Real AZ-204 questions that are verified in test today

You will unleash the true power of killexams.com AZ-204 Real Exam Questions when you take the real AZ-204 exam. All that we provided in your download section will appear in actual AZ-204 exam in real test. Thats why, we suggest to download 100% free free pdf to evaluate AZ-204 sample questions, then register and download full version of AZ-204 real questions in your computer and go through the questions. Practice with VCE exam simulator. Thats all.

Exam Code: AZ-204 Practice exam 2022 by Killexams.com team
Developing Solutions for Microsoft Azure
Microsoft Developing techniques
Killexams : Microsoft Developing techniques - BingNews https://killexams.com/pass4sure/exam-detail/AZ-204 Search results Killexams : Microsoft Developing techniques - BingNews https://killexams.com/pass4sure/exam-detail/AZ-204 https://killexams.com/exam_list/Microsoft Killexams : Satya Nadella's Four Tips For A Better Hybrid Workplace No result found, try new keyword!Collaborate effectively in all work modes, supply people a break, make better use of less physical space, onboard new employees to hybrid work ... Sun, 17 Jul 2022 21:40:00 -0500 en-us text/html https://www.msn.com/en-us/money/smallbusiness/satya-nadellas-four-tips-for-a-better-hybrid-workplace/ar-AAZHpsl Killexams : Netflix, Microsoft to Team Up for Streaming Ad Sales No result found, try new keyword!On the screen, Netflix streams video favorites like “Bridgerton” and “Stranger Things.” To surround those programs with commercials, however, the company will require ... Wed, 13 Jul 2022 06:38:53 -0500 en-us text/html https://www.msn.com/en-us/money/other/netflix-microsoft-to-team-up-for-streaming-ad-sales/ar-AAZxL5z Killexams : 5 tips for buying the perfect back to school laptop woman using laptop next to phone and coffee cup © Provided by Tom's Guide woman using laptop next to phone and coffee cup

Back to school sales are starting to crop up at major retailers, even though we're still in the middle of summer. 

This is good news if you could use a new laptop, because major retailers like Amazon and Best Buy are going to be running some big back to school sales with savings on some of the best laptops from companies like Apple, Dell and Lenovo.

To help you figure out which laptop will be best for your needs, we've compiled this list of quick tips for finding the perfect school laptop based on both conversations with parents and my own experience reviewing dozens and dozens of laptops. Keep this advice in mind as you browse the best back to school laptop deals and sales this summer.

Here at Tom's Guide we work hard to help you find the right tech for you at a great price, and you can check out our ultimate back to school guide for the latest deals on laptops, tablets, phones and more.

Weight is key when lugging your laptop between classes

While more students than ever are participating in remote learning arrangements these days, there's still plenty that find themselves schlepping a backpack to a classroom or lecture hall on a regular basis. If there's a chance you'll need to carry this laptop for long periods around campus or to various classrooms, make sure you consider how much it weighs before clicking the Buy button.

In my experience, anything around 3 pounds is pretty easy to carry for hours, at least for a grown adult in reasonably good health. Go much beyond 3 pounds though, and you'll start to notice when you're lugging the thing around. This is a common problem with the best gaming laptops, which can be great for demanding engineering coursework but murder on the shoulders when toted around.

If you really prize light weight in a laptop, you can even get some that are as light as 2 pounds. Lenovo has some really lightweight models that are great for coursework, like the 2.5-pound Lenovo ThinkPad X1 Titanium Yoga (which also folds into a tablet, if you'd like a 2-in-1 laptop for school) or the 2-pound Lenovo ThinkPad X1 Nano.

Don't skimp on battery life

Again, if there's a chance you'll need to rely on this laptop all day you'll want to make sure you buy one with great battery life. There's nothing worse than getting to your last class of the day, only to find out your laptop is dead and you forgot to bring the charger.

Ideally you don't want to be lugging a charger, a power bank or anything more than you have to, so make sure to vet a laptop's battery life before you buy. Don't trust the manufacturer's advertised battery life, either; while some laptops (mostly MacBooks) do last as long as claimed, the vast majority do not. 

We know that because here at Tom's Guide we put each laptop we review through a gauntlet of performance tests, including a battery rundown test that tasks the laptop with endlessly surfing the web via Wi-Fi with the screen brightness set to 150 nits.

While you shouldn't take our battery test results as a promise that you'll get the same use time between charges (because you'll likely have the screen set brighter than we do in our test, for one thing), you can use it as a more accurate general estimate and use it to compare laptops to see which last the longest. In fact, we've compiled a list of some of the longest-lasting laptops we've ever tested, which you can see below:

Tom's Guide laptop battery life test results
Laptop Battery life (tested)
Dell XPS 13 OLED 7:59
Asus Zenbook 13 OLED 15:00
MacBook Pro 13-inch (M2, 2022) review 18:20
M1 MacBook Air 14:41
MacBook Pro 2021 (14-inch) 14:09
Microsoft Surface Laptop Studio 10:30
Framework Laptop 10:17
Microsoft Surface Laptop 4 10:46
Acer Swift 3 11:09
Microsoft Surface Pro 8 9:06
Dell XPS 15 OLED 6:58
MacBook Pro 2021 (16-inch) 15:31
Lenovo Yoga 9i 11:15
Lenovo ThinkPad X1 Nano 12:00
Alienware m15 R4 4:01
HP Elite Dragonfly 12:25
Asus Zenbook Duo 14 10:37
Lenovo IdeaPad Chromebook Duet 12:47
Google Pixelbook Go 11:29
Acer Chromebook Spin 713 11:54

As you can see the Dell XPS 13 lags a bit behind the rest, and I include it only because an 8-hour tested battery life is really the minimum you should expect from a good laptop. It's a little short for a full day of classes though, so I recommend you go with something lighter and longer-lasting like the MacBook Air (2020, M1) or the Asus Zenbook 13 OLED

Make sure you have enough power for your needs

There's a smorgasbord of laptops out there waiting to be bought, and they range from barely powerful enough to run Chrome to beefy enough that you could play the best PC games with all the settings maxed out. But you generally get what you pay for, so make sure you don't pay too much (or too little) for a laptop with components that don't match your needs.

Specifically, try to stay away from anything with less than an Intel Core i5 (or AMD Ryzen 5) CPU, 8GB of RAM and a 256GB storage drive. The afore-mentioned Asus Zenbook 13 meets these requirements and is pretty affordable. 

You'll get even better performance if you get something with a newer or more powerful CPU, more RAM, or a discrete graphics card, but unless you're planning to do more than browse the web and write papers you won't have much need for the upgrade in power.

