carrotcomms.co.uk

KEYWORD: UNITED KINGDOM EUROPE

INDUSTRY KEYWORD: CARRIERS AND SERVICES TECHNOLOGY PROFESSIONAL SERVICES BUSINESS ONLINE PRIVACY SECURITY OTHER TECHNOLOGY TELECOMMUNICATIONS SOFTWARE OTHER PROFESSIONAL SERVICES NETWORKS

SOURCE: Information Services Group, Inc.

Copyright Business Wire 2022.

PUB: 07/27/2022 05:00 AM/DISC: 07/27/2022 05:02 AM

http://www.businesswire.com/news/home/20220727005222/en

Tue, 26 Jul 2022 21:02:00 -0500 en text/html https://apnews.com/press-release/business-wire/technology-software-1f0a6853809e47f0b9053b9ed213d518
Killexams : This ransomware just switched programming languages from Go to Rust. Here's why
Image: perinjo/GETTY

Microsoft security researchers have discovered new variants of the one-year-old Hive ransomware that was written in the Go programming language but has been re-written in Rust. 

Hive emerged in June 2021 and was spotlighted by the FBI in an alert two months later. In November, European electronics retail giant MediaMarkt also got stung by Hive. It's another ransomware-as-a-service (RaaS) double-extortion gang that has recently been targeting vulnerable Microsoft Exchange Servers, vulnerable RDP servers, compromised VPN credentials, and phishing to deploy their ransomware and steal leak-worthy information. 

Hive's Rust migration has been underway for a few months as it adopted lessons from BlackCat ransomware, which is also written in Rust. Via BleepingComputer, Group-IB researchers in March found that Hive had converted its Linux encryptor (for targeting VMware ESXi servers) to Rust to make it harder for security researchers to spy on its ransom talks with victims. 

SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today

Microsoft's analysis indicates that Hive's Rust rewrite is much more comprehensive, but backs up the importance of the change to its encryption methods noted in March. 

"The upgrades in the latest variant [of Hive] are effectively an overhaul: the most notable changes include a full code migration to another programming language and the use of a more complex encryption method," Microsoft Threat Intelligence Center (MSTIC) said in a blogpost.  

"The impact of these updates is far-reaching, considering that Hive is a RaaS payload that Microsoft has observed in attacks against organizations in the healthcare and software industries by large ransomware affiliates like DEV-0237."

Microsoft lists the main benefits of Rust over other languages that make it one of the most desired languages among programmers, such as better memory safety and good crypto library support. 

The benefits to Hive of moving to Rust, according to Microsoft are: 

  • It offers memory, data type, and thread safety
  • It has deep control over low-level resources
  • It has a user-friendly syntax
  • It has several mechanisms for concurrency and parallelism, thus enabling fast and safe file encryption
  • It has a good variety of cryptographic libraries
  • It's relatively more difficult to reverse-engineer

Microsoft found that the new ransom note differs from the one used in older variants. The new note instructs victims: "Do not delete or reinstall VMs. There will be nothing to decrypt" and "Do not modify, rename or delete *.key files. Your data will be undecryptable." The *.key files are the files that Hive has encrypted.

It reckons the most interesting change to Hive was the new cryptography mechanism, which happened in late February, a few days after researchers from Kookmin University in South Korea published the paper "A Method for Decrypting Data Infected with Hive Ransomware". The researchers recovered 95% of the master key without Hive's RSA private key and then decrypted the data. 

Hive also adopted a unique approach to file encryption.

"Instead of embedding an encrypted key in each file that it encrypts, it generates two sets of keys in memory, uses them to encrypt files, and then encrypts and writes the sets to the root of the drive it encrypts, both with .key extension," Microsoft notes. 

Tue, 05 Jul 2022 12:00:00 -0500 en text/html https://www.zdnet.com/article/this-ransomware-just-switched-programming-languages-from-go-to-rust-heres-why/
Killexams : Fast50 firm Enable Professional Services to be acquired by Fujitsu Australia
Fast50 firm Enable Professional Services to be acquired by Fujitsu Australia

Bruce Hara (Enable Professional Services)

Fujitsu Australia has announced it would acquire CRN Fast50 company and ServiceNow partner Enable Professional Services for an undisclosed sum.

The systems integrator said the acquisition would help it gain expertise and experience to deliver ServiceNow advisory, consulting and delivery services for customers across Asia-Pacific.

