Monthly Archives: March 2017

Google Increases Bug Bounty Payouts by 50% and Microsoft Just Doubles It!

Well, there’s some good news for hackers and bug bounty hunters!

Both tech giants Google and Microsoft have raised the value of the payouts they offer security researchers, white hat hackers and bug hunters who find high severity flaws in their products.

While Microsoft has just doubled its top reward from $15,000 to $30,000, Google has raised its high reward from $20,000 to $31,337, which is a 50 percent rise plus a bonus $1,337 or ‘leet’ award.

In past few years, every major company, from Apple to P*rnHub and Netgear, had started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get rewarded.

 

But since more and more bug hunters participating in bug bounty programs at every big tech company, common and easy-to-spot bugs are hardly left now, and if any, they hardly make any severe impact.

Sophisticated and remotely exploitable vulnerabilities are a thing now, which takes more time and effort than ever to discover.

 

Google Increases Bug Bounty Payouts by 50% and Microsoft Doubles It!

 

So, it was needed to encourage researchers in helping companies find high-severity vulnerabilities that have become harder to identify.

Until now, Google offered $20,000 for remote code execution (RCE) flaws and $10,000 for an unrestricted file system or database access bugs. But these rewards have now been increased to $31,337 and $13,337, respectively.

For earning the top notch reward of $31,337 from the tech giant, you need to find command injections, sandbox escapes and deserialization flaws in highly sensitive apps, such as Google Search, Chrome Web Store, Accounts, Wallet, Inbox, Code Hosting, Google Play, App Engine, and Chromium Bug Tracker.

Types of vulnerabilities in the unrestricted file system or database access category that can earn you up to $13,337 if they affect highly sensitive services include unsandboxed XML eXternal Entity (XXE) and SQL injection bugs.

Since the launch of its bug bounty program in 2010, Google has paid out over $9 Million, including $3 Million awarded last year.

Microsoft has also increased its bug bounty payouts from $20,000 to $30,000 for vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF), unauthorized cross-tenant data tampering or access (for multi-tenant services), insecure direct object references injection, server-side code execution, and privilege escalation bugs, in its Outlook and Office services.

Both the tech giants are trying their best to eliminate any lucrative vulnerability or backdoor into their software and products to avoid any hacking attempts and make them more secure.

Hackers will get the payout reward after submitting the vulnerabilities along with a valid working proof-of-concept.

So, what are you waiting for? Go and Grab them all!

 

via:  thehackernews

Microsoft hit with second cloud disruption in two weeks

Office 365, OneDrive, Xbox among services impacted a week after Azure Storage went down.

A handful of hosted Microsoft services, including Office 365 SaaS apps, OneDrive cloud storage and xBox Live platforms experienced an outage on Tuesday into Wednesday, according to Microsoft and services that track outages.

DownDetector.com found that Office 365 had elevated reported error rates on Tuesday afternoon ET. It’s unclear which Office 365 services or how many users were impacted though.

Microsoft confirmed on its @xBoxSupport Twitter account that customers were having trouble signing into the service on Tuesday evening ET. As of Wednesday morning ET, Microsoft reports that its OneDrive cloud storage system is experiencing error rates with some customers not being able to sign into the service.

screen shot 2017 03 22 at 10.17.45 am

Microsoft

Microsoft’s Office 365 Status Dashboard shows ongoing issues with customers signing into OneDrive on Wednesday morning ET.

The cause of these issues are unclear, but Microsoft does note that its Azure cloud storage service had “increased latency accessing Azure resources” and “login failures” on both Tuesday and Wednesday.

This all comes just a week after Azure’s storage service experienced increased error rates. That Azure storage disruption happened a week after a major AWS outage that took down many retail websites across the Internet.

 

via:  networkworld

Personal file-sharing apps use at work is Risky business

The unauthorized use of personal file-sharing apps at work is a growing problem that can no longer be swept under the rug and ignored.

The unauthorized use of personal file-sharing apps at work is a growing problem that can no longer be swept under the rug and ignored. On one hand these services, such as Dropbox and Google G Suite, can help employees to collaborate and share information.  On the other, they often lack adequate security controls. That means countless numbers of employees around the world who share company information through such platforms are inadvertently putting their organizations at risk of information security breaches and data loss. 

