Month: January 2021

Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

Leave a comment

Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

Introduction

Cyber-crime is a complex landscape, but when it comes to actually launching cyber-attacks, there are three main techniques that criminals have relied on for decades to help them get around organizations’ defenses and into their networks:  phishing, credentials theft and business email compromise.  According to Verizon’s Data Breach Investigation Report, these ‘big three’ are the cause over two-thirds (67%) of all successful data breaches globally. 

Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed.

In August, attackers initiated a phishing campaign with emails that masqueraded as Xerox scan notifications, prompting users to open a malicious HTML attachment. While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials.

Interestingly, due to a simple mistake in their attack chain, the attackers behind the phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers. With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses:  a gift to every opportunistic attacker.

Figure 1: Personalized HTML Phishing file example

Infection Chain

The initial attack started with one of several phishing email templates. The attacker would send an email imitating a Xerox (or Xeros) scan notification with the target’s first name or company title in the subject line.

Figure 2: Phishing email example

Once the victim double-clicked the attached HTML file, the default system browser displayed a blurred image with a preconfigured email within the document (see figure 1 above).

Throughout the campaign several other phishing page variants were used, but the blurred background image remained the same.

After the HTML file was launched, a JavaScript code would then run in the background of the document. The code was responsible for simple password checks, sending the data to the attackers’ drop-zone server, and redirecting the user to a legitimate Office 365 login page.

Figure 3: C&C address for exfiltration

Figure 4: Password verification process and redirection

Throughout the campaign, the code was continuously polished and refined, with the attackers creating a more realistic experience so the victims were less likely to have their suspicions aroused, and more likely to provide their login credentials.

By using simple techniques, the attackers were also successful in evading detection by most Anti-Virus vendors, as can be seen from the following detection rates from the latest iteration of the campaign:

Figure 5: Low detection rates for the phishing pages on VirusTotal

Infrastructure

This campaign utilized both unique infrastructure, and compromised WordPress websites that were used as drop-zone servers by the attackers.

While using a specialized infrastructure, the server would run for roughly two months with dozens of XYZ domains. These registered domains were used in the Phishing attacks.

Figure 6: Passive total domains-per-day view for drop-zone server 45.88.3.233

Figure 7: Example drop-zone domains used for phishing attacks

We discovered dozens of compromised WordPress servers that hosted the malicious PHP page (named “go.php”, “post.php”, “gate.php”, “rent.php” or “rest.php”) and processed all incoming credentials from victims of the phishing attacks.

Attackers usually prefer to use compromised servers instead of their own infrastructure because of the existing websites’ well-known reputations. The more widely recognized a reputation is, the chances are higher that the email will not be blocked by security vendors.

Email Distribution

Analyzing the different email headers used in this campaign allowed us to draw several conclusions regarding the Tactics Techniques & Procedures (TTPs) used by the attackers:

  • The emails are sent from a Linux server hosted on Microsoft’s Azure
  • The emails are often sent by using PHP Mailer 6.1.5 (latest version from Mar 19 to May 27)
  • The emails are delivered using 1&1 email servers

Attackers used compromised email accounts to distribute spam through high-reputation phishing campaigns because the emails are harder to block. In one specific campaign, we found a phishing page impersonating IONOS by 1&1, a German web hosting company. It is highly likely that the compromised IONOS account credentials were used by the attackers to send the rest of the Office 365 themed spam.

Figure 8: Alternative Phishing page

Targeted Organizations

We found that once the users’ information was sent to the drop-zone servers, the data was saved in a publicly visible file that was indexable by Google. This allowed anyone access to the stolen email address credentials with a simple Google search.

Figure 9: Example credentials format stored on a publicly available URL

The public availability of this data allowed us to create a breakdown of the victims according to their industry (based on a subset of ~500 stolen credentials).

Figure 10: Distribution of targets by industry

Although there was a wide distribution of targeted industries, there appears to be a special interest in Energy and Construction companies.

