Tag Archives: Devices

Critical F5 Networks vulnerability under attack

A critical remote code execution flaw in F5 Networks’ BIG-IP devices that was disclosed last week is already under attack.

The F5 vulnerability, rated 10 out of 10 on the Common Vulnerability Scoring System (CVSS), affects the Traffic Management User Interface (TMUI) in a range of BIG-IP network devices. F5 disclosed the flaw, tracked as CVE-2020-5902, in an advisory on June 30 and released patches two days later. Over the holiday weekend, however, security researchers confirmed that the remote code execution flaw had become the target of threat actors.

Rich Warren, principal consultant at cybersecurity firm NCC Group, said via Twitter that his company observed exploitation of the F5 vulnerability on July 4. He also noted an “uptick” in activity Monday morning.

In a blog post Sunday, Troy Mursch, chief research officer for the Chicago-based security research company Bad Packets, said the company’s honeypots detected mass scanning activity originating from multiple hosts targeting F5 BIG-IP servers vulnerable to CVE-2020-5902. In the end, more 1,800 F5 BIG-IP endpoints were discovered to be vulnerable to the flaw, which Mursch said already have publicly available proof-of-concept exploits on GitHub, Twitter and other platforms.

“This vulnerability allows for unauthenticated attackers with network access to the vulnerable F5 servers to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code,” Mursch wrote in the blog post.

Originally, Bad Packets scanned 3,945 F5 BIG-IP servers and discovered a total of 1,832 unique IPv4 hosts worldwide were vulnerable. In addition, the scan found vulnerable hosts in 66 countries around the world, with the United States topping the chart. Affected organizations include government agencies, public schools and universities, hospitals and healthcare providers, major financial and banking institutions and Fortune 500 companies.

In addition to executing arbitrary commands, the vulnerability can “allow threat actors to gain a foothold inside the targeted networks and conduct malicious activity, such as spreading ransomware,” Mursch wrote in the blog post.

According to the advisory from F5, which was updated on July 6, “this vulnerability may result in complete system compromise.”

F5 recommended upgrading to a new software version to fully mitigate this vulnerability, though it also offered other mitigation options such as restricting access to BIG-IP devices over secure networks.

Positive Technologies researcher Mikhail Klyuchnikov, who discovered the F5 vulnerability, said in a blog post that most companies using BIG-IP devices do not allow access to the TMUI over the internet. However, he noted the flaw was “particularly dangerous” for organizations with BIG-IP interfaces that are publicly searchable with tools like SHODAN.

Go to Original Article
Author:

‘CallStranger’ vulnerability affects billions of UPNP devices

A newly disclosed vulnerability named “CallStranger” affects billions of connected devices and can be exploited to steal data or initiate large-scale DDoS attacks.

CallStranger was disclosed Monday by Yunus Çadırcı, senior cybersecurity manager at EY Turkey. The vulnerability affects the Universal Plug and Play (UPNP) protocol, which is widely used by a variety for devices, from enterprise routers and IoT devices to video game consoles and smart TVs.

“The vulnerability — CallStranger — is caused by Callback header value in UPnP SUBSCRIBE function can be controlled by an attacker and enables an SSRF [server-side request forgery]-like vulnerability, which affects millions of Internet facing and billions of LAN devices,” Çadırcı wrote on the research site.

The vulnerability, CVE-2020-12695, can allow unauthorized users to bypass security products such DLP and exfiltrate data or abuse connected devices for DDoS attacks that use TCP amplification.

Çadırcı said data exfiltration is the “biggest risk” for enterprises and advised organizations to check their logs for suspicious activity around UPNP. The threat to consumer devices, he said, is lower but those devices could be compromised and used for DDoS attacks against larger organizations. ” Because it also can be used for DDoS, we expect botnets will start implementing this new technique by consuming end user devices,” he wrote.

The UPNP protocol was started in 1999 by an industry initiative known as the UPnP Forum; the protocol was designed to simplify network connections for homes and corporate environments. The Open Connectivity Foundation, which assumed control of protocol in 2016, updated its UPNP 2.0 specification in April to address the vulnerability.