That said, if you do want something powerful that's still relatively easy to carry around all day, I recommend the Asus ROG Zephyrus G14. It's a gaming laptop, but unlike most gaming laptops it's relatively light and compact, has decent battery life (when you're not playing games), and packs enough horsepower under the hood to tackle serious engineering, video editing and game development work. Apple's MacBook Pro 13-inch M2 is also a great investment if you need something powerful that excels at photo/video editing, with great battery life.

Conversely, if you get something with less impressive specs you may find yourself handicapped by poor performance. Laptops with an Intel Core i3 CPU or anything less powerful tend to labor pretty hard with demanding apps, and if you get less than 8GB of RAM you may find your laptop has a hard time multi-tasking or takes a long time to load things. 

256GB of storage is less important to have, especially if you're planing to mostly do homework and surf the web on this laptop, but if you get much less you'll likely need to spend time regularly cleaning out your hard drive to make room for new stuff. Remember, the operating system (Windows or Mac, usually) itself takes up a fair bit of space on your drive, so you won't get to use all the storage you pay for. If you buy a laptop with 128GB or even (God forbid) 64GB, you'll quickly see how painful this juggling act can be.

Do you want a touchscreen and/or a 2-in-1?

Laptop designs are no longer limited to the traditional clamshell, and there's now a slew of great laptops out there with touchscreens designed to fold down onto the laptop, turning it into a heavy tablet. 

Such functionality may be superfluous if you're planning to use the laptop purely for writing, but if you want to do any kind of digital artwork a convertible 2-in-1 is a great choice. Personally, I like them simply because you can "tent" them at different angles for more comfortable viewing, which is great when you're relaxing between classes and streaming movies.

I've also heard from parents that some schools require their students to have laptops with touchscreens that support a stylus. If that's what you're after, check to make sure whatever laptop(s) you're considering have touchscreens and offer USI (Universal Stylus Initiative) support. That means you'll be able to buy a USI-certified stylus and be confident it will work with your new laptop. 

I remember one parent in particular mentioned their child was attending an engineering program that suggested students bring laptops that had both a discrete GPU and an active stylus (an active stylus is one with power that connects via Bluetooth, while a passive stylus does not). Few laptops meet that requirement, but the Microsoft Surface Laptop Studio does, and it happens to be a great 2-in-1 ultraportable to boot.

Port selection is important

You'll likely want to plug more into your laptop than the power charger, so make sure it has the right ports for your needs before making a purchase. Headphone jacks, for example, are great for when you want to listen to music while doing homework in a study hall, but nowadays some ulaptops have ditched the headphone jack (looking at you, Dell XPS 13 Plus) in the name of being as thin and light as possible. Of course, you could always use Bluetooth headphones, but then you're having to worry about keeping another device charged all the time.

Likewise, if you want to use accessories like a keyboard or mouse with your laptop you'll want to make sure it has the right USB ports in enough quantity to satisfy your needs. These days most modern accessories connect via USB-C (which looks like a flat, wide oval), but there's still piles and piles of gadgets out there than connect via the older USB-A (which looks like a rectangle). Check out what gear you plan to plug into the laptop, then vet it to make sure you can hook everything up without too much trouble.

If you make a mistake it's not the end of the world, as you can still use dongles and adapters to connect your accessories. However, that again means you'll be carrying around more bits of tech in your bag that could easily be lost.

Bottom line

If you keep these 5 tips in mind, you should be well-equipped to find the perfect laptop for you during the back to school shopping season. For more recommendations on great laptops for students, check out our guide to the best college laptops.

Sat, 09 Jul 2022 17:01:57 -0500 en-GB text/html https://www.msn.com/en-gb/lifestyle/shopping/5-tips-for-buying-the-perfect-back-to-school-laptop/ar-AAZpIpe
Killexams : North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center (MSTIC) tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021.

Along with their H0lyGh0st payload, DEV-0530 maintains an .onion site that the group uses to interact with their victims. The group’s standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange for restoring access to the files. As part of their extortion tactics, they also threaten to publish victim data on social media or send the data to the victims’ customers if they refuse to pay. This blog is intended to capture part of MSTIC’s analysis of DEV-0530 tactics, present the protections Microsoft has implemented in our security products, and share insights on DEV-0530 and H0lyGh0st ransomware with the broader security community to protect mutual customers.

MSTIC assesses that DEV-0530 has connections with another North Korean-based group tracked as PLUTONIUM (aka DarkSeoul or Andariel). While the use of H0lyGh0st ransomware in campaigns is unique to DEV-0530, MSTIC has observed communications between the two groups, as well as DEV-0530 using tools created exclusively by PLUTONIUM.

As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC to track it as a unique set of information until we reach high confidence about the origin or identity of the actor behind the activity.

Who is DEV-0530?

DEV-0530 primarily operates ransomware campaigns to pursue financial objectives. In MSTIC’s investigations of their early campaigns, analysts observed that the group’s ransom note included a link to the .onion site hxxp://matmq3z3hiovia3voe2tix2x54sghc3tszj74xgdy4tqtypoycszqzqd[.]onion, where the attackers claim to “close the gap between the rich and poor”. They also attempt to legitimize their actions by claiming to increase the victim’s security awareness by letting the victims know more about their security posture.

A screenshot of the ransom noted displayed by the H0lyGh0st ransomware. The page has a white background with black text, and presents information on how the ransomware victim can restore their files.
Figure 1. A H0lyGh0st ransom note linked to the attackers’ .onion site.
A screenshot of the H0lyGh0st .onion website. The page has a white background and white text, and presents claims made by the group regarding the motives behind their activities.
Figure 2. DEV-0530 attackers publishing their claims on their website.

Like many other ransomware actors, DEV-0530 notes on their website’s privacy policy that they would not sell or publish their victim’s data if they get paid. But if the victim fails to pay, they would publish everything. A contact form is also available for victims to get in touch with the attackers.

A screenshot from the H0lyGh0st website, presenting two sections in two columns. The column on the left detail their privacy and policy, while the one on the right pertains to their contact information.
Figure 3. Privacy policy and contact us information on the H0lyGh0st website.

Affiliations with other threat actors originating from North Korea

MSTIC assesses there is likely some overlap between DEV-0530 and PLUTONIUM. PLUTONIUM is a North Korean threat actor group affiliated with clusters of activity that are also known as DarkSeoul and Andariel. Active since at least 2014, PLUTONIUM has primarily targeted the energy and defense industries in India, South Korea, and the United States using a variety of tactics and techniques.

