Connect with us

Technology

Adopt Modern Auth now for Exchange Online • The Register

The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

In an advisory [PDF] this week, Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

“Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth,” CISA wrote. “After completing the migration to Modern Auth, agencies should block Basic Auth.”

The agency adds that Basic Auth is often used by legacy applications or custom-built business software, and that many user-facing applications, such as Outlook Desktop and Outlook Mobile App, already have been moved to Modern Auth via Microsoft security updates.

“This is a big deal,” John Gunn, CEO of authentication outfit Token, told The Register. “Security-conscious organizations have already made the switch, but many have not, and they are needlessly exposing themselves and others to attack. Hopefully this message will accelerate the process and motivate the stragglers.”

Basic Auth is a legacy authentication method that doesn’t naturally support multifactor authentication (MFA) and requires a user’s password be sent with each authentication request. There are numerous protocols that can use Basic Auth, including the Post Office Protocol/Internet Message Access Protocol (POP/IMAP), Exchange Web Services, ActiveSync, and Remote Procedure Call over HTTP (RPC over HTTP), the agency said.

MFA is required of FCEBs per President Joe Biden’s May 2021 Executive Order 14028 to improve the country’s cybersecurity capabilities.

Ray Kelly, a fellow at Synopsys Software Integrity Group, reminded us that Basic Auth simply sends one’s username and password in a plaintext, encoded form; you can use a Base64 decoder to view the original credentials. It needs to be encapsulated in encryption to be used securely over a network.

“Microsoft’s move to disable basic authentication in Exchange Online is a great thing for securing the Microsoft cloud ecosystem, as we have seen legacy protocols relying on basic authentication used to bypass multi-factor authentication controls,” Aaron Turner, CTO at AI cybersecurity vendor Vectra, told The Register.

“By moving to a posture of disabling basic authentication by default, it essentially hardens all email users who rely on Microsoft Exchange Online. This will make it more difficult for attackers to simply scrape a username and password from a vulnerable mobile device or browser session.”

Speaking of passwords, Microsoft has long been a vocal advocate for doing away with these passphrases for authentication, saying they are unreliable and a weak link in the cybersecurity chain. The Windows giant also has promoted MFA as a way of reducing by 99 percent the likelihood that a user will be compromised.

Moving away from legacy authentication

In a document dated 2020, two senior Microsofties said an analysis of Azure Active Directory traffic showed that 99 percent of password spray attacks and more than 97 percent of credential-stuffing attacks leveraged legacy authentication protocols. In addition, Azure AD accounts in organizations that disabled such authentication methods saw 67 percent fewer compromises than those still using legacy authentication.

Microsoft last year announced it will disable Basic Auth in Exchange Online starting October 1, 2022.

Garret Grajek, CEO of identity specialist YouAttest, called the use of two-factor (2FA) or multifactor authentication “table stakes” in the modern IT world.

“There is no excuse for use of single authentication in 2022,” Grajek told The Register. “The major vendors – Amazon, Microsoft, Google – have made it an option in their offerings. 2FA should be turned on for all resources. The attacks via zero-day flaws, source-code injections and supply chain vulnerabilities need to be monitored.”

He added that “to get hacked by simple username/password hacks on identities is unacceptable. The real challenge going forward is implementing a zero-trust architecture and real identity governance across all users and systems.”

CISA recommends several steps for moving to Modern Auth, with the first one being to review Azure AD sign-in logs to find the applications and users that are authenticating with Basic Auth.

Next is developing a plan to move those applications and users to Modern Auth by following Microsoft’s documentation and Exchange Team blog post about the shift. After that’s done, organizations can use authentication policies to block Basic Auth before authentication occurs, setting the policy per-mailbox or across the business.

Taking these steps means a significant improvement in security, Token’s Gunn adds.

“The advantages of Modern Auth include using MFA [and] not letting apps save credentials,” he said. “Auth has a defined lifetime and the scope of permissions can be limited. All of these make a big difference in stopping attacks.” ®

Source link

Culture

Top 10 Florida Cities Dominate The Business Startup Landscape In The U.S.

Top 10 Florida Cities And Business Startup Landscape In The U.S.

The Voice Of EU | Florida emerges as a hub for entrepreneurial endeavors, with its vibrant business landscape and conducive environment for startups. Renowned for its low corporate tax rates and a high concentration of investors, the Sunshine State beckons aspiring entrepreneurs seeking fertile grounds to launch and grow their businesses.

In a recent report by WalletHub, Florida cities dominate the list of the top 10 best destinations for business startups, showcasing their resilience and economic vitality amidst challenging times.

From Orlando’s thriving market to Miami’s dynamic ecosystem, each city offers unique advantages and opportunities for entrepreneurial success. Let’s delve into the chronologically listed cities that exemplify Florida’s prominence in the business startup arena.