However, patches have not yet been released for CallStranger.

“Because this is a protocol vulnerability, it may take a long time for vendors to provide patches,” Çadırcı wrote.

Many connected devices will need firmware updates to resolve CallStranger, and IoT devices have historically been difficult to patch because some products are shipped without the ability to receive and install such updates.

In a post on CallStranger, vulnerability management vendor Tenable said it expects more vulnerable devices to be identified and patched as time goes on.

“[M]anufacturers of affected devices are in the process of determining its impact,” Tenable wrote in the blog post. “As a result, we anticipate newly affected devices will be reported and patches will be released over time for devices still receiving product support.”

In the meantime, Çadırcı advised enterprises to “take their own actions” by blocking UPNP ports for connected devices that don’t need the functionality and blocking all SUBSCRIBE and NOTIFY HTTP packets in ingress and egress traffic to security products. In addition, he recommended ISPs block access to widely used UPnP control and eventing ports that are accessible on the public internet.

Çadırcı first discovered the vulnerability late last year and reported it to the Open Connectivity Foundation on Dec. 12. Public disclosure of CallStranger was pushed back several times beyond the traditional 90-day deadline because several vendors and ISPs requested more time.

The CallStranger research site lists a number of vulnerable products from leading vendors such as Microsoft, Cisco, Broadcom and Samsung, as well as a list of additional devices that could be affected but have yet to be confirmed by the vendors.

Go to Original Article
Author:

What’s New in Microsoft Teams | May 2020

This month, we have new meetings, calling, devices, chat, collaboration, platform, and industry features we will not want you to miss. Read on to stay up-to-date. If you are interested in our recent Microsoft Build news, check out our Teams Build blog!

What’s New: Meetings, Calling, and Devices
Improved meeting join launcher experience
When launching a Teams meeting from a link, you will be provided with clearer options for how to join the meeting. You will be prompted with an option to join on the web, download the Teams client, or join with the native Teams client. We are gradually rolling this out over the coming weeks, and in the interim, you may continue to see this and the former experience.

Easily access meeting options during a Teams meeting
We are making it easier for meeting organizers to quickly and easily change their presenter and lobby settings once a meeting has started by providing a link directly in the participants pane. This new functionality is available for both scheduled and “Meet Now” meetings.

Download a participant report in a Teams meeting
Meeting organizers, especially teachers, often need to know who joined their Teams meetings. You can download a participant report, found in the roster view that includes join and leave times for participants. Available in the roster view, meeting organizers can download the report that includes those users who joined while the organizer was present. This feature is only available within the meeting while the meeting is active. Available on desktop (Windows and Mac) and the web.

Set tenant-wide default selection for “Who Can Present” in meetings
Tenant admins can now update their Teams meeting policies to allow for a new default selection when choosing who can present in new Teams meetings (everyone, people in my organization, specific people, or only me). Today, the default selection is “everyone” unless the meeting organizer selects otherwise through the meetings option configuration. To start, organizations can set this policy via a PowerShell cmdlet, and soon after we will have this policy configurable in the Admin portal.

Set background effects policy at a user-level
Tenant admins can soon assign a user-level policy to control how users engage with background effects in Teams meetings. Options include: offer no filters; background blur only; use background blur and default provided images; and all, which includes the ability for users to upload their own custom images.

Better policy controls over screen sharing from chats
Screen share from chat allows you to immediately start sharing your screen in a 1-1 chat or group chat. This entry point was previously governed by the AllowPrivateCalling policy. If this policy is disabled, users are not able to screen share from chat. The option to start a screen share from chat will now be governed by the ScreenSharingMode policy. Further, the ability to “add audio” to a screen share from chat session (if you want to talk to someone while screen sharing) will be governed by a user’s AllowPrivateCalling setting. This ensures that users who have AllowPrivateCalling disabled cannot start audio calls via screen share from chat.