Most employees don’t realize the dangers that can arise from the unsanctioned use of personal file sharing services in the business environment. A survey conducted by M-Files found at least 50 per cent of employees have used unauthorized file sharing and sync solutions to share or store sensitive company information. 

The real problem is that when employees use consumer file sharing services to share company information that data is taken outside of the company’s IT environment, often onto external servers and where data’s privacy settings are beyond the control of the enterprise. This reality increases the risks of data leakage, security vulnerabilities, and ultimately damage to the business.

Why are employees using their personal file sharing apps at work?

The unauthorized use of personal file-sharing apps represents a battle between usability and security. Employees who use these services are sending a clear message: They cannot afford slowdowns or be expected to jump through perceived hoops to send and share information and files that enable them to do their jobs. If organizations do not provide the tools that employees need to share information and collaborate with internal and external entities – or if the processes are too difficult to use – then users will take matters into their own hands.

Said another way, the fact that unauthorized use of personal file sharing apps are gaining a foothold in organizations points to an unmet need.  Employees find these tools more accessible and easier to use than ones provided by their company. They want simple, intuitive solutions that are mobile friendly and more like the consumer apps they use in their personal lives. Unfortunately, too few companies have equipped their employees with enterprise software applications that meet that expectation. This in turn is fuelling the continued unauthorized, unsupported and unmonitored use of personal file-sharing apps in the workplace.

Corporate IT is not completely blind the problem. According to a recent ESG survey, an overwhelming 70 per cent of IT managers said they know or believe that their employees have business data residing within their personal file-sharing accounts. Apparently, they are ignoring the threat or don’t know how to effectively address the issue.

Some companies have tried implementing strict policies banning the use of these services, but these rules are difficult to enforce. Tracking information and documents in an increasingly mobile work environment is daunting, especially with the growing volume and variety of content being generated and stored in multiple business applications and cloud environments.

The reality is, trying to forbid employees from seeking alternatives is a losing proposition if the official, sanctioned software is not as good as the consumer options. Organizations need to balance security and data protection against their employees need for a simple solution for sharing documents and collaborating with individuals and businesses outside of their organization.

What’s the solution?

Clearly, a key to success for organizations looking to curb the use of unauthorized file sharing is to ensure that company-provided solutions are as simple to use as their personal apps. Give employees a solution that makes it easy for them to collaborate and share information, and it will take away the incentive for them to look elsewhere.

Fortunately, there are solutions that allow companies to maintain strict control over their information assets without stifling collaboration. Using the right technologies can provide employees with the convenience, ease of use and speed they demand, while IT managers retain control, visibility, and security.

That’s where enterprise content management (ECM) systems come into play. Next generation ECM solutions provide an intelligent yet easy-to-use approach that meets the usability needs of employees without compromising security and data governance. In other words, ECM systems provide the best of both worlds.

What’s more, modern ECM systems also provide organizations audit trails and granular, metadata-driven access controls that can enable companies to know who accessed what and when – and even block user accounts, if needed.

And there are other benefits as well.  For example, ECM solutions can deliver built-in version control and workflow capabilities to ensure employees have easy access to most up-to-date information. They also provide faster and more intuitive search capabilities that can be extended with integrations to business content residing within existing business systems and repositories. Businesses get the necessary levels of control and security they need for storing and sharing content – while employees benefit from using a collaboration tool that is just as easy to use as popular consumer-grade file-sharing platforms.

Of course technology can only do so much, there also needs to be awareness, education and training so that employees are knowledgeable about the dangers involved. Employees need to understand what tools they can and can’t use, and what information they can and can’t share. They need to know that unauthorized file sharing is risky business that can cause data security nightmares.

But to address the root of the problem, companies need to take proactive steps to provide an alternate solution that is equally fast and easy to use, but also provides the necessary levels of control and security – such as next generation ECM systems. 

After all, sharing files and other information with colleagues and clients should be easy and convenient. What it shouldn’t be is a security risk.