Fujitsu added Enable would also accelerate its experience, depth and customer base in multiple industries including manufacturing, financial services and telecommunications, while also helping Enable grow its current capabilities into both the local and global markets.

"Enable has always looked for chances to make life better for our customers and for our team. Joining Fujitsu ticks both these boxes, offering us new markets and geographies, and significant scale,” Enable chief executive Bruce Hara said.

“With these opportunities, we know we can drive even greater market impact. So the future is exciting, and we’re ready to showcase to the world what we can do as a Fujitsu company.”

Following the acquisition, Enable will continue operating as a standalone Fujitsu company “for the foreseeable future” with Hara at the helm, and will also be rebranded to “Enable, a Fujitsu company”.

The stronger ServiceNow offering also bolsters Fujitsu’s Business Applications offerings, one of its seven Key Focus Areas (KFAs) under Fujitsu’s new global Uvance business brand.

Fujitsu EVP and vice head of Global Solution Business Group Yoshinami Takahashi said, “We are very excited by the prospect of welcoming Enable Professional Services to the Fujitsu Group. Enable Professional Services' capabilities in co-creating value in tandem with Fujitsu's service integration expertise and advanced technologies will play an important role in accelerating our strategy for Business Applications.”

“Fujitsu’s vision for Uvance centres on building new possibilities by connecting people, technology and ideas, creating a more sustainable world where anyone can advance their dreams. I am confident that this move will set us on a path to make this vision a reality.”

Fujitsu APAC EVP and CEO Graeme Beardsell said, “I am delighted that Fujitsu is investing in the growth of Australian technology companies and helping them to expand on a global scale. I look forward to welcoming Enable Professional Services into the Fujitsu family. Enable Professional Services is an impressive force in the market, demonstrating the value and depth of thinking and experience it has to offer for customers on the ServiceNow platform.”

“Together, Fujitsu and Enable Professional Services will accelerate our customers’ digital transformations, delivered through our combined deep-industry experience and specialist teams.”

The Enable acquisition followed Fujitsu’s earlier acquisitions of data and AI consultancy Versor and Microsoft specialist Oobe, all of which are part of Fujitsu’s plan of using M&A as a tool to support its growth ambitions.

Fujitsu strategic growth and investments lead Nicholas Fraser said, “M&A helps realise Fujitsu’s ambition of becoming a global leading DX services player. We look for opportunities that will help Fujitsu gain differentiation in digital technologies including AI, cybersecurity, or analytics, and build world-class capabilities to engage clients in business transformative discussions.”

“Our investments also accelerate the realisation of our Uvance vision. Our planned acquisition of Enable Professional Services represents an important milestone on this journey.”

Thu, 07 Jul 2022 05:22:00 -0500 text/html https://www.crn.com.au/news/fast50-firm-enable-professional-services-to-be-acquired-by-fujitsu-australia-582360
Killexams : Pyongyang's [un]H0lyGh0st. Devlopments in the criminal underworld. $10m for troll-farmer info. Hacktivism in a hybrid war.

Dateline Moscow and Kyiv: A shift in momentum during an operational pause.

Ukraine at D+155: A shift in momentum? (The CyberWire) Russia's difficulties filling its depleted ranks (down nearly 50%, the US Intelligence Community is said to have told Congress) and its inability to advance (during what looks more like exhaustion and neutralization than it does operational pause) appear to have given Ukraine an opportunity to take back the initiative in the North, East, and, especially, the South. A look at hacktivism in the Ukrainian interest.

Russia-Ukraine war: List of key events, day 156 (Al Jazeera) As the Russia-Ukraine war enters its 156th day, we take a look at the main developments.

Russia-Ukraine war latest: what we know on day 156 of the invasion (the Guardian) Ukraine steps up campaign to retake Russian-controlled regions in south; Kyiv accuses Russia of a war crime over the deaths of more than 40 prisoners of war

Ukraine steps up counteroffensive against Russian forces (Al Jazeera) Ukrainian officials say campaign to retake parts of Kherson, Zaporizhia oblasts has begun, urging civilians to leave.

