Thanks to 100% valid and up to date DP-203 test prep by killexams.com

killexams.com give latest Pass4sure DP-203 bootcamp with Actual DP-203 study guide. Practice these Genuine Questions and Answers to Improve your insight and breeze through your DP-203 test with a great score. We ensure you 100% that if you memorize these DP-203 test questions and practice, You will pass with great score.

DP-203 Data Engineering on Microsoft Azure learning | http://babelouedstory.com/

DP-203 learning - Data Engineering on Microsoft Azure Updated: 2023

DP-203 Dumps and practice exam with Real Question
Exam Code: DP-203 Data Engineering on Microsoft Azure learning November 2023 by Killexams.com team

DP-203 Data Engineering on Microsoft Azure

Test Detail:
The DP-203 exam, Data Engineering on Microsoft Azure, is designed to validate the skills and knowledge of data engineers working with Azure technologies for data storage, processing, and analytics. The exam assesses candidates' abilities to design and implement data solutions using various Azure services and tools.

Course Outline:
The course for DP-203 certification covers a wide range of subjects related to data engineering on Microsoft Azure. The following is a general outline of the key areas covered:

1. Introduction to Data Engineering on Azure:
- Understanding the role of a data engineer in Azure environments.
- Overview of Azure data services and their capabilities.
- Familiarization with data engineering concepts and best practices.

2. Data Storage and Processing:
- Azure data storage options, including Azure Storage, Azure Data Lake Storage, and Azure SQL Database.
- Implementing data ingestion and transformation using Azure Data Factory.
- Introduction to big data processing with Azure Databricks and HDInsight.

3. Data Orchestration and Integration:
- Implementing data orchestration workflows with Azure Logic Apps.
- Integration of data from various sources using Azure Synapse Pipelines.
- Familiarization with Azure Event Grid and Azure Service Bus for event-driven data processing.

4. Data Governance and Security:
- Implementing data security and compliance measures in Azure.
- Configuring access controls and encryption for data at rest and in transit.
- Understanding data privacy, governance, and auditing in Azure.

5. Data Analytics and Visualization:
- Introduction to Azure Synapse Analytics for data warehousing and analytics.
- Implementing data analytics solutions using Azure Analysis Services and Azure Power BI.
- Familiarization with Azure Machine Learning for predictive analytics and machine learning models.

Exam Objectives:
The DP-203 exam evaluates the candidate's knowledge and skills in the following key areas:

1. Designing and implementing data storage solutions on Azure.
2. Implementing data integration and orchestration workflows.
3. Configuring and managing data security and compliance measures.
4. Implementing data processing and analytics solutions.
5. Monitoring, troubleshooting, and optimizing data solutions on Azure.

Exam Syllabus:
The exam syllabus for DP-203 provides a detailed breakdown of the subjects covered in each exam objective. It includes specific tasks, tools, and concepts that candidates should be proficient in. The syllabus may cover the following areas:

- Designing and implementing Azure data storage solutions
- Data ingestion, transformation, and orchestration using Azure Data Factory
- Data security, privacy, and compliance measures on Azure
- Configuring and optimizing data processing workflows
- Implementing data analytics and visualization solutions
Data Engineering on Microsoft Azure
Microsoft Engineering learning

Other Microsoft exams

MOFF-EN Microsoft Operations Framework Foundation
62-193 Technology Literacy for Educators
AZ-400 Microsoft Azure DevOps Solutions
DP-100 Designing and Implementing a Data Science Solution on Azure
MD-100 Windows 10
MD-101 Managing Modern Desktops
MS-100 Microsoft 365 Identity and Services
MS-101 Microsoft 365 Mobility and Security
MB-210 Microsoft Dynamics 365 for Sales
MB-230 Microsoft Dynamics 365 for Customer Service
MB-240 Microsoft Dynamics 365 for Field Service
MB-310 Microsoft Dynamics 365 for Finance and Operations, Financials (2023)
MB-320 Microsoft Dynamics 365 for Finance and Operations, Manufacturing
MS-900 Microsoft Dynamics 365 Fundamentals
MB-220 Microsoft Dynamics 365 for Marketing
MB-300 Microsoft Dynamics 365 - Core Finance and Operations
MB-330 Microsoft Dynamics 365 for Finance and Operations, Supply Chain Management
AZ-500 Microsoft Azure Security Technologies 2023
MS-500 Microsoft 365 Security Administration
AZ-204 Developing Solutions for Microsoft Azure
MS-700 Managing Microsoft Teams
AZ-120 Planning and Administering Microsoft Azure for SAP Workloads
AZ-220 Microsoft Azure IoT Developer
MB-700 Microsoft Dynamics 365: Finance and Operations Apps Solution Architect
AZ-104 Microsoft Azure Administrator 2023
AZ-303 Microsoft Azure Architect Technologies
AZ-304 Microsoft Azure Architect Design
DA-100 Analyzing Data with Microsoft Power BI
DP-300 Administering Relational Databases on Microsoft Azure
DP-900 Microsoft Azure Data Fundamentals
MS-203 Microsoft 365 Messaging
MS-600 Building Applications and Solutions with Microsoft 365 Core Services
PL-100 Microsoft Power Platform App Maker
PL-200 Microsoft Power Platform Functional Consultant
PL-400 Microsoft Power Platform Developer
AI-900 Microsoft Azure AI Fundamentals
MB-500 Microsoft Dynamics 365: Finance and Operations Apps Developer
SC-400 Microsoft Information Protection Administrator
MB-920 Microsoft Dynamics 365 Fundamentals Finance and Operations Apps (ERP)
MB-800 Microsoft Dynamics 365 Business Central Functional Consultant
PL-600 Microsoft Power Platform Solution Architect
AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub
SC-300 Microsoft Identity and Access Administrator
SC-200 Microsoft Security Operations Analyst
DP-203 Data Engineering on Microsoft Azure
MB-910 Microsoft Dynamics 365 Fundamentals (CRM)
AI-102 Designing and Implementing a Microsoft Azure AI Solution
AZ-140 Configuring and Operating Windows Virtual Desktop on Microsoft Azure
MB-340 Microsoft Dynamics 365 Commerce Functional Consultant
MS-740 Troubleshooting Microsoft Teams
SC-900 Microsoft Security, Compliance, and Identity Fundamentals
AZ-800 Administering Windows Server Hybrid Core Infrastructure
AZ-801 Configuring Windows Server Hybrid Advanced Services
AZ-700 Designing and Implementing Microsoft Azure Networking Solutions
AZ-305 Designing Microsoft Azure Infrastructure Solutions
AZ-900 Microsoft Azure Fundamentals
PL-300 Microsoft Power BI Data Analyst
PL-900 Microsoft Power Platform Fundamentals
MS-720 Microsoft Teams Voice Engineer
DP-500 Designing and Implementing Enterprise-Scale Analytics Solutions Using Microsoft Azure and Microsoft Power BI
PL-500 Microsoft Power Automate RPA Developer
SC-100 Microsoft Cybersecurity Architect
MO-201 Microsoft Excel Expert (Excel and Excel 2019)
MO-100 Microsoft Word (Word and Word 2019)
MS-220 Troubleshooting Microsoft Exchange Online