 

via:  itproportal

Patcher Ransomware Attacks macOS, Encrypts Files Permanently

Security researchers published details yesterday on a new ransomware for Mac, which calls itself “Patcher.” The file-encrypting ransomware program finds its way onto macOS systems through BitTorrent websites, masquerading as an Adobe Premiere CC or Office 2016 patcher. Intego’s malware research team has updated its VirusBarrier anti-virus definitions to detect all components of the ransomware, identified as OSX/Filecoderand OSX/Filecoder.fs.

What is the Infection Vector?

A torrent claiming to contain a patcher for Adobe Premiere CC 2017 or Office 2016 is the only delivery mechanism known so far. Macs running OS X 10.11.x El Capitan and macOS 10.12.x are at risk.

Patcher was found on the bittorrent site seedpeer[.]eu

Patcher does not appear to be concerned about where it runs or if any security software is present. The application is signed with a key that is not signed by Apple.

codesign -dv /Users/intego/Desktop/Office\ 2016\ Patcher.app
Executable=/Users/intego/Desktop/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher
Identifier=NULL.prova
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=507 flags=0x2(adhoc) hashes=11+3 location=embedded
Signature=adhoc
Info.plist entries=22
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=14
Internal requirements count=0 size=12

The bundle identifier “NULL.prova” was found in another application, named “prova,” which is similar in appearance.

prova application

codesign -dv /Users/intego/Desktop/prova.app
Executable=/Users/intego/Desktop/prova.app/Contents/MacOS/prova
Identifier=NULL.prova
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=411 flags=0x2(adhoc) hashes=8+3 location=embedded
Signature=adhoc
Info.plist entries=22
TeamIdentifier=not set
Sealed Resources version=2 rules=12 files=14
Internal requirements count=0 size=12

The prova application, designed to have the same or similar ransomware functionality, does not appear to be functional and may just have been a test run leading up to the currently discussed Patcher app.

According to the researchers, the application appears to be poorly coded as the window is transparent. A quick overview in the code confirms that it was written using Swift:

0000000100008098 dq 0x0000000000000040 ; DATA XREF=-[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate count]+4, -[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate setCount:]+4, sub_100001940+105, -[_TtC34Adobe_Premiere_Pro_CC_2017_Patcher11AppDelegate init]+105, sub_100001ee0+31, 0x100007460
00000001000080a0 dq __swift_FORCE_LOAD_$_swiftFoundation
00000001000080a8 dq __swift_FORCE_LOAD_$_swiftObjectiveC
00000001000080b0 dq __swift_FORCE_LOAD_$_swiftDarwin
00000001000080b8 dq __swift_FORCE_LOAD_$_swiftIOKit
00000001000080c0 dq __swift_FORCE_LOAD_$_swiftDispatch
00000001000080c8 dq __swift_FORCE_LOAD_$_swiftCoreGraphics
00000001000080d0 dq __swift_FORCE_LOAD_$_swiftAppKit
00000001000080d8 dq __swift_FORCE_LOAD_$_swiftCoreImage
00000001000080e0 dq __swift_FORCE_LOAD_$_swiftXPC
00000001000080e8 dq __swift_FORCE_LOAD_$_swiftQuartzCore
00000001000080f0 dq __swift_FORCE_LOAD_$_swiftCoreData

Code between the Adobe Premiere CC and Office 2016 applications are the same.

Patcher’s application window

Clicking the START button immediately starts the encryption process, and the window shows progress in 3 steps.

Progress window, step 0 of 3

Progress window, step 2 of 3

By the time the window shows step 2/3, an infected Mac will see its desktop loaded with text files. Of course, the progress window is just there to delay the user while all the files are encrypted in the background. Even if the application is quit at this point it will be too late, because when the text files appear on the desktop all of the contents in the Users folder is already encrypted. When the window shows step 2/3, it’s already done; step 3/3 never comes and the application just sits there indefinitely.

Any new data created while Patcher is running will not be encrypted by the ransomware. Patcher appears to focus only on data that was present when the application was first started.

The original data that was encrypted is deleted using rm, Patcher then attempts to wipe the free space on the drive with diskutil to make sure the original data is really gone. Luckily, the author made a mistake in the ransomware:

It tries to execute /usr/bin/diskutil, however the path to diskutil in macOS is /usr/sbin/diskutil.