MSTIC has observed known DEV-0530 email accounts communicating with known PLUTONIUM attacker accounts. MSTIC has also observed both groups operating from the same infrastructure set, and even using custom malware controllers with similar names.

To further assess the origin of DEV-0530 operations, MSTIC performed a temporal analysis of observed activity from the group. MSTIC estimates that the pattern of life of DEV-0530 activity is most consistent with the UTC+8 and UTC+9 time zones. UTC+9 is the time zone used in North Korea.

Despite these similarities, differences in operational tempo, targeting, and tradecraft suggest DEV-0530 and PLUTONIUM are distinct groups.

Why are North Korean actors using ransomware?

Based on geopolitical observations by global experts on North Korean affairs and circumstantial observations, Microsoft analysts assess the use of ransomware by North Korea-based actors is likely motivated by two possible objectives.  

The first possibility is that the North Korean government sponsors this activity. The weakened North Korean economy has become weaker since 2016 due to sanctions, natural disasters, drought, and the North Korean government’s COVID-19 lockdown from the outside world since early 2020. To offset the losses from these economic setbacks, the North Korean government could have sponsored cyber actors stealing from banks and cryptocurrency wallets for more than five years. If the North Korean government is ordering these ransomware attacks, then the attacks would be yet another tactic the government has enabled to offset financial losses.

However, state-sponsored activity against cryptocurrency organizations has typically targeted a much broader set of victims than observed in DEV-0530 victimology. Because of this, it is equally possible that the North Korean government is not enabling or supporting these ransomware attacks. Individuals with ties to PLUTONIUM infrastructure and tools could be moonlighting for personal gain. This moonlighting theory might explain the often-random selection of victims targeted by DEV-0530.

Although Microsoft cannot be certain of DEV-0530’s motivations, the impact of these ransomware attacks on our customers raises the importance of exposing the underlying tactics and techniques, detecting and preventing attacks in our security products, and sharing our knowledge with the security ecosystem.

Ransomware developed by DEV-0530

Between June 2021 and May 2022, MSTIC classified H0lyGh0st ransomware under two new malware families: SiennaPurple and SiennaBlue. Both were developed and used by DEV-0530 in campaigns. MSTIC identified four variants under these families – BTLC_C.exe, HolyRS.exe, HolyLock.exe, and BLTC.exe – and clustered them based on code similarity, C2 infrastructure including C2 URL patterns, and ransom note text. BTLC_C.exe is written in C++ and is classified as SiennaPurple, while the rest are written in Go, and all variants are compiled into .exe to target Windows systems. Microsoft Defender Antivirus, which is built into and ships with Windows 10 and 11, detects and blocks BTLC_C.exe as SiennaPurple and the rest as SiennaBlue, providing protection for Windows users against all known variants the H0lyGh0st malware..

A timeline of the payloads used by DEV-0530 over time, SiennaPurple and SiennaBlue. The timeline covers developments from May 2021 to June 2022, with SiennaPurple being used from May to October 2021, and SiennaBlue from September 2021 to June 2022 and beyond.
Figure 4. Timeline of DEV-0530 ransomware payloads.

SiennaPurple ransomware family: BTLC_C.exe

BLTC_C.exe is a portable ransomware developed by DEV-0530 and was first seen in June 2021. This ransomware doesn’t have many features compared to all malware variants in the SiennaBlue family. Prominently, if not launched as an administrative user, the BLTC_C.exe malware displays the following hardcoded error before exiting:

"This program only execute under admin privilege".

The malware uses a simple obfuscation method for strings where 0x30 is subtracted from the hex value of each character, such that the string “aic^ef^bi^abc0” is decoded to 193[.]56[.]29[.]123. The indicators of compromise (IOCs) decoded from the BLTC_C.exe ransomware are consistent with all malware variants in the SiennaBlue family, including the C2 infrastructure and the HTTP beacon URL structure access.php?order=AccessRequest&cmn. The BTLC_C.exe sample analyzed by MSTIC has the following PDB path: M:\ForOP\attack(utils)\attack tools\Backdoor\powershell\btlc_C\Release\btlc_C.pdb.

SiennaBlue ransomware family: HolyRS.exe, HolyLocker.exe, and BTLC.exe

Between October 2021 and May 2022, MSTIC observed a cluster of new DEV-0530 ransomware variants written in Go. We classified these variants as SiennaBlue. While new Go functions were added to the different variants over time, all the ransomware in the SiennaBlue family share the same core Go functions.

A deeper look into the Go functions used in the SiennaBlue ransomware showed that over time, the core functionality expanded to include features like various encryption options, string obfuscation, public key management, and support for the internet and intranet. The table below demonstrates this expansion by comparing the Go functions in HolyRS.exe and BTLC.exe:

HolyRS.exe [2021] BTLC.exe [2022]
main_main
main_init_0
main_IsAdmin
main_encryptFiles
HolyLocker_RsaAlgorithm_GenerateKeyPair
HolyLocker_RsaAlgorithm_Encrypt
HolyLocker_CryptoAlogrithm___ptr_File__EncryptRSA
HolyLocker_CryptoAlogrithm___ptr_File__EncryptAES
HolyLocker_utilities_GenerateRandomANString
HolyLocker_utilities_StringInSlice
HolyLocker_utilities_SliceContainsSubstring
HolyLocker_utilities_RenameFile
HolyLocker_Main_init
HolyLocker_communication_New
HolyLocker_communication___ptr_Client__GetPubkeyFromServer
HolyLocker_communication___ptr_Client__Do
HolyLocker_communication___ptr_Client__SendEncryptedPayload
HolyLocker_communication___ptr_Client__SendFinishRequest
HolyLocker_communication___ptr_Client__AddNewKeyPairToIntranet
HolyLocker_communication___ptr_Client__AddNewKeyPair
main_main
main_init_0
main_IsAdmin
main_encryptFiles
main_DeleteSchTask
main_DisableNetworkDevice main_encryptString
main_decryptString
main_cryptAVPass
main_SelfDelete
HolyLocker_RsaAlgorithm_GenerateKeyPair
HolyLocker_RsaAlgorithm_Encrypt
HolyLocker_CryptoAlogrithm___ptr_File__EncryptRSA
HolyLocker_CryptoAlogrithm___ptr_File__EncryptAES
HolyLocker_utilities_GenerateRandomANString
HolyLocker_utilities_StringInSlice
HolyLocker_utilities_SliceContainsSubstring
HolyLocker_utilities_RenameFile
HolyLocker_Main_init
HolyLocker_communication_New
HolyLocker_communication___ptr_Client__GetPubkeyFromServer
HolyLocker_communication___ptr_Client__Do
HolyLocker_communication___ptr_Client__SendEncryptedPayload
HolyLocker_communication___ptr_Client__SendFinishRequest
HolyLocker_communication___ptr_Client__AddNewKeyPairToIntranet
HolyLocker_communication___ptr_Client__AddNewKeyPair  

MSTIC assesses DEV-0530 successfully compromised several targets in multiple countries using HolyRS.exe in November 2021. A review of the victims showed they were primarily small-to-midsized businesses, including manufacturing organizations, banks, schools, and event and meeting planning companies. The victimology indicates that these victims are most likely targets of opportunity. MSTIC suspects that DEV-0530 might have exploited vulnerabilities such as CVE-2022-26352 (DotCMS remote code execution vulnerability) on public-facing web applications and content management systems to gain initial access into target networks. The SiennaBlue malware variants were then dropped and executed. To date, MSTIC has not observed DEV-0530 using any 0-day exploits in their attacks.