Previous Campaigns

We found several correlations to previous phishing activity by comparing the campaign’s TTPs. Due to the similarities, these activities were likely executed by the same attacker or group of attackers.

Figure 11: Email from a previous campaign

We discovered a phishing email from May 2020 that perfectly matched the TTP’s described above. It also used the same JavaScript encoding that was used by this campaign in August.

Figure 12: First lines of the Phishing page compared

In this older scenario, the script redirected the user to another variant of an Office 365 phishing page that was not entirely encoded within the initial HTML file.

Figure 13: Phishing page from an older campaign via Urlscan

Google search engine algorithm naturally indexes the internet, and that is what makes it the most popular search engine ever invented. Thanks to its powerful algorithm, it also capable of indexing the hackers pages where they temporarily store the stolen credentials. We informed Google for them indexing the hackers’ failures and victims now can use Google search capabilities to look for their stolen credentials and change their passwords accordingly.

Conclusion

Our analysis of this campaign highlights the efforts that attackers will make to conceal their malicious intentions, bypass security filtering and trick users. To protect yourself against this type of attack, be suspicious of any email or communication from a familiar brand or organization that asks you to click on a link or open an attached document. Here are some practical tips to help keep your data safe:

  1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  2. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  3. Ensure you are ordering goods from an authentic source. One way to do this is to NOT click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  4. Beware of “special” offers that don’t appear to be reliable or trustworthy purchase opportunities.
  5. Make sure you do not reuse passwords between different applications and accounts.

Organizations should prevent zero-day attacks with an end-to-end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Check Point Infinity is effective because it combines two key ingredients: full convergence across all attack surfaces and all attack vectors, and advanced prevention that can tackle the most sophisticated zero-day phishing and account takeover attacks.

Indicators of Compromise

C&C domains registered by the attacker

aauths[.]xyz

asklogzswq[.]xyz

bdqopt[.]xyz

drakovexlogz[.]xyz

hrekre[.]xyz

ionlineforyou[.]xyz

itsthebestasajob[.]xyz

khetwexw[.]xyz

livestrde28[.]xyz

loggsofice[.]xyz

manonwork[.]xyz

officeautonow[.]xyz

officednslogsonline[.]xyz

quantityscape[.]xyz

redirectitto[.]xyz

rhbreeef[.]xyz

sendlivofse[.]xyz

shlivemicrosft[.]xyz

synchoilas[.]xyz

urentr[.]xyz

vintageredwe[.]xyz

wegoforyou[.]xyz

weworkhard[.]xyz

workingoni[.]xyz

zixzanwe[.]xyz

mtietw[.]xyz

justgoturwork[.]xyz

froffisse[.]xyz

Recent C&C pages on compromised servers

http://corp.uber24%5B.%5Dru/php/go.php

https://aparthotelgeres%5B.%5Dpt/wp-content/plugins/1/post.php

https://expendiatus%5B.%5Dxyz/post.php

https://ifultech%5B.%5Dcom/1/post.php

https://www.aascarrierinc%5B.%5Dcom/wp-includes/SimplePie/Decode/HTML/rest.php

https://silverstream-london%5B.%5Dcom/1/post.php

https://actorsstudio.com%5B.%5Dnp/wp-admin/includes/1/post.php

http://365itsos.com%5B.%5Dau/wp-admin/includes/rent.php

https://www.skyblue-network%5B.%5Dcom/wp-includes/images/go.php

https://www.kayakingfloridakeys%5B.%5Dcom/wp-admin/rent.php

https://easimedic%5B.%5Dcom/1/post.php

https://www.aascarrierinc%5B.%5Dcom/wp-includes/SimplePie/Decode/HTML/rest.php

HTML Phishing pages

SHA-1:

e76eb571068c195444d0e23cbdc35fba19a95e0c

9fc656e03703994d5f144457d020db5b06469abc

79d4464c7325feb38a02726b049d6cce3d747627

44c05f4b2bb0787a9c2fcf7c36e1dab457fbe370

c1ec15c712c29dcac08660fddb0da71e94b3d04a

4933bd2fa4c9a3ea30ac479a738ebcdfb488044f

d098f6473f2f6bfd8e3f2f14dd56adc969e76725

a8e817fa63fe2c5bf0273f63f2267b61ce89de72

37713a64ffd1b126f8a4809e94faf9cd72538974

53c4ccab781d93eb04ff5bcfc01321c11958816c

4f309c3a8d754a3fcdfed611e4f101e6b690ddd5

cccf673f3c9c02f5f9a21346cdc91f78d94c92b3

2ac423a86d94d82cc0ecc3c508aa7a90c27a4b9c

Turkish Airlines proud to receive “Diamond” status for health and safety review by APEX and SimpliFlying

Leave a comment

As the airline that flies to the most international destinations in the world, Turkish Airl  ines also managed to become one of the busiest airlines during the pandemic period that has been plaguing the globe since last year. With its extra guidelines for safe travel and comprehensive hygiene precautions due to pandemic, the flag carrier airline has been awarded the highest “Diamond” status by APEX (Airline Passenger Experience Association) Health Safety powered by SimpliFlying.

Analyzed in three categories named Gold, Platinum and Diamond according to the hygiene precautions and preventative measures taken by airlines in the face of the ongoing pandemic, the online audit was conducted with 10 categories and 75 touchpoints in mind as the answers about the health and hygiene precautions were entered with concrete indicators by the participants. Reviewed alongside other airlines, Turkish Airlines achieved the Diamond status which symbolizes the highest health and safety level, thus maintaining its unparalleled service approach and quality in these extraordinary times.

Meticulously implementing comprehensive precautions and newly developed changes since the start of the pandemic in order to continue providing a healthy and safe travel experience for its passengers, Turkish Airlines achieved the Diamond status with numerous criteria such as touch-free check-in process, implementation of social distancing, temperature measuring at entrances, Covid-19 test service at the airport, extra hygiene precautions, in-flight social distancing, hygiene expert cabin crews appointed in flights and hygiene kits offered to passengers.

As the pandemic and its effects are still present around the globe, the precautions may differ from time to time due to rapidly changing conditions. But since the fight against the pandemic requires continuity and commitment, the precautions and measures taken by the airlines in the report will be reviewed every three months to check on the continuity of their statuses.

On the results, Turkish Airlines Chairman of the Board and the Executive Committee, M. İlker Aycı stated: “We continue to meticulously implement the comprehensive hygiene precautions in order to ensure that our passengers can travel in health and safety during the pandemic. We provided comfort and reassurance for our passengers with our Hygiene Expert cabin crews appointed in our flights and hygiene kits offered to all of our passengers, along with all the precautions taken in airports and in our aircrafts. We are glad that our guidelines for safe travel have achieved the highest “Diamond” status. We will continue to work selflessly to provide the best possible travel experience for our passengers.”

In his statement on the matter APEX CEO Dr. Joe Leader said: “Turkish Airlines consistently has provided incredible passengers experience now topped by Diamond level certified, hospital-grade health safety for its customers. From the outset of the COVID-19 pandemic forward, Turkish Airlines has demonstrated a step-by-step customer health safety plan as expansive as its 127 country route-map.  APEX applauds the incredible commitment and diligence by Turkish Airlines for passenger safety worldwide.”

High Private Cloud Usage Sets Path for UAE’s Hybrid Cloud Migration

Leave a comment

Nutanix, Inc. (NASDAQ: NTNX) a leader in private cloud, hybrid, and multicloud computing has released an analysis of its third global Enterprise Cloud Index survey and research report,  showing how companies in the UAE compare with the rest of the world when it comes to hybrid cloud adoption. This year, survey respondents were also asked about the impact of the COVID-19 pandemic on current and future IT decisions and strategy. A key finding: hybrid cloud is still the frontrunner as the ideal IT infrastructure model (83% of respondents in the UAE think so, which is close to the global figure of 86%), and respondents running hybrid environments are more likely to plan to focus on strategic efforts and driving positive business impact.