Teams and Skype Interoperability
Teams and Skype interoperability will enable collaboration with more partners, customers, and suppliers who rely upon Skype for Consumer (SFC) as their communication app. On either platform, customers will be able to discover users via email search, then chat or call using audio/video. Clients supported include Desktop, Web and Mobile (iOS/Android). Admins will be able to control user access to this feature from The Teams Admin Center.

Reverse Number Lookup (RNL) Enhancements
In the past, the caller name sometimes did not show when they called you. Back in October 2019 we released the feature to make it easier to identify the caller. With the latest enhancements to RNL, the Telco display name will now also show up in your Activity Feed, Call History, and Voicemail as well.

Microsoft Teams Rooms, app version 4.4.41.0 now available
While physical meeting rooms may not be a focal point for many right now, there are still organizations and industries whose essential workers continue to rely on these spaces during this time. We also recognize the vital role Microsoft Teams Rooms will play when organizations return to work. The latest update, app version 4.4.41.0, is now available on the Windows store and is coming to every Teams room over the next few weeks. New features include: Modern authentication support, New application splash screen, Ability to project content to a single display when using a HDMI cable in a dual display configuration, Support for dynamic emergency calling, and more. To learn more about these new features, read the Microsoft Teams Rooms May Update blog.

Poly announces new solution for Microsoft Teams Rooms
Poly Room Solution for Microsoft Teams not only delivers the premium Poly audio and video for Teams, but also provides a clutter-free experience from start to finish, with simple installation and maintenance in any size room. To learn more about the Poly solutions for Microsoft Teams Rooms, coming later this year, click here.

Jabra PanaCast now certified for Microsoft Teams
The Jabra PanaCast is a plug-and-play device, certified for Microsoft Teams. The Jabra PanaCast is designed to improve meetings by using three 13-megapixel cameras and real-time video stitching to give a full 180° view. Enjoy a natural, inclusive human perspective, with no blind spots ensuring quick, easy collaboration with hassle-free video and audio. To learn more about the Jabra PanaCast, click here.

Yealink, EPOS, and Jabra announce new Teams peripherals
With increased demand for remote work and virtual communication, having the right set of personal devices provides painless interaction and increases time for meaningful connection. With Teams certified devices, you can join professional meetings anywhere with high audio fidelity that removes distracting background noise and ensures that your voice is heard clearly.

Here are some new releases this month:

  • EPOS ADAPT 360, 460T, 560, and 660 headsets range from in ear and over the ear options that optimize concentration and productivity any environment with Active Noise Cancellation, Bluetooth connectivity, and a dedicated Teams button. Availability varies by product: ADAPT 360 (July 3), ADAPT 460T (June 29), ADAPT 560 (June 26), ADAPT 660 (June 22). You can learn more here.

  • Yealink UH36 Dual/Mono is a simple and lightweight USB headset with a dedicated Teams button for long conference calls. Availability starting on May 15. You can learn more here.

  • Jabra Speak 750 is a speaker phone with a dedicated Teams button helps users hold natural conversations with USB and Bluetooth. Availability starting on June 1. You can learn more here.

Limited time partner offers available for Teams Devices
Crestron
Crestron is offering a program for customers looking to upgrade existing systems to those certified for Microsoft Teams. Special offers are available for a Crestron Smart Soundbar, Flex C-Series Integrator Kit and Mercury system. Offers end June 30, 2020 and are available in the U.S., Canada, Australia, New Zealand, Asia and EMEA. Purchase orders must be placed through an authorized Crestron dealer.

Poly
For customers using Trio Visual+ in Skype for Business who would like to move to a Microsoft Teams environment, Poly is offering a Trio Visual+ to Poly Studio X30 Trade In program. With this promotion, Poly Microsoft customers can replace Trio with Poly Studio X30 and TC8 controller, or pair Trio with the Poly Studio X30, for Teams video meetings in huddle and small room spaces. Between April 15, 2020 and December 31, 2020, customers can trade in Trio Visual+ and save up to $200 when they upgrade to a Poly Studio X30 or up to $300 when they upgrade to a Poly Studio X30 with TC8 controller. This program is globally available.

