Recently Browsing 0 members
No registered users viewing this page.
By Hamza Jawad
Power BI Report Builder gets rebuilt as an x64 app, among other updates
by Hamza Jawad
In 2019, Microsoft released a new Report Builder tool for Power BI, with the rather self-explanatory purpose of allowing paginated reports to be authored and then published to the data analytics service. Around the time of its release, the tech giant launched a 'Feature Friday' series that highlighted the latest capabilities for the tool, including Secure Embed, adding comments, and more.
Today, Microsoft has started rolling out a new version of the Power BI Report Builder. This version has been rebuilt as an x64 app, and users should notice this change in the form of performance improvements when it comes to designing and locally rendering paginated reports.
As for other new additions, for starters, there is a new 'Data' tab. This acts as an efficient way to connect to a variety of different data sources when creating reports. Next up, DAX queries can now be copy/pasted with ease. Previously, users were required to connect to models in third-party tools to paste in custom DAX queries.
Support for single sign-on (SSO) for SQL Server and Oracle data sources is now available too, through the Enterprise Gateway. And finally, the release also includes bug fixes and accessibility improvements.
The latest version of Power BI Report Builder - which is currently in preview - can be downloaded from the Download Center here or the Microsoft Store here.
By Usama Jawad96
Microsoft expands AccountGuard features to high-risk entities in 31 countries
by Usama Jawad
AccountGuard is Microsoft's cybersecurity offering that protects the digital security of high-risk entities such as political parties and their candidates, journalists, human rights workers, and more. The service is available in dozens of regions including the United States, the United Kingdom, France, and Spain.
Now, Microsoft has announced that it is expanding AccountGuard's identity and access management protections to 31 democracies.
Image via Pixabay Microsoft states that these "enterprise-grade" features were first made available to political campaigns in the 2020 U.S. presidential elections, and the company noted an 18% enhancement in the Microsoft Identity Protection Security Score for customers who utilized it. As such, it is now rolling these out to 31 democracies - where AccountGuard is already available - at no extra cost.
Five of these 31 countries have elections coming up this year, which is why AccountGuard may play a crucial role. It will strengthen defenses against state-sponsored cyberattacks, hack-and-leak operations, and impersonation of campaign staff.
Microsoft is also expanding its partnership with Yubico, with the latter now supplying 25,000 hardware security keys. Eligible customers will have access to a fixed number of YubiKeys depending upon their organization size.
Identity and access management protections in AccountGuard include multi-factor authentication (MFA), single sign-on (SSO), privileged identity management (PIM), conditional access policies, and access governance. Microsoft says that deployment teams of engineers and partners such as the Patriot Consulting Technology Group will be assisting customers in onboarding to these solutions and making use of the aforementioned protections, if needed.
Try out freeCodeCamp if you want to get into programming
by Paul Hill
Whether you’ve seen some of the latest robot or AI Sci-Fi films or you’re simply thinking about a change of career and want to learn to code, freeCodeCamp is an excellent resource to begin your journey into the world of programming, it's available to everyone around the world and at no cost.
freeCodeCamp, which is a little over six years old, boasts more than 40,000 graduates who have gone on to get jobs at big tech firms including Microsoft, Apple, Google, Amazon, and Spotify. It offers a variety of courses which you work through where you'll learn all the relevant information before completing several projects which demonstrate you’ve learned the content - upon completion of the projects, you get a certificate for the course which appears on your public profile.
This approach to teaching programming is great because you end up with five projects per course which can be shown off to prospective employers, who will most likely want to know what you’ve worked on. The courses that are available at the time of writing include:
To help you along your coding journey, freeCodeCamp features a very active forum where you can ask questions if you get stuck on any of the tasks or just want to ask about any coding concepts. Once you are thinking about searching for jobs that utilise your new skills, the Career Advice section of the forums can provide you with invaluable information about landing a job.
A few other niceties about the service include that content is available in English, Spanish, and Chinese, there are regular blog posts related to programming from contributors and they’ve created a radio player that loops music “designed for coding” 24/7.
To begin learning, you do not need to create an account but making one is highly recommended so that you can save your progress, earn certificates, and have a public profile page to show off. To learn more about the service, reading the FAQs section is highly recommended.
By Usama Jawad96
Microsoft open sources CodeQL queries used in Solorigate investigation
by Usama Jawad
Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".
Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.
Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.
CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.
Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.
Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.
At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:
More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.
By Usama Jawad96
Microsoft: Customer data was not accessed in Solorigate attack
by Usama Jawad
In 2020, there was a major global cyberattack, spanning across the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. It was reported to have been triggered by supply chain attacks on three major firms: SolarWinds, Microsoft, and VMware, where attackers were able to access private documents and emails. The attack was dubbed "Solorigate" by Microsoft with President Brad Smith calling it "a moment of reckoning". Now, the company has shared a final update on its Solorigate investigation.
Image via Splashtop Microsoft Corporate Vice President of Security, Compliance, and Identity Vasu Jakkal has concluded that while nation-state actors were able to compromise some initial security procedures, they were then stopped by a "unified team of human and digital defenders". She also clarified that the company has found no proof of customer data or production services being breached. Furthermore, the investigation confirmed that Microsoft software was not used to attack other identities.
Microsoft states that multiple factors aided in limiting the scope of this attack and these should be embraced by other security teams and organizations moving forward as well. These include adopting a Zero Trust security model with multi-factor authentication for credentials, and cloud technologies like Azure Active Directory and Microsoft 365 Defender. Lastly, Jakkal has emphasized that it is paramount that companies and teams work together to strengthen collective defenses.
The Microsoft Security Response Center (MSRC) went on to say that:
MSRC highlighted that even though the attack was discovered in December 2020 with organizations racing to mitigate the threat, its analysis shows that the malicious actor attempted access in January 2021 as well. It has clarified that across all of its services, the attacker was able to view and download only a small number of code files for Azure, Intune, and Exchange. None of the code files breached contained any live credentials being used in production environments.