After successfully compromising a network, DEV-0530 exfiltrated a full copy of the victims’ files. Next, the attackers encrypted the contents of the victim device, replacing all file names with Base64-encoded versions of the file names and renaming the extension to .h0lyenc. Victims found a ransom note in C:\FOR_DECRYPT.html, as well as an email from the attackers with subject lines such as:

!!!!We are < H0lyGh0st>. Please Read me!!!!

As seen in the screenshot below, the email from the attackers let the victim know that the group has stolen and encrypted all their files. The email also included a link to a sample of the stolen data to prove their claim, in addition to the demand for payment for recovering the files.

A screenshot of the email sent by DEV-0530 as a ransom note to their targets. The email message tells the target to pay in order to recover their files. It also mentions a URL where they can access some of their data.
Figure 5. Ransom note left by DEV-0530 attackers.

BTLC.exe is the latest DEV-0530 ransomware variant and has been seen in the wild since April 2022. BTLC.exe can be configured to connect to a network share using the default username, password, and intranet URL hardcoded in the malware if the ServerBaseURL is not accessible from the device. One notable feature added to BTLC.exe is a persistence mechanism in which the malware creates or deletes a scheduled task called lockertask, such that the following command line syntax can be used to launch the ransomware:

cmd.exe /Q /c schtasks /create /tn lockertask /tr [File] /sc minute /mo 1 /F /ru system 1> \\127.0.0.1\ADMIN$\__[randomnumber] 2>&1

Once the ransomware is successfully launched as an administrator, it tries to connect to the default ServerBaseURL hardcoded in the malware, attempts to upload a public key to the C2 server, and encrypts all files in the victim’s drive.

HolyRS.exe/HolyLocker.exe C2 configuration BTLC.exe C2 configuration
main_ServerBaseURL: hxxp://193[.]56[.]29[.]123:8888
main_IntranetURL: 10[.]10[.]3[.]42
main_Username: adm-karsair  
EncryptionKey: H0lyGh0stKey1234
IntranetUrl: 192[.]168[.]168[.]5
Username: atrismsp Scheduledtask name: lockertask
A screenshot of assembly code presenting configuration information used by the malware to connect to its C2 server. The code includes the C2 URL, as well as the attacker's username.
Figure 6. BTLC.exe C2 communication

Based on our investigation, the attackers frequently asked victims for anywhere from 1.2 to 5 Bitcoins. However, the attackers were usually willing to negotiate and, in some cases, lowered the price to less than one-third of the initial asking price. As of early July 2022, a review of the attackers’ wallet transactions shows that they have not successfully extorted ransom payments from their victims.

A screenshot from a Bitcoin explorer page presenting information on the attackers' Bitcoin wallet. The page shows that the Bitcoin wallet is empty.
Figure 7. Screenshot of DEV-0530 attackers’ wallet

HolyRS.exe/BTLC.exe C2 URL pattern:

  • hxxp://193[.]56[.]29[.]123:8888/access.php?order=GetPubkey&cmn=[Victim_HostName]
  • hxxp://193[.]56[.]29[.]123:8888/access.php?order=golc_key_add&cmn=[Victim_HostName]&type=1
  • hxxp://193[.]56[.]29[.]123:8888/access.php?order=golc_key_add&cmn=[Victim_HostName]&type=2
  • hxxp://193[.]56[.]29[.]123:8888/access.php?order=golc_finish&cmn=[Victim_HostName]&

Examples of HolyRS.exe/BTLC.exe ransom note metadata:

Attacker email address: H0lyGh0st@mail2tor[.]com
Image location: hxxps://cloud-ex42[.]usaupload[.]com/cache/plugins/filepreviewer/219002/f44c6929994386ac2ae18b93f8270ec9ff8420d528c9e35a878efaa2d38fb94c/1100x800_cropped.jpg
Report URL: hxxp://matmq3z3hiovia3voe2tix2x54sghc3tszj74xgdy4tqtypoycszqzqd[.]onion

Microsoft will continue to monitor DEV-0530 activity and implement protections for our customers. The current detections, advanced detections, and indicators of compromise (IOCs) in place across our security products are detailed below.

Recommended customer actions

Microsoft has implemented protections to detect these malware families as SiennaPurple and SiennaBlue (e.g., Ransom:Win32/SiennaBlue.A) via Microsoft Defender Antivirus and Microsoft Defender for Endpoint, wherever these are deployed on-premises and in cloud environments.

Microsoft encourages all organizations to proactively implement and frequently validate a data backup and restore plan as part of broader protection against ransomware and extortion threats.

The techniques used by DEV-0530 in H0lyGh0st activity can be mitigated by adopting the security considerations provided below:

  • Use the included IOCs to investigate whether they exist in your environment and assess for potential intrusion.

Our blog on the ransomware-as-a-service economy has an exhaustive guide on how to protecting against ransomware threats. We encourage readers to refer to that blog for a comprehensive guide that has a deep dive into each of the following areas:

  • Building credential hygiene
  • Auditing credential exposure
  • Prioritizing deployment of Active Directory updates
  • Cloud hardening
  • Enforcing MFA on all accounts, remove users excluded from MFA, and strictly require MFA from all devices, in all locations, at all times.
  • Enabling passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA.
  • Disabling legacy authentication.

For small or midsize companies who use Microsoft Defender for Business or Microsoft 365 Business Premium, enabling each of the features below will provide a protective layer against these threats where applicable. For Microsoft 365 Defender customers, the following checklist eliminates security blind spots:

  • Turn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools and techniques, block new and unknown malware variants, and enhance attack surface reduction rules and tamper protection.
  • Turn on tamper protection features to prevent attackers from stopping security services.
  • Run EDR in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when a non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode also blocks indicators identified proactively by Microsoft Threat Intelligence teams.
  • Enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the internet.
  • Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches.
  • Use device discovery to increase visibility into the network by finding unmanaged devices and onboarding them to Microsoft Defender for Endpoint.
  • Protect user identities and credentials using Microsoft Defender for Identity, a cloud-based security solution that leverages on-premises Active Directory signals to monitor and analyze user behavior to identify suspicious user activities, configuration issues, and active attacks.

