{"id":49826,"date":"2021-03-05T19:33:17","date_gmt":"2021-03-05T15:33:17","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=49826"},"modified":"2021-03-10T19:45:22","modified_gmt":"2021-03-10T15:45:22","slug":"news-you-mightve-missed-01-04-mar","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/news-you-mightve-missed-01-04-mar\/","title":{"rendered":"News You Might’ve Missed. 01 – 04 Mar"},"content":{"rendered":"

What's new this week in the news for MSPs? Microsoft announces new cloud instances and security features; Google launches a cyber-insurance program; Microsoft initiates zero-trust focus for Azure; Exchange servers the target of HAFNIUM 0-day exploits; and DarkSide ransomware hits CompuCom MSP.<\/p>\n

Let's see what it's all about.<\/p>\n

Microsoft Announces New Cloud Instances and Security Features<\/h2>\n

This week Microsoft announced<\/a> memory-optimized instances for Azure public cloud at the Ignite virtual event. The new features will help their customers secure and manage their environments.
\nMsv2 instances are aimed at businesses running memory-intensive workloads, such as the in-memory databases in SAP SE's Hana.<\/p>\n

Besides increasing the number of available Azure instances, they will also be simpler to manage. Although Azure previously supported it only in Windows, Azure Automanage, a management automation service, makes performing specific tasks such as repairing incorrectly defined configuration settings and installing security updates a breeze.<\/p>\n

Trusted Launch, another new feature, and encrypted keys will make it easier for Azure instances to keep hackers out. Additionally, Microsoft is offering a setting that it is referred to as auto-key rotation. This setting enables keys to be refreshed automatically after specific periods, reducing the chance of data breaches.<\/p>\n

Google Launches a Cyber-Insurance Program<\/h2>\n

Google is developing a cybersecurity insurance program<\/a>. According to Google this week, it is the first program of its kind to come from a cloud provider.It includes a risk analysis tool to help companies pinpoint weaknesses in their cloud environment security.<\/p>\n

The two firms are expected to provide \"specialized and enhanced cyber insurance.\" The packages will be made exclusively for customers of Google Cloud. According to Google, the insurance pricing is based on how well the customer's information technology environment is secured.<\/p>\n

\u00a0<\/a>\"CTA\"<\/a><\/span><\/span><\/div>\n

Risk Manager is a tool Google that has developed that will be a part of the offering. It analyzes a company's security in their cloud environment and pinpoints any issues. It then produces a report for companies to reduce their cloud's vulnerability to breaches and optimizes pricing on their insurance. Google is currently announcing the collaboration as the first partnership with the insurance industry and a cloud provider.<\/p>\n

Microsoft Initiates Zero-Trust Focus for Azure<\/h2>\n

Zero-trust is a concept that Google LLC initially proposed. This week at Ignite 2021, Microsoft announced<\/a> many updates that aim to extend the protection it provides to identities, devices, data, clouds, and platforms based on zero-trust.<\/p>\n

The zero-trust concept is centered around shifting access controls from the perimeter to users and individual devices. It will let staff work securely from any location without the need for a traditional VPN (virtual private network).<\/p>\n

Once zero-trust is in place, access control assumes any user, whether from inside or outside, is equally untrustworthy. Access request approvals are based on the particular user\u2019s details, such as their job designation and the device's security status.<\/p>\n

According to Vassu Jakka, Microsoft Corporate VP of compliance, security, and identity, Microsoft is a passionate proponent of the zero-trust mindset. To ensure that businesses are protected in conformance with the current complex security requirements, he says we must combine the areas of security, identity, compliance, and skilling.<\/p>\n

\"CTA\"<\/a><\/span><\/span><\/p><\/blockquote><\/div>\n

Exchange Servers the Target of HAFNIUM 0-Day Exploits<\/h2>\n

Microsoft says it has detected multiple limited and targeted attacks using on-premise versions of Microsoft Exchange Server via 0-day exploits. The threat actor in these attacks used these vulnerabilities to access the on-premise Exchange servers, allowing the installation of additional malware and further access to email accounts, which would facilitate long-term access to its victims' environments.<\/p>\n

HAFNIUM is known to target organizations in the United States primarily.\u00a0MSTIC (Microsoft Threat Intelligence Center)<\/a> attributes the campaign to HAFNIUM<\/a> with a high degree of confidence. They say they are assessed as a state-sponsored group that operates from China. They determined this based on the procedures, tactics, and victimology used in the attacks.<\/p>\n

Microsoft is strongly recommending businesses to update their on-premise systems now. Exchange Online is not affected.<\/p>\n

\n
\n

\"Whitepaper<\/p>\n\"CTA\"<\/a><\/span><\/span>\n<\/div>\n

\n
IT Security Assessment Checklist<\/div>\n
\n

Assess vulnerabilities and threats, network security, workspace and equipment security, documentation, and more. The pack includes:<\/p>\n