Completely free MB-300 exam braindumps are provided by killexams.com
If you will not get your exam pass by studying just MB-300 course books and eBooks, Visit killexams.com and download MB-300 Latest Questions. You can download 100% free Questions and Answers to evaluate before you purchase full variety. This will demonstrate your best decision toward success. Just memorize the MB-300 Questions and Answers, practice with VCE exam simulator and the work is done.
Exam Code: MB-300 Practice test 2023 by Killexams.com team MB-300 Microsoft Dynamics 365 - Core Finance and Operations Skills Measured
Use common functionality and implementation tools (20-25%)
Identify common Microsoft Dynamics 365 Finance features and functionality
• determine when to use workspaces
• identify use cases for Power Platform apps including Power Apps, Power BI and Microsoft Flow
• identify and differentiate between the global address book and other address books
• demonstrate Work Items functionality
• demonstrate Microsoft Dynamics 365 Finance navigation techniques
• identify Inquiry and Report types available in a default installation
Implement Lifecycle Services (LCS) tools
• identify opportunities to re-use existing assets
• analyze Business Process Modeler results and identify gaps in functionality
• including creating an Acceptance Testing BPM library and analyzing the results
• use the LCS tools including Issue Search and analyze results
Configure security, processes, and options (45-50%)
• identify and distinguish between the various standard security roles in Finance and Operations
• distinguish between duties, privileges, and permissions
• assign users to security roles based on given scenarios
Design and create workflows
• identify opportunities for automation and controls based on customer workflows
• configure workflow properties and elements
• troubleshoot workflows
• set up and configure legal entities
• configure base number sequences
• import or create all necessary startup data including Zip/Postal Code data, customers,vendors, and products
• configure the calendars and date intervals
• configure units of measure and conversions
• configure posting profiles and definitions
• create organization hierarchies
• apply purposes and policies
• describe and apply user options
Implement Microsoft Dynamics 365 Finance common features
• configure Microsoft Office integration with Microsoft Dynamics 365 Finance
• configure email (SMTP/Exchange)
• create and maintain email and record templates
• integrate Power BI with Entity store
• create, export, and import personalizations
• set up network printing
Implement business processes for the solution
• define use case scenarios
• participate in phase-based planning processes and the solution design
• design and create workflows
• set up batch Jobs and alerts
• use business process workspaces
Perform data migration (15-20%)
Plan a migration strategy
• identify common migration scenarios and tools in Microsoft Dynamics 365 Finance
• determine migration scope
• identify relevant data entities and elements based on given scenarios
• establish migration strategy processes including migration scope
Prepare data for migration and migrate data
• identify and extract source data
• generate field mapping between source and target data structures
• support the transition between the existing and migrated systems
• perform a test migration and validate output from the process
Validate and support the solution (15-20%)
Implement and validate the solution within Microsoft Dynamics 365 Finance
• perform user acceptance testing (UAT)
• prepare and validate to Go live
• build test scripts to test business functionality
• automate test case automation by using the Regression Suite Automation Tool (RSAT)
• demonstrate the correlation between test scripts and business requirements
• monitor validation test progress and make ad hoc changes during validation testing to correct identified issues
Support Application Lifecycle Management (ALM) by using LCS
• perform a solution gap analysis
• use LCS tools to identify, report, and resolve issues
• manage Microsoft Dynamics 365 One Version Microsoft Dynamics 365 - Core Finance and Operations Microsoft Operations information source Killexams : Microsoft Operations information source - BingNews
Search resultsKillexams : Microsoft Operations information source - BingNews
https://killexams.com/exam_list/MicrosoftKillexams : Microsoft wants to micromanage its energy consumption
For more crisp and insightful business and economic news, subscribe to The Daily Upside newsletter. It's completely free and we guarantee you'll learn something new every day.
Microsoft wants its computers to stop blowing through so much energy.
The company filed a patent application for a "sustainability-aware" system for device behavior management. The system would determine the actions taken by a computing device by considering their impact on the energy grid.
Microsoft's system first obtains what it calls "sustainability information" associated with an energy grid, such as how carbon-intense the action will be at a given time, and a variety of environmental factors, such as weather, temperature, and energy demand on the grid. It also collects and stores historical sustainability information.
With this information (and in some examples using an AI model), it churns out a sustainability forecast, and uses that forecast to manage device functionality by holding off on performing certain actions until they'd have a "comparatively lower environmental impact." The system also takes into account the tasks that need to be done and their priority when deciding what actions to put off. Microsoft said this avoids energy consumption during peak times which would have a higher environmental impact.
In practice, this could show up on the user end as a task scheduler requesting to put off downloads, software updates, backups or charging a device's battery. The sustainability forecast is updated periodically, and may change if the location of your device or IP address changes.