Our Real DP-203 VCE exam simulator is exceptionally promising for our clients for the DP-203 exam prep. All DP-203 dumps questions, references and definitions are highlighted in DP-203 brain dumps pdf in such a way that, you just need to memorize DP-203 questions and answers, practice with VCE exam simulator and take the test and you will get high marks
DP-203 Dumps
DP-203 Braindumps
DP-203 Real Questions
DP-203 Practice Test
DP-203 dumps free
Microsoft
DP-203
Data Engineering on Microsoft Azure
http://killexams.com/pass4sure/exam-detail/DP-203
Question: 92
HOTSPOT
You need to design an analytical storage solution for the transactional data. The solution must meet the sales
transaction dataset requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each
correct selection is worth one point.
Answer:
Explanation:
Graphical user
interface, text, application, table
Description automatically generated
Box 1: Round-robin
Round-robin tables are useful for improving loading speed.
Scenario: Partition data that contains sales transaction records. Partitions must be designed to provide efficient loads
by month.
Box 2: Hash
Hash-distributed tables Improve query performance on large fact tables.
Question: 93
You have an Azure data factory.
You need to examine the pipeline failures from the last 180 flays.
What should you use?
A. the Activity tog blade for the Data Factory resource
B. Azure Data Factory activity runs in Azure Monitor
C. Pipeline runs in the Azure Data Factory user experience
D. the Resource health blade for the Data Factory resource
Answer: B
Explanation:
Data Factory stores pipeline-run data for only 45 days. Use Azure Monitor if you want to keep that data for a longer
time.
Reference: https://docs.microsoft.com/en-us/azure/data-factory/monitor-using-azure-monitor
Question: 94
HOTSPOT
You build an Azure Data Factory pipeline to move data from an Azure Data Lake Storage Gen2 container to a
database in an Azure Synapse Analytics dedicated SQL pool.
Data in the container is stored in the following folder structure.
/in/{YYYY}/{MM}/{DD}/{HH}/{mm}
The earliest folder is /in/2021/01/01/00/00. The latest folder is /in/2021/01/15/01/45.
You need to configure a pipeline trigger to meet the following requirements:
Existing data must be loaded.
Data must be loaded every 30 minutes.
Late-arriving data of up to two minutes must he included in the load for the time at which the data should have
arrived.
How should you configure the pipeline trigger? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Tumbling window
To be able to use the Delay parameter we select Tumbling window.
Box 2:
Recurrence: 30 minutes, not 32 minutes
Delay: 2 minutes.
The amount of time to delay the start of data processing for the window. The pipeline run is started after the expected
execution time plus the amount of delay. The delay defines how long the trigger waits past the due time before
triggering a new run. The delay doesn’t alter the window startTime.
Question: 95
HOTSPOT
You need to design a data ingestion and storage solution for the Twitter feeds. The solution must meet the customer
sentiment analytics requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each
correct selection b worth one point.
Answer:
Explanation:
Graphical user interface, text
Description automatically generated
Box 1: Configure Evegent Hubs partitions
Scenario: Maximize the throughput of ingesting Twitter feeds from Event Hubs to Azure Storage without purchasing
additional throughput or capacity units.
Event Hubs is designed to help with processing of large volumes of events. Event Hubs throughput is scaled by using
partitions and throughput-unit allocations.
Event Hubs traffic is controlled by TUs (standard tier). Auto-inflate enables you to start small with the minimum
required TUs you choose. The feature then scales automatically to the maximum limit of TUs you need, depending on
the increase in your traffic.
Box 2: An Azure Data Lake Storage Gen2 account
Scenario: Ensure that the data store supports Azure AD-based access control down to the object level.
Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control
(Azure RBAC) and POSIX-like access control lists (ACLs).
Question: 96
You have an Azure Stream Analytics query. The query returns a result set that contains 10,000 distinct values for a
column named clusterID.
You monitor the Stream Analytics job and discover high latency.
You need to reduce the latency.
Which two actions should you perform? Each correct answer presents a complete solution. NOTE: Each correct
selection is worth one point.
A. Add a pass-through query.
B. Add a temporal analytic function.
C. Scale out the query by using PARTITION BY.
D. Convert the query to a reference query.
E. Increase the number of streaming units.
Answer: C,E
Explanation:
C: Scaling a Stream Analytics job takes advantage of partitions in the input or output. Partitioning lets you divide data
into subsets based on a partition key. A process that consumes the data (such as a Streaming Analytics job) can
consume and write different partitions in parallel, which increases throughput.
E: Streaming Units (SUs) represents the computing resources that are allocated to execute a Stream Analytics
job. The higher the number of SUs, the more CPU and memory resources are allocated for your job. This capacity lets
you focus on the query logic and abstracts the need to manage the hardware to run your Stream Analytics job in a
timely manner.
References:
https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-parallelization
https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-streaming-unit-consumption
Question: 97
HOTSPOT
You have an Azure subscription.
You need to deploy an Azure Data Lake Storage Gen2 Premium account.
The solution must meet the following requirements:
• Blobs that are older than 365 days must be deleted.
• Administrator efforts must be minimized.
• Costs must be minimized
What should you use? To answer, select the appropriate options in the answer area. NOTE Each correct selection is
worth one point.
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/storage/blobs/premium-tier-for-data-lake-storage
Question: 98
DRAG DROP
You need to ensure that the Twitter feed data can be analyzed in the dedicated SQL pool.
The solution must meet the customer sentiment analytics requirements.
Which three Transaction-SQL DDL commands should you run in sequence? To answer, move the appropriate
commands from the list of commands to the answer area and arrange them in the correct order. NOTE: More than one
order of answer choices is correct. You will receive credit for any of the correct orders you select.
Answer:
Explanation:
Scenario: Allow Contoso users to use PolyBase in an Azure Synapse Analytics dedicated SQL pool to query the
content of the data records that host the Twitter feeds. Data must be protected by using row-level security (RLS). The
users must be authenticated by using their own Azure AD credentials.
Box 1: CREATE EXTERNAL DATA SOURCE
External data sources are used to connect to storage accounts.
Box 2: CREATE EXTERNAL FILE FORMAT
CREATE EXTERNAL FILE FORMAT creates an external file format object that defines external data stored in
Azure Blob Storage or Azure Data Lake Storage. Creating an external file format is a prerequisite for creating an
external table.
Box 3: CREATE EXTERNAL TABLE AS SELECT
When used in conjunction with the CREATE TABLE AS SELECT statement, selecting from an external table imports
data into a table within the SQL pool. In addition to the COPY statement, external tables are useful for loading data.
Question: 99
DRAG DROP
You have the following table named Employees.
You need to calculate the employee_type value based on the hire_date value.
How should you complete the Transact-SQL statement? To answer, drag the appropriate values to the correct targets.
Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Graphical user
interface, text, application
Description automatically generated
Box 1: CASE
CASE evaluates a list of conditions and returns one of multiple possible result expressions.
CASE can be used in any statement or clause that allows a valid expression. For example, you can use CASE in
statements such as SELECT, UPDATE, DELETE and SET, and in clauses such as select_list, IN, WHERE, ORDER
BY, and HAVING.
Syntax: Simple CASE expression:
CASE input_expression
WHEN when_expression THEN result_expression [ …n ] [ ELSE else_result_expression ] END
Box 2: ELSE
Question: 100
HOTSPOT
You are building a database in an Azure Synapse Analytics serverless SQL pool.
You have data stored in Parquet files in an Azure Data Lake Storage Gen2 container.
Records are structured as shown in the following sample.
{
"id": 123,
"address_housenumber": "19c",
"address_line": "Memory Lane",
"applicant1_name": "Jane",
"applicant2_name": "Dev"
}
The records contain two applicants at most.
You need to build a table that includes only the address fields.
How should you complete the Transact-SQL statement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: CREATE EXTERNAL TABLE
An external table points to data located in Hadoop, Azure Storage blob, or Azure Data Lake Storage. External tables
are used to read data from files or write data to files in Azure Storage. With Synapse SQL, you can use external tables
to read external data using dedicated SQL pool or serverless SQL pool.
Syntax:
CREATE EXTERNAL TABLE { database_name.schema_name.table_name | schema_name.table_name | table_name
} ( [ ,…n ] )
WITH (
LOCATION = ‘folder_or_filepath’,
DATA_SOURCE = external_data_source_name, FILE_FORMAT = external_file_format_name
Box 2. OPENROWSET
When using serverless SQL pool, CETAS is used to create an external table and export query results to Azure Storage
Blob or Azure Data Lake Storage Gen2.
Example:
AS
SELECT decennialTime, stateName, SUM(population) AS population
FROM
OPENROWSET(BULK
‘https://azureopendatastorage.blob.core.windows.net/censusdatacontainer/release/us_pop
ulation_county/year=*/*.parquet’,
FORMAT=’PARQUET’) AS [r]
GROUP BY decennialTime, stateName
GO
For More exams visit https://killexams.com/vendors-exam-list
Kill your exam at First Attempt....Guaranteed!

