Web directory – Boom Directory http://boomdirectory.com/ Sun, 05 Dec 2021 01:27:46 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://boomdirectory.com/wp-content/uploads/2021/08/cropped-icon-32x32.png Web directory – Boom Directory http://boomdirectory.com/ 32 32 Global Biosimilars Partnership Report / Directory 2021: Access Conditions and Agreements for Over 170 Offers 2010-2021 – ResearchAndMarkets.com https://boomdirectory.com/global-biosimilars-partnership-report-directory-2021-access-conditions-and-agreements-for-over-170-offers-2010-2021-researchandmarkets-com/ Fri, 03 Dec 2021 14:08:27 +0000 https://boomdirectory.com/global-biosimilars-partnership-report-directory-2021-access-conditions-and-agreements-for-over-170-offers-2010-2021-researchandmarkets-com/ DUBLIN – (BUSINESS WIRE) – The report “Global Biosimilars Partnering Terms and Agreements 2010 to 2021” has been added to ResearchAndMarkets.com offer. The Global Biosimilars Partnering Terms and Agreements 2010 to 2021 report provides an understanding and access to the biosimilars agreements and partnership agreements entered into by the world’s leading healthcare companies. The report […]]]>

DUBLIN – (BUSINESS WIRE) – The report “Global Biosimilars Partnering Terms and Agreements 2010 to 2021” has been added to ResearchAndMarkets.com offer.

The Global Biosimilars Partnering Terms and Agreements 2010 to 2021 report provides an understanding and access to the biosimilars agreements and partnership agreements entered into by the world’s leading healthcare companies.

The report provides a detailed understanding and analysis of how and why companies enter into partnership agreements with biosimilars. The majority of agreements are at an early stage of development where the licensee obtains a right or option right to license the biosimilar technology or product candidates from the licensor. These agreements tend to be multi-component, starting with collaborative R&D and the commercialization of results.

Understanding the flexibility of the terms of the agreements negotiated by a potential partner provides critical insight into the negotiation process in terms of what you can expect to achieve during the negotiation of the terms. While many small businesses will be looking for details on payment terms, the devil is in the details of triggering payments – contract documents provide that insight where press releases and databases do not. .

This report contains links to online copies of actual biosimilar offerings and contractual documents as submitted to the Securities Exchange Commission by the companies and their partners. Contract documents provide the answers to many questions about a potential partner’s flexibility on a wide range of important issues, many of which will have a significant impact on each party’s ability to derive value from the agreement.

Contract documents provide the answers to many questions about a potential partner’s flexibility on a wide range of important issues, many of which will have a significant impact on each party’s ability to derive value from the agreement.

In addition, a comprehensive appendix is ​​provided, curated by biosimilar partner company AZ, transaction type definitions and examples of biosimilar partnership agreements. Each transaction title is linked via a web link to an online version of the transaction record and, if applicable, the contractual document, providing easy access to each contractual document on demand.

The report also includes numerous tables and figures that illustrate trends and biosimilar partnership and negotiation activities since 2010.

In conclusion, this report provides everything a potential negotiator needs to know about partnering in the research, development and commercialization of biosimilar technologies and products.

Scope of the report

The terms and global partnership agreements for biosimilars 2010 to 2021 include:

  • Trends in biosimilar transactions in the biopharmaceutical industry since 2010

  • Access to title, advance, milestone and royalty data

  • Access to more than 170 transaction files and contractual documents on biosimilars, where applicable

  • The main biosimilar offers by value since 2010

  • The most active biosimilars negotiators since 2010

  • The main partnership resources for biosimilars

In Global Biosimilars Partnering Terms and Agreements 2010 to 2021, the available contracts are listed by:

  • Company from A to Z

  • Title value

  • Stage of development at signing

  • Component type of the agreement

  • Specific therapeutic and technological target

Main topics covered:

Abstract

Chapter 1 Introduction

Chapter 2 – Trends in the negotiation of biosimilars

2.1. introduction

2.2. Biosimilar partnerships over the years

2.3. The most active biosimilars negotiators

2.4. Biosimilar partnerships by type of agreement

2.5. Biosimilar partnership by therapeutic area

2.6. Terms of the agreement for the biosimilar partnership

2.6.1 Key values ​​of the partnership on biosimilars

2.6.2 Biosimilars Process Upfront Payments

2.6.3 Milestone Payments for Biosimilars

2.6.4 Biosimilar royalty rate

Chapter 3 – Best Biosimilar Offers

3.1. introduction

3.2. Best Biosimilar Deals By Value

Chapter 4 – The Most Active Biosimilars Negotiators

4.1. introduction

4.2. The most active biosimilars negotiators

4.3. Profiles of the most active biosimilar partner companies

Chapter 5 – Negotiation directory for biosimilars contracts

5.1. introduction

5.2. Directory of biosimilar contracts

Chapter 6 – Biosimilar Transactions by Type of Technology

Chapter 7 – Partner Resource Center

7.1. Online partnership

7.2. Partnership events

7.3. Further reading on negotiation

Appendices

Annex 1 – Biosimilar offers by AZ company

Annex 2 – Biosimilar offers by stage of development

Annex 3 – Biosimilar offers by type of offer

Annex 4 – Biosimilar offers by therapeutic area

Annex 5 – Definitions of types of transactions

Companies mentioned

  • BeiGene

  • Momenta Pharmaceuticals

  • Ewopharma

  • Samsung Bioepis

  • Biotechnology compass

  • YL organic products

  • alvogen

  • Simcere Pharma

  • Medicago

  • Cipla

  • Merck serono

  • JAMP Pharma Group

  • Yoshindo

  • SQI diagnosis

  • R-Pharm

  • Sandoz

  • ProBioGen

  • Diabeloop

  • Biocnd

  • Epirus Biopharmaceuticals

  • mAbXience

  • AIT Biosciences

  • Concord Biosciences

  • Abreos Biosciences

  • Revance Therapeutics

  • Walter and Eliza Hall Institute

  • Zhejiang Hisun Pharmaceutical

  • TS Dyne

  • Amneal Pharmaceuticals

  • MGC diagnosis

  • Theradiag

  • XL-Protein

  • Aceno Biotherapeutics

  • Baxter International

  • Zhejiang Huahai Pharmaceutical

  • BioXpress

  • Pharma Holdings algorithm

  • World-class research

  • PharmaPraxis

  • GC Pharma

  • Universal cells

  • Synthon

  • Chimio Sa Lugano

  • Amgen

  • Return-To-Line

  • Vela Laboratories

  • NeuClone

  • Cellectis

  • TR-Pharm

For more information on this report, visit https://www.researchandmarkets.com/r/krrkae

Contacts

ResearchAndMarkets.com

Laura Wood, Senior Press Director

press@researchandmarkets.com
For EST office hours, call 1-917-300-0470

For USA / CAN call toll free 1-800-526-8630

For GMT office hours, call + 353-1-416-8900

]]>
CISA Warns of Actively Exploited Zoho ManageEngine ServiceDesk Critical Vulnerability https://boomdirectory.com/cisa-warns-of-actively-exploited-zoho-manageengine-servicedesk-critical-vulnerability/ Fri, 03 Dec 2021 05:24:00 +0000 https://boomdirectory.com/cisa-warns-of-actively-exploited-zoho-manageengine-servicedesk-critical-vulnerability/ The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn against actively exploiting a recently patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and perform a variety of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue is related to an unauthenticated remote code […]]]>

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn against actively exploiting a recently patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and perform a variety of malicious activities.

Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue is related to an unauthenticated remote code execution vulnerability affecting ServiceDesk Plus versions up to and including 11305 which, if not Fixed, “allows an attacker to download executable files and place web shells that allow post-exploitation activities, such as compromising administrator credentials, driving sideways, and exfiltrating hives registry and Active Directory files, ”CISA said.

GitHub automatic backups

“A misconfiguration of security in ServiceDesk Plus led to the vulnerability,” Zoho noted in an independent notice published on November 22. “This vulnerability can allow an adversary to execute arbitrary code and carry out any subsequent attack. Zoho fixed the same flaw in version 11306 and above on September 16, 2021.

CVE-2021-44077 is also the second flaw exploited by the same threat actor that previously exploited a security hole in Zoho’s self-service and single sign-on password management solution known as ManageEngine ADSelfService Plus (CVE-2021-40539) from compromising at least 11 organizations, according to a new report released by the threat intelligence team of Palo Alto Networks Unit 42.

Zoho ManageEngine ServiceDesk vulnerability

“The threatening actor stretches[ed] its goal beyond ADSelfService Plus to other vulnerable software, ”said Unit 42 researchers Robert Falcone and Peter Renals. “Specifically, between October 25 and November 8, the actor turned his attention to several organizations running a different Zoho product known as ManageEngine ServiceDesk Plus. “

The attacks are said to be orchestrated by a “persistent and determined APT player” followed by Microsoft as “DEV-0322”, a cluster of emerging threats that the tech giant says operates from China and has already been observed in China. exploiting a zero-day flaw in the SolarWinds Serv-U managed file transfer service earlier this year. Unit 42 monitors the combined activity as “Tilted temple” campaign.

Prevent data breaches

Post-exploitation activities following a successful compromise involve the actor downloading a new dropper (“msiexec.exe”) to the victimized systems, which then deploys the Chinese JSP web shell named “Godzilla” to establish the persistence in these machines, echoing similar tactics used against ADSelfService software.

Unit 42 identified that there are currently more than 4,700 instances of ServiceDesk Plus accessible on the Internet worldwide, of which 2,900 (or 62%) are in the United States, India, Russia, Great Britain and in Turkey are considered vulnerable to exploitation.

