Author : All posts by ilikesql

14

Jan

Learning from cryptocurrency mining attack scripts on Linux

Cryptocurrency mining attacks continue to represent a threat to many of our Azure Linux customers. In the past, we’ve talked about how some attackers use brute force techniques to guess account names and passwords and use those to gain access to machines. Today, we’re talking about an attack that a few of our customers have seen where a service is exploited to run the attackers code directly on the machine hosting the service.

This attack is interesting for several reasons. The attacker echoes in their scripts so we can see what they want to do, not just what executes on the machine. The scripts cover a wide range of possible services to exploit so they demonstrate how far the campaign can reach. Finally, because we have the scripts themselves, we can pull out good examples from the Lateral Movement, Defense Evasion, Persistence, and Objectives sections of the Linux MITRE ATT&CK Matrix and use those to talk about hunting on your own data.

Initial vector

For this attack, the first indication something is wrong in the audited logs is an echo command piping a base64 encoded command into base64 for decoding then piping into bash. Across our users, this first command

Share

14

Jan

Turning to a new chapter of Windows Server innovation

Today, January 14, 2020, marks the end of support for Windows Server 2008 and Windows Server 2008 R2. Customers loved these releases, which introduced advancements such as the shift from 32-bit to 64-bit computing and server virtualization. While support for these popular releases ends today, we are excited about new innovations in cloud computing, hybrid cloud, and data that can help server workloads get ready for the new era.

We want to thank customers for trusting Microsoft as their technology partner. We also want to make sure that we work with all our customers to support them through this transition while applying the latest technology innovations to modernize their server workloads.

We are pleased to offer multiple options to as you make this transition. Learn how you can take advantage of cloud computing in combination with Windows Server as you make this transition. Here are some of our customers that are using Azure for their Windows Server workloads.

Customers using Azure for their Windows Server workloads

Customers such as All Scripts, Tencent, Alaska Airlines, and Altair Engineering are using Azure to modernize their apps and services. One great example of this is from JB Hunt Transport Services, Inc. which has

Share

13

Jan

IoT Signals retail report: IoT’s promise for retail will be unlocked addressing security, privacy and compliance

Few industries have been disrupted by emerging technology quite like retail. From exploding online sales to the growth of mobile shopping, the industry has made a permanent shift to accommodate digital consumers.

The rise of IoT has forced the retail industry to take notice; IDC expects that by 2025 there will be 41.6 billion connected IoT devices or ‘things,’ generating more than 79 zettabytes (ZB) of data. These billions of devices are creating unprecedented visibility into a business, leading to transformation of operations, from the supply chain to automated checkout, personalized discounts, smart shelves, and other advances powered by IoT. In fact, IoT can help brick-and-mortar stores create customer experiences that rival that of online stores; for instance, customers can be sent alerts about discounts relevant to them when they get close to a store, and those stores can use IoT to keep track of inventory and increase efficiency.

Today we’re sharing a new IoT Signals report focused on the retail industry that provides an industry pulse on the state of IoT adoption to help inform how we better serve our partners and customers, as well as help retail leaders develop their own IoT strategies. We surveyed 168 decision makers

Share

13

Jan

Azure is now certified for the ISO/IEC 27701 privacy standard

We are pleased to share that Azure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS). The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. Microsoft’s successful audit can also help enable Azure customers to build upon our certification and seek their own certification to more easily comply with an ever-increasing number of global privacy requirements.

Being the first major US cloud provider to achieve a PIMS certification is the latest in a series of privacy firsts for Azure, including being the first to achieve compliance with EU Model clauses. Microsoft was also the first major cloud provider to voluntarily extend the core data privacy rights included in the GDPR (General Data Protection Regulation) to customers around the world.