Microsoft Engineering learning - BingNews https://killexams.com/pass4sure/exam-detail/DP-203 Search results Microsoft Engineering learning - BingNews https://killexams.com/pass4sure/exam-detail/DP-203 https://killexams.com/exam_list/Microsoft Systems Engineering Competency Assessment Guide (worth $112) free eBook
 When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Claim your complimentary copy (worth $112) for free today, before the offer expires today, Nov 16!

ebook offer

Compilation of 37 competencies needed for systems engineering, with information for individuals and organizations on how to identify and assess competence

This book provides guidance on how to evaluate proficiency in the competencies defined in the systems engineering competency framework and how to differentiate between proficiency at each of the five levels of proficiency defined within that document. Readers will learn how to create a benchmark standard for each level of proficiency within each competence area, define a set of standardized terminology for competency indicators to promote like-for-like comparison, and provide typical non-domain-specific indicators of evidence which may be used to confirm experience in each competency area.

Sample subjects covered by the three highly qualified authors include:

  • The five proficiency levels: awareness, supervised practitioner, practitioner, lead practitioner, and expert
  • The numerous knowledge, skills, abilities, and behavior indicators of each proficiency level
  • What an individual needs to know and be able to do in order to behave as an effective systems engineer
  • How to develop training courses, education curricula, job advertisements, job descriptions, and job performance evaluation criteria for system engineering positions

For organizations, companies, and individual practitioners of systems engineering, this book is a one-stop resource for considering the competencies defined in the systems engineering competency framework and judging individuals based off them.

This time-limited offer expires on November 16.

How to get it

Please ensure you read the terms and conditions to get this free offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

>> Systems Engineering Competency Assessment Guide (worth $112) free eBook
Offered by Wiley, view their other free resources. Limited time offer, must end Nov 16


We post these because we earn commission on each lead so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs.

Other ways to support Neowin

The above not doing it for you, but still want to help? Check out the links below.

Disclosure: An account at Neowin Deals is required to participate in any deals powered by our affiliate, StackCommerce. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site.

Thu, 16 Nov 2023 03:00:00 -0600 en text/html https://www.neowin.net/sponsored/systems-engineering-competency-assessment-guide-worth-112-free-ebook/
Microsoft touts mirroring over moving in data warehouse gambit No result found, try new keyword!Fabric update cuts against the grain, and may have more to do with Databricks partnerships Ignite Microsoft is advising customers using its Fabric platform to copy data from other data warehouses and ... Wed, 15 Nov 2023 05:16:04 -0600 en-us text/html https://www.msn.com/ Department of Computer Science and Engineering

Learn how to create the hardware and software of tomorrow.

For undergraduates we offer a B.S. in Computer Science and Engineering that focuses on programming and building computer systems. For those looking to code and design for the Web, we also offer a B.S. in Web Design and Engineering that pairs a technical education in computing with courses in graphic arts, communication, and sociology.

By your senior year, you'll take on a major project that identifies a need, and then creates a product to address it. Past projects include apps to Improve health care in rural areas, virtual reality software for treating anxiety, and nanosatellite software.

Our graduate programs include an M.S. and Ph.D. in Computer Science and Engineering. The capstone and dissertation work of our grad students often leads to developing solutions that reach far beyond the Santa Clara campus.

Our faculty members have worked for companies like Google and LG, helped write state K-12 curriculum, and collaborated with organizations like the National Science Foundation and the Oak Ridge National Laboratory. During your time here, you'll have the chance to work in their labs or with them through the Sustainable Energy Initiative or Frugal Innovation Lab.

