Information Technology

Microsoft’s latest preview for its advanced security product Microsoft Defender for Endpoint now supports unmanaged devices running Windows, Linux, macOS, iOS and Android as well as network devices.The public preview of Microsoft Defender for Endpoint aims to address the rise in post-pandemic hybrid work environments, where people may be using their own computers and devices from home and then bringing them to work and plugging them into the corporate network.

“The riskiest threat is the one you don’t know about. Unmanaged devices are literally one of your weakest links,” says David Weston, Microsoft’s director of enterprise and OS security.   “Smart attackers go there first. With work-from-home, the threat has grown exponentially, making discovering and applying security controls to these devices mission critical.”   SEE: Network security policy (TechRepublic Premium)Microsoft Defender for Endpoint is different to Microsoft Defender antivirus, which is built into all Windows 10 devices. Instead, it offers enterprise security teams incident response and investigation tools and lives as an instance in the Azure cloud. It was formerly known as Microsoft Defender Advanced Threat Protection.The new capabilities should make it easier to discover and secure unmanaged PCs, mobile devices, servers, and network devices on a business network.

It’s meant to help IT teams more easily configure devices for patching when there are operating system or software bugs, as well as address BYO apps and devices, including routers, firewalls, WLAN controllers. “Once network devices are discovered, security administrators will receive the latest security recommendations and vulnerabilities on them,” Microsoft says. “Discovered endpoints (such as workstations, servers, and mobile devices) can be onboarded to Microsoft Defender for Endpoints, allowing all its deep protection capabilities.”IT security teams can test out the public preview for unmanaged devices by turning on preview features for Microsoft Defender for Endpoint. The product is available with Standard and Basic discovery, however for the public preview all customers will have Basic. It uses “unicast or broadcast network events captured by the onboarded devices to discover unmanaged endpoints,” Microsoft explains in a blogpost.”Basic discovery uses the SenseNDR.exe binary for passive network data collection and no network traffic will be initiated.”SEE: Ransomware: Why we’re now facing a perfect stormOn May 10, Microsoft plans to automatically switch all tenants from Basic to its recommended Standard discovery, which is an active discovery method that relies on managed devices to probe the network for unmanaged devices. It then relies on interfaces on discovered devices to collect threat, vulnerability and metadata used for device fingerprinting.Microsoft says it has built in privacy controls for preventing the feature from discovering private devices used at home, such as smart devices, TVs, and gaming consoles.”There is built-in logic to prevent this, and a level of control to define what networks this discovery process runs against. The logic was designed to differentiate between corporate networks and non-corporate networks, to avoid discovery of private or public devices not controlled by the organization. Strict conditions are in place to ensure such devices won’t be discovered and presented in the portal,” Microsoft explains. More

In late March, the Australian Parliament suffered an IT disruption that resulted in MPs and senators losing access to email over the weekend, with some complaining into the week that their access was “patchy”.Facing Senators during an Estimates spill-over hearing on Wednesday, Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess was asked about the incident and whether or not his agency has received a briefing on it. “No, we wouldn’t typically receive a briefing on the outage,” he replied. “But of course, we are charged with looking at threats to security, including potential espionage and foreign interference, so we do pay attention to activities, and we do have an understanding of what happened there.”He said the incident wasn’t for him to comment on, suggesting senators direct their questions to others. He did say he was not concerned directly by that outage.”Of course, it’s a useful time to highlight that espionage, including cyber espionage, is alive and well,” he said. “And there’ll be people who have cracks at networks and mobile devices, but that’s not [just] nation states, that could be criminals or individuals acting alone. “There’s a range of reasons networks can be disrupted, but it may not be for cyber adversary or criminal means, it could actually be just an action network operators take that cause of disruption.”