PIMS is built as an extension of the widely-used ISO/IEC 27001 standard for information security management, making the implementation of PIMS’s privacy information management system a helpful compliance extension for the many organizations that rely on ISO/IEC 27001, as well as creating a strong integration point

Share

13

Jan

Retailers embrace Azure IoT Central

https://azure.microsoft.com/blog/retailers-embrace-azure-iot-central/For many retailers around the world, the busiest quarter of the year just finished with holiday shopping through Black Friday and Cyber Monday to Boxing Day. From supply chain optimization, to digital distribution, and in-store analytics, the retail industry has READ MORE

Share

06

Jan

Azure Cost Management 2019 year in review
Azure Cost Management 2019 year in review

When we talk about cost management, we focus on three core tenets:

Ensuring cost visibility so everyone is aware of the financial impact their solutions have. Driving accountability throughout the organization to stop bad spending patterns. Continuous cost optimization as your usage changes over time to do more with less.

These were the driving forces in 2019 as we set out to build a strong foundation that pulls together all costs across all account types and ensures everyone in the organization has a means to report on, control, and optimize costs. Our ultimate goal is to empower you to lead a healthier, more financially responsible organization.

All costs behind a single pane of glass

On the heels of the Azure Cost Management preview, 2019 started off strong with the general availability of Enterprise Agreement (EA) accounts in February and pay-as-you-go (PAYG) in April. At the same time, Microsoft as a whole embarked on a journey to modernize the entire commerce platform with the new Microsoft Customer Agreement (MCA), which started rolling out for enterprises in March, pay-as-you-go subscriptions in July, and Cloud Solution Providers (CSP) using Azure plan in November. Whether you get Azure through the Microsoft field, directly from

Share

03

Jan

Advancing no-impact and low-impact maintenance technologies

“This post continues our reliability series kicked off by my July blog post highlighting several initiatives underway to keep improving platform availability, as part of our commitment to provide a trusted set of cloud services. Today I wanted to double-click on the investments we’ve made in no-impact and low-impact update technologies including hot patching, memory-preserving maintenance, and live migration. We’ve deployed dozens of security and reliability patches to host infrastructure in the past year, many of which were implemented with no customer impact or downtime. The post that follows was written by John Slack from our core operating systems team, who is the Program Manager for several of the update technologies discussed below.” – Mark Russinovich, CTO, Azure

This post was co-authored by Apurva Thanky, Cristina del Amo Casado, and Shantanu Srivastava from the engineering teams responsible for these technologies.

 

We regularly update Azure host infrastructure to improve the reliability, performance, and security of the platform. While the purposes of these ‘maintenance’ updates vary, they typically involve updating software components in the hosting environment or decommissioning hardware. If we go back five years, the only way to apply some of these updates was by fully rebooting the entire host.

Share

02

Jan

Happy New Year from Power BI Desktop!
Happy New Year from Power BI Desktop!

https://powerbi.microsoft.com/en-us/blog/happy-new-year-from-power-bi-desktop-3/Source: https://powerbi.microsoft.com/en-us/blog/happy-new-year-from-power-bi-desktop-3/           Happy New Year! In honor of the new year, our team put together this fun video where we reveal what makes Power BI what it is today! Enjoy!

Share

26

Dec

On-premises data gateway December 2019 update is now available

https://powerbi.microsoft.com/en-us/blog/on-premises-data-gateway-december-2019-update-is-now-available/Source: https://powerbi.microsoft.com/en-us/blog/on-premises-data-gateway-december-2019-update-is-now-available/           December version of the gateway

Share

21

Dec

Introducing the Power BI Activity Log

https://powerbi.microsoft.com/en-us/blog/the-power-bi-activity-log-makes-it-easy-to-download-activity-data-for-custom-usage-reporting/Source: https://powerbi.microsoft.com/en-us/blog/the-power-bi-activity-log-makes-it-easy-to-download-activity-data-for-custom-usage-reporting/           We are excited to announce the availability of a new Power BI API called the activity log, which enables Power BI service admins to track user and admin activities within a Power BI READ MORE

Share