In the past three months, at least two organizations have been compromised using the ManageEngine ServiceDesk Plus flaw, a number that is expected to rise further as the APT Group ramps up its reconnaissance activities against technology, energy, transport, health, education, finance and industrial defense.

Zoho, for its part, has made available an Exploit Detection Tool to help customers identify if their on-premise installations have been compromised, in addition to recommending users to “upgrade to the latest version of ServiceDesk Plus. (12001) immediately “to mitigate any potential operational risk.

]]>
1Password Review – Forbes Advisor https://boomdirectory.com/1password-review-forbes-advisor/ Wed, 01 Dec 2021 15:00:41 +0000 https://boomdirectory.com/1password-review-forbes-advisor/ Considered one of the best password managers, 1Password has a lot of features with two main points, easy storage, filing systems and very secure data system. The main features that really help differentiate it from the crowd are: Several safes Travel mode Automation of secrets Watchtower security check 1Password is available on all major platforms […]]]>

Considered one of the best password managers, 1Password has a lot of features with two main points, easy storage, filing systems and very secure data system.

The main features that really help differentiate it from the crowd are:

  • Several safes
  • Travel mode
  • Automation of secrets
  • Watchtower security check

1Password is available on all major platforms including Windows, Mac, iOS, Android, Linux, Chrome OS, Darwin, FreeBSD, and OpenBSD. It is also extremely secure and has a very user-friendly dashboard as well as several packages.

Let’s take a look at some of the benefits and features of 1Password.

Secure encryption

1Password uses 256-bit AES encryption, which banks and governments around the world also use. This means that your passwords are secure and the likelihood of someone trying to hack your account head-on is extremely unlikely.

The master password you receive during setup is also a 34 character secret key. You will use it for the first connection. This master key is shared with you in a PDF, which you can print or place in a safe place. The master key is also protected by a secure remote password (SRP).

While you may fear losing this key, you can retrieve it using Window Hello, which accesses applications through biometrics. 1Password also has a zero knowledge policy, so no one other than you will know the master key.

Multiple chests

Each 1Password account is divided into vaults. These form a ranking system for your profile to store different sets of information or to create different categories for certain data. You can create a safe for forms, passwords, secure documents, credit cards, and more.

It also means that you will have organized your sensitive information and that you will still be able to allow access to certain data if necessary. On the family and business plans, you can configure settings for sharing with other users that are specific to each safe.

Travel mode

When you cross certain borders, some customs officers ask for access to your device. With the Travel mode, you can select the chests that will be accessible to these officials.

All you need to do is select some travel safes and some that are not. If your device is seized, they cannot access your sensitive information. It also serves as an extra layer to protect your information if your device is stolen while traveling. On business plans, administrators can remotely configure these settings for team members.

Watchtower

This feature alerts you if your passwords are weak, reused, vulnerable to attack, or have been compromised during a data breach. However, this is not unique to 1Password, as there are many other software that offer the same.

What is different, however, is that Watchtower will notify you if your registered documents (like passports or driver’s licenses) are about to expire. Along with credit card details, this can be very helpful when it comes to changing your online shopping account information.

Privacy Cards

By working with a third-party application, Privacy, you can set up privacy cards, which are virtual payment cards that will hide your card information when you shop online. This is only available for US subscribers.

With this app, you can be sure that no one can use your card information in the event that a supplier through whom you have purchased something is compromised. You can also use privacy to set transaction limits, making it easy to sign up for free trials without having to think about canceling automatic renewal.

Clipboard options

You should always make sure that the contents of your clipboard are erased as soon as possible, as it exposes your sensitive data to hackers and malicious websites.

With 1Password, you can set a timer that automatically clears your clipboards. While this is a pretty tricky feature to use with other software, it’s pretty straightforward on 1Password.

1 Password X

Because it is a browser extension, 1Password X offers full use of the software in any web browser of your choice. It is very easy to use and facilitates automatic filling and registration. There is also a built-in password generator, which creates a unique code that is instantly saved in a safe.

You also have the option to add 2FA and can search for your safes from your browser without having to open a separate program.

]]>
Austin Resource Recovery encourages buyers to find goods and services that embrace zero waste https://boomdirectory.com/austin-resource-recovery-encourages-buyers-to-find-goods-and-services-that-embrace-zero-waste/ Mon, 29 Nov 2021 18:30:26 +0000 https://boomdirectory.com/austin-resource-recovery-encourages-buyers-to-find-goods-and-services-that-embrace-zero-waste/ AUSTIN Buyers invited to think zero waste Austin Resource Recovery, a department of the City of Austin, has launched its 2021 Give A Great Story holiday campaign, encouraging Austinites to rethink shopping and gifting this holiday season by making zero waste purchases. This year, the department is promoting the relaunch of the Austin Reuse Directory […]]]>

AUSTIN

Buyers invited to think zero waste

Austin Resource Recovery, a department of the City of Austin, has launched its 2021 Give A Great Story holiday campaign, encouraging Austinites to rethink shopping and gifting this holiday season by making zero waste purchases.

