CISA Adds Seven Known Exploited Vulnerabilities to Catalog

by Scott Muniz | Aug 18, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

CISA releases 5 Industrial Control Systems Advisories

by Scott Muniz | Aug 18, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Walking the walk of a ‘Keep Learning’ culture at Tietoevry

by Contributed | Aug 18, 2022 | Technology

This article is contributed. See the original author and article here.

Takeaways

Tietoevry created the Connect Academy, which reskills existing employees, including those whose current skills are based on legacy technologies.

Microsoft Learn content, particularly Azure instructor-led training and certifications, is at the core of the Connect Academy curriculum. Extensive resources, like hands-on labs, complement the experiential learning in the program.

A holistic process at Tietoevry integrates business strategy, resourcing needs, executive sponsorship, and individual career development.

The program plans for business needs and places employees immediately into their new roles—while still training—providing mentorship, on-the-job learning, and billable assignments.

Reskilling internal employees is more efficient than trying to secure new external resources with appropriate skills from the current highly competitive job market.

Employees are valued and retained, and they’re able to plan the next phases of their careers, including ongoing learning and certification. They join approximately 2,500 employees company-wide who have already earned 3,600 Azure certifications as part of the overall Tietoevry skilling goal.

Finnish company Tietoevry is the largest IT services provider in the Nordics, with 24,000 employees worldwide serving customers in 90 countries and regions. As the company’s customers move to the cloud, the skills required of Tietoevry teams are changing accordingly. Hiring new talent is difficult and expensive—current IT skills are in demand everywhere. At the same time, the company has a base of great employees with years of productive experience in legacy technologies.

Many organizations face similar situations, but Tietoevry created an extraordinarily holistic plan for reskilling that serves the company’s needs, valuing and retaining its employees, and building robust teams to serve its customers. To address the challenge, in 2021, Tietoevry created its Connect Academy—a comprehensive program that focuses on reskilling internal employees on Microsoft technologies, with simultaneous new job placement within the company.

A ‘Keep Learning’ culture

One of the pillars of the Tietoevry culture is “Keep Learning,” which means that the company and its employees seek to continue developing their skills—now and in the future—and to stay curious and relevant. “Our employees do value learning very highly, and that’s why we want to support them in this,” says Lelde Saleniece, Tietoevry’s People Development Consultant. “The [Connect] Academy is one great example of how we do that, how we support them—not just in upskilling but in reskilling, as well. We care for them and their knowledge, and we want them to stay here.”

The Connect Academy begins with an analysis of business needs and the resources required to meet them. After the analysis, the candidate selection phase starts and everyone can apply. Line managers nominate candidates, and then, in the “handshake” step, candidates go through a career-planning stage, join their new teams, and begin training—including job shadowing and assignments. Microsoft Learn training resources are key, notes Lelde. “Microsoft has been very helpful, and definitely, without the support and collaboration, this wouldn’t be as good a program as it is.”

Microsoft Learn resources are at the core of the experiential learning journey, reports Lead Cloud Advisor Bjørn Sigurd Hove, who is a mentor for learners in the program. The certifications that learners earn demonstrate mastery, he observes, “But in my view, the road to that certification is maybe more important.” In addition to instructor-led training, he explains, “I stressed that they should use the study guides, which have links to resources on each and every subject.” Bjørn also points learners to the Microsoft Learn labs for hands-on experience. “The certification is just the end goal of this journey, but the journey is most important.”

The training component is intense—two months of dedicated time for classwork, labs, exam preparation, and certification exams. Raja Ali, a Tietoevry employee who completed the Connect Academy, used all the offered Microsoft Learn self-study resources. “The real deal was when you were sitting down and working on Microsoft Learn,” he recalls. “The coolest thing was the sandbox experience you get in Microsoft Learn, when you’re reading something and they ask you to actually do the activity right there.”

The many benefits of this process start with meeting the business needs, ensuring that “we are not training people just for the sake of the training, but we are training people to the actual roles and actual jobs,” notes Ari Lehtovaara, Head of the Connect Academy. “The main idea is to give them basic knowledge so that they can fit into the team and start working.”