Russia-Ukraine war: Zelenskiy says grain exports ready to start; Kyiv and Moscow both launch investigations into PoW deaths – live (the Guardian) Ukraine’s president says Black Sea ports ready to export grain; Kyiv calls on world leaders to condemn Russia over attack that led to death of 40 PoWs

Ukraine could be turning the tide of war again as Russian advances stall (Washington Post) Russian advances in Ukraine have slowed almost to a standstill as newly delivered Western weapons help Ukrainian forces reclaim much of the advantage they had lost in latest months, opening a window of opportunity to turn the tide of the war in their favor again.

Ukraine war: Russian Kalibr cruise missiles strike military base near Kyiv (The Telegraph) Russian forces have struck a military base north of the capital Kyiv, Ukraine has said in a rare admission of a successful attack by Moscow on its military infrastructure.

Northern Ukraine Comes Under Burst of Russian Attacks Far From Front Lines (Wall Street Journal) Missiles and rockets rained down on northern Ukraine, marking the first time in weeks that the Kyiv region, far from the fighting in the country’s east and south, has been hit.

Ukraine war: West's modern weapons halt Russia's advance in Donbas (BBC News) Ukrainian soldiers credit the arrival of modern Western weapons for a sharp fall in Russia's attacks.

‘Half of Russian troops’ sent into Ukraine have been killed or injured (The Telegraph) According to US intelligence, casualties have rocketed to more than 75,000 – a loss equivalent to almost the entire British Army

Russia, Ukraine trade blame for deadly attack on POW prison (AP NEWS) Russia and Ukraine accused each other Friday of shelling a prison in a separatist region of eastern Ukraine, an attack that reportedly killed dozens of Ukrainian prisoners of war who were captured after the fall of a key southern city in May.

The Kremlin’s Plans to Annex Southeastern Ukraine Go into Effect (Wilson Center) After five months of all-out war, the Kremlin appears to have refined its plans for the future of the temporarily occupied territories in southeastern Ukraine.

Climbing the escalation ladder in Ukraine: A menu of options for the West (Atlantic Council) Our experts have assembled a list of possible policy responses the West ought to consider if Russia escalates its war against Ukraine.

Cascading Impacts of the War in Ukraine: Mental, Maternal, and Newborn Health (New Security Beat) This article was originally published as part of the summer 2022 issue of the Wilson Quarterly: Ripples of War.Ukraine and its people will feel the effects of the Russian invasion for years to [...]

Long Read: Russian Youth against War (Wilson Center) Young Russians strongly oppose the war in Ukraine. It is increasingly clear to them that the war is stealing their future and was started only to keep Vladimir Putin, his friends, and their heirs in power for as long as possible.

WSJ News Exclusive | New Group to Promote Open-Source Intelligence, Seen as Vital in Ukraine War (Wall Street Journal) A group of ex-U.S. national security officials has formed a professional association to promote the tradecraft of ‘open-source’ intelligence, the analysis of publicly available data that has helped Western powers understand and track Russia’s war on Ukraine.

Why Russia’s War in Ukraine Is a Genocide (Foreign Affairs) It’s not just a land grab, but a bid to expunge a nation.

Putin believed his own propaganda and fatally underestimated Ukraine (Atlantic Council) Russian President Vladimir Putin likes to pose as an unrivalled expert on Ukrainian history and identity politics. However, it is now apparent that his understanding of Ukraine has been hopelessly distorted by the wishful thinking of his own propaganda. When the Russian dictator gave the order to invade Ukraine five months ago, he seems to have genuinely believed his army would be met with cakes and flowers by a grateful population. Instead, he has plunged Russia into a disastrous war and turned his country’s closest neighbour into an implacable enemy.

Long Read: Russian Youth against War (Wilson Center) Young Russians strongly oppose the war in Ukraine. It is increasingly clear to them that the war is stealing their future and was started only to keep Vladimir Putin, his friends, and their heirs in power for as long as possible.

The Paradoxes of Escalation in Ukraine (Foreign Affairs) Slowly but surely, Russia and the West are drawing their redlines.

Climbing the escalation ladder in Ukraine: A menu of options for the West (Atlantic Council) Our experts have assembled a list of possible policy responses the West ought to consider if Russia escalates its war against Ukraine.

Can Putin Survive? (Foreign Affairs) The lessons of the Soviet collapse.