This year, the department is promoting the relaunch of the Austin Reuse Directory to help Austinites find goods and services that embrace zero waste gifts. The directory can help residents find places to purchase used, vintage or recycled items, repair a beloved item, or gift rental services. Users can also find places to donate or sell lightly used items in the spirit of giving back this holiday season. Currently, the directory is best viewed in a web browser on a desktop or laptop computer.

For zero waste gift ideas: facebook.com/austinrecycles.

Reports

AUSTIN

City gets top marks for inclusiveness

Austin recently achieved a maximum score of 100 points in a national lesbian, gay, bisexual, transgender and gay equality assessment based on city policies, laws and services.

]]>
Montclair NJ’s purchases promoted on Small Business Saturdays https://boomdirectory.com/montclair-njs-purchases-promoted-on-small-business-saturdays/ Sat, 27 Nov 2021 23:40:44 +0000 https://boomdirectory.com/montclair-njs-purchases-promoted-on-small-business-saturdays/ What a difference a year makes. Just 12 months ago, there were so many empty storefronts along Bloomfield Avenue in Montclair that the Business Improvement District asked artists to install works of art there. This year, those showcases are filled with merchandise. According to Jason Gleason, executive director of the Business Improvement District, on Church […]]]>

What a difference a year makes.

Just 12 months ago, there were so many empty storefronts along Bloomfield Avenue in Montclair that the Business Improvement District asked artists to install works of art there.

This year, those showcases are filled with merchandise.

According to Jason Gleason, executive director of the Business Improvement District, on Church Street for Small Business on Saturday, the vacancy rate in Montclair Center fell from 18% in January to 11% this month.

Forty-nine new businesses have set up in the district, he said; subtracting the loss from 18, we get a result of 31.

The story continues under the gallery

“It’s amazing,” he said. He cited the many new restaurants to come, including Porta in the space formerly occupied by the Montclair Social Club; the steakhouse in the building that housed The Crosby and Fin; Pineapple Express Barbecue at Lackawanna Plaza and the new Mochinut donut shop. But besides the restaurants, there are also what he calls “different and interesting” businesses such as Gravity Vault, for the interactive block, One River School for the art classes. and a new physiotherapy practice called Integrated Core Concepts combining physiotherapy, yoga and psychology services.

]]>
Global MNO directory from 2021 to 2023 https://boomdirectory.com/global-mno-directory-from-2021-to-2023/ Fri, 26 Nov 2021 10:53:00 +0000 https://boomdirectory.com/global-mno-directory-from-2021-to-2023/ Dublin, November 26, 2021 (GLOBE NEWSWIRE) – The “Worldwide MNO Directory 2021-2022” directory has been added to ResearchAndMarkets.com offer. A compendium of global business intelligence for mobile network operators (MNOs), strategically designed for large and small providers supporting the mobile operator value chain. This latest 2021 edition includes over 700 MNOs and over 6000 CXO […]]]>

Dublin, November 26, 2021 (GLOBE NEWSWIRE) – The “Worldwide MNO Directory 2021-2022” directory has been added to ResearchAndMarkets.com offer.

A compendium of global business intelligence for mobile network operators (MNOs), strategically designed for large and small providers supporting the mobile operator value chain. This latest 2021 edition includes over 700 MNOs and over 6000 CXO / Management contacts (Special Edition *) holding a variety of key roles ranging from roaming, network planning, strategy, purchasing and more. .

The MNO Directory is an essential resource for those looking to do business or collaborate with mobile operators around the world.

The directories cover all continents, countries or regions of the world, which can be broken down as follows:

  • Directory of Asia-Pacific MNOs (including Australia and New Zealand)

  • Directory of MNOs in Africa

  • Directory of MNOs in Europe

  • Directory of MNOs in the Middle East

  • Directory of MNOs in Latin America

  • Directory of MNOs in North America

  • Global MNO Directory (all in one)

For each region, the directories list all the operators active in a given country. For a trader active in a given country, the analyst offers a range of business attributes to help companies understand and effectively strategize their goals. Such as:

  • Operator Details – Registered Name, Trademark

  • Market share, group information and ownership

  • Company Details – Network portfolio, subscribers, growth trend, network penetration, market share, contact details.

The directories are delivered in PDF and XLS formats. The PDF is distributed by country; 1 page per operator structure. And, XLS is dedicated to a list of management contacts; Names of executives, roles of executives and emails of executives. These managerial contacts are decision-makers holding influential roles within the operator’s businesses. And, contacting them not only gives interested companies a “time advantage” over the competition, but also presents a unique opportunity to explain their proposals correctly and effectively.