Yealink
For a limited time, Yealink is offering a devices bundle trial program for remote workers, giving customers 50% off MSRP on any two WFH devices (limit one per device model). This offer is valid through July 31, 2020 and is globally available. Additionally, Yealink is offering a coupon code for the VC210 Teams edition collaboration bar on the Microsoft Teams devices showcase. Use the coupon code: Yealink4Teams at checkout to access the discounted price. This offer is available in the US and Canada only and is valid through July 31, 2020.

What’s New: Chat & Collaboration
Templates in Teams
Create a new team even faster with a variety of templates for common team types. Options will include event management, crisis response, hospital ward and bank branch, just to name a few. Templates comes with pre-defined channels, apps, and guidance on how to utilize and customize it. IT professionals can standardize team structures by creating new custom templates for their organization. Templates in Teams will roll out in the next few months and appear automatically. Check out the deep dive blog to learn more.

Microsoft Lists in Teams
Microsoft Lists helps you track information and organize work. Lists are simple, smart, and flexible, so you can track issues, assets, routines, contacts, inventory and more using customizable views and smart rules and alerts to keep everyone in sync. To learn more, visit the new Microsoft Lists resource center and get first looks at the Microsoft Lists product demo video.

Create a new list directly inside Teams or bring in one that already exists in Microsoft 365.

You can create, share, and track list all from within Microsoft Teams.

Bring more people together in group chats and teams
Whether you need to collaborate with others to deliver a big project or work with a large group of people to complete an ad-hoc task, Microsoft Teams now allows you to bring more people together. Group chats will now be able to accommodate up to 250 users and teams can now have up to 10,000 members.

Pop out chats into separate windows
Users can now streamline their workflow and pop out chats into separate windows. This allows people to move more easily between ongoing conversations. This is now generally available.

What’s New: Onboarding your organization to Teams
New Skype for Business to Teams Upgrade Advisor
Our newest Advisor for Teams, the Skype for Business Upgrade plan, has launched within the Microsoft Teams Admin Center. Whether you’re just getting started with Microsoft Teams, already using Teams alongside Skype for Business, or ready to upgrade, this provides everything you need for a successful transition. Designed for Skype for Business customers with online or on-premises environments, the Skype for Business Upgrade plan shares a proven success framework for implementing change and step-by-step process to enable your organization’s technical and end-user readiness. We’ll connect you with valuable upgrade resources including planning guidance and best practices, free workbooks, schedules and communication templates and live 1:many planning workshops. Learn more here about using Advisor for Teams to help you roll out Teams and upgrade from Skype for Business.

What’s New: Developer, Platform, and App management
Visual Studio and Visual Studio Code Extension for Teams
Developers can use the new Visual Studio and Visual Studio Code Teams extension to quickly build project scaffolding, configure features, create app package manifest and setup hosting, validate app package manifest, and start the app publishing process (for yourself, to your organization’s catalog, or to the Teams app store). Visual Studio Code extension is available in public preview today. Visual Studio extension coming soon!

Bringing low-code bots to Teams, with Power Virtual Agents
We are working with the newest component of the Power Platform – Power Virtual Agents, which is a low-code chatbot platform. New features will make it easier to create and manage low-code chatbots from within Teams and more streamlined for end users to use Power Virtual Agents bots in Teams. These new features are:

  • Bot Template: FAQ bot template available in GitHub
  • Single sign-on: Power Virtual Agents bots will be available, removing the need for users to sign in again when using a Power Virtual Agents bot in Teams

Simplified Power Apps and Power Virtual Agents “Add to Teams”
Coming soon, Power Apps makers will be able to click a single “Add to Teams” button in Power Apps, which will push the app to the Teams app store. Similarly, the process of adding low-code bots from Power Virtual Agents will be simplified, so developers can spend more time building and less time deploying.

Enhanced workflow automation with Power Automate + Teams
There are several new Power Automate triggers and actions built specifically for Teams to unlock custom message extensions, allow for automated @mentioning, and provide a customized bot experience. To make the process of building automation even easier, we are also rolling out new business process scenario templates built for Teams. When users create a new flow, they will see these templates when they select the “Create from Template option.”