Is Viktor Orban right about the Ukraine war? (The Telegraph) The Hungarian leader's call for peace may make sense for Hungary now - but long-term it would cripple his country and the West

Putin 'embarrassed' as hackers launch cyber war on Russian President over Ukraine invasion (Express.co.uk) HACKERS are targeting and "embarrassing" Vladimir Putin in a bid to crush the Russian cybersecurity regime as it continues to wage its illegal war on Ukraine.

Is Anonymous Rewriting the Rules of Cyberwarfare? Timeline of Their Attacks Against the Russian Government (Website Planet) Jeremiah Fowler, together with the Website Planet research team, took an in depth look at how the hacker collective has changed the landscape of what

Ukraine’s tech excellence is playing a vital role in the war against Russia (Atlantic Council) Russia’s invasion of Ukraine is now in its sixth month with no end in sight to what is already Europe’s largest conflict since WWII. In the months following the outbreak of hostilities on February 24, the courage of the Ukrainian nation has earned admiration around the world. Many international observers are encountering Ukraine for the first time and are learning that in addition to their remarkable resilience, Ukrainians are also extremely innovative with high levels of digital literacy.

Russia’s pulling the plug on space cooperation. Should the world be worried? (Atlantic Council) Our experts break down Moscow’s extraplanetary plans after it pulls out of the International Space Station.

Crops ‘Stored Everywhere’: Ukraine’s Harvest Piles Up (New York Times) Farmers who have lived under the risk of Russian missile attacks have their doubts about an international agreement to ease a blockade on grain shipments through the Black Sea.

Ukraine to double energy exports amid Russian gas cuts to Europe (Fox Business) Ukraine will double its energy exports to Europe as EU nations cope with an energy standoff with Russia amid an international gas crisis.

Russian economy ‘crippled at every level’ despite Putin’s propaganda (The Telegraph) Country in ‘dire straits’ as exodus of Western firms knocks out 40pc of GDP

Isolation complication? US finds it's hard to shun Russia (AP NEWS) The Biden administration likes to say Russia has become isolated internationally because of its invasion of Ukraine . Yet Moscow's top officials have hardly been cloistered in the Kremlin.

‘Merchant of Death’ offered up by US in exchange for jailed citizens held in Russia (The Telegraph) Viktor Bout has been in US custody for 10 years for running a major arms smuggling operation

Russia has slowed flows of gas to Europe to a trickle - and the energy crisis could drag on until 2025, Goldman Sachs says (Markets Insider) Natural gas prices finally eased Thursday but have soared 145% since the start of June - and the crisis could continue for years, strategists said.

If Putin is using gas prices to fight Europe, how can it fight back? (the Guardian) Analysis: in this massive hybrid war, Europe is preparing its defences before winter and hoping sanctions bite

Attacks, Threats, and Vulnerabilities

How Threat Actors Are Adapting to a Post-Macro World (Proofpoint) In response to Microsoft’s announcements that it would block macros by default in Microsoft Office applications, threat actors began adopting new tactics, techniques, and procedures (TTPs).

CISA Releases Log4Shell-Related MAR (CISA) From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings. Users and administrators are encouraged to review MAR 10386789-1.v1 for more information. For more information on Log4Shell, see:

MAR-10386789-1.v1 – Log4Shell (CISA) Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and Unified Access Gateway (UAG) servers. From May through June 2022, CISA provided remote incident support at an organization where CISA observed suspected Log4Shell PowerShell downloads. During remote support, CISA confirmed the organization was compromised by malicious cyber actors who exploited Log4Shell in a VMware Horizon server that did not have patches or workarounds applied. CISA analyzed five malware samples obtained from the organization’s network: two malicious PowerShell files, two Extensible Markup Language (XML) files, and a 64-bit compiled Python Portable Executable (PE) file.

Threat Advisory: Hackers Are Selling Access to MSPs (Huntress) We’re currently monitoring a situation that entails a hacker selling access to an MSP with access to 50+ customers, totaling 1,000+ servers.

Experts warn of hacker claiming access to 50 U.S. companies through breached MSP (The Record by Recorded Future) Experts have raised alarms about a post on a hacker forum by someone claiming to have access to 50 different U.S. companies through an unknown managed service provider.

Exploit of Log4Shell Vulnerability Leads to Compromise of Major South American Vaccine Distributor (SecurityScorecard) Exploit of Log4Shell Vulnerability Leads to Compromise of Major South American Vaccine Distributor

Exploitation of latest Confluence Vulnerability Underway (SecurityWeek) Security researchers are already seeing the latest Questions for Confluence hardcoded password vulnerability being exploited in attacks.

Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks (SecurityWeek) Vulnerabilities found in Moxa’s NPort devices could allow attackers to cause significant disruption, including in critical infrastructure organizations.

Nuki Smart Lock Vulnerabilities Allow Hackers to Open Doors (SecurityWeek) NCC Group security researchers have identified 11 vulnerabilities impacting Nuki smart lock products, including some that allow attackers to open doors.

Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security (Nozomi Networks) Nozomi Networks Labs publishes a vulnerability in Dahua's ONVIF standard implementation, which can be abused to take over IP cameras.

Protestware on the rise: Why developers are sabotaging their own code (TechCrunch) A wave of software developers have self-sabotaged their code to protest big corporations to Russia's war in Ukraine.

Italian Insurer's Data Breach Uncovered Sensitive Staff Documents (Website Planet) Italian Insurer's Data Breach Uncovered Sensitive Staff Documents Vittoria Assicurazioni's open buckets exposed hundreds of thousands of files contai

Security Patches, Mitigations, and Software Updates

Google announces new Play Store policies around intrusive ads, impersonation and more (TechCrunch) Google announced new Play Store policies for developers on Wednesday that aim to address issues with intrusive ads, alarms, VPNs and impersonation of brands and other apps. The company said these policies will go into effect during different timeframes so developers have ample time to make changes …

Mitsubishi Electric Factory Automation Engineering Software (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Multiple Factory Automation Engineering Software products Vulnerability: Permission Issues 2.

Mitsubishi Electric FA Engineering Software (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Vulnerabilities: Out-of-bounds Read, Integer Underflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may cause a denial-of-service condition.

Rockwell Products Impacted by Chromium Type Confusion (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity/public exploits are available Vendor: Rockwell Automation Equipment: FactoryTalk Software, Enhanced HIM for PowerFlex, Connected Components Workbench Vulnerability: Type Confusion 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

2022 ForgeRock Consumer Identity Breach Report (ForgeRock) ForgeRock’s Consumer Identity Breach Report found that unauthorized access was the leading cause of breaches, accounting for 50% of all records compromised during 2021. To learn about the current threat landscape, get the report.

The State of Vulnerability Intelligence: 2022 Midyear Edition (Flashpoint) The State of Vulnerability Intelligence report empowers organizations to focus on what matters most, helping them to keep workloads manageable.

Software Supply Chain Risk (Coalfire) Coalfire, in conjunction with survey partner Cyber Risk Alliance, has developed our latest report to advance the cybersecurity community by researching and analyzing the risks currently facing the software supply chain.

Cyberattacks on satellites may only be getting more worrisome (Washington Post) Space is a burgeoning battleground for cyberattacks

It’s Not Just Loot Boxes: Predatory Monetization Is Everywhere (Wired) The UK recently declined to regulate prize draws as a form of gambling, but does it matter? The industry has moved on to more problematic ways to make money.

Marketplace

Cyber insurance is on the rise, and organizational security postures must follow suit (VentureBeat) When it comes to cyber insurance, much like other types of insurance, organizations should know what to look for — as well as what is expected of them. 

Cyber Insurance Price Hike Hits Local Governments Hard (Pew Trusts) Some rates have more than doubled, and many insurers require new security protections.

Cybersecurity Growth Investment Flat, M&A Activity Strong for 2022 (SecurityWeek) While global markets have suffered, sales of cybersecurity software have remained strong. VC investment in cybersecurity has adapted to the world economy rather than stalled.

Decentralized data platform Space and Time raises $10 million in seed round (The Block) Funds raised in the Framework Ventures-led round will be used to expand Space and Time's engineering team and decentralized network.

ThreatX Recognized as a sample Vendor in the 2022 Gartner® Hype Cycle™ for Application Security (Business Wire) ThreatX today announced the company has been acknowledged twice as a sample Vendor in the Gartner Hype Cycle for Application Security, 2022 report.

Axis Named Most Innovative Security Services Company at 2022 Golden Bridge Business and Innovation Awards (PR Newswire) Axis announced today that it has been named Most Innovative Security Services Company at the 2022 Golden Bridge Business and Innovation Awards...