The MNO directory provides the following information:

  • Operator name – one operator per country per page structure

  • Group and ownership information

  • Business information – network portfolio, subscribers, growth trend, penetration, market share, addresses, telephone, fax numbers, etc.

  • Online Presence – Web / URL

  • CXO contacts / Management / Decision-makers / Operators

  • Available formats – PDF and Excel

MNO Directory 2021-2022 – Special Edition has up to 300% more contacts than the regular edition. Also includes team interviews, in-depth Q&A, and more.

Abstract:

Key questions answered by the analyst

Report analyst talks about the state of the mobile network operator (MNO) industry, its direction, the impact of the pandemic, growth opportunities, innovation and the challenges facing telecommunications. face as we move into the future.

1. What are the emerging trends? What would the analyst’s advice be to mobile network operators (MNOs) looking to expand in the near future?

The answer is that operators need to create deals not around but throughout the digital lifestyle of consumers, and simply ‘forget’ about monetizing their investments by selling voice, data and a few OTT offerings. While connectivity becomes a commodity and unlimited or more than enough data is taken for granted, the quality of the network – both experience and service – will always be a differentiator in my opinion. The content is more and more relevant, but more and more expensive. Still, many customers are willing to pay for a better experience and better branding. This way you are also sending a strong message to your existing customer base. And keeping them informed that you are “there” is as important as planning.

Through working with operator clients, five main strategies to drive revenue growth have been identified. Their potential varies, and some are long-term bets, while others are short-term, non-structural measures.

2. Are operators making money these days? Who does the analyst think can reserve profits and how can other mobile operators emulate them? Any case of a specific operator who could have made a difference would be helpful to the readers of the report.

The telecommunications market in Europe, North America and the advanced countries of Asia-Pacific and the Middle East is now saturated. As a result, the industry has witnessed fierce competition among mobile operators and negative revenue growth. The industry has entered a phase of consolidation in recent years and we have seen several exits, mergers and acquisitions around the world.

However, the number of mobile operators active in almost all countries is quite good (on average 3 operators per country). However, the exponential growth and adoption of OTT services, from WhatsApp to YouTube to Vimeo, Netflix and Amazon Prime Video, have left operators in an unprecedented situation.

He has:

  • More and more commonplace network services, reducing margins

  • Operators forced to invest more in their network to meet growing demand

And as we see, Operators face the following challenges:

  • Reduced margin that does not allow them to innovate

  • They hardly can offer the OTT of consumer choice – it changes so frequently

  • Even partnerships with OTTs are not really effective enough for operators

  • Partnering with OTTs is not a long-term solution

A ranking of the top ten players on the basis of revenue or number of subscribers or profitability is not really important when their survival can be easily questioned by any OTT startup. Still, I can tell you a few operators who are facing these challenges very well or who have deployed their strategic efforts in a laudable manner.

3. What is the status of 2G, 3G, 4G or 5G in the world? In your opinion, what are or should be the operators’ priorities with regard to future growth?

LTE has become the operator’s priority program to enable consumers to take full advantage of mobile Internet. The current priority for operators is to reach the full potential of 4G LTE when they have already started working on 5G and beyond. Africa is, however, far behind the rest of the world. Many African countries have a lower LTE footprint and adoption. While smartphone penetration has exceeded 50% on the continent, this exaggerates its importance as most countries in the region operate on legacy 2G and 3G speeds, which do not allow video streaming or anything else. beyond basic web browsing.

4. Where do operators spend the most? What is slowing them down?

Most of the investments are focused on expanding, modernizing and improving the capacity of the network. The exponential growth in demand for data is observed; however, operators have failed to become the primary beneficiary despite billions of investments in the 4G network over the past 10 years.

As for “what’s slowing them down”, it’s huge expectations and commensurate effort and capital that would be required to make customers happy as a whole. And why not, the 21st century is all that. Still, remember that operators around the world continue to spend a substantial portion of their profits to make things work.

5. What excites operators?

As in previous years, operators will continue to invest in 4G and 4G + mobile networks. Not because they’re excited, but the exponential growth in data traffic is forcing them to do so. This new investment in 4G and 4G + meets two needs, increasing network coverage and improving capacity.

6. What is the analyst’s perspective on the direction the industry could take in the next 2-3 or 5 years?

As individuals, society, industry and governments look to the future with more efficient digital tools, advanced technologies and automation like never before, telecommunications players must lead the charge. Seizing opportunities as early as possible before large-scale penetration will be the key to meeting the expectations and future needs of consumers.

The analyst presented a four-pillar program that can help operators become the primary beneficiaries of their network investment, improve their position along the value chain, and maximize their return on investment.