Improved Power BI sharing to Teams
We have made it even easier to share Power BI reports to Teams – simply select the report to share and click the new “Share to Teams” button in Power BI. You’ll be prompted to select the user or channel to send the report to, which will automatically be posted to the conversation.

Users can now also copy individual charts in a Power BI report, and when they are pasted to a Teams conversation, the chat will include a rich thumbnail preview of the chart, as well as an adaptive card allowing users to take actions on that chart.

If you want to read more about all our new developer capabilities, check out our Teams Developer blog post: What’s New in the Microsoft Teams Platform | Build 2020.

What’s New: Education
Change in meeting join experience for our education customers
Today, we allow anyone within an organization to start a Teams meeting, regardless if they are the meeting organizer or not. Moving forward, we will restrict the ability to start a meeting to only those users who have been assigned a policy to create a meeting within their organization. Meeting attendees without the ability to create a meeting will see a pre-join screen indicating that the meeting hasn’t started. These individuals will be automatically admitted into the meeting once a user with permissions joins and starts the meeting. For example, where teachers are assigned a policy that enables them to create meetings, but students are not: if a student clicks on a Teams meeting not yet started by a teacher, they will be admitted into the meeting once a teacher has started a meeting.

Keeping distance learning engaging and secure
With many school and universities closed for the foreseeable future, Teams supports faculty, educators, and students to connect, engage, and learn. Here is the latest guidance on how to maximize learning at a distance and keep students safe:

  • Manage student, faculty, and staff engagement in meetings, live events, chat, and more. Learn more about these settings and how to manage them here.
  • Get started in Teams with student and educator quick start guides and create, run, and attend safe Teams meetings with this guidance.
  • Customize your school’s distance learning toolkit with these LMS integrations in Teams.

What’s New: US Government
In-line message translation in GCC and GCC High
In-line message translation will ensure that every worker in the team has a voice and facilitate global collaboration. With a simple click, people who speak different languages can fluidly communicate with one another by translating posts in channels and chat. This is now generally available.

To see many of these new capabilities in action with demonstrations, check out today’s Microsoft Mechanics video: Microsoft Teams updates | May 2020 and beyond.

Go to Original Article
Author: Microsoft News Center

StorMagic SvSAN helps Sheetz hyper-converge at the edge

Convenience store chain Sheetz is bringing hyper-convergence to the edge at its 600 stores to consolidate devices and make it easier to manage, with the help of StorMagic SvSAN software.

Sheetz, based in Altoona, Pa., is a chain of convenience and gasoline stores in Pennsylvania, West Virginia, Maryland, Virginia, Ohio and North Carolina. Each store requires several point-of-sale applications to conduct business.

Gary Sliver, director of infrastructure at Sheetz, and Scott Robertson, universal endpoint unit manager at the chain, said they have installed SvSAN software on about one-quarter of the company’s sites. Sheetz’s IT team began installing StorMagic SvSAN hyper-converged infrastructure (HCI) software in its stores in October 2018. The project coincided with Sheetz’s move to a new kitchen management software system.

Sliver and Robertson said they hope to have all the stores running SvSAN by the end of 2020. Their goal is to condense seven individual devices at each site to a two-node Dell server appliance running SvSAN software and VMware hypervisors.

Move motivated by IT support, space restrictions

StorMagic SvSAN replaces the servers running Sheetz’s kitchen management applications, its in-store orchestration, credit card processing and loyalty program systems, and storage at each retail store.

Sliver said Sheetz had two important reasons for the upgrade: His team wanted to make it easier to support IT, while eliminating space restrictions at the edge.

We’re able to take these seven physical devices and condense them into two small form rack-mounted servers.
Gary SliverDirector of infrastructure, Sheetz

“Primarily, we wanted to reduce the number of physical devices and the support and maintenance administration associated with those,” Sliver said. “We also wanted to put a platform in place that would allow us to grow and innovate. Frankly, we’re just running out of space in the rack with new applications and services that require compute and storage. So, we’re able to take these seven physical devices and condense them into two small form rack-mounted servers. That gives us the potential to add additional applications and servers without having to go in there and add physical devices to the store.”