This mistake may give a user the chance to recover some of the deleted data by using tools such as Data Rescue. If the ransomware is discovered promptly, which shouldn’t be a problem as the numerous text files on the desktop are a solid indicator that something is wrong, and the Mac is shut down, data recovery may have a chance. The longer the Mac is powered on, the greater the chances are the deleted files are overwritten.

It is also possible to interrupt Patcher simply by quitting the application. Patcher is very slow, taking a good 30 seconds to encrypt a 250MB video file, so it will need a decent amount of time to encrypt a typical user folder, which can be hundreds of gigabytes. If the user suspects the application is not working or is not what it claims to be, it can be closed and the encrypting of data will stop.

Where Does Filecoder Install?

Filecoder is a stand-alone application that does not install files on the system to keep itself alive after a restart. It simply takes your user home folder and encrypts everything in it. The application appears to disable itself, so it cannot be launched again. When it’s done disabling itself, it goes after any mounted network volumes and connected external drives. It leaves the system folder, library and applications folders alone, going only after files in the Users folder.

As soon as Patcher runs, the user will see text files popping up on the desktop and in other user home folders, with names like “README.txt” and “DECRYPT!.txt.” Opening these text files will present the following information:

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption method.

What do I do ?

So , there are two ways you can choose: wait for a miracle or start obtaining BITCOIN NOW! , and restore YOUR DATA the easy way
If You have really valuable DATA, you better NOT WASTE YOUR TIME, because there is NO other way to get your files, except make a PAYMENT

FOLLOW THESE STEPS:
1) learn how to buy bitcoin https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)
2)send 0.25 BTC to 1EZrvz1kL7SqfemkH3P1VMtomYZbfhznkb
3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com
4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (If you can not wait 24 hours make a payment of 0.45 BTC your files will be unlocked in max 10 minutes)

KEEP IN MIND THAT YOUR DECRYPTION KEY WILL NOT BE STORED ON MY SERVER FOR MORE THAN 1 WEEK SINCE YOUR FILE GET CRYPTED,THEN THERE WON’T BE ANY METHOD TO RECOVER YOUR FILES, DON’T WASTE YOUR TIME!

After your data is encrypted, you are instructed to pay 0.25 bitcoin ($280) to have your files unlocked within 24 hours. If you’re in a rush, however, you can pay 0.45 bitcoin ($500) and your files will be unlocked in 10 minutes or less.

Looking at the previously mentioned prova application, the readme.txt mentions the same bitcoin address but a different email address: “rihofoj@zainmax.net.” In Patcher, the name ‘rihofoj’ uses the mailinator service instead of the zainmax.net domain.

Even if one would be inclined to pay the ransom (which we do NOT recommend), there is a problem. Filecoder never actually sends a decryption key to a server or makes a network connection of any kind. This means the ransomware author does not have a way to unlock your files even if you pay.

When the patcher application is launched, everything currently in your home folder is encrypted. Any new files or folders, even those created while the patcher is running, are not touched. A reboot will have you greeted with a “Sign in to iCloud” window, just like the one you see when you first log in to your Mac. You’ll also find all your settings and preferences reverted to default as your Library folder, including the Preferences, Accounts, Saved Application state, and other, are now encrypted.

Encrypted contents of the User folder

Patcher changes the modification date of the encrypted files to February 13, 2010, for reasons unknown at this time.

Should Mac Users be Concerned?

While this ransomware was currently only found on a BitTorrent site, it could have posed as a fake Flash Player update or other delivery mechanism, thus able to reach a far greater audience. The ransomware is very basic and makes no attempts to hide itself or stay alive after reboots, but if it makes its way onto your Mac and gets a chance to run, it will thoroughly ruin your week. The torrent file carrying the ransomware was found on two BitTorrent sites and appears to have no active seeds, so it cannot be downloaded at the time of writing this article, slightly minimizing the risk. However, Patcher may be hiding in other places not yet discovered.

How to Tell if Your Mac is Infected

If you see files on your desktop or any other folder in your user directory with a .crypt extension, along with text files with names such as “README.txt,” “README_.txt,” “README-!.txt,” “README!!.txt,” “DECRYPT!.txt,” “HOW_TO_DECRYPT_!.txt” and “DECRYPT_!.txt,” your Mac probably fell victim to Filecoder.