7. And finally, a word on the pandemic: how do you think the industry reacted?

Covid-19 has impacted the global mobile phone industry; however, the impact is less severe than on the economy in general. In fact, many developing countries, where the lack of fixed telephony infrastructure makes mobile the default means of accessing the Internet, have experienced unexpected growth in mobile revenues. For example, mobile income in India grew by more than 17% in 2020, while real GDP decreased by more than 10%. Telecom operators today have a multifaceted business model. While there has been a mixed impact on the overall revenue of telecom operators, there is also general consistency in the impact concentrated on a loss of roaming activity (reduction in trips) and a decrease in roaming activity. handset upgrades.

Main topics covered:

1. Summary
2. Team interview / Questions answered by the report
2. Africa MNO Yearbook 2021-2022
3. Asia-Pacific (including Australia and New Zealand) MNO Yearbook 2021-2022
4. MNO Europe Directory 2021-2022
5. Directory of MNOs in Latin America 2021-2022
6. MNO Middle East Yearbook 2021-2022
7. MNO North America Directory 2021-2022

For more information on this directory, visit https://www.researchandmarkets.com/r/cp3l2

CONTACT: CONTACT: ResearchAndMarkets.com Laura Wood, Senior Press Manager press@researchandmarkets.com For E.S.T Office Hours Call 1-917-300-0470 For U.S./CAN Toll Free Call 1-800-526-8630 For GMT Office Hours Call +353-1-416-8900
]]>
Microsoft extends “failure mode” for Azure Active Directory • The Register https://boomdirectory.com/microsoft-extends-failure-mode-for-azure-active-directory-the-register/ Wed, 24 Nov 2021 19:08:00 +0000 https://boomdirectory.com/microsoft-extends-failure-mode-for-azure-active-directory-the-register/ Microsoft hopes to improve the resiliency of its cloud services by extending a “failure mode” for Azure Active Directory to cover the web as well as desktop applications. Azure Active Directory (AAD) is Microsoft’s cloud directory that manages authentication for Office 365 and can be linked to on-premises Active Directory. Additionally, developers can write applications […]]]>

Microsoft hopes to improve the resiliency of its cloud services by extending a “failure mode” for Azure Active Directory to cover the web as well as desktop applications.

Azure Active Directory (AAD) is Microsoft’s cloud directory that manages authentication for Office 365 and can be linked to on-premises Active Directory. Additionally, developers can write applications that use the service. However, if something goes wrong, customers experience several failures, including being unable to access the Azure portal to manage other cloud services.

In December of last year, Microsoft updated its SLA (Service Level Agreement) for AAD to 99.99% uptime, down from 99.9%, but with a certain sleight of hand as it also removed the “administrative functions” of its definition of availability.

Now the company has given more details of its efforts, focusing on a backup authentication service that replicates authentication data during normal operations, and then if the primary service fails, goes into “crash mode” where he is able to verify requests and provide tokens to clients.

Diagram from Microsoft showing how AAD backup works

Diagram from Microsoft showing how AAD backup works

According to Microsoft, this has been working for Outlook Web Access and SharePoint Online since 2019, although we did note that during the September 2020 outage, Outlook and SharePoint were affected. The reason given at the time was that “a recent change in configuration impacted a primary storage layer,” an issue that was compounded by another issue caused by “a change put in place to mitigate the impact”. So it seems that the backup service was not sufficient in this case.

There is also a limitation that authentications are only processed by the backup service if the user has already accessed an “application or resource” in the past three days, described as the “storage window”. The company found this to be acceptable for most users who “access their most important apps from a consistent device on a daily basis,” but it’s easy to think of cases where users will be locked out, for example s ‘they buy a new device.

It’s better than nothing though, and Microsoft has been working to expand its applicability. Earlier this year, support for desktop and mobile apps was added, and next year more web apps, including Teams Online and the rest of Office 365, will be added as well. Applications from clients using Open ID Connect will follow shortly.

More questions than answers

In some ways, Microsoft’s latest post raises more questions than answers. A quick glance at the Azure status page shows “Azure Active Directory – Problems trying to authenticate”, although possibly limited to customers using Azure Active Directory external identities, with the root cause attributed to ” outgoing port depletion ”, although this is on the company’s architecture diagram is not clear.

In March of this year, there was an extended AAD outage caused by the erroneous deletion of a key used for cryptographic signing. Microsoft referred to the backup service at the time and said, “Unfortunately, it didn’t help in this case as it provided cover for the token issuance but did not provide cover for the. token validation as it depended on the affected metadata endpoint. “

It is therefore obvious that extending the backup service will not solve all the problems that may impact AAD even if it is beneficial.

In August of this year, analysts at Gartner reported that customers “remain concerned about the real impacts” of Azure reliability even though its performance is not bad in an absolute sense. Gartner considers some Azure regions to be less resilient than they should be, possibly due to capacity issues, but note that the pandemic has caused increased demand for all cloud providers.