Indicators of compromise

This list provides IOCs observed during our investigation. We encourage our customers to investigate these indicators in their environments and implement detections and protections to identify past related activity and prevent future attacks against their systems.

Indicator Type Description
99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd SHA-256 Hash of BTLC_C.exe
f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86 SHA-256 Hash of HolyRS.exe
bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af SHA-256 Hash of BTLC.exe
cmd.exe /Q /c schtasks /create /tn lockertask /tr [File] /sc minute /mo 1 /F /ru system 1> \\127.0.0.1\ADMIN$\__[randomnumber] 2>&1   Command line Example of new ScheduledTask to BTLC.exe
193[.]56[.]29[.]123 C2 C2 IP address
H0lyGh0st@mail2tor[.]com Email Ransomware payment communication address
C:\FOR_DECRYPT.html File path File path of ransom note

NOTE: These indicators should not be considered exhaustive for this observed activity.

Microsoft 365 detections

Microsoft Defender Antivirus

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint customers may see any or a combination of the following alerts as an indication of possible attack.

  • DEV-0530 activity group
  • Ransomware behavior detected in the file system
  • Possible ransomware infection modifying multiple files
  • Possible ransomware activity

Advanced hunting queries

Microsoft Sentinel

To locate possible DEV-0530 activity mentioned in this blog post, Microsoft Sentinel customers can use the queries detailed below:

Identify DEV-0530  IOCs

This query identifies a match based on IOCs related to DEV-0530 across various Sentinel data feeds:

https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Dev-0530_July2022.yaml

Identify renamed file extension

DEV-0530 actors are known to encrypt the contents of the victim’s device as well as rename the file and extension. The following query detects the creation of files with .h0lyenc extension:

https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml

Identify Microsoft Defender Antivirus detection related to DEV-0530

This query looks for Microsoft Defender AV detections related to DEV-0530 and joins the alert with other data sources to surface additional information such as device, IP, signed-in on users, etc.

https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/Dev-0530AVHits.yaml

Yara rules

rule SiennaPurple 
{ 
        meta: 
                author = "Microsoft Threat Intelligence Center (MSTIC)" 
                description = "Detects PDB path, C2, and ransom note in DEV-0530 Ransomware SiennaPurple samples" 
                hash = "99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd" 
        strings: 
                $s1 = "ForOP\\attack(utils)\\attack tools\\Backdoor\\powershell\\btlc_C\\Release\\btlc_C.pdb" 
                $s2 = "matmq3z3hiovia3voe2tix2x54sghc3tszj74xgdy4tqtypoycszqzqd.onion"
                $s3 = "H0lyGh0st@mail2tor.com"
                $s4 = "We are <HolyGhost>. All your important files are stored and encrypted."
                $s5 = "aic^ef^bi^abc0"
                $s6 = "---------------------------3819074751749789153841466081"

        condition: 
                uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and 
                filesize < 7MB and filesize > 1MB and 
                all of ($s*) 
}
rule SiennaBlue 
{ 
        meta: 
                author = "Microsoft Threat Intelligence Center (MSTIC)" 
                description = "Detects Golang package, function, and source file names observed in DEV-0530 Ransomware SiennaBlue samples" 
                hash1 = "f8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86" 
                hash2 = "541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219"
        strings: 
                $holylocker_s1 = "C:/Users/user/Downloads/development/src/HolyLocker/Main/HolyLock/locker.go"
                $holylocker_s2 = "HolyLocker/Main.EncryptionExtension"
                $holylocker_s3 = "HolyLocker/Main.ContactEmail"
                $holylocker_s4 = "HolyLocker/communication.(*Client).GetPubkeyFromServer"
                $holylocker_s5 = "HolyLocker/communication.(*Client).AddNewKeyPairToIntranet"
                
                $holyrs_s1 = "C:/Users/user/Downloads/development/src/HolyGhostProject/MainFunc/HolyRS/HolyRS.go"
                $holyrs_s2 = "HolyGhostProject/MainFunc.ContactEmail"
                $holyrs_s3 = "HolyGhostProject/MainFunc.EncryptionExtension"
                $holyrs_s4 = "HolyGhostProject/Network.(*Client).GetPubkeyFromServer"
                $holyrs_s5 = "HolyGhostProject/Network.(*Client).AddNewKeyPairToIntranet"
                $s1 = "Our site : <b><a href=%s>H0lyGh0stWebsite"
                $s2 = ".h0lyenc"
                $go_prefix = "Go build ID:"
        condition: 
                uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and 
                filesize < 7MB and filesize > 1MB and 
                $go_prefix and all of ($s*) and (all of ($holylocker_*) or all of ($holyrs_*))
}
Thu, 14 Jul 2022 05:41:00 -0500 en-US text/html https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/
Killexams : Here are the skills and certifications you need to land a job in the hot AI and machine-learning markets that can pay up to $160,000

Learning platforms like Scikit-learn

Stock Photo/Getty Images

Scikit-learn helps people comprehend the basics of machine learning; and it's easy to use. Some experience in the programming language Python and a basic understanding of statistics will let users to do a lot.

There's an extensive library of standard machine-learning tools available through Scikit-learn. Companies use it for models to bucket customers into groups or predict which customers are about to leave.

There isn't a certificate for expertise in Scikit-learn because it's a fundamental part of the field. But many core machine-learning and data-science certificates like those Amazon and Microsoft offer will dig into Scikit-learn.

Statistical methodologies and SciPy

Luis Alvarez/Getty Images

Machine-learning experts need a basic understanding of statistics and probability. Modern machine-learning algorithms rely on those methodologies to help predict trends.

SciPy provides data scientists and machine-learning experts with tools for managing statistical analysis. That includes the tests they use to understand if the trends they see are significant or are flukes, a methodology called hypothesis testing.

There isn't a certificate for understanding the statistical underpinnings of machine learning, but there are courses that cover the basics on learning platforms like Udemy.

Advanced knowledge in programming languages Python or R

Python can be used for a variety of coding purposes beyond simple web development.
5432action/Getty Images

Intermediate Python knowledge can get workers far in data science, but moving on to complex machine-learning problems requires understanding more intricate parts of the programming language. 