Clear signs your Mac was hit by Patcher

How to Protect Yourself from Patcher Ransomware

Unfortunately, malware is no surprise when downloading software from BitTorrent sources, so a surefire way to protect yourself from Patcher ransomware is to only get software directly from the source, such as the App Store or from the vendor’s official website. (Yup, this means you gotta pay for it if the software isn’t free.)

Furthermore, Apple has pushed an update to its XProtect anti-virus signatures to version 2089 on Mavericks, Yosemite, El Capitan, and Sierra, detecting some components of this threat as OSX.Findzip.A. However, Apple appears to miss the prova occurrence or any iteration that can modify the README.txt name. During our testing, running the Patcher application does not generate a GateKeeper warning nor does it ask for a password.

Users of Intego VirusBarrier with up-to-date malware definitions can detect all of the components of the ransomware, identified as OSX/Filecoder and OSX/Filecoder.fs, and block it if it makes its way onto your system.

Manually removing Patcher is as simple as deleting the Adobe Premiere CC 2017 or Office 2016 patcher applications. In this case, it is far more important to keep Patcher from ever getting on your system. There are no other files to delete, and a backup of your data will have to be restored as your user folder is now fully encrypted. This scenario can be seen as complete data loss and highlights the importance of having a solid and smart backup strategy.

The best way to protect yourself from ransomware is to plan ahead, before disaster strikes, and we therefore encourage you to have a look our guide to help you stay safe from ransomware: A Layman’s Guide to Ransomware Protection.

 

via:  intego

AccuWeather now lets you look at the forecast in virtual reality

When walking outside just isn’t good enough.

Accuweather

Checking the weather report is usually a colorless, simple experience — a glance at an app to see the five day forecast or check the news for any major storms or events. If you have a Samsung Gear VR device, however, your daily forecast could soon be an experience. AccuWeather’s new VR experience promises to offer immersive weather news, innovative forecasts and 360-degree video of severe weather events. o of severe weather events.

It sounds like one of the least exciting VR experiences imaginable, and indeed — the screenshots on the app’s store page preview little more than a wrap-around VR view of temperature, humidity and UV Index charts. The draw is more about seeing extreme weather in action — 360-degree clipslike a close up video of a tornado in Colorado, for instance. AccuWeather says new videos will be added each week, and hopes to provide users with an educational perspective on the Earth’s most exciting weather events. The app is available on the Oculus Store for free starting today.

 

via:  engadget

Google offers new ‘Always Free’ cloud tier to attract users

Customers will be able to run tiny workloads free of charge.

Google is letting its customers get a taste of its cloud for free, without a time-limited trial. The company quietly launched a new “Always Free” tier on Thursday that lets people use small amounts of its public cloud services without charge, beyond the company’s limited-time trial.

The tier includes — among other things — 1 f1-micro compute instance, 5 GB per month of Regional Storage and 60 minutes per month of access to the Cloud Speech API. Using the free tier requires users to provide a credit card that Google can automatically bill for any use over the limits.

In addition, the cloud provider expanded its free trial so that users get $300 in credits that they can use for up to 12 months. Google will halt users’ workloads if they eat up all of the credits before the end of 12 months.

The free offerings are meant to help attract users to Google Cloud Platform at a time when the company is competing against Amazon Web Services, Microsoft Azure and other public cloud providers for developers’ time and attention.

Google’s Always Free tier is somewhat similar to what AWS offers its customers. For example, both platforms allow users to run workloads using their respective event-driven compute services, AWS Lambda and Google Functions.

One thing that sets Google apart is its willingness to hand out a free virtual machine.

Google previously offered a 60-day free trial with $300 in credits. An extended trial was one of the cloud provider’s most-requested features, since the short time limit often wasn’t enough for a full proof-of-concept test.

The Always Free benefits are available from Google’s us-west-1, us-central-1 and us-east-1 regions. It’s unclear if the company plans to offer them in other countries.

 

via:  itworld

Trend Micro has discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America and Canada.

Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America.

The experts explained that the MajikPOS has the same capabilities of any other PoS malware, but it features an interesting modular approach in execution.

The first attacks powered with MajikPOS were observed at the end of January 2017, the malicious code borrows features from PoS malware and remote access Trojan (RAT).

“We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A).” reads the analysis shared by Trend Micro.”Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. “

In the past researchers have observed other PoS malware with multiple components that are tasked of differed features (i.e. FastPOS (its updated version), Gorynych, ModPOS), but according to Trend Micro the MajikPOS’s modular structure is quite different. MajikPOS needs only another component from the server to conduct its RAM scraping routine.

MajikPOS is written using the “.NET framework” and uses encrypted communication channel to avoid detection.

The crooks did not use sophisticated techniques to compromise the targets, they were able to gain access to the PoS systems through brute-force attacks on Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) services protected by easy-to-guess passwords.

In some cases, the cyber criminals used Command-line FTP (File Transfer Protocol) or a modified version of Ammyy Admin to install the MajikPOS malware.

In some cases, attackers have used RATs previously installed on the system, the researchers noticed that in several attacks RATs were installed on the targets’ machines between August and November 2016.

Giving a look at other MajikPOS tricks, the experts noticed that its operators utilized commonly used lateral movement hacking tools to gain access to other systems in the host network.

Once installed on a machine, the malicious code connects to the C&C server and receives a configuration file with three entries to be used later.

Below an image of the C&C panel that is called Magic Panel.

MajikPOS C2 Panel

The RAM scraping component of the threat is called Conhost.exe, it scans the memory searching for card data of the major card issuers, including American Express, Diners Club, Discover, Maestro, Mastercard, and Visa.

It verifies the credit card’s track data and then sends it to the C&C server via HTTP POST.

“After verifying the credit card’s track data, the information is sent to the C&C server via HTTP POST, Action=”bin”.” continues the post published by Trend Micro.

Further investigation allowed the experts to discover that the registrant for the Magic Panel servers also registered many other websites used to sell stolen credit card data.

According to Trend Micro the websites managed by the gang behind the threat currently offers around 23,400 stolen credit card tracks for sale, priced between $9 and $39, depending on the type of card. The crooks also offer bulk packages of card composed of 25, 50, and 100 units, that are priced at $250, $400, and $700, respectively.

“Some of these websites were advertised on carding forums as early as February 2017 by a user called “MagicDumps”, who has been updating the forums for new dumps based on location—mostly in the U.S. and Canada.” added Trend Micro.

As a mitigation strategy, experts suggest properly configured chip-and-pin credit cards with end-to-end encryption, unfortunately, many merchants still haven’t implemented the PIN part of the chip-and-PIN process.

 

via:  securityaffairs

Microsoft’s Azure cloud storage had a rough night

Disruption comes weeks after AWS’s storage platform had high error rates.

On Wednesday night into the early morning hours of Thursday Microsoft reported that its Azure cloud customers had difficulty provisioning storage resources, including in its Eastern US region.

The service disruption had a domino effect that impacted many other services too, including its cloud-based SQL database platform. The issue was first reported at 21:50 UTC and was resolved by about 6:00 on Thursday.

“Due to a incident in East US affecting Storage, customers and service dependent on Storage may have experienced difficulties provisioning new resources or accessing their existing resources in the region,” Microsoft reported on its Azure health status page. Other services impacted include: Azure Media Services, Application Insights, Azure Logic Apps, Azure Data Factory, Azure Site Recovery, Azure Cache, Azure Search, Azure Service Bus, Azure Event Hubs, Azure SQL Database, API Management and Azure Stream Analytics.

While that issue was ongoing on Wednesday at 22:42 UTC, another “underlying storage incident” occurred that impacted storage management services, preventing customers from being able to provision new storage resources or add storage to existing workloads. Existing workloads were not impacted though, Microsoft said. That issue impacted Azure Search, Azure Monitor, Azure Site Recovery, Azure Batch and Visual Studio Team Services build. The issue was resolved within a couple of hours.

This Azure storage disruption comes a couple of weeks after Amazon Web Service’s Simple Storage Service experienced increased error rates that impacted many sites across the Internet.