Rejecting the characterisation it was an “attack”, Burgess reiterated his position. “As the director of security, I’m not concerned, by what I’ve seen,” he repeated.”From my point of view of, ‘is espionage or cyber espionage being occurred?’ I’m not concerned by that incident.”Of course, in the broad, any network connected to the internet is subject to that frequently and the levels of cyber espionage attempts in this country are pretty high, so I remain concerned about that and through the actions of others, the [Australian Cyber Security Centre] that is dealing with the terms of that outage, I am not concerned.”Burgess was also asked to provide his opinion on the status of the Department of Parliamentary Services networks.”We do not concern ourselves with cybersecurity details,” he said. “We’re more focused on actually the threats coming at this country, including the Department of Parliamentary Services networks, how they do that as a matter for this Parliament and the Department of Parliamentary Services, and in terms of technical advice they receive, they take that from the Australian Signals Directorate’s Cyber Security Centre.”Burgess said ASIO would approach the department if it had security concerns around espionage, foreign interference, sabotage, or any security concerns that it cares about.”We would get involved if there was activities occurring, which caused us to choose to investigate, to make sure that a human or some espionage or cyber espionage was occurring or had occurred — we would investigate such matters and we do that in concert with the people we needed to,” he added.The parliamentary network and Australia’s political parties were not successfully defended during an attack in February 2019.For eight days, the attacker described as a state actor was able to remain on the network, affecting everyone with an Australian Parliament House email address, including politicians and all of their staff.  RELATED COVERAGE More

More networks, industries, and machines will be interconnected as 5G become more widely available, making security an even bigger challenge for businesses in Asia-Pacific. Along with this, they also will have to deal with the increased complexity of managing 5G infrastructures, including the use of network slicing.  Beyond just providing consumers with faster data speeds, the emergence of 5G networks would see more industries and devices connected as enterprises tapped the lower latency the technology could deliver, said John Harrington, Nokia’s senior vice president and head of Asia-Pacific Japan.  The COVID-19 pandemic also had accelerated the digitalisation of physical industries such as energy and transport and their reliance on high-speed, digital connectivity, he said in a call with ZDNet. 

Singapore, for instance, was giving out grants to drive the development and adoption of 5G products and services, focusing on key technology areas that encompassed Internet of Things (IoT), robotics, and artificial intelligence (AI), and verticals such as urban mobility and maritime.  Pointing to its use in smart cars and manufacturing, Harrington said 5G could drive significant economic growth opportunities and value for the Asian region.  GSMA, in fact, had projected Asia-Pacific to be the world’s largest 5G region by 2025, hitting 675 million connections–or more than half of the global volume. The industry group, though, had revised its 2020 projection of 5G connections to be 20% lower than its previous forecast, due to the global pandemic.  It said the region’s growth would be led by markets such as China, Japan, and South Korea, with mobile operators investing $331 billion building out their 5G networks. GSMA further estimated that 24 markets across Asia-Pacific would have launched 5G by 2025, including China where 28% of mobile connections would run on 5G networks and account for a third of the world’s 5G connections.

With the increased interconnectivity, security would be a major challenge for organisations here, Harrington noted. He stressed the need to ensure networks were secured and trusted, even as they adhered to industry open standards to drive competition. This would be essential as 5G played a key role in critical infrastructures, he said, such as its use to facilitate real-time video streaming to monitor the performance of cranes or the remote operations of such equipment. These networks also would have increased complexity to maintain and ensure their reliability, he added. The use of network slicing, for instance, could be difficult to manage unless companies acquired the know-how to do so, he said.  Pitched as a prominent feature of 5G, network slicing is touted to enable connectivity and data processing that is customised to the customer’s specific requirements. Nokia last October unveiled a 4G and 5G automation network slicing offering that it said could slash costs associated with boosting networking capacity.  Last month, it also announced plans to cut up to 10,000 jobs and take the EUR 600 million savings to invest in new products and research, including 5G and cloud. Asked about the impact of the restructuring on its Asia-Pacific business, Harrington declined to comment on specific markets, but said the move was necessary to simplify Nokia’s operations and make it “easier to do business with” the vendor. He added that the company had been through a series of mergers and acquisitions, making it necessary to review its organisational structure and make it more nimble and easier to work with. The job cuts were part of this reorganisation and efforts to reduce some of its costs and improve its margins, he said. According to Harrington, Nokia has 19 5G customers in Asia-Pacific, including Globe in the Philippines as well as M1 and StarHub in Singapore, both of which are joint 5G licensees in the city-state.RELATED COVERAGE More