Mon, 13 Nov 2023 22:31:00 -0600 en text/html https://www.scu.edu/engineering/academic-programs/department-of-computer-engineering/
A new world of security: Microsoft’s Secure Future Initiative

The past year has brought to the world an almost unparalleled and diverse array of technological change. Advances in artificial intelligence are accelerating innovation and reshaping the way societies interact and operate. At the same time, cybercriminals and nation-state attackers have unleashed opposing initiatives and innovations that threaten security and stability in communities and countries around the world.

In latest months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response. Therefore, we’re launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we’re calling our Secure Future Initiative (SFI).

This new initiative will bring together every part of Microsoft to advance cybersecurity protection. It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats. Charlie Bell, our Executive Vice President for Microsoft Security, has already shared the Secure Future Initiative details with our engineering teams and what this action plan means for our software development practices.

I share below our perspective on the changes that have led us to take these new steps, as well as more information on each part of our Secure Future Initiative.

The changing threat landscape

In late May, we published information showing new nation-state cyber activity targeting critical infrastructure organizations across the United States. The activity was disconcerting not only because of its threat to civilians across the country, but because of the sophistication of the techniques involved. As we highlighted in May, the attacks involved sophisticated, patient, stealthy, well-resourced, and government-backed techniques to infect and undermine the integrity of computer networks on a long-term basis. We witnessed similar activities this summer targeting cloud services infrastructure, including at Microsoft.

These attacks highlight a fundamental attribute of the current threat landscape. Even as latest years have brought enormous improvements, we will need new and different steps to close the remaining cybersecurity gap. As we shared last month in our annual Microsoft Digital Defense Report, the implementation of well-developed cyber hygiene practices now protect effectively against a large majority of cyberattacks. But the best-resourced attackers have responded by pursuing their own innovations, and they are acting more aggressively and with even more sophistication than in the past.

Brazen nation-state actors have become more prolific in their cyber operations, conducting espionage, sabotage, destructive attacks, and influence operations against other countries and entities with more patience and persistence. Microsoft estimates that 40% of all nation-state attacks in the past two years have focused on critical infrastructure, with state-funded and sophisticated operators hacking into vital systems such as power grids, water systems, and health care facilities. In each of these sectors, the consequences of potential cyber disruption are obviously dire.

At the same time, improving protection has raised the barriers to entry for cybercriminals, but has enabled some market consolidation for a smaller but more pernicious group of sophisticated actors. Microsoft’s Digital Crimes Unit is tracking 123 sophisticated ransomware-as-a-service affiliates, which lock or steal data and then demand a payment for its return. Since September 2022, we estimate that ransomware attempts have increased by more than 200%. While firms with effective security can manage these threats, these attacks are becoming more frequent and complex, targeting smaller and more vulnerable organizations, including hospitals, schools, and local governments. More than 80% of successful ransomware attacks originate from unmanaged devices, highlighting the importance of expanding protective measures to every single digital device.

Today’s cyber threats emanate from well-funded operations and skilled hackers who employ the most advanced tools and techniques. Whether they work for geopolitical or financial motives, these nation states and criminal groups are constantly evolving their practices and expanding their targets, leaving no country, organization, individual, network, or device out of their sights. They don’t just compromise machines and networks; they pose serious risks to people and societies. They require a new response based on our ability to utilize our own resources and our most sophisticated technologies and practices.

AI-based cyber defense

The war in Ukraine has demonstrated the tech sector’s ability to develop cybersecurity defenses that are stronger than advanced offensive threats. Ukraine’s successful cyber defense has required a shared responsibility between the tech sector and the government, with support from the country’s allies. It is a testament to the coupling of public-sector leadership with corporate investments and to combining computing power with human ingenuity. As much as anything, it provides inspiration for what we can achieve at an even greater scale by harnessing the power of AI to better defend against new cyber threats.

As a company, we are committed to building an AI-based cyber shield that will protect customers and countries around the world. Our global network of AI-based datacenters and use of advanced foundation AI models puts us in a strong position to put AI to work to advance cybersecurity protection.

As part of our Secure Future Initiative, we will continue to accelerate this work on multiple fronts.

First, we are taking new steps to use AI to advance Microsoft’s threat intelligence. and the Microsoft Threat Analysis Center (MTAC) are using advanced AI tools and techniques to detect and analyze cyber threats. We are extending these capabilities directly to customers, including through our Microsoft security technologies, which collects and analyzes customer data from multiple sources.

One reason these AI advances are so important is because of their ability to address one of the world’s most pressing cybersecurity challenges. Ubiquitous devices and constant internet connections have created a vast sea of digital data, making it more difficult to detect cyberattacks. In a single day, Microsoft receives more than 65 trillion signals from devices and services around the world. Even if all 8 billion people on the planet could look together for evidence of cyberattacks, we could never keep up.

But AI is a game changer. While threat actors seek to hide their threats like a needle in a vast haystack of data, AI increasingly makes it possible to find the right needle even in a sea of needles. And coupled with a global network of datacenters, we are determined to use AI to detect threats at a speed that is as fast as the Internet itself.

Second, we are using AI as a gamechanger for all organizations to help defeat cyberattacks at machine speed. One of the world’s biggest cybersecurity challenges today is the shortage of trained cybersecurity professionals. With a global shortage of more than three million people, organizations need all the productivity they can muster from their cybersecurity workforce. Additionally, the speed, scale, and sophistication of attacks creates an asymmetry where it’s hard for organizations to prevent and disrupt attacks at scale. Microsoft’s Security Copilot combines a large language model with a security-specific model that has various skills and insights from Microsoft’s threat intelligence. It generates natural language insights and recommendations from complex data, making analysts more effective and responsive, catching threats that may have been missed and helping organizations prevent and disrupt attacks at machine speed.

Another vital ingredient for success is the combination of these AI-driven advances with the use of extended detection and response capabilities in endpoint devices. As noted above, today more than 80% of ransomware compromises originate from unmanaged or “bring-your-own devices” that employees use to access work-related systems and information. But once managed with a service like Microsoft Defender for Endpoint, AI detection techniques provide real-time protection that intercepts and defeats cyberattacks on computing endpoints like laptops, phones, and servers. Wartime advances in Ukraine have provided extensive opportunities to test and extend this protection, including the successful use of AI to identify and defeat Russian cyberattacks even before any human detection.

Third, we are securing AI in our services based on our Responsible AI principles. We recognize that these new AI technologies must move forward with their own safety and security safeguards. That’s why we’re developing and deploying AI in our services based on our Responsible AI principles and practices. We are focused on evolving these practices to keep pace with the changes in the technology itself.