Sheetz’s IT team can manage the HCI appliances remotely from headquarters. Retail employees in the stores don’t have to manage any devices, and the central IT team doesn’t have to travel to the retail sites as frequently for support.

Sliver said he considered going hyper-converged for years, and the systems upgrade in the stores presented the perfect opportunity.

“We’ve been looking at virtualizing the physical devices in the rack,” he said. “We were going out and touching all 600 stores with this upgrade, so we had the opportunity to leverage that initiative and realize economies of scale. It also allows us to quickly virtualize devices and save some money there.”

After deciding to hyper-converge on the edge, Sheetz considered several HCI options. Sliver said he looked at traditional HCI players VMware and Nutanix, as well as a few appliances designed specifically for retail sites.

U.K.-based StorMagic is less known than other HCI vendors, but its technology and support impressed the Sheetz team. StorMagic developed SvSAN as an edge product rather than altering a product designed for data centers.

StorMagic SvSAN requires only 1 GB of RAM, 512 MB of storage for its boot device and a 20 GB journal drive. It can work over a 1 Gb Ethernet network.

“The technology itself was fairly easy compared to other HCI providers,” Sliver said of StorMagic. “We also can run up to 1,000 nodes on the single witness. To me, that’s their secret sauce. The other thing is their organization. They were very responsive during the RFP review, and that has continued throughout our implementation.”

After the installation

Robertson said Sheetz can get SvSAN up and running quickly in its stores.

“What separated StorMagic was, when we did a lab test, they did everything they said their product could do,” Robertson said. “Our time frame from lab to pilot was short.”

Sliver said so far, StorMagic SvSAN “has been extremely stable. It has done everything we’ve expected it to do.”

Robertson said SvSAN HCI makes it much easier to solve problems in the field. The IT team can spin up a new virtual machine in the data center instead of having to dispatch a technician to install a new physical device at the store.

“From a management standpoint, with any kind of break/fix situation, we no longer have to send out a technician to the site to swap out physical hardware,” Robertson said. “If we notice there’s any sort of abnormality in a system, we can spin up [a new virtual machine] in a half hour. So, it’s just returned to service much quicker.”

Go to Original Article
Author:

Lenovo’s smarter devices stoke professional passions – Stories

Juan Dimida in front of a brick wall, holding a Lenovo ThinkPad in front of a Lenovo logo he drew graffiti-style

In Philadelphia, Juan Dimida, 40, creates graphic art and electronic music on touchscreen devices, working them into beats with other songs or multimedia pieces.

He recently created an album of electronic music on his Motorola G3 over the summer and has been performing it on his Lenovo Yoga PC, connected to drum machines and synthesizers. He’s playing this music live in November.

His artistic background began with graffiti art as a teen, but then he joined a city-run art program in his 20s that channeled his creative energy into colorful murals that covered up graffiti through community-based commissions. These collaborative projects usually involved four to five people and would include elaborate scenery, characters and animation. While each had a theme, the artists also improvised.

Dimida used Photoshop to get designs together and make alterations. While he was working on these murals, an event planner stopped by with a Lenovo ThinkPad tablet, and gave it to him to draw on. He hired Dimida to create art for a 2012 event, where Dimida connected different devices, such as a Lenovo IdeaCentre AIO, to projectors. Dimida drew mosaics on that screen that projected onto 80-foot walls.

After that event, he gained traction to host his own events, showing his original projections at art shows and parties.

Sound visualizations are something he particularly enjoys. Dimida uses a Lenovo ThinkPad X220t to record different sounds, so he’s able to set up different scenes, music effects and visuals, using multiple projectors. He has a separate Lenovo Yoga feed into that, where he draws on its screen. The ThinkPad X220t adds sounds and projects that out.

Go to Original Article
Author: Steve Clarke

Adobe Sign introduces updates targeting mobile device users

Adobe Sign updates this week brought new features supporting mobile devices and new integrations with Microsoft cloud products including SharePoint, Dynamics, PowerApps and Flow, Teams and Azure.