The UAE is right in line with global averages for hybrid cloud adoption (just 10% penetration). However, they’re ahead of the game in their adoption of private cloud and multiple public cloud infrastructure services; the private and public clouds will eventually be integrated into the highly desirable hybrid cloud model.

Key findings:

  1. Respondents in the UAE currently run more private clouds (35%) than any other IT infrastructure model. Those from the UAE tied with Australia and Italy for having the largest penetration of private cloud of all ECI companies polled worldwide. Private cloud is a component of the emerging, highly flexible hybrid cloud model, which 83% of respondents in the UAE agreeing is the ideal IT operating model going forward. UAE appears to have done a reasonable job of paring down their use of legacy datacenter-only environments, reporting below-average penetration of 15% while the country is right in line with averages for hybrid cloud adoption (just 10% penetration).
  2. Over the next five years, respondents in the UAE plan to reduce all IT models in use except for hybrid cloud, which they expect to grow significantly. Hybrid cloud/ multi-cloud will account for 45% of new deployments in the same time frame.
  3. Security, privacy, and compliance strengths together represent the number one decision factor when considering new IT deployments. This was agreed by 26% of UAE respondents. Cost advantages ranked a distant second (13%); from there, respondents from the UAE were highly divided in their selections of the top IT deployment decision factor. More respondents from the UAE did report having to abide by executive-level mandates as their top criterion (9%) than average (2%).
  4. UAE IT pros are migrating to a hybrid cloud environment for better business outcomes, not just to save cost. UAE respondents cited better control of IT resource usage (65%), increased speed to deliver business needs (61%), and better support for remote working (61%) as their top motivators.
  5. Management tools that work across dissimilar cloud platforms are still maturing, and IT shops seek cross-platform cloud talent that’s currently challenging to find. More than a third of respondents from the UAE (35%) reported being short on the IT skills necessary to manage hybrid cloud environments, and over a fourth (29%) said they lacked skills in cloud-native and container technology, such as Kubernetes.
  6. The top reason that UAE respondents moved applications to a new environment involved concerns over security in the public cloud infrastructure (65%). The second most-often cited reason was to improve the speed of access to data (60%), a nod to the generally faster application response times of high-speed local-area networks compared to delay-sensitive wide-area networks used to reach the public cloud. In addition, significantly more respondents in the UAE than elsewhere cited having greater availability of IT skill sets on-prem (46%) as a reason to repatriate applications back to private datacenters. They also were far more bullish about avoiding vendor lock-in as a reason to keep apps on-prem.
  7. When asked where they plan to run applications in the new year 2021, respondents from the UAE were most optimistic about their intentions to host more applications in the private cloud (43%), surpassing the averages, while fewer than average said they’re likely to run more apps in a public cloud infrastructure. Slightly more than average said they intended to host more applications in on-premises datacenters (17%).
  8. The majority of UAE respondents (83%) said that the COVID-19 pandemic has caused IT to be viewed more strategically within their organizations. The pandemic has in many cases forced IT shops to turn to the cloud for readily available infrastructure that can accommodate larger numbers of work-from-home employees. Indeed, while more than a fourth of respondents from the UAE (28%) reported having no regular remote workforce one year ago, that number has plummeted to 4% since the rise of the pandemic.
  9. The COVID-19 pandemic generally drove new investments in cloud infrastructure and tools. 47% of UAE respondents reported making new investments in hybrid cloud and private cloud (41%), while 33% reported increased investments in public cloud infrastructure services because of the pandemic. Far fewer respondents from the UAE reported making no new infrastructure investments because of the pandemic (1%) than in other regions.

“It is a great sign that companies in the UAE have a healthy adoption of private cloud and multiple public cloud infrastructures. Both these components are a necessary step on the journey to a dominant hybrid cloud environment, as enterprises gain the right mix of management tools and skill sets to handle the job,” said Aaron White, Sr. Sales Director, METI at Nutanix. “The COVID-19 pandemic has influenced IT priorities. It moved many businesses’ IT focus from planned initiatives to remote infrastructure build outs to support home workers. However, in doing so, it has boosted cloud use, spurring the growth of underlying cloud infrastructure that’s essential to hybrid cloud plans and, more broadly, to corporate digital transformation initiatives.”