While most of our cybersecurity services protect consumers and organizations, we are also committed to building stronger AI-based protection for governments and countries. Just last week, we announced that we will spend $3.2 billion to extend our hyperscale cloud computing and AI infrastructure in Australia, including the development of the Microsoft-Australian Signals Directorate Cyber Shield (MACS). In collaboration with this critical agency in the Australian Government, this will enhance our joint capability to identify, prevent, and respond to cyber threats. It’s a good indicator of where we need to take AI in the future, building more secure protection for countries around the world.

New engineering advances

In addition to new AI capabilities, a more secure future will require new advances in fundamental software engineering. That’s why Charlie Bell is sending to our employees this morning an email co-authored with his engineering colleagues Scott Guthrie and Rajesh Jha. This launches as part of our Secure Future Initiative a new standard for security by advancing the way we design, build, test, and operate our technology.

You can read Charlie’s entire email here. In summary, it contains three key steps:

First, we will transform the way we develop software with automation and AI. The challenges of today’s cybersecurity threats and the opportunities created by generative AI have created an inflection point for secure software engineering. The steps Charlie is sharing with our engineers today represent the next evolutionary stage of the Security Development Lifecycle (SDL), which Microsoft invented in 2004. We will now evolve this to what we’re calling “dynamic SDL,” or dSDL. This will apply systematic processes to continuously integrate cybersecurity protection against emerging threat patterns as our engineers code, test, deploy, and operate our systems and services. As Charlie explains, we will couple this with other additional engineering measures, including AI-powered secure code analysis and the use of GitHub Copilot to audit and test source code against advanced threat scenarios.

As part of this process, over the next year we will enable customers with more secure default settings for multifactor authentication (MFA) out-of-the-box. This will expand our current default policies to a wider band of customer services, with a focus on where customers need this protection the most. We are keenly sensitive to the impact of such changes on legacy computing infrastructure, and hence we will focus on both new engineering work and expansive communications to explain where we are focused on these default settings and the security benefits this will create.

Second, we will strengthen identity protection against highly sophisticated attacks. Identity-based threats like password attacks have increased ten-fold during the past year, with nation-states and cybercriminals developing more sophisticated techniques to steal and use login credentials. As Charlie explains, we will protect against these changing threats by applying our most advanced identity protection through a unified and consistent process that will manage and verify the identities and access rights of our users, devices, and services across all our products and platforms. We will also make these advanced capabilities freely available to non-Microsoft application developers.

As part of this initiative, we also will migrate to a new and fully automated consumer and enterprise key management system with an architecture designed to ensure that keys remain inaccessible even when underlying processes may be compromised. This will build upon our confidential computing architecture and the use of hardware security modules (HSMs) that store and protect keys in hardware and that encrypts data at rest, in transit, and during computation.

Third, we are pushing the envelope in vulnerability response and security updates for our cloud platforms. We plan to cut the time it takes to mitigate cloud vulnerabilities by 50%. We also will encourage more transparent reporting in a more consistent manner across the tech sector.

We no doubt will add other engineering and software development practices in the months and years ahead, based on learning and feedback from these efforts. Like Trustworthy Computing more than two decades ago, our SFI initiatives will bring together people and groups across Microsoft to evaluate and innovate across the cybersecurity landscape.

Stronger application of international norms

Finally, we believe that stronger AI defenses and engineering advances need to be combined with a third critical component – the stronger application of international norms in cyberspace.

In 2017, we called for a Digital Geneva Convention, a set of principles and norms that would govern the behavior of states and non-state actors in cyberspace. We argued that we needed to enforce and augment the norms needed to protect civilians in cyberspace from a broadening array of cyberthreats. In the six years since that call, the tech sector and governments have taken numerous steps forward in this space, and the precise nature of what we need has evolved. But in spirit and at its heart, I believe the case for a Digital Geneva Convention is stronger than ever.

The essence of the Geneva Convention has always been the protection of innocent civilians. What we need today for cyberspace is not a single convention or treaty but rather a stronger, broader public commitment by the community of nations to stand more resolutely against cyberattacks on civilians and the infrastructure on which we all depend. Fundamentally, we need renewed efforts that unite governments, the private sector, and civil society to advance international norms on two fronts. We will commit Microsoft’s teams around the world to help advocate for and support these efforts.

First, we need to stand together more broadly and publicly to endorse and reinforce the key norms that provide the red lines no government should cross.

We should all abhor determined nation-state efforts that seek to install malware or create or exploit other cybersecurity weaknesses in the networks of critical infrastructure providers. These bear no connection to the espionage efforts that governments have pursued for centuries and instead appear designed to threaten the lives of innocent civilians in a future crisis or conflict. If the principles of the Geneva Convention are to have continued vitality in the 21st century, the international community must reinforce a clear and bright red line that places this type of conduct squarely off limits.

Therefore, all states should commit publicly that they will not plant software vulnerabilities in the networks of critical infrastructure providers such as energy, water, food, medical care, or other providers. They should also commit that they will not permit any persons within their territory or jurisdiction to engage in cybercriminal operations that target critical infrastructure.

Similarly, the past year has brought increasing nation-state efforts to target cloud services, either directly or indirectly, to gain access to sensitive data, disrupt critical systems, or spread misinformation and propaganda. Cloud services themselves have become a critical piece of support for every aspect of our societies, including reliable water, food, energy, medical care, information, and other essentials.

For these reasons, states should recognize cloud services as critical infrastructure, with protection against attack under international law.

This should lead to three related commitments:

  • States should not engage in or allow any persons within their territory or jurisdiction to engage in cyber operations that would compromise the security, integrity, or confidentiality of cloud services.
  • States should not indiscriminately compromise the security of cloud services for the purposes of espionage.
  • States should construct cyber operations to avoid imposing costs on those who are not the target of operations.

Second, we need governments to do more together to foster greater accountability for nation states that cross these red lines. The year has not been lacking in hard proof of nation-state actions that violate these norms. What we need now is the type of strong, public, multilateral, and unified attributions from governments that will hold these states accountable and discourage them from repeating the misconduct.

Tech companies and the private sector play a major role in cybersecurity protection, and we are committed to new steps and stronger action. But especially when it comes to nation-state activity, cybersecurity is a shared responsibility. And just as tech companies need to do more, governments will need to do more as well. If we can all come together, we can take the types of steps that will supply the world what it deserves – a more secure future.

Tags: , , , , , , ,

Thu, 02 Nov 2023 02:59:00 -0500 en-US text/html https://blogs.microsoft.com/on-the-issues/2023/11/02/secure-future-initiative-sfi-cybersecurity-cyberattacks/
Microsoft System Engineer

key Responsibilities:

System Design and Implementation: Design, deploy, and maintain Microsoft server systems, including Windows Server, Active Directory, and related services, ensuring scalability and high availability.