Microsoft says it will release a Root Cause Analysis to explain details of the situation.

 

via:  networkworld

3 steps to boost your career in the cloud

Stuck in a rut in your IT job? Here’s how to work the shift to the cloud to your personal advantage.

It’s not easy to get ahead in large enterprises. Companies of that size are typically awash in policies and procedures that affect how far and how fast you can go as an employee. Years ago, I remember working for a Global 2000 company where it was understood that you had to leave and come back to get any kind of career acceleration.

These days, with the cloud technology talent shortage and the higher cost of that talent, companies are a bit more pragmatic. My advice to people stuck in the big-company IT job rut is to work the hype around cloud for your own career advantage. Here’s how:

First, you need to put in the extra time to learn all you can. Attend most of the local cloud computing meetups. There are Amazon Web Services meetups, cloud security meetups, and so on. Also, get all the certifications you can reasonably acquire. They are all in demand, and you can take the courses at any time without entering a classroom.

Second, make sure the powers that be are aware of your newly acquired skills. Give workshops at your company on cloud computing technology for all who will attend. Write articles for the company’s publications—and for outside publications, if they will have you. Don’t brag, but do let as many people as possible know you have cloud computing chops.

Third, target emerging cloud projects, not jobs. Figure out when and where cloud computing will show up in your company, as well as who owns the budget. Don’t be afraid to offer help. Some projects are hard to get into because some managers treat them as exclusive clubs. However, when it comes to them deciding whether to hire new employees or outside consultants, you’re already sitting there with the skills they need, and that will likely push them in your direction. Negotiate your new pay and job at that point.

The lesson here is often repeated with new technology: With a bit of ambition and some willingness to give up personal time, a lot of personal good can come.

 

via:  infoworld

The risks of using personal social media at work

Many businesses are actively encouraging their employees to use social media at work, hoping that they will become “brand advocates”, talking about the company’s products and services. Employers also hope that their worker’s accounts will help to give the company a “human” face.

But as good as these intentions are, you should carefully consider whether you really want to use your social media accounts at work. Because there are a few potential issues to be aware of.

Increased risk of downloading malware

Social media is a brilliant tool for sharing links, videos and interesting information with your friends online. But not all those links go to good places – quite often those pages will have adware, malware or computer viruses lurking in the background, trying to download themselves onto your computer.

If malware does install itself on your work computer, it could cause serious damage to the rest of the network. The time and costs associated with fixing these issues could seriously hurt your company – and maybe even lose you your job, even if it was an accident.

Possible negative press

There are dozens of examples of situations where someone has made a joke online, but one of their followers has taken offence. The issue quickly escalates, as strangers offer criticisms – and sometimes even threats.

The fall-out from these incidents also affects that person’s employer – some people wrongly assume that the individual and their company are inextricably linked. So the company must act to regain control of the situation – including sacking the employee involved.

Wasting time

With so much interesting information available on Facebook, Twitter, Instagram etc, it is very easy to spend hours catching up on what people are sharing. But if you spend too long on non-work related tasks, you will run into problems getting your actual work done.

When the quality of your work starts to decline, you could be disciplined by your employer – and potentially sacked if things go too far.

Protecting yourself at work

Before you start using your personal social media accounts at work, you should have a conversation with your boss. You should ask how your employer expects you to behave:

  • WHAT KIND OF MALWARE AND CONTENT-BLOCKING TOOLS WILL THEY DEPLOY TO PREVENT VIRUSES BEING DOWNLOADED ACCIDENTALLY?
  • WHAT PROTECTIONS ARE IN PLACE IN THE EVENT OF A SOCIAL MEDIA DISASTER? IS THERE A PLAN TO PROTECT THE BUSINESS AND THE EMPLOYEES?
  • WHAT CONSTITUTES FAIR USE? HOW MUCH IS TOO MUCH? CAN YOU DO WHATEVER YOU LIKE ONLINE, SO LONG AS YOUR WORK IS BEING DONE?

It is only by establishing these guidelines up front that you can hope to avoid accidentally breaking one of them, risking your job. By being smart, both you and your business avoid trouble and gain the benefits offered by social media.

 

via:  pandasecurity