Along with reducing strain on the grid, Microsoft said its tech can manage behavior in a way that lengthens hardware lifespan, thereby avoiding e-waste and reducing carbon emitted in the manufacturing of a new device.
Microsoft is no stranger to environmental goals. On the patent side, the company filed an application for a carbon capture system that works to reduce emissions from its data centers. And carbon capture tech is just a piece of the company's ambitious goal to go carbon-negative by 2030, and remove the equivalent of its historical emissions by 2050.
While the patent details delaying actions such as downloading, charging and system updates that are typically associated with personal computers, inventions in patents are often intended to cover a far wider scope than the examples within them. With that in mind, Microsoft's tech could be put into practice in data centers, said Dr. Dan Stein, founder and director of climate giving consultancy Giving Green.
Microsoft's tech could hold off certain data center operations until times of day when clean energy is readily available, said Stein, whether it be from the energy grid or from its own sources of renewable energy. Given that data centers accounted for roughly 1.3% of energy consumption globally in 2022, according to the International Energy Agency, Microsoft keeping its own data centers in check in this way could help it make progress toward its broader goals.
"The idea is, if you could anticipate when there's going to be clean energy, and there are certain highly computational intensive tasks that you have a choice of when you're going to them, you would just do them at the right time," said Stein.
The question of how much this could help is still up in the air, said Stein, as some actions likely can't be delayed depending on safety and user demand times. However, Microsoft's filing is one example of a type of energy conservation that's being discussed and implemented far beyond tech companies, extending to household appliances, utilities and basically every other operation that uses up energy, said Stein.
"The energy nerds call it demand shaping," said Stein. "It's getting the demand to be when we have access to clean electricity."
Thu, 17 Aug 2023 05:00:00 -0500Nat Rubio-Licht from The Daily Upsideentext/htmlhttps://www.fool.com/investing/2023/08/17/microsoft-wants-to-micromanage-its-energy-consumpt/Killexams : AFRY — An Integrated Single Source Of Truth Across IT, OT And ET
The convergence of information technology (IT) with operational technology (OT) and engineering technology (ET) is a crucial enabler for digital transformation in companies, particularly asset-intensive industries such as mining and manufacturing. We can see this in the partnership between AFRY, a leader in engineering design and advisory services, and Infosys, a leader in next-generation digital services and consulting.
This article focuses on AFRY’s process industry business and how the two companies partnered to deliver an IT-OT-ET integrated "single source of truth," assuring data integrity from the time of initial engineering and construction and across all the plant lifecycle stages, speeding the ability to ramp up to design capacity, eliminate delays due to engineering rework and costly design fixes, reduce unplanned downtime and Boost overall plant performance and productivity.
AFRY is a trailblazer in a domain that has traditionally been slow in fully embracing the latest technological advances. As Kai Vikman, COO at AFRY, noted, "Successful IT-OT-ET integration is a clear prerequisite to reap the benefits of digital manufacturing at scale." He also believes that this will be an obligation with the new European Data Act calling for more harmonized rules on fair access to and use of data.
Getting started: The handover from construction to operations
The life span of a process plant in industries such as industrial chemical manufacturing is typically more than 50 years. Building such a plant is a complex multistep process, and its success will rely heavily on effective collaboration among all stakeholders covering multiple disciplines from process engineering to mechanical engineering to architecture to electrical and instrumentation to piping and construction.
After the plant is complete, there is a handover of information from the builder to the plant operator. The handover may involve millions of documents from multiple engineering, procurement and construction (EPC) contractors. Transferring relevant data in a format usable by the plant’s operations and maintenance is a challenge and a potential inhibiter that could add months or years to the schedule for making the plant fully operational.
The data involved in this process spans multiple disciplines. It might include the standard technical specifications, process and instrumentation and process flow diagrams, architectural designs and schematics, electrical circuit diagrams, instrumentation details or a 3-D model of the plan. Each of these elements adds to the complexity.
Leveraging global standards for data sharing and integration
IT-OT-ET integration plays a central role as a critical facilitator for many other systems and information integration. The key to success is information standardization, ensuring minimum effort to hand over information between parties. Infosys worked with AFRY to establish the standard guiding principles and class libraries from multiple industry standards and best practices, as no single standard could address the data integration challenges across the lifecycle. The approach uses ISO 15926 (“Integration of lifecycle data for process plants, including oil and gas production facilities”), a globally recognized standard for data sharing and integrating complex plant and project information.
ISO 15926’s Resource Description Framework (RDF) acts as a universal reference across disparate information systems, providing a neutral information layer with which any software application with an ISO 15926 adaptor can exchange data. It preserves the precise meaning of the data as it is being exchanged by referencing a data dictionary containing definitions of all objects and associated attributes within the plant. This ability for systems to exchange information with shared meaning by using universal standards is called semantic interoperability.