Machine-learning experts need to know how to use Python-based packages like NumPy, a way to run algorithms on extensive datasets with many data types. For example, NumPy can help predict what a user might do with a product based on thousands of different data points.

While Python is a preferred language, many companies and institutions use another statistical-programming language, like R, instead. Most packages that work in Python also work in R.

The Python Institute offers certifications in more advanced Python skills.

Managing and visualizing large datasets with data frames like Pandas

Maskot/Getty Images

Most statistical analysis in Python will use a tool called Pandas, which lets programmers manipulate large datasets. Programmers can arrange data in columns and rows, though each entry can contain any data type.

Pandas produces graphic representations of data with visualization platforms like Matplotlib or Seaborn. That gives machine-learning experts a way to see any trends in the data and present it internally if needed.

There isn't a certification for understanding advanced Pandas usage. It's typically wrapped up in core certificate programs and data-science courses like those the learning platform DataCamp offers.

Broader machine-learning frameworks like PyTorch or TensorFlow

Sundar Pichai, the CEO of Alphabet, on stage at a product launch in 2016.
Ramin Talaie/Getty Images

Google brought AI to a more general audience in 2007 when it launched the open-source software platform TensorFlow. While TensorFlow is still ubiquitous, the open-source platform PyTorch has quickly emerged as a favorite among machine-learning experts and enthusiasts.

Machine-learning enthusiasts looking to break into AI should have a strong understanding of the strengths and weaknesses of these frameworks.

There isn't a PyTorch certification, though Facebook AI runs a free course in Udemy for PyTorch. There is also a developer certification for TensorFlow.

A deep-learning framework like Keras

Citizens learn about new AI technologies at the ARTIFICIAL Intelligence Exhibition area of the world Manufacturing Conference 2021 in Hefei, East China's Anhui Province, Nov. 19, 2021.
Xu Qingyong/Costfoto/Future Publishing via Getty Images

Machine-learning frameworks like PyTorch and TensorFlow are both highly flexible languages. But there are tools that work with the platforms to reduce the complexity and focus specifically on problems like deep learning. 

Keras is one of the most popular frameworks that sits on top of TensorFlow, opening up more complex techniques for a broader audience. Users can create deep-learning models with the framework.

Udemy hosts a course to learn both TensorFlow and Keras.

Managing immense data analysis on cloud computing

Liz Hafalia/The San Francisco Chronicle via Getty Images

Most machine-learning analysis doesn't happen on a laptop. Instead, it will occur on a cloud server, if not many of them.

Some machine-learning cloud tools like Google Colab are readily available, especially using TensorFlow. But many companies may be tied to Amazon Web Services or Microsoft Azure, and knowledge of those AI tools will be necessary to handle immense amounts of data.

Certifications like those for Amazon Web Services' machine-learning specialty cover how to handle those problems. Microsoft also offers the Azure data-science associate certification.

Thu, 14 Jul 2022 23:00:00 -0500 en-US text/html https://www.businessinsider.com/machine-learning-experts-earn-160000-skills-amazon-meta-google-2022-7
Killexams : This big phish can swim around MFA, says Microsoft Security

A widespread phishing campaign that has hit more than 10,000 organizations since September 2021 uses adversary-in-the-middle (AiTM) proxy sites to get around multifactor authentication (MFA) features and steal credentials that are then used to compromise business email accounts.

With AiTM phishing, cybercriminals place a proxy server between the targeted user and the website they're trying to visit, enabling the miscreants to intercept and steal the user's password and session cookie, which are implemented by web services after initial authentication so that the user doesn't have to keep authenticating as they move through the site during the session.

Through the stolen session cookie, the attacker gets access to the session via the user.

Once the attacker has the stolen credentials and session cookies, they can access the victim's email boxes and run a business email compromise (BEC) campaign, in this case payment fraud, according to Microsoft security researchers.

"While AiTM phishing isn't new, our investigation allowed us to observe and analyze the follow-on activities stemming from the campaign – including cloud-based attack attempts – through cross-domain threat data from Microsoft 365 Defender," researchers from the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center wrote in a blog post this week.

While MFA is another layer of protection against credential theft being adopted, criminals also are developing ways to bypass it, including AiTM attacks.

Erich Kron, security awareness advocate for KnowBe4, told The Register that such attacks will become more common as organizations embrace MFA.

"While MFA is certainly valuable and should be used when possible, by capturing the password and session cookie – and because the session cookie shows that MFA was already used to login – the attackers can often circumvent the need for MFA when they log into the account again later using the stolen password," Kron said.

Microsoft researchers said they saw multiple iterations of the AiTM campaign, all targeting Office 365 users by spoofing the Office online authentication page and used the Evilginx2 phishing kit as their infrastructure.

There also were similarities in their activities after the security breach, including enumerating sensitive data in the victim's email and running payment fraud schemes.

In one campaign, initial access came through emails to recipients with an HTML file attachment telling them they had a voice message. When the victim clicked on the attached file, it was loaded into the user's browser and showed a page telling the user the voice message was being downloaded. Through a series of sites, users were presented with proxied site pages asking for sign-in credentials, eventually being sent to the Evilginx2 phishing site.

"Once the target entered their credentials and got authenticated, they were redirected to the legitimate office.com page," the Microsofties wrote. "However, in the background, the attacker intercepted said credentials and got authenticated on the user's behalf. This allowed the attacker to perform follow-on activities – in this case, payment fraud – from within the organization."

The payment fraud was designed to trick a target into transferring payments to sites owned by the attacker by hijacking and replying to ongoing finance-related emails threads in the compromised account's mailbox and luring the target to send money through such methods as fake invoices.

The Redmond researchers said it took as few as five minutes after the credentials and session were stolen for the attacker to launch the follow-on payment fraud. The attacker used the stolen session cookie to authenticate to Outlook online.

"In multiple cases, the cookies had an MFA claim, which means that even if the organization had an MFA policy, the attacker used the session cookie to gain access on behalf of the compromised account," the analysts wrote.

For days after stealing the cookie, the attacker got into finance-related emails and file attachments every few hours and searched for outgoing email threads to find any that could be using in payment fraud schemes. To cover their tracks, the intruder also deleted the initial phishing email from the compromised account's inbox. These activities suggest the cyber-thief tried to run the payment fraud scam manually. Once the attacker found a relevant email thread, the evasion techniques continued.

That included creating an inbox rule that ensured every incoming email from the domain name of the fraud target would be moved to the "Archive" folder and marked as read. Then the miscreant would reply to email threads involving payments and invoices between the victim and employees from other organizations, afterwards deleting their replies from the "Sent Items" and "Deleted Items" folders.