Microsoft also has questions to answer regarding the Cosmos DB vulnerability described by Wiz security researchers earlier this month. The vulnerability has been fixed, but researchers have identified what look like extraordinary architectural errors, such as firewall rules designed to prevent an escalation of a breach, but “these firewall rules were configured locally on the container where we were currently running as root. So we just deleted the rules (by issuing iptables -F), paving the way for those banned IPs and even more interesting discoveries. “

It’s a good thing when Azure CTO Mark Russinovich appears to talk to us, along with colleagues, about Azure reliability improvements, and the extended AAD backup service is welcome even if it isn’t. always effective, but we would like to know more about these other pressing situations. ®

]]>
Oswego County and United Way Team Up to Host Third Annual Seniors Picnic on August 11 https://boomdirectory.com/oswego-county-and-united-way-team-up-to-host-third-annual-seniors-picnic-on-august-11/ Mon, 22 Nov 2021 20:55:54 +0000 https://boomdirectory.com/oswego-county-and-united-way-team-up-to-host-third-annual-seniors-picnic-on-august-11/ Oswego County and United Way Team Up to Host Third Annual Seniors Picnic on August 11 OSWEGO COUNTY – The Oswego County Office for Aging (OFA) is partnering with the Oswego County United Way to host the third annual Seniors Picnic. The event will take place from 11 a.m. to 1 p.m. on Wednesday, August […]]]>

Oswego County and United Way Team Up to Host Third Annual Seniors Picnic on August 11

OSWEGO COUNTY – The Oswego County Office for Aging (OFA) is partnering with the Oswego County United Way to host the third annual Seniors Picnic. The event will take place from 11 a.m. to 1 p.m. on Wednesday, August 11 at Breitbeck Park, 91 Lake St., Oswego. Meals will be distributed at noon.

The event is open and free to anyone in Oswego County, aged 60 or over. There is a $ 6 fee for customers under 60. Reservations are required and limited to the first 100 participants. To reserve your meal, call the OFA at 315-349-3484 before noon on Thursday, August 5.

OFA Director Sara Sunday said: “I’m glad we can bring this event back. It was canceled last year due to concerns about COVID-19. It is changed this year to maintain the safety of all participants. They can have their meal and then explore the park where there are benches and picnic tables to use.

The picnic includes a turkey sandwich with lettuce and tomato on a Kaiser roll, a potato salad, a cup of fresh fruit, a cookie and chocolate milk. A gift bag containing various items will also be provided to each participant. Each bag will include a tick removal kit, COVID-19 vaccination card protector, pens, puzzle books, tissues, ice cream coupons, coloring sheets and more.

“It’s important to recognize our older residents and keep them involved in the community,” added Sunday. “It’s just a little way to give back.”

Participants can also browse the information kiosks under the pavilion. Representatives from the county’s DSS-Mental Hygiene, Adult Protective Services, Hospice and SNAP will join the OFA to answer questions about their respective programs.

Additionally, the Oswego County COVID-19 Mobile Vaccination Trailer will be on-site from 11 a.m. to noon to provide COVID-19 vaccines to anyone who qualifies. Appointments are requested, but walk-in people are always welcome. Call the OFA at 315 349-3484 to reserve a vaccination location.

In accordance with COVID-19 protocols, social distancing and face masks are required for those who are not yet fully vaccinated and who are under the flag.

For more information or to reserve your meal, call the OFA at 315-349-3484.

PREPARE A PICNIC – The Oswego County Office for Aging and the United Way of Greater Oswego County are welcoming people aged 60 and over to a picnic drive on Wednesday August 11 at Breitbeck Park in Oswego. The event runs from 11 a.m. to 1 p.m. with a meal pickup starting at noon. For more details or to reserve your meal, call the OFA at 315-349-3484 between 8:30 a.m. and 4 p.m. on weekdays before August 5. From left to right, Elizabeth Weimer, Senior Aging Services Specialist and Jessica Hotaling, Aging Services Coordinator.

]]>
How to stream Xbox Cloud games with Raspberry Pi https://boomdirectory.com/how-to-stream-xbox-cloud-games-with-raspberry-pi/ Sun, 21 Nov 2021 12:00:47 +0000 https://boomdirectory.com/how-to-stream-xbox-cloud-games-with-raspberry-pi/ With current generation consoles still hard to find even a year after their launch, game streaming services have become very popular. For a few dollars a month, we can stream a library of games to our laptops, desktops, and mobile devices. With the recent version of the Raspberry Pi operating system, based on Debian 11 […]]]>

With current generation consoles still hard to find even a year after their launch, game streaming services have become very popular. For a few dollars a month, we can stream a library of games to our laptops, desktops, and mobile devices.

With the recent version of the Raspberry Pi operating system, based on Debian 11 “Bullseye”, we see that the Chromium web browser now supports hardware acceleration, which means that we can finally use the game streaming services. with the Raspberry Pi 4.