Image: Nvidia/Volvo
The importance of semiconductors in society has reached such a point that supply chain constraints in the sector are having drastic impacts on other parts of society. Last week, American auto giants General Motors and Ford said they would idle some of their factories due to a shortage of semiconductors, sending tens of thousands of workers onto approximately 75% pay, the Washington Post reported. It is expected that worldwide production drops will be measured in the millions. In the wake of such developments, Nvidia CEO Jensen Huang has said the automotive supply chain needs to be re-engineered. “The automotive industry supply chain has to be reinvented — that’s very clear,” he told journalists this week after delivering the GTC 2021 keynote. “What the industry experienced was unfortunate, and hopefully in the future, unnecessary.” Huang is not without a horse in the race, with Nvidia announcing its Atlan automotive processor this week, which is due literally to hit the road in 2025. “That has the ability to replace at least four of the major ECUs [electronic control units], the most complex ECUs in the car, and unify it in software into one programmable system — I think that that’s the right direction — to take the car industry from integration of a whole bunch of embedded controllers into a software-defined future where the computer inside is much more sophisticated and powerful.”

Even though major tech companies have been hit by the shortages and Nvidia’s latest GPU are rarer than hen’s teeth for consumers, Huang said other sectors were “largely unaffected” compared to automakers. “All my colleagues in the automotive industry recognise the importance to re-engineer the supply chain,” he said. “So that it’s much more direct to the source and reduce the number of layers and layers and layers and layers of responsibility, passing, that ultimately leads to the building of a car.” For supply matters much more closer to Nvidia’s GPU bread and butter, Huang said it was a case of consumers clambering for products made on a “leading edge process” and semiconductor manufacturers were all feeling pressure. “TSMC and Samsung and Intel are feeling great demand and great pressure,” he said. Everything announced at Nvidia’s GTC 2021: A data center CPU, SDK for quantum simulations and more “I think that we just have to recognise that leading edge process cannot be a fraction of the overall capacity of the industry, it has to be a larger percentage of it, and I think these leading edge semiconductor companies are aware of that and they’re mindful of that. “But it will take a couple of years before we get leading edge capacity to the level that that is supportive of the global demand of digital technology.” The big announcement during the company’s keynote on Monday was its Arm-based Grace CPU aimed at the AI and high-performance markets.Grace systems will be able to train a one trillion parameter natural language processing model 10x faster than today’s state-of-the-art Nvidia DGX-based systems, which use x86 CPUs. With Nvidia’s 4th Gen NVLink interconnect able to run at 900 Gbps between Grace and the GPUs, which the company said gives 30x higher aggregate bandwidth compared to today’s leading servers. The first supercomputers from HPE using Grace are slated for 2023. Due to its language processing capabilities, Huang said he expected the major cloud providers to all be customers, because they have language models that must be kept up to date. “Language is drifting very quickly and therefore the concept of model decay is a very significant thing,” he said. “For example … if you asked about ‘pandemic’ two years ago, it would come up with very different results, and very different answers than today. “You can’t afford to train your models, your language models, very infrequently, you need to make sure you train them very frequently.” An additional bonus to Nvidia will be that customer support spans every language, and each language demands a different model. “They’ll be used by insurance companies, they’ll be used by financial companies, they’ll be used by any company with a lot of customer service, and it will have to be replicated for every language, the language of every domain, whether it’s financial services in English, its financial services in Japanese — very different,” Huang said. “Healthcare in English, healthcare in Russian — very different — and so all of these different domains, every single combination.” Grace is being manufactured at TSMC using a “very advanced process”. Nvidia is not a cybersecurity company Among the slew of announcements on Monday was the Morpheus framework, which is designed to allow real-time packet inspection over all traffic flowing in a data centre when combined with Nvidia’s Bluefield data processors and an EGX analysis node. “The applications are disaggregated meaning a single application doesn’t run on one computer, it runs on many computers. And  the way they communicate is … unsecured,” Huang said. “The combination between the fact that you’re cloud native, you’re hybrid cloud, and the fact that your data centre is disaggregated, exposed the inside of the data centre tremendously, and you have to assume that the intruder is already inside. According to the Nvidia founder, inspecting every packet in a data centre would not be possible without the company’s hardware and AI chips, but that does not mean the company is getting into the cyber game itself. “We create this end-to-end system, we create the platform, and then cybersecurity companies … they’re so excited about this because finally they have the system necessary to deploy their cybersecurity algorithms — and that’s what they do,” he said. “We’ll create a platform, think of it as a computer system, and they provide the applications and services, and so we’re not a cybersecurity company, but we’re going to be a computing company that enables a computing platform that enables cybersecurity.” Those working with Nvidia on Morpheus include Cloudflare, F5, Fortinet, Canonical, Red Hat, and VMware. Related Coverage More