1. Orlando Leads the Way: Orlando emerges as the most attractive market in the U.S. for business startups, with a remarkable surge in small business establishments. WalletHub’s latest report highlights Orlando’s robust ecosystem, fostering the survival and growth of startups, buoyed by a high concentration of investors per capita.

2. Tampa Takes Second Place: Securing the second spot among large cities for business startups, Tampa boasts a favorable business environment attributed to its low corporate tax rates. The city’s ample investor presence further fortifies startups, providing essential resources for navigating the initial years of business operations.

3. Charlotte’s Diverse Industries: Claiming the third position, Charlotte stands out for its diverse industrial landscape and exceptionally low corporate taxes, enticing companies to reinvest capital. This conducive environment propels entrepreneurial endeavors, contributing to sustained economic growth.

4. Jacksonville’s Rising Profile: Jacksonville emerges as a promising destination for startups, bolstered by its favorable business climate. The city’s strategic positioning fosters entrepreneurial ventures, attracting aspiring business owners seeking growth opportunities.

5. Miami’s Entrepreneurial Hub: Miami solidifies its position as a thriving entrepreneurial hub, attracting businesses with its dynamic ecosystem and strategic location. The city’s vibrant startup culture and supportive infrastructure make it an appealing destination for ventures of all sizes.

6. Atlanta’s Economic Momentum: Atlanta’s ascent in the business startup landscape underscores its economic momentum and favorable business conditions. The city’s strategic advantages and conducive policies provide a fertile ground for entrepreneurial ventures to flourish.

7. Fort Worth’s Business-Friendly Environment: Fort Worth emerges as a prime destination for startups, offering a business-friendly environment characterized by low corporate taxes. The city’s supportive ecosystem and strategic initiatives facilitate the growth and success of new ventures.

8. Austin’s Innovation Hub: Austin cements its status as an innovation hub, attracting startups with its vibrant entrepreneurial community and progressive policies. The city’s robust infrastructure and access to capital foster a conducive environment for business growth and innovation.

9. Durham’s Emerging Entrepreneurship Scene: Durham’s burgeoning entrepreneurship scene positions it as a promising destination for startups, fueled by its supportive ecosystem and strategic initiatives. The city’s collaborative culture and access to resources contribute to the success of new ventures.

10. St. Petersburg’s Thriving Business Community: St. Petersburg rounds off the top 10 with its thriving business community and supportive ecosystem for startups. The city’s strategic advantages and favorable business climate make it an attractive destination for entrepreneurial endeavors.

Despite unprecedented challenges posed by the COVID-19 pandemic, the Great Resignation, and high inflation, these top Florida cities remain resilient and well-equipped to overcome obstacles, offering promising opportunities for business owners and entrepreneurs alike.


Continue Reading

Culture

European Startup Ecosystems Awash With Gulf Investment – Here Are Some Of The Top Investors

European Startup Ecosystem Getting Flooded With Gulf Investments

The Voice Of EU | In recent years, European entrepreneurs seeking capital infusion have widened their horizons beyond the traditional American investors, increasingly turning their gaze towards the lucrative investment landscape of the Gulf region. With substantial capital reservoirs nestled within sovereign wealth funds and corporate venture capital entities, Gulf nations have emerged as compelling investors for European startups and scaleups.

According to comprehensive data from Dealroom, the influx of investment from Gulf countries into European startups soared to a staggering $3 billion in 2023, marking a remarkable 5x surge from the $627 million recorded in 2018.

This substantial injection of capital, accounting for approximately 5% of the total funding raised in the region, underscores the growing prominence of Gulf investors in European markets.

Particularly noteworthy is the significant support extended to growth-stage companies, with over two-thirds of Gulf investments in 2023 being directed towards funding rounds exceeding $100 million. This influx of capital provides a welcome boost to European companies grappling with the challenge of securing well-capitalized investors locally.

Delving deeper into the landscape, Sifted has identified the most active Gulf investors in European startups over the past two years.

Leading the pack is Aramco Ventures, headquartered in Dhahran, Saudi Arabia. Bolstered by a substantial commitment, Aramco Ventures boasts a $1.5 billion sustainability fund, alongside an additional $4 billion allocated to its venture capital arm, positioning it as a formidable player with a total investment capacity of $7 billion by 2027. With a notable presence in 17 funding rounds, Aramco Ventures has strategically invested in ventures such as Carbon Clean Solutions and ANYbotics, aligning with its focus on businesses that offer strategic value.

Following closely is Mubadala Capital, headquartered in Abu Dhabi, UAE, with an impressive tally of 13 investments in European startups over the past two years. Backed by the sovereign wealth fund Mubadala Investment Company, Mubadala Capital’s diverse investment portfolio spans private equity, venture capital, and alternative solutions. Notable investments include Klarna, TIER, and Juni, reflecting its global investment strategy across various sectors.