According to Mike Prizament, senior product marketing manager at Adobe, the company emphasized improving user experience on mobile because nearly half of its users start the signing process on their phones. “If 50% of people check their email, and then they try to start signing a document on their phone, we want it to be as easy as possible,” he said.

The Adobe Sign updates include the following:

Improved mobile signing experience: Adobe Sign enables users to zoom in on areas they need to sign and provides mobile-friendly navigation buttons that guide the signer through required fields. The company said these functionalities are available on mobile web and don’t require users to download an app.

New home screen interface: The Adobe Sign home screen has a new design intended to make the main e-signature tools more visible and accessible. The tools let users send out a document for signatures, track document status and manage the signing process. Users can send documents from the Adobe Sign home screen for people to sign instead of emailing the document or sending paper copies, according to the company.

 The new Adobe Sign home screen.
The new Adobe Sign home screen.

New manage page: The new page lets managers responsible for sending documents for signatures track or modify the process. The user can check to whom the documents were sent, determine whether a recipient opened the document yet, change or cancel recipients and archive the documents.

Adobe Sign allows two different levels of account sharing on the manage page: view only and full access. The view-only sharing mode allows the main manager to share the account to team members so they are given access to only view the status of the task. The full-access sharing mode gives complete control to team members to take over the manager’s account in case the person is taking a vacation or leaving the company, according to Adobe.

The new Adobe Sign manage page.
The new Adobe Sign manage page.

Users can swap back and forth between accounts in a drop-down menu on the manage page.

Integrations with Microsoft cloud productivity products

Adobe Sign has updated integrations with the following Microsoft products:

  • Microsoft SharePoint: Users can create and embed digital forms that can be filled, signed and reused. The update is intended to help customers collect information from a large number of people inside and outside the company. Data from the forms is automatically saved and mapped back to a SharePoint list.
  • Microsoft Dynamics 365: E-signatures works with Dynamics 365 Sales in more languages, including German, French and Japanese.
  • Microsoft PowerApps and Power Automate in the Government Community Cloud: Users can add signing workflows when a new document is uploaded in SharePoint, then route final documents and create an audit trail to OneDrive/SharePoint.
  • Microsoft Teams: Team members can send documents for signatures and manage, track and get notifications for the status of important documents. The Adobe Sign integration in Teams is certified as part of the Microsoft 365 Certification program, ensuring that enterprise data privacy and security are protected from third-party developed applications in Microsoft 365.
  • Microsoft Azure: Adobe Sign is now available in Microsoft Azure in Europe and stores all data, content and information within the EU.
  • Microsoft Azure Active Directory: Microsoft Azure Active Directory enterprise customers can use single sign-on to send Adobe Sign to their employees via the Adobe admin console within 30 minutes.

“Signature is a key component to identity, and identity is a key component to trusted commerce. Adobe has a huge potential to leverage over 1 billion PDF users in the future of legal signing authority,” said R “Ray” Wang, principal analyst and founder at Constellation Research.

He said the latest integrations with Microsoft products will enable tools such as Dynamics 365 Sales, Microsoft SharePoint, Teams and other apps to take advantage of signature from Adobe.

Wang said Adobe ultimately competes with DocuSign, a cloud service providing e-signature technology.

Adobe sees a big potential still ahead for the market of e-signatures, citing IDC research sponsored by Adobe that found 80% of enterprise document processes still rely on paper. “There’s still a huge opportunity there, and this is a big area that Adobe Sign looks to solve together with Adobe Document Cloud,” Prizament said.

Go to Original Article
Author:

For Sale – Surface Go (8GB RAM/128GB SSD) inc. Black Type Keyboard

Purchased this recently on another forum but decided I have too many devices. I tested it fully and used it for a week or so, battery life and everything else working as expected.

Both the Surface Go and Type Keyboard are boxed and in good condition. It has been upgraded to full version of Windows 10 Home.

Screen is spotless, and the unit casing is fine bar a couple of hairline scratches where the keyboard has latched on, and a few minor ones on the back. Pics from previous sale are here, note this does not include the pen.