In a semantic implementation, data arrives pre-packaged with self-described context, and the receiving system can derive meaning from that data through a universal vocabulary. In this case, Infosys added data about the data (i.e., metadata) and linked each element to a controlled, shared vocabulary defined by ISO 15926.
Together with Infosys, AFRY has set up a sandbox environment integrating Virtual Site, a plant engineering system, SAP, the enterprise business planning system, and the Simatic platform, a plant automation system, to demonstrate new use cases. The structured data is implemented in an application server that binds the semantics to data based on the chosen standards to retrieve information in subsequent applications efficiently. The environment is currently set up on the Microsoft Azure platform but can be implemented on any on-premise or public cloud platforms. The unique contribution of the AFRY-Infosys partnership is the standardization and harmonization of data using the interoperability layer aligning to global standards.
Overall benefits of a single integrated source of truth
By integrating plant lifecycle data across the IT, OT and ET domains, Infosys and AFRY were able to build a single source of truth across the plant lifecycle—a digital twin of the entire plant. The digital twin is an exact digital representation of the physical plant and accurately reflects the state of the plant, including all of the information about work processes for operations and maintenance and engineering information.
Sharing integrated plant engineering data in the correct format between EPC companies and the plant operator reduced delays, rework, conflicts and change orders during the construction phase. Multidisciplinary engineering data simplified conformance to regulatory, environmental, safety and compliance standards.
For operations, a single source of information available at the right time, place and format led to significant improvements in long-term lifecycle performance and optimization, maximizing plant yield and efficiency. Safety information management with standardized processes, augmented by safe working training, led to fewer safety accidents and less lost time due to injury.
Effective maintenance management reduced unplanned downtime and a significant reduction in maintenance costs thanks to well-organized maintenance data and procedures, easy-to-find technical data sheets and ready access to spare parts. Deploying engineering data management as a shared data source to support digital solutions such as predictive maintenance resulted in improved productivity per technician and reductions in mean time-to-repair.
The challenges that AFRY is tackling are in a domain that has been hesitant and slow to embrace the latest technological advances fully. The result has been fragmentation, inadequate collaboration with suppliers and insufficient knowledge transfer information from project to project. For the longest time, plant engineering data has resided in silos.
When a problem occurs in the plant, it is hard for engineers, operations and maintenance people to access information and identify the cause. When changes occur, it takes way too long to update the other systems that need to know about the change. The result is that the systems people rely on don't have accurate or sufficient data. The industry needs a radical approach. If digitalization is the primary goal, interoperability is the means to achieve it, and interoperability requires standardization.
Transactional and business process information (from IT), the monitoring and analysis of industrial assets (OT) and the use of engineering design data (ET) are all essential for the proper day-to-day function of a process plant. The incremental value of the AFRY-Infosys partnership comes from creating interoperability among these domains when the IT-OT-ET data is brought together in a single source of truth as the foundation for a digital enterprise.
Moor Insights & Strategy provides or has provided paid (wish services to technology companies, like all tech industry research and analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, and video and speaking sponsorships. The company has had or currently has paid business relationships with 8×8, Accenture, A10 Networks, Adobe, Advanced Micro Devices, Amazon, Amazon Web Services, Ambient Scientific, Ampere Computing, Analog Devices, Anuta Networks, Applied Brain Research, Applied Micro, Apstra, Arm, Aruba Networks (now HPE), Atom Computing, AT&T, Aura, Avaya Holdings, Automation Anywhere, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, C3.AI, Calix, Cadence Systems, Campfire, Cisco Systems, Clear Software, Cloudera, Clumio, Cohesity, Cognitive Systems, CompuCom, Cradlepoint, CyberArk, Dell, Dell EMC, Dell Technologies, Diablo Technologies, Dialogue Group, Digital Optics, Dreamium Labs, D-Wave, Echelon, Elastic, Ericsson, Extreme Networks, Five9, Flex, Fortinet, Foundries.io, Foxconn, Frame (now VMware), Frore Systems, Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud, Graphcore, Groq, Hiregenics, Hotwire Global, HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, HYCU, IBM, Infinidat, Infoblox, Infosys, Inseego, IonQ, IonVR, Inseego, Infosys, Infiot, Intel, Interdigital, Intuit, Iron Mountain, Jabil Circuit, Juniper Networks, Keysight, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, Lightbits Labs, LogicMonitor, LoRa Alliance, Luminar, MapBox, Marvell Technology, Mavenir, Marseille Inc, Mayfair Equity, MemryX, Meraki (Cisco), Merck KGaA, Mesophere, Micron Technology, Microsoft, MiTEL, Mojo Networks, MongoDB, Movandi, Multefire Alliance, National Instruments, Neat, NetApp, Netskope, Nightwatch, NOKIA, Nortek, Novumind, NTT, NVIDIA, Nutanix, Nuvia (now Qualcomm), NXP, onsemi, ONUG, OpenStack Foundation, Oracle, Palo Alto Networks, Panasas, Peraso, Pexip, Pixelworks, Plume Design, PlusAI, Poly (formerly Plantronics), Portworx, Pure Storage, Qualcomm, Quantinuum, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Renesas, Residio, Rigetti Computing, Ring Central, Salseforce.com, Samsung Electronics, Samsung Semi, SAP, SAS, Scale Computing, Schneider Electric, SiFive, Silver Peak (now Aruba-HPE), SkyWorks, SONY Optical Storage, Splunk, Springpath (now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, Telesign,TE Connectivity, TensTorrent, Tobii Technology, Teradata,T-Mobile, Treasure Data, Twitter, Unity Technologies, UiPath, Verizon Communications, VAST Data, Veeam, Ventana Micro Systems, Vidyo, Volumez, VMware, Wave Computing, Wells Fargo, Wellsmith, Xilinx, Zayo, Zebra, Zededa, Zendesk, Zoho, Zoom, and Zscaler.