"Once an email account has been compromised, it's easy for attackers to find ways to use the access against the victim," KnowBe4's Kron said. "From using that account to propagate scams against friends and family that have communicated to the victim through email to using the account to reset passwords on other accounts, a lot of malicious things can be done with the access."

"As the threat landscape evolves, organizations need to assume breach and understand their network and threat data to gain complete visibility and insight into complex end-to-end attack chains," the Defender Research team adds.

Phishing continues to be a top threat to organizations, with the Microsoft researchers pointing to the company's 2021 Digital Defense Report that reports of phishing in 2020 doubled year-over-year. MFA helps, but both Microsoft and Kron suggested other steps, including using products that support Fast ID Online (FIDO) v2.0, certificate-based authentication, conditional access policies and employee training sessions for identifying phishing attempts. ®

Wed, 13 Jul 2022 08:59:00 -0500 en text/html https://www.theregister.com/2022/07/13/aitm-phishing-microsoft/
Killexams : Event: How to get hired at Microsoft

Want to work at Microsoft? Come and meet their recruiters. Photo: Shutterstock

If you’ve ever wanted to work with tech giant Microsoft, here’s your chance to hear from the recruiters in person at a special ACS event.

Tech professionals and students will have the opportunity to hear from Microsoft’s Michelle Sandford, Development Engagement Lead for Emerging Communities, and Isha Prabhakar, University Recruiting Account Manager, APAC and Australia, who will answer questions such as:

· What does a day in the life of a Microsoft employee look like?

· What are the current roles in demand at Microsoft and what level of experience do you need to be considered?

· What are some good tips to stand out from the crowd during the application and interview process?

· The career pathways within Microsoft once you're in.

ACS CEO Chris Vein said ACS’s members had asked for support in securing new jobs, and from employers looking for IT workers – a situation in which ACS is uniquely positioned to assist both.

“Applying for and working in a top 10 tech company can be an intimidating and daunting task, when it doesn’t necessarily have to be," Vein said, “so, our upcoming ‘How to get a job at Microsoft’ event puts our members in front of Microsoft recruiters and staff to alleviate any barriers and concerns in applying for a role at Microsoft.

“This is only the start of many other series of events to come that supports our members and our tech partners”.

Tickets

This is a hybrid event, running both in person and virtually. The in-person event will be held at the ACS Sydney Tech Hub at Barangaroo.

Tickets for attending in-person are $10 for ACS members and $25 for non-members. Register here if you wish to attend in person and network with the recruiters. Light snacks will be provided.

To attend virtually, the event is free for ACS members and $25 for non-members. Register here if you wish to attend the online stream.

Event date and time

The event will be held on Thursday 14 July, 2022 and commences at 5.30pm. The virtual stream runs for one hour to finish at 6.30pm.

The in-person event runs until 7.30pm, allowing attendees to network and meet the recruiters in person.

Wed, 06 Jul 2022 14:06:00 -0500 text/html https://ia.acs.org.au/article/2022/event--how-to-get-hired-at-microsoft.html
Killexams : Fake Google Software Updates Spread New Ransomware

Threat actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems.

The latest example is "HavanaCrypt," a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware's command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro.

Also notable, according to the researchers, is HavanaCrypt's many techniques for checking if it is running in a virtual environment; the malware's use of code from open source key manager KeePass Password Safe during encryption; and its use of a .Net function called "QueueUserWorkItem" to speed up encryption. Trend Micro notes that the malware is likely a work-in-progress because it does not drop a ransom note on infected systems.

HavanaCrypt is among a growing number of ransomware tools and other malware that in exact months have been distributed in the form of fake updates for Windows 10, Microsoft Exchange, and Google Chrome. In May, security researchers spotted ransomware dubbed "Magniber" doing the rounds disguised as Windows 10 updates. Earlier this year, researchers at Malwarebytes observed the operators of the Magnitude Exploit Kit trying to fool users into downloading it by dressing the malware as a Microsoft Edge update.

As Malwarebytes noted at the time, fake Flash updates used to be a fixture of Web-based malware campaigns until Adobe finally retired the technology because of security concerns. Since then, attackers have been using fake versions of other frequently updated software products to try to trick users into downloading their malware — with browsers being one of the most frequently abused.

Creating fake software updates is trivial for attackers, so they tend to use them to distribute all classes of malware including ransomware, info stealers, and Trojans, says an analyst with Intel 471 who requested anonymity. "A non-technical user might be fooled by such techniques, but SOC analysts or incident responders will likely not be fooled," the analyst says.

Security experts have long noted the need for organizations to have multi-layered defenses in place to defend against ransomware and other threats. This includes having controls for endpoint detection and response, user and entity behavior-monitoring capabilities, network segmentation to minimize damage and limit lateral movement, encryption, and strong identity and access control -- including multi-factor authentication. 

Since adversaries often target end users, it is also critical for organizations to have strong practices in place for educating users about phishing risks and social engineering scams designed to get them to download malware or follow links to credential harvesting sites.

HavanaCrypt is .Net malware that uses an open-source tool called Obfuscar to obfuscate its code. Once deployed on a system, HavanaCrypt first checks to see if the "GoogleUpdate" registry is present on the system and only continues with its routine if the malware determines the registry is not present.

The malware then goes through a four-stage process to determine if the infected machine is in a virtualized environment. First it checks the system for services such as VMWare Tools and vmmouse that virtual machines typically use. Then it looks for files related to virtual applications, followed by a check for specific file names used in virtual environments. Finally, it compares the infected systems' MAC address with unique identifier prefixes typically used in virtual machine settings. If any of checks show the infected machine to be in a virtual environment, the malware terminates itself, Trend Micro said.

Once HavanaCrypt determines it's not running in a virtual environment, the malware fetches and executes a batch file from a C2 server hosted on a legitimate Microsoft Web hosting service. The batch file contains commands for configuring Windows Defender in such a manner that it allows detected threats. The malware also stops a long list of processes, many of which are related to database applications such as SQL and MySQL or to desktop applications such as Microsoft Office.

HavanaCrypt's next steps include deleting shadow copies on the infected systems, deleting functions for restoring data, and gathering system information such as the number of processors the system has, processor type, product number, and BIOS version. The malware uses the QueueUserWorkItem function and code from KeePass Password Safe as part of the encryption process.

"QueueUserWorkItem is a standard technique for creating thread pools," says the analyst from Intel 471. "The use of thread pools will speed up encryption of the files on the victim machine."

With KeePass, the ransomware author has copied code from the password manager tool and used this code in their ransomware project. "The copied code is used to generate pseudorandom encryption keys," the analyst notes. "If the encryption keys were generated in a predictable, repeatable way, then it might be possible for malware researchers to develop decryption tools."