Tietoevry Line Manager Niklas Klasén welcomes reskilled employees onto his team. He points out that selecting candidates for the academy is important, given how hard it is to recruit suitable talent from outside the company. Their background is important. “For me,” Niklas emphasizes, “being able to combine the skills that people already have from their long IT careers with the new cloud experience, that has been a very valuable concept for us.”

At every step of the two-month program, the Connect Academy assists employees and supports them in their new roles. They join their new teams immediately when training starts, with a line manager and mentor to help them.

Partnering to build skills and careers in the cloud space

Legacy skills can be helpful to the team, Niklas explains. “Let’s say, for example, they worked with networking on-prem or in our own datacenters. They are now subject matter experts when it comes to connecting that datacenter to the cloud and are a key resource when it comes to migrating from the datacenter, as well.”

With Microsoft Learn partnering to provide technical product knowledge at core of the Connect Academy, Tietoevry has created a thoughtfully strategic way forward for the company—and, most of all, for its employees. As Bjørn points out, “That program gives our colleagues a new career in the cloud space, and I’m really proud of that.”

For more details on Tietoevry’s learning journey, check out the following Microsoft Customer Tech Talks episode.

Apple Releases Security Updates for Multiple Products

by Scott Muniz | Aug 18, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Azure Marketplace new offers – August 17, 2022

by Contributed | Aug 17, 2022 | Technology

This article is contributed. See the original author and article here.

We continue to expand the Azure Marketplace ecosystem. For this volume, 113 new offers successfully met the onboarding criteria and went live. See details of the new offers below:

Get it now in our marketplace
	Airflow on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Airflow on Ubuntu Server 20.04 LTS. Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring workflows. Airflow pipelines are defined in Python, which allows for dynamic pipeline generation.
	Cassandra on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Cassandra on Ubuntu Server 18.04 LTS. Apache Cassandra is an open-source NoSQL distributed database trusted by thousands of companies for scalability and high availability. Cassandra enables developers to dynamically scale their databases with no downtime.
	Cassandra on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Cassandra on Ubuntu Server 20.04 LTS. Apache Cassandra is an open-source NoSQL distributed database trusted by thousands of companies for scalability and high availability. Cassandra enables developers to dynamically scale their databases with no downtime.
	Cassandra on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides Cassandra on Ubuntu Server 22.04 LTS. Apache Cassandra is an open-source NoSQL distributed database trusted by thousands of companies for scalability and high availability. Cassandra enables developers to dynamically scale their databases with no downtime.
	DecisionRules: DecisionRules, a lightweight and blazingly fast business rules engine, streamlines workflows and helps organizations digitalize their day-to-day decision-making processes. DecisionRules is available as a privately managed cloud or as an on-premises deployment.
	Dolphin on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Dolphin on Ubuntu Server 18.04 LTS. Dolphin, an open-source platform for building social networks, is designed to be easy to use and customize.
	Dolphin on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Dolphin on Ubuntu Server 20.04 LTS. Dolphin, an open-source platform for building social networks, is designed to be easy to use and customize.
	Dotclear on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Dotclear on Ubuntu Server 18.04 LTS. Dotclear is an open-source web-publishing tool written in PHP. Its flexible template system allows you to customize your Dotclear demo without having PHP knowledge, and its comment system has built-in anti spam protection.
	Dotclear on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Dotclear on Ubuntu Server 20.04 LTS. Dotclear is an open-source web-publishing tool written in PHP. Its flexible template system allows you to customize your Dotclear demo without having PHP knowledge, and its comment system has built-in anti spam protection.
	Dotclear on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides Dotclear on Ubuntu Server 22.04 LTS. Dotclear is an open-source web-publishing tool written in PHP. Its flexible template system allows you to customize your Dotclear demo without having PHP knowledge, and its comment system has built-in anti spam protection.
	e107 on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides e107 on Ubuntu Server 18.04 LTS. e107 is an open-source content management system powered by PHP, MySQL, and Twitter Bootstrap. Its intuitive interface gives users complete control of their website and digital assets even if they have no knowledge of HTML or JavaScript.
	e107 on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides e107 on Ubuntu Server 20.04 LTS. e107 is an open-source content management system powered by PHP, MySQL, and Twitter Bootstrap. Its intuitive interface gives users complete control of their website and digital assets even if they have no knowledge of HTML or JavaScript.
	e107 on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides e107 on Ubuntu Server 22.04 LTS. e107 is an open-source content management system powered by PHP, MySQL, and Twitter Bootstrap. Its intuitive interface gives users complete control of their website and digital assets even if they have no knowledge of HTML or JavaScript.
	Exponent CMS on Ubuntu 18.04 LTS: This offer from AskforCloud provides Exponent CMS on Ubuntu 18.04 LTS. Exponent CMS is an open-source content management system based on PHP and the Exponent framework. With Exponent, users can easily create and manage dynamic websites without directly coding web pages or managing site navigation.
	Hadoop on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Hadoop on Ubuntu Server 20.04 LTS. Apache’s Hadoop framework transparently supports data motion and reliability for applications. Hadoop implements the computational paradigm MapReduce, dividing an app into fragments, each of which may be executed or re-executed on any node in a cluster.
	Kafka on Debian 10: This offer from AskforCloud provides Kafka on Debian 10. Apache’s Kafka, an open-source distributed event store and streaming platform, is used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
	Kafka on Debian 11: This offer from AskforCloud provides Kafka on Debian 11. Apache’s Kafka, an open-source distributed event store and streaming platform, is used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
	Kafka on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Kafka on Ubuntu Server 18.04 LTS. Apache’s Kafka, an open-source distributed event store and streaming platform, is used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