Sun, 20 Aug 2023 08:53:00 -0500Patrick Moorheadentext/htmlhttps://www.forbes.com/sites/patrickmoorhead/2023/08/20/afry---an-integrated-single-source-of-truth-across-it-ot-and-et/Killexams : Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information.
Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by over 500 manufacturers.
Microsoft researchers specializing in the security of cyberphysical systems have discovered a total of 16 vulnerabilities in Codesys Control V3 versions prior to 126.96.36.199. The security holes were reported to Codesys in September 2022 and patches were announced in April 2023.
All of the vulnerabilities have been assigned a ‘high severity’ rating. They can be exploited for denial-of-service (DoS) attacks or for remote code execution (RCE).
Threat actors could exploit them to target programmable logic controllers (PLCs) and other ICS devices using Codesys software. Microsoft’s research focused on PLCs made by Schneider Electric and Wago.
While exploitation of the vulnerabilities requires authentication, the researchers showed how hackers could exploit older Codesys flaws, such as CVE-2019-9013, to achieve this.
“While exploiting the discovered vulnerabilities requires deep knowledge of the proprietary protocol of Codesys V3 as well as user authentication (and additional permissions are required for an account to have control of the PLC), a successful attack has the potential to inflict great damage on targets,” Microsoft explained.
Advertisement. Scroll to continue reading.
It added, “Threat actors could launch a DoS attack against a device using a vulnerable version of Codesys to shut down industrial operations or exploit the RCE vulnerabilities to deploy a backdoor to steal sensitive data, tamper with operations, or force a PLC to operate in a dangerous way.”
Thu, 10 Aug 2023 23:46:00 -0500Eduard Kovacsen-UStext/htmlhttps://www.securityweek.com/microsoft-discloses-codesys-flaws-allowing-shutdown-of-industrial-operations-spying/Killexams : China hacks the US military and government — the Feds blame MicrosoftNo result found, try new keyword!The other hack, malware that targeted military infrastructure, was discovered in May when Microsoft found odd-looking code in telecommunications systems in Guam. The discovery worried US officials, ...Wed, 16 Aug 2023 18:59:00 -0500entext/htmlhttps://www.computerworld.com/Killexams : A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China
Symantec's discovery isn't actually the first time that Cobra DocGuard has been used to distribute malware. Cybersecurity firm ESET found that in September of last year a malicious update to the same application was used to breach a Hong Kong gambling company and plant a variant of the same Korplug code. ESET found that the gambling company also had been breached via the same method in 2021.
ESET pinned that earlier attack on the hacker group known as LuckyMouse, APT27, or Budworm, which is widely believed to be based in China and has for more than a decade targeted government agencies and government-related industries, including aerospace and defense. But despite the Korplug and CobraGuard connections, Symantec says it's too early to link the wider supply chain attack it has uncovered to the group behind the previous incidents.
“You can't rule out the idea that one APT group compromises this software, and then it becomes known that this software is vulnerable to this kind of compromise, and somebody else does it as well,” says Symantec's O'Brien, using the term APT to mean “advanced, persistent threat,” a common industry term for state-sponsored hacker groups. “We don't want to jump to conclusions.” O'Brien notes that another Chinese group, known as APT41 or Barium, has also carried out numerous supply chain attacks—perhaps more than any other team of hackers—and has used Korplug, too.
To add to the attack's stealth, the CarderBee hackers managed to somehow deceive Microsoft into lending extra legitimacy to their malware: They tricked the company into signing the Korplug backdoor with the certificates Microsoft uses in its Windows Hardware Compatibility Publisher program to designate trusted code, making it look far more legit than it is. That program typically requires a developer to register with Microsoft as a business entity and submit their code to Microsoft for approval. But the hackers appear to have obtained a Microsoft signature through either developer accounts they created themselves or obtained from other registered developers. Microsoft didn't respond to WIRED's request for more information on how it ended up signing malware used in the hackers' supply chain attack.