]]>
Key Lesson from the SolarWinds Attack: Rethinking Identity Security https://boomdirectory.com/key-lesson-from-the-solarwinds-attack-rethinking-identity-security/ Fri, 19 Nov 2021 04:34:00 +0000 https://boomdirectory.com/key-lesson-from-the-solarwinds-attack-rethinking-identity-security/ Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more Among the many lessons from SolarWinds’ unprecedented cyberattack, there’s one that most businesses haven’t quite grasped yet: Identity infrastructure itself is a prime target for hackers. That’s according […]]]>

Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


Among the many lessons from SolarWinds’ unprecedented cyberattack, there’s one that most businesses haven’t quite grasped yet: Identity infrastructure itself is a prime target for hackers.

That’s according to Gartner’s Peter Firstbrook, who shared his take on the biggest lessons learned about the SolarWinds Orion breach at the research firm’s Security & Risk Management Summit – the US Virtual Conference this week.

The SolarWinds attack – which is nearing the first anniversary of its disclosure – has served as a wake-up call to the industry because of its scope, sophistication, and method of delivery. Attackers compromised the software supply chain by inserting malicious code into the SolarWinds Orion network monitoring application, which was then distributed as an update to approximately 18,000 customers.

The breach went undetected for a long time. The attackers, who were linked to Russian intelligence by US authorities, reportedly had access for nine months to “some of the most sophisticated networks in the world,” including cybersecurity firm FireEye, Microsoft and the US Treasury Department, said Firstbrook, vice president of research and analyst at Gartner. Other federal agencies affected included the ministries of defense, state, commerce and homeland security.

Firstbrook spoke about the SolarWinds attack, first disclosed on December 13, 2020 by FireEye, during two Gartner summit talks this week. The identity security implications of the attack should be a priority for businesses, he said during the sessions, which included a question-and-answer session with reporters.

Focus on identity

Asked by VentureBeat about its biggest takeaway from the SolarWinds attack, Firstbrook said the incident demonstrated “identity infrastructure is a target.”

“People have to recognize it, and they don’t,” he said. “This is my biggest message to people: you spent a lot of money on identity, but it’s mostly how to let the good guys in. You really have to spend the money to figure out when this identity infrastructure is compromised and to maintain that infrastructure.

Firstbrook cited an example where SolarWinds hackers were able to bypass multi-factor authentication (MFA), which is often cited as one of the most reliable ways to prevent an account takeover. The hackers did this by stealing a web cookie, he said. This was possible because outdated technology was used and classified as MFA, according to Firstbrook.

“You must maintain that [identity] Infrastructure. You need to know when it was compromised and when someone has already obtained your credentials or steals your tokens and presents them as real, ”he said.

Managing digital identities is notoriously difficult for businesses, and many suffer from the proliferation of identities, including human, machine, and application identities (as in robotic process automation). A recent study commissioned by identity security provider One Identity found that almost all organizations – 95% – report challenges in managing digital identity.

SolarWinds attackers took advantage of this vulnerability around identity management. In a session with Gartner’s full conference Thursday, Firstbrook said the attackers were actually “primarily focused on attacking the identity infrastructure” during the SolarWinds campaign.

Other techniques that were deployed by attackers included stealing passwords that allowed them to elevate their privileges (known as kerberoasting); SAML certificate theft to enable identity authentication by cloud services; and creating new accounts on the Active Directory server, according to Firstbrook.

Move sideways

With these successes, hackers were at one point able to use their presence in the Active Directory environment to move from the on-premises environment where the SolarWinds server was installed to the Microsoft Azure cloud, he said.

“Identities are the connective tissue that attackers use to move sideways and to move from one domain to another,” Firstbrook said.

Identity and access management systems are “clearly a rich targeting opportunity for attackers,” he said.

Microsoft recently released details of another attack believed to come from the same Russian-linked attack group Nobelium which involved an implant for Active Directory servers, Firstbrook said.

“They were using this implant to infiltrate the Active Directory environment – to create new accounts, steal tokens and be able to move sideways with impunity – because they were an authenticated user in the environment,” he said. declared.

Tom Burt, corporate vice president at Microsoft, said in a blog post in late October that a “wave of Nobelium activity this summer” included attacks on 609 customers. There were nearly 23,000 attacks on these customers between July 1 and October 19, “with a single-digit success rate,” Burt said in the post.

Identity infrastructure monitoring

A common question in the wake of the SolarWinds breach, Firstbrook said, is how do you prevent a supply chain attack from impacting your business?

“The reality is you can’t,” he said.

While companies must do their due diligence as to which software to use, of course, the chances of detecting a malicious implant in another vendor’s software are “extremely low,” Firstbrook said.

What businesses can do is prepare to respond in the event that this happens, and a central part of that is to closely monitor identity infrastructure, he said.

“You want to monitor your identity infrastructure for known attack techniques – and start thinking more of your identity infrastructure as your perimeter,” Firstbrook said.

VentureBeat

VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

]]>