Server Administration: Perform server administration tasks, such as installation, configuration, maintenance, and troubleshooting of Windows servers. Active Directory Management: Manage and maintain the Active Directory infrastructure, including user accounts, group policies, security, and authentication.

Email and Collaboration Services: Configure, administer, and troubleshoot Microsoft Exchange for email services and collaborate on tools like Microsoft Teams and SharePoint.

Security and Compliance: Implement security measures, compliance policies, and disaster recovery solutions to protect data and systems. Manage security features like Microsoft Defender and Azure Security Center.

Virtualization: Utilize Microsoft Hyper-V or Azure virtualization technologies for server virtualization and cloud integration.

Backup and Recovery: Develop and maintain backup and disaster recovery strategies using Microsoft technologies, such as Azure Backup and Azure Site Recovery.

Patch Management: Keep systems up to date by applying Windows Updates, service packs, and security patches.

Desired Skills:

  • Azure
  • Troubleshooting
  • Microsoft Hyper-V
  • MS SQL 2012
  • MS SQL 2014
  • MS SQL 2019
  • MS SQL
  • MS SharePoint
  • ShareGate
  • Adobe reader
  • Attachmate
  • Citrix client
  • Cisco Jabber
  • Webex
  • Microsoft Azure AD

Desired Work Experience:

  • 2 to 5 years [other] Information Technology
  • 2 to 5 years Systems / Network Administration

Desired Qualification Level:

Learn more/Apply for this position

Mon, 30 Oct 2023 12:00:00 -0500 en-US text/html https://it-online.co.za/2023/10/31/microsoft-system-engineer/
Microsoft is Getting Serious About Security. Again.

Microsoft Security Response Center

In the wake of a string of cyberattacks, Microsoft announced a new initiative today called the Secure Future Initiative (SFI). And it’s impossible not to think of its Trustworthy Computing initiative of two decades ago and how much the world has changed since then.

“In latest months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response,” Microsoft president Brad Smiths writes in a new post to Microsoft On the Issues. “This new initiative will bring together every part of Microsoft to advance cybersecurity protection.”

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

SFI is built on three pillars:

AI-based cyber defenses. Microsoft will “put AI to work to advance cybersecurity protection” and protect its customers worldwide with an “AI-based cyber shield,” Smith says. This will include using AI to advance Microsoft’s threat intelligence and extending these capabilities directly to its customers. “AI is a game changer,” he says. “Coupled with a global network of datacenters, we are determined to use AI to detect threats at a speed that is as fast as the Internet itself.”

Advances in fundamental software engineering. This is the bit that is most reminiscent of Trustworthy Computing: Charlie Bell, Microsoft’s executive vice president for Security, has informed the company’s employees how SFI will advance the way Microsoft designs, builds, tests, and operates its technology. It will use AI and automation to transform the way it develops software, strengthen identity protection against highly sophisticated attacks, and cut the time it takes to mitigate cloud vulnerabilities by 50 percent while being more transparent and consistent when reporting incidents.

Advocacy for stronger application of international norms to protect civilians from cyber threats. Reissuing Microsoft’s 2017 call for a Digital Geneva Convention, Smith says the need now is greater than ever. “What we need today for cyberspace is … a stronger, broader public commitment by the community of nations to stand more resolutely against cyberattacks on civilians and the infrastructure on which we all depend,” he writes. “Fundamentally, we need renewed efforts that unite governments, the private sector, and civil society to advance international norms on two fronts. We will commit Microsoft’s teams around the world to help advocate for and support these efforts.”

You can learn more about SFI in Charlie Bell’s email to Microsoft’s employees and on the Microsoft Secure Future Initiative website.

Thu, 02 Nov 2023 04:34:00 -0500 en-US text/html https://www.thurrott.com/cloud/292136/microsoft-is-getting-serious-about-security-again
Codegen raises new cash to automate software engineering tasks

Jay Hack, an AI researcher with a background in natural language processing and computer vision, came to the realization several years ago that large language models (LLMs) — think OpenAI’s GPT-4 or ChatGPT — have the potential to make developers more productive by translating natural language requests into code.

After working at Palantir as a machine learning engineer and building and selling Mira, an AI-powered shopping startup for cosmetics, Hack began experimenting with LLMs to execute pull requests — the process of merging new code changes with main project repositories. With the help of a small team, Hack slowly expanded these experiments into a platform, Codegen, that attempts to automate as many mundane, repetitive software engineering tasks as possible leveraging LLMs.

“Codegen automates the menial labor out of software engineering by empowering AI agents to ship code,” Hack told TechCrunch in an email interview. “The platform enables companies to move significantly quicker and eliminates costs from tech debt and maintenance, allowing companies to focus on product innovation.”

So, one might wonder, what sets Codegen apart from code-generating AI like GitHub Copilot, Amazon CodeWhisperer and the Salesforce model with which Codegen shares a name? For one, the challenges that Codegen’s tackling, Hack says. Whereas Copilot, CodeWhisperer and others focus on code autocompletion, Codegen sees to “codebase-wide” issues like large migrations and refactoring (i.e. restructuring an app’s code without altering its functionality).

“Codegen leverages a multi-agent system for complex code generation,” Hack explained. “This entails orchestrating a swarm of agents that collaboratively decompose and solve large tasks. Many LLMs effectively deliberate and build upon each other’s work, [which] yields significantly better outputs.”

Codegen gif

Image Credits: Codegen

Codegen’s core product is a cloud and on-premises tool that connects to codebases and project management boards, such as Jira and Linear, and automatically generates pull requests to address support tickets. The platform can even set up some of the necessary code infrastructure and logging, Hack says — although it wasn’t clear to this reporter what Hack meant by “infrastructure.”

“In contrast to other solutions, Codegen provides a higher level of automation in executing entire tasks on behalf of developers,” Hack said. “We scrape a company’s backlog, find the solvable tickets, then spin up an army of agents to find the relevant code and produce a pull request.”

Now, Codegen’s promising a lot considering even the best AI models today make major mistakes. For example, it’s well-established that generative coding tools can introduce insecure code, with one Stanford study suggesting that software engineers who use code-generating AI are more likely to cause security vulnerabilities in the apps they develop.

Hack says that Codegen, for its part, is trying to strike “the right balance” of human oversight and best practices surrounding monitoring LLM-generated code.

“This is important work, and the entire development ecosystem would benefit from a better understanding of how to evaluate and verify LLM output,” Hack said. “Significant advances will need to occur for there to be widespread developer trust in generalized, automated code generation systems.”