	Kafka on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Kafka on Ubuntu Server 20.04 LTS. Apache’s Kafka, an open-source distributed event store and streaming platform, is used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
	Kafka on Ubuntu Server 22.04 LTS: This offer from AskforCloud provides Kafka on Ubuntu Server 22.04 LTS. Apache’s Kafka, an open-source distributed event store and streaming platform, is used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.
	Kubernetes on Ubuntu: This offer from Apps4Rent provides Kubernetes on Ubuntu. Kubernetes is a portable and extensible open-source platform for managing containerized workloads. Kubernetes grants you a framework to resiliently run distributed systems. It offers scaling, failover, deployment patterns, and more.
	LAMP on Ubuntu 20.04: This offer from Apps4Rent provides a LAMP stack on Ubuntu 20.04. The LAMP stack includes Apache HTTP Server, the MySQL relational database management system, the PHP programming language, and a Linux operating system. Engineers use the stack to develop and deploy high-performance web apps in a Linux environment.
	Laravel Framework on Ubuntu Server 20.04 LTS: This offer from AskforCloud provides Laravel on Ubuntu Server 20.04 LTS. Laravel is a PHP framework with expressive, elegant syntax. The framework is robust and incredibly scalable, so it can grow with your project.
	Laravel on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Laravel on Ubuntu Server 18.04 LTS. Laravel is a PHP framework with expressive, elegant syntax. The framework is robust and incredibly scalable, so it can grow with your project.
	LightWAN vCPE: The LightWAN network access device LightWAN vCPE provides customers with cloud interconnection and access to acceleration services. LightWAN is based on SDN and WAN acceleration technology and can swiftly connect branches, datacenters, and cloud services to LightWAN POP nodes. This app is available only in Chinese.
	Mattermost on Ubuntu 18.04 LTS: This offer from AskforCloud provides Mattermost on Ubuntu 18.04 LTS. Mattermost is an open-source collaboration platform. Bring together team messaging, task and project management, and workflow orchestration so you can deliver high-quality software.
	Mattermost on Ubuntu 20.04 LTS: This offer from AskforCloud provides Mattermost on Ubuntu 20.04 LTS. Mattermost is an open-source collaboration platform. Bring together team messaging, task and project management, and workflow orchestration so you can deliver high-quality software.
	Mattermost on Ubuntu 22.04 LTS: This offer from AskforCloud provides Mattermost on Ubuntu 22.04 LTS. Mattermost is an open-source collaboration platform. Bring together team messaging, task and project management, and workflow orchestration so you can deliver high-quality software.
	OutSystems Standard Edition: Quickly create and update web and mobile applications with OutSystems, a modern platform for developing, delivering, and evolving compelling apps that drive innovation at the pace that business requires. OutSystems features visual development tools and automation powered by AI.
	Piwigo on Ubuntu 22.04 LTS: This offer from AskforCloud provides Piwigo on Ubuntu 22.04 LTS. Piwigo is open-source photo management software designed for organizations, teams, and individuals. Easily organize and share your photos on the web with Piwigo.
	Pydio on Ubuntu Server 18.04 LTS: This offer from AskforCloud provides Pydio on Ubuntu Server 18.04 LTS. Pydio is open-source file-sharing and synchronization software that allows you to access and securely share large amounts of data from a central location.
	Pydio on Ubuntu Server 20.04 LTS: Easily access and share large amounts of data from a central location with this offer from AskforCloud, which provides Pydio on Ubuntu Server 20.04 LTS. Paris-based Pydio is a leader in the self-hosted enterprise document sharing and collaboration market.
	ServicePilot SaaS: ServicePilot allows you to collect, monitor, and analyze historical data across your on-premises and Microsoft Azure environments. Proactively identify underperforming servers and applications before they impact users and customers.
	Tanium Cloud: Turbocharge your security team’s capabilities with Tanium. Delivered as a fully managed cloud-based service, with zero infrastructure requirements, Tanium offers complete visibility over all endpoints so you can quickly manage, secure, and protect your network at scale.
	Tanium Cloud Package Management Service (TCPMS): This global service optimizes the Tanium linear-chain architecture for customers and remote workers. It creates efficiencies in software distribution across all endpoints by eliminating database bloat and connection overload across your on-premises, cloud, and hybrid environments.
	UCMC NetCM: GBM’s open-source configuration management platform powered by Ansible eliminates repetitive tasks by automating workflows for firewalls, endpoints, and switches, and it makes your network operations more efficient and productive.
	VisionDocs: This solution from Mint Management Technologies extracts information from PDFs, images, and scans and makes it searchable on applications like Microsoft Teams and SharePoint. Match invoices to vendors and enrich document scans or facial comparisons.
	ZooKeeper on Ubuntu Server 20.04 LTS: AskforCloud’s offer provides ZooKeeper on Ubuntu Server 20.04 LTS. Apache ZooKeeper is an open-source server for highly reliable distributed coordination of cloud applications.