Ventura Capital, based in Dubai, UAE, secured its position as a key player with nine investments in European startups. With a presence in Dubai, London, and Tokyo, Ventura Capital boasts an international network of limited partners and a sector-agnostic investment approach, contributing to its noteworthy investments in companies such as Coursera and Spotify.

Qatar Investment Authority, headquartered in Doha, Qatar, has made significant inroads into the European startup ecosystem with six notable investments. As the sovereign wealth fund of Qatar, QIA’s diversified portfolio spans private and public equity, infrastructure, and real estate, with strategic investments in tech startups across healthcare, consumer, and industrial sectors.

MetaVision Dubai, a newcomer to the scene, has swiftly garnered attention with six investments in European startups. Focusing on seed to Series A startups in the metaverse and Web3 space, MetaVision raised an undisclosed fund in 2022, affirming its commitment to emerging technologies and innovative ventures.

Investcorp, headquartered in Manama, Bahrain, has solidified its presence with six investments in European startups. With a focus on mid-sized B2B businesses, Investcorp’s diverse investment strategies encompass private equity, real estate, infrastructure, and credit management, contributing to its notable investments in companies such as Terra Quantum and TruKKer.

Chimera Capital, based in Abu Dhabi, UAE, rounds off the list with four strategic investments in European startups. As part of a prominent business conglomerate, Chimera Capital leverages its global reach and sector-agnostic approach to drive investments in ventures such as CMR Surgical and Neat Burger.

In conclusion, the burgeoning influx of capital from Gulf investors into European startups underscores the region’s growing appeal as a vibrant hub for innovation and entrepreneurship. With key players such as Aramco Ventures, Mubadala Capital, and Ventura Capital leading the charge, European startups are poised to benefit from the strategic investments and partnerships forged with Gulf investors, propelling them towards sustained growth and success in the global market landscape.


We Can’t Thank You Enough For Your Support!

— By Darren Wilson, Team VoiceOfEU.com

— Contact us: info@VoiceOfEU.com

— Anonymous submissions: press@VoiceOfEU.com

Continue Reading

Current

China Reveals Lunar Mission: Sending ‘Taikonauts’ To The Moon From 2030 Onwards

China Reveals Lunar Mission

The Voice Of EU | In a bold stride towards lunar exploration, the Chinese Space Agency has unveiled its ambitious plans for a moon landing set to unfold in the 2030s. While exact timelines remain uncertain, this endeavor signals a potential resurgence of the historic space race reminiscent of the 1960s rivalry between the United States and the USSR.

China’s recent strides in lunar exploration include the deployment of three devices on the moon’s surface, coupled with the successful launch of the Queqiao-2 satellite. This satellite serves as a crucial communication link, bolstering connectivity between Earth and forthcoming missions to the moon’s far side and south pole.

Unlike the secretive approach of the Soviet Union in the past, China’s strategy leans towards transparency, albeit with a hint of mystery surrounding the finer details. Recent revelations showcase the naming and models of lunar spacecraft, steeped in cultural significance. The Mengzhou, translating to “dream ship,” will ferry three astronauts to and from the moon, while the Lanyue, meaning “embrace the moon,” will descend to the lunar surface.

Drawing inspiration from both Russian and American precedents, China’s lunar endeavor presents a novel approach. Unlike its predecessors, China will employ separate launches for the manned module and lunar lander due to the absence of colossal space shuttles. This modular approach bears semblance to SpaceX’s Falcon Heavy, reflecting a contemporary adaptation of past achievements.

Upon reaching lunar orbit, astronauts, known as “taikonauts” in Chinese, will rendezvous with the lunar lander, reminiscent of the Apollo program’s maneuvers. However, distinct engineering choices mark China’s departure from traditional lunar landing methods.

The Chinese lunar lander, while reminiscent of the Apollo Lunar Module, introduces novel features such as a single set of engines and potential reusability and advance technology. Unlike past missions where lunar modules were discarded, China’s design hints at the possibility of refueling and reuse, opening avenues for sustained lunar exploration.

China Reveals Lunar Mission: Sending 'Taikonauts' To The Moon From 2030 Onwards
A re-creation of the two Chinese spacecraft that will put ‘taikonauts’ on the moon.CSM

Despite these advancements, experts have flagged potential weaknesses, particularly regarding engine protection during landing. Nevertheless, China’s lunar aspirations remain steadfast, with plans for extensive testing and site selection underway.

Beyond planting flags and collecting rocks, China envisions establishing a permanent lunar base, the International Lunar Research Station (ILRS), ushering in a new era of international collaboration in space exploration.

While the Artemis agreements spearheaded by NASA have garnered global support, China’s lunar ambitions stand as a formidable contender in shaping the future of space exploration. In conclusion, China’s unveiling of its lunar ambitions not only marks a significant milestone in space exploration but also sets the stage for a new chapter in the ongoing saga of humanity’s quest for the cosmos. As nations vie for supremacy in space, collaboration and innovation emerge as the cornerstones of future lunar endeavors.


Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!