Gartner Magic Quadrant PAM | Delinea Positioned as a Leader (Delinea) Download a complimentary copy of Gartner’s 2020 report on the PAM market and vendors to see why Delinea is recognized as a leader.

Axonius Appoints Tom Kennedy as Vice President of Axonius Federal Systems (Axonius) Axonius today announced it has appointed Tom Kennedy as its Vice President of Axonius Federal Systems LLC, the company’s government-focused subsidiary.

Products, Services, and Solutions

Fastly Partners with HUMAN Security to Protect Customers from Bot Attacks and Fraud (Business Wire) Fastly Partners with HUMAN Security to Protect Customers from Bot Attacks and Fraud

Everything Blockchain Inc. Launches EB Control (Business Wire) Everything Blockchain Inc., (OTCMKTS: OBTX), a technology company that enables real-world use of blockchain to solve critical business issues, today a

Technologies, Techniques, and Standards

Cyber grades bring down agencies’ scores in FITARA 14 (Federal News Network) The 14th version of the FITARA scorecard shows one agency increased their score, while eight earned lower scores, mostly due to cybersecurity shortcomings.

Legislation, Policy, and Regulation

EU to Open San Francisco Office Focused on Tech Regulation (Wall Street Journal) The European Commission is opening a San Francisco office, an effort to Strengthen trans-Atlantic tech policy relations after years of tension between European regulators and U.S. tech firms.

Why Indonesia Has Embraced Huawei (Foreign Policy) If the U.S. wants to compete with China in developing countries, our research shows it needs to offer tangible assistance in response to real needs.

Victim of Private Spyware Warns It Can be Used Against US (SecurityWeek) Months after her father was lured back to Rwanda under false pretenses and jailed, Carine Kanimba discovered her own phone had been hacked using private spyware.

House Passes Cybersecurity Bills Focusing on Energy Sector, Information Sharing (SecurityWeek) The House has passed two cybersecurity bills: the Energy Cybersecurity University Leadership Act and the RANSOMWARE Act.

House Passes Chips Act to Boost U.S. Semiconductor Production (Wall Street Journal) The $280 billion bill passed despite a late push by Republican leaders to block the legislation over a separate Democratic spending proposal.

CHIPS Act clears Congress, ensuring $52 billion boost to US foundries (The Verge) The vote was the long-awaited bill’s final hurdle before Biden.

Congressional Democrats Introduce Net Neutrality Bill (CNET) Senate and House Democrats introduce a bill to reinstate Obama-era net neutrality rules and to deliver the FCC authority over broadband networks.

Top White House cyber official says Congress should push for digital security mandates (The Record by Recorded Future) A senior White House official on Thursday said Congress could do more to set basic cybersecurity standards for critical infrastructure sectors to better protect them against digital threats.

Litigation, Investigation, and Law Enforcement

Police to share coding of AN0M app used in Operation Ironside arrests (ABC) Experts for alleged criminals charged in one of Australia's biggest criminal sting operations will be given access to the coding of a messaging app built by the Australian Federal Police to catch those allegedly involved in organised crime.

Rewards for Justice – Reward Offer for Information on Russian Interference in U.S. Elections (United States Department of State) The U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information on foreign interference in U.S. elections. The reward offer seeks information leading to the identification or location of any foreign person, including a foreign entity, who knowingly engaged […]

Crackdown on BEC Schemes: 100 Arrested in Europe, Man Charged in US (SecurityWeek) Authorities in Europe announce the arrests of 100 individuals for invoice fraud as the US indicts a Florida man for role in BEC scheme.

U.S. Justice Department probing cyber breach of federal court records system (Reuters) The U.S. Justice Department is investigating a cyber breach involving the federal court records management system, the department's top national security attorney told lawmakers on Thursday.

US DoJ probing 'incredibly significant' breach of federal records (Computing) The breach dates back to early 2020

Justice Department investigating data breach of federal court system (POLITICO) House Judiciary Committee Chair Jerrold Nadler described a "system security failure" of the U.S. Courts' document management system.

France Closes 'Cookies' Case Against Facebook (SecurityWeek) French privacy regulators on Thursday closed a case against Facebook after determining the US tech giant had changed the way it collected user data to comply with the law.

Fri, 29 Jul 2022 04:26:00 -0500 text/html https://thecyberwire.com/newsletters/daily-briefing/11/145
2V0-31.20 exam dump and training guide direct download
Training Exams List