Go further with workshops, proofs of concept, and implementations
	Agile Data Engineering Sprints: 2-Week Implementation: Customer-centric experts from Appsfactory will apply the agile methodology to support the design, implementation, and testing of your data engineering tasks using Microsoft Azure Cognitive Services, Microsoft Power Platform, and custom solutions powered by Azure Machine Learning Studio.
	Cognizant 1Sustainability Accelerator: 4-Week Implementation: Accelerate and automate your sustainability initiatives with solution, which Cognizant will implemented on Microsoft Azure. 1Sustainability integrates with Microsoft Cloud for Sustainability (MCfS) for seamless cross-department data collection and energy consumption management.
	Customer Explorer Analytics: 6-Week Implementation: Learn how to drive growth and improve customer experience with Tredence’s offering. Optimize your marketing campaign build cycle with a custom web app for creating and exporting customer segments using Azure Databricks, Azure Monitor, and Azure Data Lake Storage.
	Data Science Modernization: 6-Week Implementation: Get useful insights and best-practice recommendations from Tallan as you prepare to modernize your legacy data science system. Tallan’s experts will help migrate your workloads to Microsoft Azure while creating a robust governance and security process.
	DevOps as a Service: 2-Day Workshop: The experts from Transition Technologies PSC will lay the foundation for innovation and growth by introducing you to the agile and integrated framework of Microsoft Azure DevOps. Walk away with a solid strategy to transform your ecosystem.
	Disaster Recovery as a Service: 10-Day Implementation: TM Systems’ offering will protect your business-critical applications and data through the design and implementation of backup and disaster recovery using Azure Site Recovery. Keep your business running and proactively resolve any outage issues.
	Enterprise Modern Data Science Platform: 4-Month Implementation: Ensure the success of your data science projects by simplifying data engineering workloads and reducing production time with Tallan’s enterprise-scale Modern Data Science Platform (MDSP) on Microsoft Azure.
	Machine Learning Operations: 2-Month Implementation: Using Microsoft Azure DevOps best practices along with automated retraining and continuous monitoring of your machine learning and statistical models, Tallan will help maximize the return on your data science investment.
	Microsoft Defender for Endpoint: 2-Week Design and Implementation: Difenda’s Microsoft-certified technical experts will tailor your Microsoft Defender for Endpoint configuration and implementation so you can maximize your security investment with a unified and robust service across your environment.
	Migrate Workloads to Azure and SQL Server: 3-Week Implementation: Prime DB will provide a cost-effective, interactive experience for your team to safely identify risks and gaps before deploying workloads to Microsoft Azure, Microsoft SQL Server, Microsoft 365, and more. This service is available only in Portuguese.
	Zero Trust Security: 3-Day Workshop: In this workshop, Oxford Computer Group will help your organization explore and customize a Zero Trust security solution built on Microsoft 365. Simplify security management and provide ongoing protection for your users and resources.
Contact our partners
2OS Deep No-Code (No-Code + AI)
5-2 Cloud-Native Migration and App Modernization: 2-Hour Briefing
Alepo SDM
AntWorks CMR+
Automated Teams for Educators
Azure Application Modernization: 1-Day Briefing
Azure App Modernization: 4-Week Assessment
Azure Business Insights and AI: 2-Hour Briefing
Azure Cloud-Native Design: 1-Week Assessment
Azure Foundation Workshop and Implementation
BDO Managed Compliance Services
BDO Managed Detection and Response
BDO OT/IoT Managed Services
Bell IoT Starter Kit
Bloomberg DataParser
Boomi Runtime Quickstarts
Boost 360
Canary Speech
Cloud Readiness: 2-Week Assessment
Customer Explorer Analytics SaaS Offering
Doc Reader: Intelligent Document Processing for Finance
Dopplr
eACASync
EdGraph Data Management and Analytics Platform
Environment Education 4.0
FSI Strategies: Managed Services for Microsoft 365
Fuze DataParser
Genpact Cora Intelligent Data Orchestration
Global Directory for Microsoft Teams
IBM OpenPages with Watson
letsbloom Secure Cloud PaaS
Liquid Cyber Security SOC Onboarding
LivePerson DataParser
Managed Rancher by Hossted
Minecraft Room
MishiPay Scan, Pay & Go
Optical Quality Assurance in Production: 3-Month Proof of Concept
Paradim
PwC Intelligent Risk Monitoring Tool (Subscription)
Quip DataParser
Redox Healthcare Integration
Refinitiv DataParser
Retail & Distribution Data and AI for Azure Synapse: 2-Week Assessment
Sincro Marketplace
Sincro VMS
Slack DataParser
Smart Reports
Symphony DataParser
Thomson Reuters Case Tracking
Thomson Reuters ID Risk Analytics
Ubuntu Minimal 20.04 LTS
Ubuntu Minimal 22.04 LTS
Unica Managed Detection & Response
Using Azure Synapse in Industrial and Energy Markets: 2-Week Assessment
Veeam Backup for Microsoft Azure: 2-Hour Briefing
WAMS ManagedCare
Webex DataParser
Yammer DataParser
Yubikey 5 NFC Security Key
Zapote Logistics
ZenCRM Linea Business Advanced Edition
ZenCRM Linea Business Full Edition
ZenCRM Linea Business Pro Edition
Zoom DataParser