Investors seem to think that Codegen’s going places, for what it’s worth.

The company this week announced that it closed a $16 million seed round led by Thrive Capital with participation from angel investors including Quora CEO Adam D’Angelo and Instagram co-founder Mike Krieger. The tranche brings Codegen’s total raised to $16.2 million and values the startup at $60 million post-money, Hack claims.

Thrive’s Philip Clark had this to say via email: “In 2023, most developers still spend an unreasonable share of their time writing code to deal with low-level tasks like migrations, refactors, integrations and bug fixes. Companies like Codegen are leveraging LLMs to build AI agents that free engineers from this drudgery. Developers will soon be able to hand off jobs to agents so that they can stop worrying about software toil and stay focused on creating new products.”

San Francisco-based Codegen doesn’t have paying customers yet — it’s currently incubating the platform with two “large-scale” enterprise partners. But Hack’s anticipating growth into the next year.

“We’re raising significant capital as the opportunity to make such a substantial and ambitious product has only recently emerged, and we want to sprint full force towards the market,” he said, adding that Codegen plans to grow its workforce from six employees to 10 by the end of the year. “The funds will be used to scale our workforce and support our infrastructure.”

Thu, 16 Nov 2023 02:00:00 -0600 en-US text/html https://techcrunch.com/2023/11/16/codegen-raises-new-capital-llm-automation-for-software-dev/
Endpoint security getting a boost from AI and machine learning

Are you ready to bring more awareness to your brand? Consider becoming a sponsor for The AI Impact Tour. Learn more about the opportunities here.


Attackers are turning to generative AI to hunt for the easiest endpoints to breach, combining their attacks with social engineering to steal admin identities so they don’t have to hack into networks — they walk right in. 

Endpoints overloaded with too many agents are just as unsecure as those that don’t have any. AI and machine learning (ML) are urgently needed in endpoint protection to identify the weakest endpoints, update their patches and harden detection and response beyond what’s available today.  

With endpoints becoming the focal point of more lethal, sophisticated attacks, it’s timely that Forrester published their Endpoint Security Wave for Q4, 2023. The research firm evaluated thirteen endpoint providers’ current offerings, strategy and market presence. Bitdefender, BlackBerry, Broadcom, Cisco, CrowdStrike, ESET, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, Trellix and VMware are included in the Wave. 

Forrester notes in the report that “endpoint security vendors have evolved beyond simple malware prevention or “next-generation antivirus” to incorporate behavioral analysis and prevention, vulnerability and patch remediation and advanced threat preventions for data, identity and network, all of which have benefitted the customers using these products.”  

VB Event

The AI Impact Tour

Connect with the enterprise AI community at VentureBeat’s AI Impact Tour coming to a city near you!

Learn More
Forrester’s Endpoint Security Wave reflects an endpoint security market in transition as every provider struggles to keep up with enterprises’ need for greater consolidation while needing more visibility, control, and integration of every data telemetry source. Source: Forrester, Endpoint Security Wave for Q4, 2023.

How AI and ML are boosting endpoint security

AI and ML provide a much-needed boost to endpoint security. Every provider in Forrester’s Wave is fast-tracking the technologies on their platform roadmaps to drive more sales through consolidation.

VentureBeat has learned that these roadmaps include new applications and tools that will deliver step-wise gains in behavioral analytics, real-time authentication, improved tools for closing the identity-endpoint gaps and AI-based indicators of attack (IOA) and indicators of compromise (IOAs). 

IOAs are designed to detect an attacker’s intent and to identify their goals regardless of the malware or exploit used in an attack. An IOC provides the forensics needed for evidence of a breach. IOAs must be automated to deliver accurate, real-time data on attack attempts to understand attackers’ intent and kill any intrusion attempt.

Of the providers profiled by Forrester, CrowdStrike is the first to deliver AI-based IOAs.  While not mentioned in the Wave, ThreatConnect, Deep Instinct and Orca Security also use AI and ML to streamline IOCs.

“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what’s bad,” Vasu Jakkal, corporate VP for Microsoft Security, Compliance, Identity and Privacy, said during an insightful keynote at RSA Conference. “At Microsoft, we process 24 trillion signals every single day and that’s across identities and endpoints and devices and collaboration tools and much more.”

Endpoint security providers are under pressure from customers to consolidate platforms while providing more functionality at a lower price and deliver step-change improvements in visibility and control.

A CISO responsible for protecting one of the nation’s largest insurance and financial services firms told VentureBeat that her teams’ first place to look for consolidation wins is endpoint security. Extended detection and response (XDR) shows the potential to deliver the consolidation CISOs have been asking for.

Forrester senior analyst Paddy Harrington writes that, “while many organizations are now looking to enhance their security operations with endpoint detection and response (EDR) or XDR solutions to allow for better threat and incident investigation, securing the endpoint starts with a strong endpoint protection platform, and that was the focus of this Forrester Wave evaluation.” 

Harrington points to three dominant trends driving the endpoint security market: 

A stronger focus on prevention to protect threat analysts’ time

Security analysts need more effective tools for preventing attacks to protect their time and break out of the endless cycle of responding to and recovering from attacks. Harrington points out that in previous years, the focus had been on detection and response — deprioritizing prevention — due to the belief that it was the best way to respond to incidents. He said that endpoint security solutions can help provide analysts with the opportunity to split time between investigation and recovery by making prevention more efficient.

Toolkits already play an important role in consolidation

CISOs tell VentureBeat that 2023 became the year of consolidation, coincident with rising interest rates and spiraling inflation. CrowdStrike and Palo Alto Networks were ahead of the curve, using their user events in 2022 to sell consolidation as a growth strategy. Forrester has written about today’s cybersecurity staffing challenges and the resulting consolidation security products protecting the endpoint. He points out that including vulnerability and patch remediation or secure configuration management in endpoint security reduces the number of tools needed to maintain a proper endpoint security posture, helping CISOs achieve their consolidation and cost-reduction goals.

Endpoint protection helps accelerate the transition from EDR or XDR

EDR platforms that support data independence and portability are critical for the long-term success of an endpoint strategy and the long-term success of any XDR platform. Harrington cautions that migrating from an EDR to an XDR platform should not require reconfiguring endpoints. The greater the coverage across different attack vectors, the simpler and more scalable incident correlation becomes, with the mean time to resolution shortened.

Comparing all thirteen vendors’ approaches to AI, ML and zero trust reflects the increasingly diverse endpoint security market.

Forrester’s take on the market leaders

Wave leaders include CrowdStrike, Trend Micro, Bitdefender and Microsoft. Forrester broke down their strengths and weaknesses.