Malware that's signed by Microsoft is a long-running problem. Getting access to a registered developer account represents a hurdle to hackers, says Jake Williams, a former US National Security Agency hacker now on faculty at the Institute for Applied Network Security. But once that account is obtained, Microsoft is known to take a lax approach to vetting registered developers' code. “They typically sign whatever you, as the developer, submit,” Williams says. And those signatures can, in fact, make malware far harder to spot, he adds. “So many folks, when they threat-hunt, they start by exempting things that are signed by Microsoft,” Williams says.
That code-signing trick, combined with a well-executed supply chain attack, suggests a level of sophistication that makes CarderBee uniquely worthy of tracking, says Symantec's O'Brien—even for those outside of its current targeting in Hong Kong or Chinese neighbor countries. Regardless of whether you’re in China’s orbit, says O’Brien, “it’s certainly one to look out for.”
Mon, 21 Aug 2023 22:00:00 -0500en-UStext/htmlhttps://www.wired.com/story/carderbee-china-hong-kong-supply-chain-attack/Killexams : Microsoft: Critical CODESYS Flaws Could Shut Down Power Plants
Microsoft researchers have identified multiple high-severity vulnerabilities that could enable threat actors to shut down power plants.
The flaws were discovered within the CODESYS software development kit (SDK), which is widely used to program and engineer programmable logic controllers in industrial operational technology (OT) systems in sectors like manufacturing and energy.
All versions of CODESYS V3 SDK prior to 188.8.131.52 are affected by the 15 bugs, which were listed in a Microsoft blog post published on August 10, 2023.
The Microsoft’s cyberphysical systems research team said that exploitation of the discovered vulnerabilities could put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS).
A DoS attack against a device using a vulnerable version of CODESYS could enable attackers to shut down a power plant, according to the researchers. In addition, threat actors could tamper with operations, cause a PLC to run in an unusual way, or steal critical information by deploying a backdoor via an RCE.
The researchers acknowledged that exploitation is difficult, with attackers requiring user authentication alongside “deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses.”
Microsoft said it reported the latest discovery to CODESYS in September 2022 and worked with the firm to develop patches.
CODESYS customers have been urged to apply these fixes as soon as possible. Microsoft recommended that they first identify the devices using CODESYS in their network before checking with device manufacturers to determine which version of the CODESYS SDK is used and whether a patch is available.
To assists with this process, the Microsoft cyberphysical system research team has released an open-source software tool on GitHub that allows users to communicate with devices in their environment that run CODESYS and extract the version of CODESYS on their devices in a safe manner to confirm if their devices are vulnerable.
Sun, 13 Aug 2023 21:32:00 -0500en-gbtext/htmlhttps://www.infosecurity-magazine.com/news/microsoft-codesys-flaws-power-plant/Killexams : Tech Takes Diverse Approaches to Sustainability Including Net Zero Carbon by 2030
How is the tech sector addressing its carbon footprint, including the data centers that feed it, the coding that defines it, as well as AI, wireless throughput and other energy-intensive processes that populate it? The sustainability efforts of Apple, Google, Cisco and other tech companies are explored.
That percentage is also approximately the same as produced by the airline industry, and a little less than the entire energy from the manufacture of fertilizers, pharmaceuticals, refrigerants, oil and gas extraction, which produce approximately 3.6% of carbon emissions worldwide.
Of the 1,325 enterprises that responded to EY’s Reimagining Industry Futures Study, published in February 2023, 54% said emerging technologies can play a vital role in accelerating sustainability. 41% said they believe these technologies can play a largely positive role but also present some risks. Only 4% believe their potentially detrimental impact would outweigh their positive impact.
SEE:Sustainabilitytops Gartner’s 2023 strategic tech trends list (TechRepublic)
“One of the things I would highlight is that the tech industry has been very forward on the sustainability agenda,” said John Grant, sustainability expert, author and co-founder and former head of strategy at London creative shop St Luke’s.
“Companies including Microsoft have said they are going to remit all the carbon they have ever emitted historically,” he said, adding that Spotify is also a big investor in carbon removal technology. “Generally, tech companies are trying to be really good actors in this space.”
Net zero, carbon neutral, carbon free or carbon negative?
The World Economic Forum defines net zero pretty much the way it sounds: taking out what you put into the atmosphere, or as the WEF puts it, “Carbon dioxide emissions are still generated, but an equal amount of carbon dioxide is removed from the atmosphere as is released into it, resulting in zero increase in net emissions.”
Carbon neutral or carbon free, similar but…
Some disambiguation from Energy Tracker Asia helps: The regional energy guide describes carbon neutral as a balancing act between greenhouse gas emissions through offsetting an equivalent amount of carbon from the atmosphere, usually through buying carbon credits.
