Cloud computing helps power strong Microsoft quarter

SAN FRANCISCO, United States - Microsoft on Tuesday reported strong quarterly earnings, powered by demand for cloud computing.

The tech titan said it made a profit of $16.7 billion on revenue of $49.4 billion in the first three months of this year, eight percent and 18 percent, respectively, more than in the period a year earlier.

"Going forward, digital technology will be the key input that powers the world's economic output," said Microsoft chief executive Satya Nadella.

"Across the tech stack, we are expanding our opportunity and taking share as we help customers differentiate, build resilience, and do more with less."

Microsoft shares rose more than four percent to $282.44 on the earnings figures, which came with an optimistic outlook for the current financial quarter.

Revenue in the company's "intelligent cloud" unit that meshes datacenter-hosted software with artificial intelligence surged from the same period a year earlier, Microsoft reported.

"Continued customer commitment to our cloud platform and strong sales execution drove better-than-expected commercial bookings growth" along with cloud computing revenue, Microsoft chief financial officer Amy Hood said in the earnings release.

The pandemic accelerated a shift to relying on the internet for work, education, shopping, socializing and entertainment, with Microsoft seemingly positioned to benefit from lifestyle changes that will remain even as people return to being out and about.

A business and productivity unit at Microsoft that includes its online suite of Office 365 software saw revenue grow with the help of a 34 percent increase in money taken in by career-focused online social network LinkedIn, the earnings report showed.

"Growth for LinkedIn was the most surprising," CFRA equity research vice president John Freeman told AFP.

"LinkedIn continued to be Microsoft's lower profile success story. That acquisition is looking better and better every year and every quarter."

Microsoft bought LinkedIn for slightly more than $26 billion in 2016.

Money taken in for content and services at Microsoft's Xbox video game division rose four percent in the recently ended quarter as the company works to beef up its cloud-based games subscription offering.

Microsoft is seeking regulatory approval for its $69 billion deal to buy video game powerhouse Activision Blizzard.

Merging with troubled Activision will make Microsoft the third-largest gaming company by revenue, behind Tencent and Sony, it said, a major shift in the booming world of games.

Activision, the California-based maker of "Candy Crush," has been hit by employee protests, departures, and a state lawsuit alleging it enabled toxic workplace conditions and sexual harassment. 

"Acquiring Activision will help jump start Microsoft's broader gaming endeavors and ultimately its move into the metaverse with gaming the first monetization piece of the metaverse in our opinion," Wedbush analysts said after the news broke.

Agence France-Presse

Four attack techniques used by hackers

MANILA, Philippines - Security is no longer an afterthought. It’s a major component to the success of a business. This means that the Chief Information Security Officers (CISOs) need a spot at the executive table to ensure the IT security plans align with the business goals and objectives.

We are all connected to the Internet which is great; however being connected also means that we are all in a very large ecosystem.

It’s important to realize that anything happens with one company will often affect many other companies. Direct business partners will be affected and even the most remote company can be affected.

Many of the attack techniques used today are similar to the attack few years ago. However, there are some mounting cyber problems that are enabling the attackers to deliver their exploit more effectively and stealthier.

One of them being social media and on-line services. Everyone today is using some form of social media such as Facebook and LinkedIn, as well as online dating sites.

Because of this, attackers are shifting their entry points into user’s devices via these sites via social engineering, preying on the human emotions side. Social Engineering concepts are the same, but the attack vector or surface has changed. Next is the evasion techniques used by the attackers. The ability for the attacker to conceal themselves continues to advance. Because of this often times just having traditional anti-virus is not enough.


Below are techniques used by hackers, according to Anthony Giandomenico, Senior Security Strategist, FortiGuard Labs, Fortinet

Phishing Attack

Amongst the new hacking techniques, phishing attack is most likely the number one way to gain unauthorized access to company networks. A phishing email will attach a piece of malware or a malicious link, and is created to look legitimate and enticing for users to click the link.

Drive-by Attack

Another technique used by the hackers is the drive-by attack. The attackers will compromise a website and install a malicious java script that will redirect an unsuspecting user to another website containing malicious payload (malware) that will then be downloaded in the background to the user’s device. In a targeted attack, the attackers will spend many months researching websites that companies or industries will frequent and infect those websites.

Malvertising

The next technique used is malvertising. This attack is similar to the drive-by attacks except for the attacker will focus on infecting the advertising sites. An attacker can infect one ad site which in turn could infect 1000s of other websites. More bang for your buck!

