Star Awan Trading & Contracting

17/11/2020

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes

Microsoft Authenticator, the company's app-based authenticator, and Windows Hello, the umbrella label for Microsoft's biometrics technology, are better methods of authentication, a Microsoft exec says.

A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

Weinert argued that other MFA methods are more secure, calling out Microsoft Authenticator, his company's app-based authenticator, and Windows Hello, the umbrella label for Microsoft's biometrics technology, including facial recognition and fingerprint verification. It's no coincidence that Weinert touted technologies Microsoft has aggressively pushed in its campaign to convince enterprises to go passwordless.

More than a year ago, Weinert spelled out how, in his view, passwords alone are no defense against credential theft, but that by enabling MFA, "your account is more than 99.9% less likely to be compromised." That advice hasn't changed, but Microsoft's stance on MFA has now narrowed. "MFA is essential — we are discussing which MFA method to use, not whether to use MFA," he wrote last week.

Weinert ticked off a list of security flaws in SMS- and voice-based MFA, the technique that typically sends a six-digit code to a predetermined, verified phone number. Those defects, Weinert said, ranged from a lack of encryption — texts are sent in the clear — to vulnerability to social engineering.

App-based authentication, Weinert contended, is a much more secure means to the WFA ends. He then touted Microsoft Authenticator, which comes in versions for Google's Android and Apple's iOS.

Authenticator boasts encrypted communication, supports facial and fingerprint recognition — letting users authenticate using those technologies when, say, their company-supplied laptops do not. Authenticator also supports one-time passcodes, duplicating the mechanism of SMS-based WFA, albeit in encrypted form from start to finish.

Source: https://www.computerworld.com/article/3596890/microsoft-exhorts-enterprises-to-quit-text-voice-multi-factor-authentication-passcodes.html

16/11/2020

Coronavirus: North Korea and Russia hackers 'targeting vaccine

State-backed hackers from North Korea and Russia have been targeting organisations working on a coronavirus vaccine, Microsoft has said.

It said a Russian group nicknamed "Fancy Bear" and North Korean groups dubbed "Zinc" and "Cerium" were implicated in recent cyber-attacks.

The UK's National Cyber Security Centre (NCSC) has previously said Russian hackers were targeting vaccine research.

But Russia denied it was responsible.

Microsoft, which develops cyber-security software, said it had detected attempts to break into the computer systems of seven pharmaceutical companies.

Vaccine researchers in Canada, France, India, South Korea, and the United States were also targeted.

Microsoft said the Russian group had used "brute force" tactics, trying to log in to accounts using millions of different passwords.

One of the North Korean groups sent emails posing as World Health Organization officials and tried to trick people into handing over their login credentials.

Some of the break-in attempts failed, but Microsoft warned that some of them had been successful.

Russia has previously denied targeting vaccine research. The Russian embassy in Washington, USA told news agency Reuters it had nothing further to add.

North Korea's representative to the United Nations has not yet responded to messages seeking comment.

In a blog post, Microsoft called on world leaders to "affirm that international law protects health care facilities and to take action to enforce the law".

Source: https://www.bbc.com/news/technology-54936886

11/11/2020

Qatar likely to receive Covid-19 vaccines by year-end or very early 2021: Official

Doha: If Pfizer and BioNtech vaccine gets the necessary regulatory approval Qatar will be able to receive an initial quantity of vaccines by the end of this year or very early in 2021, a senior health official said.

Dr. Abdullatif Al Khal, Chair of the National Health Strategic Group on COVID-19 and Head of Infectious Diseases at Hamad Medical Corporation said: “We have been working with Pfizer and BioNTech since the summer and they are confident that if their vaccine gets the necessary regulatory approval Qatar will be able to receive an initial quantity of vaccines by the end of this year or very early in 2021.”

The Ministry of Public Health (MoPH) considers the announcement by Pfizer and BioNtech very promising as it shows that great progress is being made on the development and testing of a safe and effective COVID-19 vaccine, MoPH said in a statement published on Twitter.

READ ALSO: Pfizer’s Covid vaccine prevents 90% of infections in a large study

“Pfizer and BioNtech stated that preliminary analysis on their vaccine shows it can prevent more than 90 percent of people from getting COVID-19 which is better than we hoped for or expected.

“This news gives us good reason to be optimistic that life can return towards normal sooner rather than later, but it is important to note that these are the initial results of the study and additional results of the ongoing clinical trials are required to confirm the vaccine’s effectiveness,” the statement added.

Source: https://thepeninsulaqatar.com/article/10/11/2020/Qatar-likely-to-receive-Covid-19-vaccines-by-year-end-or-very-early-2021-Official

05/11/2020

StarAwan Trading & Contracting offers a unique consulting experience for large Businesses, by providing the best iT Solutions & Products.