The attacker's use of a Microsoft hosting service for the C2 server highlights the broader trend by attackers to hide malicious infrastructure in legitimate services to evade detection. "There is a great deal of badness hosted in cloud environments today, whether it's Amazon, Google, or Microsoft and many others," says John Bambenek, principal threat hunter at Netenrich. "The highly transient nature of the environments makes reputation systems useless."

Mon, 11 Jul 2022 10:18:00 -0500 en text/html https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-software-update-to-distribute-new-ransomware
Killexams : Tech Moves: Ex-Microsoft economist joins DOJ antitrust team; AWS director lands at StackOverflow

Stanford professor Susan Athey, a former consulting chief economist at Microsoft, will join the U.S. Department of Justice as its top antitrust economist, Bloomberg reported. Athey consulted with Microsoft from 2007 to 2013, where her expertise included big data analytics, antitrust and policy relating to internet search and online advertising. Her regulatory efforts at the tech giant included antitrust investigations against Google.

Athey joins the Justice department as it prepares for a trial against Google and investigates Apple. Bloomberg reported that she is likely to be recused from those cases because of her previous work, which includes serving as an expert in an antitrust suit against Apple.

Athey’s move also comes as the U.S. Federal Trade Commission and other regulators scrutinize Microsoft’s proposed acquisition of video game company Activision Blizzard. Amazon is also facing antitrust investigations in the U.S., U.K., and E.U.

Athey recently resigned from the Expedia board of directors, and announced plans to step down from the board of Seattle pet sitting company Rover in August.

— Tom Keane, a Microsoft corporate vice president who played a key role in building the Office 365 and Azure businesses, is leaving the company after 21 years, he posted in LinkedIn.

Keane was one of the subjects of a exact Insider report on claims of toxic behavior inside the company. The report included allegations that he engaged in verbal abuse of employees.

We’ve contacted him for comment on his reasons for leaving Microsoft, and his future plans. He wrote on LinkedIn, “I could not be prouder of the last 21 years, and equally excited for my next journey to begin.”

Bloomberg News first reported on Keane’s departure.

— Jody Bailey left Amazon Web Services, where he was director of software development, for a position as chief technology officer at Stack Overflow.

Bailey spent more than three years at AWS, and previously was head of technology at Pluralsight. He also held engineering leadership positions at AtTask, Vovici, VeriSign, and Vastera.

Bailey, based in Seattle, will lead product engineering, platform engineering, information security, and IT teams at Stack Overflow, a developer resource. The company raised a $85 million Series E round in July 2020.

Other personnel changes across the Pacific Northwest tech industry:

  • Jennifer Mullin, formerly vice president of marketing at cybersecurity firm Malwarebytes, is now chief marketing officer at DreamBox Learning. She previously also held marketing roles at Leapfrog Enterprises, Visa, Evite and Gap.
  • Shivani Patel, formerly director of sales at Amplitude, joined augmented writing company Textio as its vice president of sales.

Updated with news of Tom Keane’s departure from Microsoft. GeekWire’s Todd Bishop contributed to this report.

Wed, 06 Jul 2022 09:00:00 -0500 Charlotte Schubert en-US text/html https://www.geekwire.com/2022/tech-moves-ex-microsoft-economist-joins-doj-antitrust-team-aws-director-lands-at-stackoverflow/
Killexams : Tech Moves: Vimeo hires Seattle execs; Microsoft corporate VP retires; and more

— Vimeo appointed Lynn Girotto as chief marketing officer and Ashraf Alkarmi as chief product officer for the New York City video software company. Both will be based in the Seattle area.

Girotto was previously chief marketing officer at San Francisco-based customer data tracking startup Heap. She also held marketing roles at Amperity, Tableau, Getty Images, Starbucks and Microsoft.

Alkmari was previously general manager of Amazon streaming service Freevee (formerly IMDb TV), and at Facebook (now Meta), where he led product development for Facebook Watch. He also launched an enterprise-grade streaming service for AWS in an earlier position.

Girotto and Alkarmi are “powerhouses in their respective fields,” said Vimeo CEO Anjali Sud in a LinkedIn post. “They are also awesome humans, the kind you want to climb the highest mountain with.”

— Microsoft corporate vice president Sam George is retiring after 25 years with the tech giant. “I’ve achieved everything I set out to do and have enough to enjoy a simple life now,” he said in a LinkedIn post.

George was previously corporate vice president of Azure IoT for two years, and had other roles as a general manager, program manager and software developer.

George said he will take some time for family, friends, and woodworking. “When it is time to innovate again, I plan on finding a way of contributing to solving climate change,” he said.

Denise Dettore (left) and Jack Gold. (Absci Photos)

— Absci hired Denise Dettore as chief people officer and Jack Gold as chief marketing officer. Both are newly-created positions for the Vancouver, Wash.-based biotech company.

Dettore was previously at BeiGene, where she was most recently co-global head of human resources, and has held human resources roles at Jazz Pharmaceuticals and Genentech. Gold was previously chief marketing officer at Zymergen; prior to that he served at Nike for 21 years, most recently as senior marketing director for Dick’s Sporting Goods.

— Amazon hired Sean Simpson as principal portfolio manager for its new $1 billion Industrial Innovation Fund, which backs companies developing customer fulfillment, logistics and supply chain technologies. Simpson’s previous roles include director at WIND Ventures and investment manager at GM Ventures.

— Recruiting startup SeekOut hired Claire Fang as its first chief product officer, six months after raising $115 million and joining the ranks of Seattle unicorns. Fang, trained as an electrical and computer engineer, was previously chief product officer at Qualtrics, and also has held product management roles at Facebook (now Meta) and Microsoft.

Brian McClain will become interim chief financial officer of streaming audio pioneer RealNetworks, replacing Christine Chambers. Chambers will leave the position July 31 to pursue a new opportunity, according to a regulatory filing.

McClain, who was previously CFO of computer security company Pelco, is slated to serve until Nov. 5. McClain previously also held executive positions at LOUD Audio and aerospace company Centrix.

— Mark Cranney, a limited partner at GTMFund and a former operating partner at Andreessen Horowitz, has joined the board of directors at TEAL, a programmable IoT and private network services startup.

Thu, 14 Jul 2022 11:32:00 -0500 Charlotte Schubert en-US text/html https://www.geekwire.com/2022/tech-moves-vimeo-hires-seattle-execs-microsoft-corporate-vp-retires-and-more/
AZ-204 exam dump and training guide direct download
Training Exams List