Mobile Attack

Last but not least, the mobile attack. Many attacks against mobile devices are similar to the above listed attacks; they are just targeting the mobile device. In addition, malware can be delivered through SMS messages or they mask themselves as other fun applications such as games or even pornography.

Once the attacker has successfully breached a network and is sitting on a user’s device such as a laptop/desktop or mobile devices, the attacker now needs to download more malware and tools to complete their missions. Usually the data they are looking for is not on the workstations; it’s in the servers/databases and such.

As mentioned above, the usual entry point into the network is through users clicking on malicious links. Once the user device is compromised, the attackers will start moving about the network to find the data they are looking for. This is where network segmentation becomes extremely important. One, it helps reduce the impact of the breach since a company can isolate the breach to a specific location while not affecting the rest of the network. Also, it allows for sensitive data to be zoned in a higher security area which will give the bad guys a tougher time to exfiltrate data. Lastly, “You can’t protect and monitor everything within your networks”. The networks are too large and complex; so find the critical data, isolate it and put more granular focus on monitoring the avenues of approach to that data.

source: philstar.com

LinkedIn suffers data breach

BOSTON/NEW YORK — LinkedIn confessed it had a data breach that compromised the passwords of some of its members, the social networking site said on Wednesday.

LinkedIn engineer Vicente Silveira confirmed on the site’s blog that some passwords were “comprised.” (tinyurl.com/cxje9xo)

“We are continuing to investigate this situation,” he said.

LinkedIn said it sent emails to members whose passwords were affected explaining how to reset them, since they are no longer valid on the site.

It could take several days, or up to a week, for LinkedIn to identify the source, said Mary Landesman, security researcher with Cloudmark, a company that helps secure messaging systems.

LinkedIn, which made its stock debut last year, is a social media company that caters to companies seeking employees and people scouting for jobs.

It has more than 161 million members worldwide. One of the Mountain View, California-based company’s main initiatives is to grow internationally – 61 percent of its membership is located outside the United States.

Marcus Carey, security researcher at Boston-based Rapid7, said he believed the attackers had been inside LinkedIn’s network for at least several days, based on an analysis of the type of information stolen and quantity of data posted on the forums.

“While LinkedIn is investigating the breach, the attackers may still have access to the system,” Carey warned. “If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time.”

Officials with LinkedIn declined to comment on whether an attack might still be in progress.

The breach is the latest in a string of high-profile hacks affecting companies and governments around the world, which have put the personal information of millions at risk.

With LinkedIn, computer security experts discovered files with some 6.4 million scrambled passwords on Tuesday, which they originally suspected belong to LinkedIn members because some of the passwords included the phrase “LinkedIn,” said Graham Cluley, a senior technology consultant with British computer security software maker Sophos.

When Sophos dug further, it found other passwords on the list belonged to Sophos employees, who only used them to secure their LinkedIn accounts, he said. But it is possible that all or just some of those 6.4 million passwords belong to LinkedIn members, Cluley added.

The data was found on underground websites where criminal hackers frequently exchange stolen information, including scrambled passwords.

The files included only passwords and not corresponding email addresses, which means that people who download the files and unscramble the passwords will not easily be able to access any accounts with compromised passwords.

Yet analysts said it is likely that the hackers who stole the passwords also have the corresponding email addresses and would be able to access the accounts.

Needs more salt?

At least two security experts who examined the files believed to contain the stolen LinkedIn passwords said the company had failed to use best practices for protecting the data.

The experts said that LinkedIn used a vanilla or basic technique for encrypting, or scrambling, the passwords which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted.

The social network could have made it extremely tedious for the passwords to be unscrambled by using a technique known as “salting,” which means adding a secret salt to each password before scrambling it.

“What they did is considered to be poor practice,” Landesman said.

Silveira said in the post that affected members who update their passwords and those members whose passwords were not comprised “benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.”

Last year, a security researcher warned that LinkedIn had flaws that make users’ accounts vulnerable to attack by hackers because of the way it manages cookies.

Cookies are small pieces of data sent from a website and stored in a computer user’s Web browser. They are commonly used as a way to compile long-term records of individuals’ browsing histories, and have raised concerns about privacy.

LinkedIn was co-founded by former PayPal executive Reid Hoffman in 2002 and makes money selling marketing services and subscriptions to companies and job seekers.

source: interaksyon.com