05/11/2020

US Election: Twitter hides Trump tweet about 'disappearing' lead

Twitter has hidden some of Donald Trump's first tweets the day after a US election which remains undecided.

Source: https://www.bbc.com/news/technology-54809165

04/11/2020

5G: Using drones to beam signals from the stratosphere!

Plans to beam 5G signals to the public via drones that stay airborne for nine days at a time have been announced by two UK firms.

Source: http://ow.ly/zxQz50CaXjA

03/11/2020

Printer Busines Explained (Part1):

Printer Ink Wars — EcoTank, Instant Ink, MegaTank, INKvestment Tank , Instant Ink

Everybody has heard the adage that the major inkjet printer manufacturers—Brother, Canon, Epson, and HP—make more from the ink that keeps their printers going than from the sale of the printers themselves. This is not just simply an axiom; it’s absolutely true.

Printer ink is not the only consumable that fuels the profit margin of a particular industry. Another often-touted example is razor blade replacement cartridges. (How many others can you think of?)

For the longest time, though, the only choice we had was (except for using third-party or refurbished ink cartridges, but that’s another story) to suck it up and pay the price—if, that is, we wanted to keep printing. Over the past few years, though, due primarily to pressure from consumers and technology journalists, printer makers now offer us choices, many choices.

It all started with HP’s Instant Ink subscription program, but now each printer maker offers some kind of “bulk-ink” product that provides at least some relief to the price of ink itself and, better yet, increased transparency into what it actually costs to keep your printer churning.

Each printer manufacturer has its own bulk-ink product, as follows:

Brother = INKvestment Tank
Canon = MegaTank
Epson = EcoTank
HP = Instant Ink

Except for EcoTank and MegaTank, these products are quite different in approach and how much they actually save you in terms of the per-page cost of ink. Depending on how and what you print, each product has its own distinct advantages and disadvantages.

03/11/2020

Top web browsers 2020: Edge makes double digits
In October, Google's Chrome browser shed market share for the third month in a row. Meanwhile, Microsoft's Edge broke into double-digits — the largest ever gain for Edge in a single month

Source:

In October, Google's Chrome browser shed market share for the third month in a row. Meanwhile, Microsoft's Edge broke into double-digits — the largest ever gain for Edge in a single month

02/11/2020

Google has a Chrome zero-day warning for Windows users

Google has identified a zero-day vulnerability for Windows 7.8 and 10 users, and Microsoft has yet to be addressed. Microsoft is expected to fix the problem on November 10th. It is highly recommended that Windows users update their PCs immediately. As per Ben Hawkes, Google Project Zero Team Leader, this Windows Zero-Day – CVE-2020-17087 – is used to launch a combined attack along with a Chrome Zero-Day identified as CVE-2020-15999. Chrome zero-day is said to be already patched, but Windows day is still active.

“We currently expect a patch for this issue to be available on November 10th. We confirmed with Google’s Threat Analysis Group director Shane Huntley that this is targeted exploitation and not related to any US election target, “Hawkes tweeted.
Google informed Microsoft of the vulnerability last week and gave Microsoft 7 days to fix the problem. Since Microsoft did not fix the problem, Google has publicly disclosed the details of the bug.
Google has provided the source code of a proof-of-concept program. “It has been tested on a recent build of Windows 10 1903 (64-bit), but the vulnerability is believed to have been around since Windows 7 or higher. The easiest way to reproduce a crash is to have special pools enabled for cng.sys. But even in the default configuration, corruption of 64 KB kernel data will almost certainly crash the system shortly after the exploit is run, ”said Google in his report.

Source: https://www.de24.news/2020/10/google-has-a-chrome-zero-day-warning-for-windows-users.html

01/11/2020

The first laptops with Intel’s Iris Xe Max graphics are now available to order.

The public just got its first glimpse of Iris Xe Max, Intel’s new discrete GPU for thin-and-light laptops, at an Acer press event.

Source:

Portable machines for content creators

29/10/2020

Zuckerberg, Dorsey and Pichai face-off with Congress over internet law, content decisions.

The CEOs appeared before a Senate committee to discuss Section 230, which has shielded internet companies from liability for user-generated content.

The leaders of Facebook, Twitter and Google faced withering attacks from both Republicans and Democrats on Wednesday, as US senators grilled the tech titans over a key internet law that's helped their businesses flourish.

Sen. Roger Wicker, a Mississippi Republican who chairs the Senate Commerce Committee, set a cordial-yet-combative tone at the beginning of the hearing about Section 230, a law that shields social media companies from liability for content posted by their users and allows them discretion in moderating offensive posts such as hate speech.

"This liability shield has been pivotal in protecting online platforms from endless and potentially ruinous lawsuits. It has also given these internet platforms the ability to control, stifle and even censor content in whatever manner meets their respective standards," Wicker told Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey and Google CEO Sundar Pichai at the start of the three-and-a-half-hour hearing. "The time has come for that free pass to end."