SEE: How about hardware? Check out howsemiconductor makersare going beyond carbon offsets (TechRepublic)
Carbon free, a more challenging proposition, means directly reducing emissions to zero. “For example, if a country or company is carbon-free, all the energy and electricity comes from renewable sources, like wind or solar,” the group said, noting that Washington, California, New Mexico and Hawaii have carbon-free targets in place requiring 100% clean or renewable electricity.
How about carbon negative, which companies like Microsoft have committed to? Carbon offset company Terrapass explained in a blog that a carbon negative would mean, in theory, emitting less than zero carbon dioxide and carbon dioxide equivalent (CO2e) greenhouse gasses. “Since it is impossible to emit a negative amount of carbon (or any other physical substance), being carbon negative refers to the net emissions you create. To be carbon negative means to offset more carbon, through carbon capture, sequestration or avoidance, than you contribute to the environment.”
Scope 1,2, 3 carbon emission schedule
Many companies, tech and otherwise, adopted carbon-reduction targets based on the Scope 1, 2 and 3 carbon emission schedule (Figure B) from the U.S. Environmental Protection Agency. This three-part agenda defines emissions by government entities:
Scope 1: A company’s own emissions from on-site combustion, processes, transportation, etc.
Scope 2: Indirect emissions from the sources of generated power consumed by a company.
Scope 3: Emissions associated with water treatment, employee travel and waste disposal.
Google investing in carbon removal solutions
In 2020, Google’s CEO Sundar Pichai announced the company would commit to operating on 24/7 carbon-free energy by 2030. The company has approached sustainability from several fronts, including applying AI to search in order to provide carbon-emissions data to travelers. In addition, Google plans to invest in carbon removal solutions to neutralize emissions with a goal of running on carbon-free energy worldwide on every grid it uses by 2030.
The company reported that last year it achieved 64% carbon-free energy globally. The company said it consumed around 7 GW of renewable energy globally last year (Figure C).
Grant pointed out that Google managed to drop the energy used to cool its data centers by up to 40% by using AI developed by DeepMind, and for years has been buying renewable energy from wind farms physically close to its data centers. He added, “These are key projects Google is including in its calculation of how to reduce their carbon emissions.”
Microsoft launched Cloud for Sustainability, cut operational emissions
Microsoft, which set its first carbon emission goals in 2009 and was carbon neutral in 2012, committed in 2020 to being carbon negative by 2030. They said that by 2030 it will remove more carbon than it emits, “Setting us on a path to remove by 2050 all the carbon the company has emitted either directly or by electrical consumption since it was founded.”
It had decreased its carbon footprint by over 45% since 2015.
It had directed over 40,000 metric tons of electronic scrap toward recycling.
20% of all materials shipped in its products came from recycled sources. Apple said the majority of aluminum in its products are recycled, and that it employs a new, zero-carbon smelting process.
“Apple is one of the most aggressive companies in the world in terms of reclaiming minerals,” said Grant. “However, while they are using their Daisy robots to grind up phones to reclaim the component materials, there are numerous regulations preventing e-waste from being moved across borders. So the collection and delivery of materials is proving very difficult,” he said. This year, Apple pledged to use 100% recycled cobalt batteries by 2025.
Cloud and security firms looking to greener processes
Most cloud, software-as-a-service and security firms are looking at ways to reduce their hardware and server farm footprints through renewable sources of energy and recycling plans, partnerships and consumer programs. Below we focus on efforts from Cisco, Akamai, WithSecure and Gigamon.
90% reduction in Scope 1 and 2 greenhouse emissions by 2025. Cisco said it would neutralize any remaining emissions by removing an equal amount from the atmosphere.
30% reduction in Scope 3 emissions from purchased goods and services, upstream transportation and distribution and use of sold products by 2030.
Net zero greenhouse gas emissions across its value chain by 2040.
Akamai aims for 100% renewable energy and waste recycling
In 2021, cloud services and web security company Akamai Technologies said 50% of its energy needs had already been met by renewable sources. Akamai also announced 2030 sustainability goals toward 100% renewable energy at data centers, offices, network program partners and other sources of electricity, and said it will use “attestable and traceable sources of renewable energy certificates” to reach them.
One focus is on efficiency of its edge platform, which Akamai characterized as its greatest point of energy consumption, comprising approximately 325,000 servers in more than 135 countries and nearly 1,435 networks around the world as of 2021. In addition, Akamai announced a global expansion of its 100% electronic waste recycling program.
WithSecure launches W/Sustainability initiative
Earlier this year, threat intelligence and response firm WithSecure launched W/Sustainability, designed to make sustainability and transparency part of its strategy and operations, including a green coding initiative to lower energy consumed by software.
Are ecommerce and cloud services like eBay and AWS inherently sustainable?