Editor’s note:

For the third consecutive year, Vanson Bourne conducted research on behalf of Nutanix, surveying 3,400 IT decision-makers around the world about where they’re running their business applications today, where they plan to run them in the future, what their cloud challenges are, and how their cloud initiatives stack up against other IT projects and priorities. The respondent base spanned multiple industries, business sizes, and the following geographies: the Americas; Europe, the Middle East, and Africa; and the Asia-Pacific and Japan region.

To learn more about the report and findings, please download the full third Nutanix Enterprise Cloud Index, here.

Will 2021 be a Better Year for the Channel than 2020?

Leave a comment

By: Chris Martin, EMEA and SAARC Channel Leader, A10 Networks

In the digitally accelerated COVID-19 environment of 2021 what are the top channel trends that organizations are facing? Here is my take on the channel’s outlook in 2021, and what we can expect to see in the year ahead.

Certainly, the experience of the first and now second lockdown, demonstrates how a gradual economic recovery hinges on a viable resolution to COVID-19, a vaccine, and the continued need for government intervention. The good news is that a vaccine is now being rolled out and that has certainly fueled hope that there will be some return to normality in 2021.

Expect a period of consolidation

Where the channel is concerned, over the next 12 months, we will see a period of consolidation and growth. Every vendor will be looking at how they have adapted their working practices, both internally and with partners, especially during the peak months of the COVID-19 pandemic. Applying these reflections and any learnings should make for a far less turbulent year in 2021. In fact, most organizations have accelerated their digital transformation plans, which has hopefully led to opportunity and growth for the channel.

However, partners may have seen revenue decrease in traditional, mainstream technology as business requirements change. Therefore, partners should focus on developing new technologies and solutions for their customers that are suitable for a completely different way of working, particularly as the pandemic is still very much an issue. Even with a vaccine on the horizon, the environment won’t change that quickly.

Therefore, where will the growth opportunities lie?

The key growth areas for the channel will be around helping customers with cloud migration and the adoption of 5G, including addressing concerns such as network security, IoT proliferation, and lack of agility and visibility throughout the IT infrastructure.

I believe we will see the scope of partnerships change and adapt as 5G brings innovation and access to new revenue streams. There will also be significant growth opportunities in vertical sectors. This will result in vendors focusing on those partners who have specialist skills in these areas, in order to help develop the best customer solutions.

Key technologies in demand

The technologies that will drive channel demand in the year ahead are those that ensure always-available application delivery and security, both on-premises and in the cloud. Enterprises will be looking for technology that enables seamless migration, both to the cloud and between cloud-native infrastructures and hybrid solutions.

Cybersecurity and defense solutions that protect customer networks from increasingly sophisticated attacks that threaten network availability will be in high demand. Likewise, the increased use of automation, AI/ML and DevOps tools that help to simplify IT operations will grow. Technology that helps to secure multi-generational networks throughout the transition to 5G and cloud-native architectures will also see growth. And finally, organizations will be looking for solutions that help protect their investments throughout the ongoing business/digital transformation process.

Naturally, as organizations shift to remote working environments, there will be an increase in using a hybrid approach; we will see a balance of traditional on-premises combined with the use of public cloud resources. The COVID-19 pandemic is a once-in-a-generation event that has been the catalyst for irreversible change; organizations will be exploring all avenues for how they can migrate a portion of their mission-critical data to cloud technologies. This will place additional emphasis on management across on-premises and cloud infrastructure and cybersecurity.

Challenges on the horizon

As I mentioned above, working practices have been irreversibly changed by the COVID-19 pandemic, with remote working set to be the norm in the future. This has, however, introduced an extended surface area for cyberattacks, which in turn makes cybersecurity a key concern for enterprises and a focus for the channel going forward.