The Chromium-based Vivaldi browser has removed FLoC, Google’s controversial alternative identifier to third-party cookies for tracking users across websites.FLoC, or Federated Learning of Cohorts, has just been released by Google for Chrome as its answer to improving privacy while still delivering targeted ads.But Vivaldi has called it a “dangerous step that harms user privacy”.”Google’s new data harvesting venture is nasty,” it declared in a blog post that begins with the header “FLoC off! Vivaldi does not support FLoC”.”At Vivaldi, we stand up for the privacy rights of our users. We do not approve tracking and profiling, in any disguise. We certainly would not allow our products to build up local tracking profiles.”It presents FLoC as part of a set of so-called ‘privacy’ technologies, but let’s remove the pretence here; FLoC is a privacy-invasive tracking technology.”Vivaldi is based on Chromium. But while it relies on the Chromium engine to render pages correctly, it said this is where Vivaldi’s similarities with Chrome and other Chromium-based browsers end.

It said the FLoC experiment does not work in Vivaldi as it relies on some hidden settings that are not enabled in Vivaldi.The FLoC component in Chrome needs to call Google’s servers to check if it can function since Google is only enabling it in parts of the world that are not covered by Europe’s GDPR. As the blog explained, Vivaldi does not allow such a call to be made to Google.”We will not support the FLoC API and plan to disable it, no matter how it is implemented. It does not protect privacy and it certainly is not beneficial to users, to unwittingly give away their privacy for the financial gain of Google,” it said. FLoC has been widely criticised by privacy advocates, even though it is an improvement to third-party cookies. The Electronic Frontiers Foundation (EFF) called it a “terrible idea” because now Chrome shares a summary of each user’s recent browsing activity with marketers.  As Vivaldi explained, an ad company could previously only see the aspects of a user’s personality relating to the websites where its ads were used. An ad provider that was only used for 1,000 websites might only have seen each visitor on one or two of their sites, so they could not build up much tracking data about a user.”FLoC changes this completely. Its core design involves sharing new information with advertisers,” it continued. “Now every website will get to see an ID that was generated from your behaviour on every other website.”You might visit a website that relates to a highly personal subject that may or may not use FLoC ads, and now every other site that you visit gets told your FLoC ID, which shows that you have visited that specific kind of site.”FLoC, Vivaldi said, has very serious implications for people who live in an environment where aspects of their personality are persecuted, such as their sexuality, political viewpoint, or religion. “All can become a part of your FLoC ID,” it said.”This is no longer about privacy but goes beyond. It crosses the line into personal safety.”We reject FLoC. You should too.”RELATED COVERAGE More

It’s possible that if you were running an Exchange server in the United States, it could have been compromised, and somewhat mitigated by the FBI without your knowledge. The Department of Justice revealed on Tuesday that the FBI gained authorisation to remove web shells installed on compromised servers related to the Exchange vulnerabilities. “Many infected system owners successfully removed the web shells from thousands of computers. Others appeared unable to do so, and hundreds of such web shells persisted unmitigated,” the department said. “This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to US networks.” Despite the operation, those that run Exchange servers are still recommended to follow Microsoft’s advice as well as ensure servers are properly patched. “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path),” it said. “This operation was successful in copying and removing those web shells. However, it did not patch any Microsoft Exchange Server zero-day vulnerabilities or search for or remove any additional malware or hacking tools that hacking groups may have placed on victim networks by exploiting the web shells.”