Grant asserted that the business models of ecommerce and cloud services companies like eBay and AWS are inherently green because they are marketing their spare capacity. He said, for example, that Amazon’s web service came about because the company was sitting on huge unused capacity, and therefore unnecessary energy costs on unused service.
“AWS was invented, to some extent, because they needed so much capacity at peak moments that they were not using 80% of their service at other times,” he said. “So, renting some of that spare capacity out to people that didn’t have the same peaks that they did made a lot of sense. And that is actually a sustainability business model — it’s like a service economy rental that takes some amount of physical resources and passes it around. So, if I were counting Amazon’s carbon footprint, I’d put a big tick in the margin for that on the positive side. It’s a commercial and sustainable win-win.”
Thu, 17 Aug 2023 15:34:00 -0500en-UStext/htmlhttps://www.techrepublic.com/article/tech-takes-diverse-approaches-sustainability-including-net-zero-carbon/Killexams : ABB and Microsoft bring generative AI to industrial applicationsNo result found, try new keyword!Automation and electrification certified ABB is tapping into Microsoft Azure OpenAI Service to bring Generative AI to industrial ...Wed, 16 Aug 2023 11:10:09 -0500en-ustext/htmlhttps://www.msn.com/Killexams : Microsoft Hires AWS's Puneet Chandok To Lead India Operations
Microsoft CorpMSFT has announced the appointment of Puneet Chandok as Corporate Vice President of Microsoft India and South Asia, effective from September 1, 2023.
Chandok will assume operational responsibilities from Anant Maheshwari and will oversee the integration of Microsoft's businesses across South Asia, including Bangladesh, Bhutan, Maldives, Nepal, and Sri Lanka.
This move aims to boost the company’s presence in the region while deepening its focus on key industries through a customer-centric approach with generative AI at its core, according to the press release issued by Microsoft.
Ahmed Mazhari, President Microsoft Asia, expressed delight at Chandok’s appointment, citing his strong track record of building and growing technology businesses and leveraging technology to deliver impact and change.
Puneet joins Microsoft from Amazon Web Services, where he led the company's India and South Asia businesses, working closely with enterprises, digital businesses, startups, and SMBs to help them reduce technical debt, bring in agility, and innovate.
Akamai’s ransomware report released at Black Hat 2023 revealed that exploitation of zero-day and one-day vulnerabilities has led to a 143% increase in total ransomware victims with data exfiltration of files at the end of the kill chain, now the primary source of extortion.
LockBit in the lead, CL0P in 2nd
The report, Ransomware on the Move, looked at how exploitation techniques are evolving — including attackers’ sharpened focus on zero-day vulnerabilities. It showed how victims of multiple ransomware attacks were more than six times more likely to experience the second attack within three months of the first attack.
The authors from Akamai’s Security Intelligence Group reviewed data from the fourth quarter of 2021 to the second quarter of 2023. The authors reported that LockBit ensnared around 39% of all victim organizations tracked by Akamai, which said LockBit’s victim count is three times that of its nearest competitor, the CL0P group. Number three in volume of victims, ALPHV, aka Black Cat, focused its efforts on developing and exploiting zero-day points of entry (Figure A).
Top ransomware groups by victim count. Image: Akamai
Anthony Lauro, director of security technology and strategy at Akamai, explained that LockBit looks for high value targets with zero day vulnerabilities that companies can’t fix quickly. They tend to target and retarget these organizations and the sectors — like manufacturing and technology for example — where security operations are lagging, generally. Also, he explained, malware writers can choose tools and services from a growing dark ecosystem.
Two clear trends show how threats are evolving
The report spotlighted two trends that speak to how large groups — with reach and breadth of products including RaaS — have a stable growth and smaller groups focus on opportunities as they arise:
The first is exemplified by LockBit, characterized by a steady count of 50 victims per month, and activity seems tied to its number of affiliates and its resources.
The second, typified by groups like CL0P, feature spikes in activity from abusing critical zero-day vulnerabilities as they appear, and highly targeted security flaws.
“Malware writers can now split off operations, which is a change,” said Lauro. “It used to be that the attackers were a single entity or group that would be responsible for malware payload delivery, exploitation and follow up.” He added that, because of the open nature of the malware marketplace, groups like LockBit and Cl0P have been able to co-opt others to perform various tasks in the supply kill chain.
ALPHV: Rust never sleeps
Lauro said within the tactics found more often in the second trend group, “Are the tried and true methodologies, like Windows system vulnerabilities that are not necessarily high severity because these systems aren’t usually available to outside queries. Attackers can still access them. So, there are two major trends: spreading the victim base across easy targets and tactics and ones leveraging CVE and zero days looking at big players as targets.”