Looking for £350 including delivery (RMSD which will cost £20), this combo still retails for £610 new.

Go to Original Article
Author:

For Sale – Surface Go (8GB RAM/128GB SSD) inc. Black Type Keyboard

Purchased this recently on another forum but decided I have too many devices. I tested it fully and used it for a week or so, battery life and everything else working as expected.

Both the Surface Go and Type Keyboard are boxed and in good condition. It has been upgraded to full version of Windows 10 Home.

Screen is spotless, and the unit casing is fine bar a couple of hairline scratches where the keyboard has latched on, and a few minor ones on the back. Pics from previous sale are here, note this does not include the pen.

Looking for £350 including delivery (RMSD which will cost £20), this combo still retails for £610 new.

Go to Original Article
Author:

Heineken’s Athina Syrrou and Microsoft’s Brad Anderson talk Teams in ‘The Shiproom’ | Transform

In this episode of “The Shiproom,” Athina Syrrou, who leads collaboration and end user devices for Heineken, joins Microsoft’s Brad Anderson, corporate vice president of Microsoft 365, to discuss what got Heineken interested in using Microsoft Teams and what they’ve learned about it since beginning the pilot – including how to introduce and adopt it efficiently.

Syrrou explains how she chooses the tools she provides to her global workforce, and how she uses the cloud to give her users maximum flexibility to choose the apps and devices they need.  She also schools Anderson on how to use common Greek idioms around the office (which explains why he’s recently been mumbling things about roller skates, chair legs and ducks).

Other discussion topics: The superiority of Greek yogurt, the perfect beer to pair with cereal, the benefits of moving to Intune, elephants and how deploying Microsoft 365 gives users the flexibility needed to do their best work and enable BYOD.

Stop by The Shiproom on YouTube to view more episodes. To learn how you can shift to a modern desktop with Microsoft 365, visit Microsoft365.com/Shift.

Go to Original Article
Author: Microsoft News Center

New Mirai variant attacks Apache Struts vulnerability

New variants of the Mirai and Gafgyt botnets are targeting unpatched enterprise devices, according to new research.

Palo Alto Networks’ Unit 42 found the variants affect vulnerabilities in Apache Struts and in SonicWall’s Global Management System (GSM). The Mirai variant exploits the same vulnerability in Apache Struts that was behind the 2018 Equifax data breach, while the Gafgyt variant exploits a newly uncovered vulnerability in unsupported, older versions of SonicWall’s GSM.

The Unit 42 research team noted the Mirai variant involves taking advantage of 16 different vulnerabilities. And while that’s not unusual, it is the first known instance of Mirai or any of its variants targeting an Apache Struts vulnerability.

The research also found the domain that hosts the Mirai samples had resolved to a different IP address in August, which also hosted Gafgyt samples at that time. Those samples exploited the SonicWall GSM vulnerability, which is tracked as CVE-2018-9866. Unit 42’s research did not say whether the two botnets were the work of a single threat group or actor, but it did say the activity could spell trouble for enterprises.

“The incorporation of exploits targeting Apache Struts and SonicWall by these IoT/Linux botnets could indicate a larger movement from consumer device targets to enterprise targets,” the Palo Alto researchers wrote.

The Apache Struts vulnerability exploited by the new Mirai variant was patched last year before it was used in the Equifax breach. But systems that have not been updated are still susceptible to these types of exploits.

The Mirai botnet first emerged in the fall of 2016, and it has since affected hundreds of thousands of IoT and connected devices. The botnet’s malware had primarily targeted consumer devices, and it was responsible for massive distributed denial-of-service attacks on the German teleco Deutsche Telekom and on the domain name server provider Dyn, which took down websites such as Airbnb, Twitter, PayPal, GitHub, Reddit, Netflix and others.

The Unit 42 researchers discovered the Gafgyt and Mirai variant on Aug. 5, and they alerted SonicWall about its GMS vulnerability. The public disclosure was posted by Palo Alto on Sept. 9.