Due to each shell having a unique file path and name, the department added it may have been difficult for “individual server owners” to find and remove them. As of the end of March, the department was aware of “hundreds” of shells still working on US servers. Microsoft released its first alerts on the vulnerabilities at the start of March. The FBI is now attempting to alert server owners that it removed shells from. Affected users with publicly available contact information will receive an “e-mail message from an official FBI e-mail account (@FBI.gov) notifying the victim of the search”, and failing that, ISPs will be contacted to provide notice. All fbi.gov emails are genuine: This phishing attack pretends to come from someone you trust “Today’s court-authorized removal of the malicious web shells demonstrates the department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” Assistant Attorney General for national security John C. Demers said. “Combined with the private sector’s and other government agencies’ efforts to date, including the release of detection tools and patches, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. “There’s no doubt that more work remains to be done, but let there also be no doubt that the department is committed to playing its integral and necessary role in such efforts.” On March 24, Microsoft said 92% of vulnerable servers were patched or mitigated.In Australia, the government’s Australian Cyber Security Centre has been running scans to find vulnerable servers in the country. Related Coverage More

Microsoft is advising businesses to patch four new previously undisclosed Exchange Server vulnerabilities just weeks after zero-day attacks that affected global installations. In Microsoft’s Patch Tuesday roundup, the software giant and US National Security Agency (NSA) urged fixes. Microsoft credited the NSA for finding two remote code execution vulnerability flaws (CVE-2021-28480 and CVE-2021-28481) in Exchange Server. Both bugs found by the NSA carry a CVSS score of 9.8 due to the risks of attacks without user interaction. Recent: Overall, Microsoft released patches for 114 CVEs that cover everything from Windows to Edge (Chromium based), Azure, Microsoft Office, SharePoint Server and Exchange Server among others. According to Trend Micro’s ZDI the patch bundle is the most this year. Also: Microsoft details its legacy Edge browser phase-out strategy Regarding the Exchange bugs, Microsoft said: We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.

The attacks on Exchange have been a major headache for Microsoft and enterprises. Microsoft released emergency patches for Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 on March 2. At the time, the company said that four zero-day vulnerabilities which could lead to data theft and overall server hijacking were being actively exploited in “limited, targeted attacks.” However, it was not long before multiple advanced persistent threat (APT) groups began to join in Exchange Server-based campaigns and it is estimated that thousands of systems belonging to organizations worldwide have been compromised.  Alongside the emergency patches, Microsoft has also published a mitigation guide and created a one-click mitigation tool including a URL rewrite for one of the vulnerabilities to stop an attack chain from forming.  More

Microsoft is advising businesses to patch four new previously undisclosed Exchange Server vulnerabilities just weeks after zero-day attacks that affected global installations. In Microsoft’s Patch Tuesday roundup, the software giant and US National Security Agency (NSA) urged fixes. Microsoft credited the NSA for finding two remote code execution vulnerability flaws (CVE-2021-28480 and CVE-2021-28481) in Exchange Server. Both bugs found by the NSA carry a CVSS score of 9.8 due to the risks of attacks without user interaction. Recent:Overall, Microsoft released patches for 114 CVEs that cover everything from Windows to Edge (Chromium based), Azure, Microsoft Office, SharePoint Server and Exchange Server among others. According to TippingPoint’s ZDI the patch bundle is the most this year. Also: Microsoft details its legacy Edge browser phase-out strategyRegarding the Exchange bugs, Microsoft said:We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.

The attacks on Exchange have been a major headache for Microsoft and enterprises. Microsoft released emergency patches for Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 on March 2. At the time, the company said that four zero-day vulnerabilities which could lead to data theft and overall server hijacking were being actively exploited in “limited, targeted attacks.”However, it was not long before multiple advanced persistent threat (APT) groups began to join in Exchange Server-based campaigns and it is estimated that thousands of systems belonging to organizations worldwide have been compromised. Alongside the emergency patches, Microsoft has also published a mitigation guide and created a one-click mitigation tool including a URL rewrite for one of the vulnerabilities to stop an attack chain from forming.  More