ALPHV, for example, second on Akamai’s list of attackers in terms of victim volume, uses the Rust programming language to infect both Windows and Linux systems. Akamai said the group exploited vulnerabilities in Microsoft Exchange server to infiltrate targets.
According to Akamai, the group spoofed a victim’s website last year (using a typosquatted domain). The new extortion technique included publishing the stolen files and leaking them on their website in order to tighten the thumbscrews on victims and encourage ransom payment.
Mid-sized organizations are the ‘Goldilocks zone’ for threat actors
In Akamai’s study, 65% of targeted organizations had reported revenue of up to $50 million dollars, while those worth $500 million dollars and up constituted 12% of total victims, according to Akamai. They also reported that the ransomware data used was collected from the leak sites of approximately 90 different ransomware groups.
Let’s call it ‘Cyberfracking’
If you had invested in a natural gas mining operation, you might “accidentally on purpose” reach out sideways to assets under other peoples’ lawns once you’d tapped out the target. LockBit attackers are likewise reaching out to victim’s customers, informing them about the incident and employing triple extortion tactics with the inclusion of Distributed Denial-of-Service attacks.
Lauro said different stages of exploitation and delivery and execution are the first two steps. Defense is predicated on edge defense elements like visibility, but the rest of it is after the fact, moving laterally and tricking systems, or making requests that look like a “friendly” — all inside the network.
“Once you’re inside most organizations are wide open, because as then, an attacker I don’t have to obtain special toolkits; I can use installed tools. So there is a lack of good localized network security. We are finding more and more environments in bad shape in terms of internal visibility and over time,” he said.
CL0P for a day … a zero day
CL0P, which is number three in terms of its volume of victims over the course of Akamai’s observation period, tends to abuse zero-day vulnerabilities in managed file transfer platforms. Akamai said the group exploited a legacy file transfer protocol that has been officially out of date since 2021, as well as a zero-day CVE in MOVEit Transfer to steal data from several organizations.
“It is worth noting how CL0P has a relatively low victim count until its activity spikes whenever a new zero-day vulnerability is exploited as part of its operation,” said the Akamai report authors. “And unlike LockBit, which has a semblance of consistency or pattern, CL0P’s attacks are seemingly tied to the next big zero-day vulnerability, which is hard to predict (Figure B).” Figure B
LockBit: a turnkey solution
Akamai noted that LockBit, whose website looks like a legitimate web concern, is touting new tools and even a bug bounty program in its latest 3.0 version. Just like white hats, the group is inviting security researchers and hackers to submit bug reports in their software for rewards ranging up to $1 million.
Akamai noted that while the bug bounty program is principally defensive, “It’s unclear if this will also be used to source vulnerabilities and new avenues for LockBit to exploit victims.” (Figure C). Figure C
On its site, LockBit seeks ethical AND Unethical hackers. Source: Akamai via Bleeping Computer.
Manufacturing, health care in hot seat
Of all vertical industries, manufacturing saw a 42% increase in total victims during the period Akamai investigated. LockBit was behind 41% of overall manufacturing attacks.
The health care vertical saw a 39% increase in victims during the same period, and was targeted primarily by the ALPHV (also known as BlackCat) and LockBit ransomware groups.
Akamai’s recommendations on lessening the chance of attack and mitigating the effects of an incursion include adopting a multilayered approach to cybersecurity that includes:
Network mapping to identify and isolate critical systems and limit network access in and out to put fences up in the face of threat actors’ efforts at lateral movement.
Patch, patch, patch: update software, firmware and operating systems.
Tale snapshots: maintain regular offline backups of critical data and establish an effective disaster recovery plan.
Develop and regularly test an incident response plan that outlines the steps to be taken in case of a ransomware attack. This plan should include clear communications channels, roles and responsibilities and a process for engaging law enforcement and cybersecurity experts.
Train, and train again: Don’t give employees, vendors and suppliers access to organizational sites or systems until they’ve had (regular) cybersecurity awareness training on phishing attacks, social engineering and other ransomware vectors.
If you see something, say something: Encourage employees and stakeholders to report suspicious activities.
Defense is best offense
Defense tactics, according to Akamai, should include:
Blocking exfiltration domains
Limit access to services that can be abused for data exfiltration by either using solutions that block known malicious url and DNS traffic, or by using solutions or controls that allow blocking access to specific domains.
Hang those honey-coated fly strips
Honeypots: use them. Akamai said they can help trap probing attackers, luring them into servers where their activities can be monitored
Scan and scan again
Use an intrusion detection system to do suspicious network scans. Akamai noted that attackers use identifiable tools to finger targets within an organization’s network. You can detect them.
Check passports at the gate
Akamai suggests using tools for inspection of outgoing internet traffic to block known malware C2 servers. “Solutions must be able to monitor your entire DNS communications in real time and block communications to malicious domains, preventing the malware from running properly and accomplishing its goals,” the firm said.