 CrowdStrike is a strong fit for enterprises migrating from EDR to XDR

Forrester writes in the report that “CrowdStrike is a good fit for customers who are interested in evolving to EDR or XDR, based off of a full set of prevention functions using a single endpoint agent.” CrowdStrike is well-known as an enterprise-ready endpoint security solution, and Forrester found that the company’s inclusion of functions like secure configuration management and reporting and extensive attack remediation capabilities has made this an attractive endpoint security solution even for small and medium-sized business (SMB) customers.

CrowdStrikes’ additional module pricing could make their solution higher-priced, and customers are concerned that their latest acquisitions may not integrate with the core platforms. CrowdStrike customers praised the core endpoint security capabilities and their ability to stop attacks quickly. 

Trend Micro: A Veteran in endpoint security with a strong focus on innovation and XDR

Forrester gives High Score to Trend Micro for their reputation with customers as an endpoint security solution “that just works.” Forrester found that Trend Micro’s move from the on-premises Apex One solution to the cloud-native Trend Vision One — Endpoint Security continues to support features across both environments.

Trend Micro also invests heavily in R&D, including for its XDR platform. Trend Micro customers rated the company as the best vendor to work with among all their security solution providers. Forrester found that “Trend Micro is a good fit for customers who want a consistently strong endpoint protection platform that can support evolving to XDR.”

Bitdefender: A prevention-first endpoint security tool with flexible pricing

Bitdefender’s expertise with prevention engines sets the company apart from other leaders, further strengthening their prevention-first mindset from product development to services. Forrester found that Bitdefender further differentiates itself in its expertise in mobile threat defense, integrated patching, vulnerability management and reliance on a single agent for all functions. Forrester notes that Bitdefender’s vision “is on par with most of the field on moving to XDR, but the roadmap doesn’t have the depth of others.”

Microsoft a strong fit with less experienced security staff

E3 and E5 are Microsoft licensing frameworks with which Defender for Endpoint is priced. The E5 license is designed for large organizations that require advanced security features and compliance capabilities. Forrester gives Microsoft credit for a strong roadmap for endpoint security that includes expanding Defender functionality to operational tech (OT) and IoT devices and continuing its strategy of building an extensive partner community. Microsoft’s vision for Defender is both simple for SMBs and detailed for global enterprises. Still, its licensing models are the most challenging in the industry, with advanced features requiring enterprise agreements.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Mon, 06 Nov 2023 16:43:00 -0600 Louis Columbus en-US text/html https://venturebeat.com/security/endpoint-security-getting-a-boost-from-ai-and-machine-learning/
Living Learning Communities

The Collat School of Business Learning Community is for students who plan to or are interested in a business major. This community is for those interested in joining a community of students, faculty, and staff who are passionate about all areas of business. On-campus residents will work together to explore different business practices and engage in problem-solving and extracurricular activities that provide real-world context and experience. Programming within the Academic Learning Community is a partnership between the Office of Student Housing and Residence Life and the UAB Collat School of Business.

As a part of this community, students will be exposed to and be able to participate in various professional and recreational development activities that will assist in self-assessment, exploration of academic majors, career exploration, and networking. Students in the Business Learning Community will also be able to build strong connections while taking similar courses, forming study groups, and learning from upper-level peer mentors.

Benefits:

  • Learn, lead, collaborate, and serve as you prepare to become future business and community leaders.
  • Build a community of peers interested in and taking courses in similar topics.
  • Network with other students and faculty in similar fields.
  • Participate in programs designed to help students discover and strengthen their business-related knowledge and skills.

Eligibility:

  • Must be an on-campus resident interested in or intending to major in Business.
Sun, 29 Oct 2023 14:06:00 -0500 en-US text/html https://www.uab.edu/students/housing/apply/living-learning-communities
Microsoft: BlueNoroff hackers plan new crypto-theft attacks

North Korean hackers

Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.

This financially motivated threat group (tracked by Redmond as Sapphire Sleet) also has a documented history of cryptocurrency theft attacks targeting employees within cryptocurrency companies.

After picking their targets following initial contact on LinkedIn, the BlueNoroff hackers backdoor their systems by deploying malware hidden in malicious documents pushed via private messages on various social networks.

"The threat actor that Microsoft tracks as Sapphire Sleet, known for cryptocurrency theft via social engineering, has in the past few weeks created new websites masquerading as skills assessment portals, marking a shift in the persistent actor's tactics," according to Microsoft Threat Intelligence security experts.

"Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment. The threat actor then moves successful communications with targets to other platforms."

Previously, the North Korean state hackers were seen distributing malicious attachments directly or using links to pages hosted on legitimate websites like GitHub.

However, Microsoft believes that swift detection and removal of the attackers' malicious files from legitimate online services prompted the BlueNoroff hackers to create their own websites capable of hosting malicious payloads.

These websites are password-protected to thwart analysis efforts and are camouflaged as skills assessment portals, urging recruiters to register for an account.

Earlier this week, Jamf Threat Labs' security researchers linked BlueNoroff to new ObjCShellz macOS malware used to backdoor targeted Macs by opening remote shells on compromised devices.

In latest years, Kaspersky linked BlueNoroff to a series of attacks against cryptocurrency startups and financial organizations worldwide, including in the U.S., Russia, China, India, the U.K., Ukraine, Poland, Czech Republic, UAE, Singapore, Estonia, Vietnam, Malta, Germany, and Hong Kong.

Additionally, the FBI attributed the largest crypto hack in history—the breach of Axie Infinity's Ronin network bridge—to the Lazarus and BlueNoroff hacking groups. The attackers stole 173,600 Ethereum and 25.5 million USDC tokens, amounting to over $617 million.

Four years ago, a United Nations report estimated that North Korean state hackers, including BlueNoroff, had already stolen around $2 billion in at least 35 cyberattacks targeting banks and cryptocurrency exchanges across more than a dozen countries.

In 2019, the U.S. Treasury also sanctioned BlueNoroff and two other North Korean hacking groups (Lazarus Group and Andariel) for channeling stolen financial assets to the North Korean government.

Fri, 10 Nov 2023 01:41:00 -0600 Sergiu Gatlan en-us text/html https://www.bleepingcomputer.com/news/security/microsoft-bluenoroff-hackers-plan-new-crypto-theft-attacks/




DP-203 candidate | DP-203 study | DP-203 guide | DP-203 book | DP-203 exam success | DP-203 exam plan | DP-203 learner | DP-203 test prep | DP-203 availability | DP-203 education |


Killexams exam Simulator
Killexams Questions and Answers
Killexams Exams List
Search Exams
DP-203 exam dump and training guide direct download
Training Exams List