What this means is that the enterprise perimeter has not only expanded but it has become much more distributed as many employees are no longer working inside the traditional network perimeter. Therefore, organizations need to reassess and rethink the way they defend their networks, users and data. Likewise, service providers will be experiencing increased demand to provide higher security and availability for their subscribers now that employees and children are working and schooling at home.

Unfortunately, there is not a one size fits all approach and this is where strong partner relationships are essential to find the best solution to fit the need. Some organizations will place the onus on scalability, flexibility, and an efficient multi-cloud transformation. On the other hand, some organizations will need advice on how they can make a smoother and more secure transition to a remote workforce.

Keeping businesses and people connected

As we begin the new year, businesses will be thinking about several key focus areas:

  •  Where can we make efficiency gains?
  • How can we manage costs?
  • How do we ensure that we invest in the right areas?
  • How can we automate more and reduce business risk?
  • How can we remain flexible and agile to change quickly when we need to?

The organizations that understand these challenges and are ready to capitalize on growth opportunities will be those who have already transitioned, or are in the process of, transitioning their businesses to remote operations.

However, there are many threats associated with moving to a distributed environment. These include extended or unplanned downtime, data breaches, and data loss, which can all cause reputational and financial harm. The channel is in the unique position of having access to the tools, people and support necessary to keep businesses, and more importantly, people, connected. Vendors that act as enablers for all channel parties to accelerate this shift will reap the rewards of a prosperous channel environment in 2021.

Jalabiyas – Epitome of Grandeur,Grace and Elegance

Leave a comment

No other garment symbolises the heritage of Arabian culture as much as Jalabiyas. The traditional Jalabiyas, hand-crafted by master artisans, trace their origin to ancient times and were loved and treasured by royalty.

The grandeur of the spectacular tunics has been documented and preserved by many historians and museums. It is perhaps the most enduring and iconic garment often passed down generations in a household. Exquisite weaves, rich fabrics, vibrant colours, intricate embroideries and frills were beautifully combined to create magnificent robes for every occasion. Over the years, adaptations of these full-length, flowing gowns spread from the Arab world to different parts of the world including Europe, Asia and Africa.

In 2003, Kashkha pioneered the concept of retailing affordable and stylish Jalabiyas and other modest dresses in Dubai. The label now boasts over 30 stores in all major shopping malls across the UAE, France, Singapore, Oman, Qatar, Malaysia, Indonesia, Djibouti, Morocco and Lebanon offering a stunning collection of Jalabiyas, Mukhawars, Hijabs, Modest Fashion, Nightwear and Maternity Wear.

According to the Kashkha Management, “The history of Jalabiyas is as fascinating as the garment itself. It is considered the pinnacle of grace and style, and rightly so. At Kashkha, while paying homage to centuries of tradition, our designs reflect modernity with simplicity. Echoing elegance and sophistication, our vast and varied collection of Jalabiyas offers women the perfect choice for any occasion from day to evening wear.”

The essence of a Jalabiya, which is a must-have outfit in an Arab woman’s wardrobe, is its versatility and timeless appeal. This famed and quintessential Arabic dress is as practical as it is regal. Kashkha is proud to celebrate that tradition by offering its customers a magnificent range of Jalabiyas defined by outstanding quality at unbeatable rates. There are many styles to choose  from, including the signature digital print Jalabiyas, in the splendid Autumn / Winter 2020 – 2021 Collection available both in-stores and online.

Kickstart the New Year with Healthy Skin, Hair and Nails with Medcoll & Amphis!

Leave a comment

We all dream of healthy hair, skin and nails and adding heavy creams and using topical products can help us achieve this result to some extent. That being said, we all know that beauty starts from the inside and in order to achieve the best results and maximise the overall health of our body, it’s advisable to combine our daily skincare, hair care and nail care regimen with reliable beauty supplements that will give our bodies the vitamins and nutrients that it needs. So, if improving your overall health and beauty is one of your New Year’s resolutions, here are two of the most effective beauty supplements in the market to help you achieve the hair, skin and nails of your dreams!

Amphis Hair & Nail Nutrients (AED 399 available from leading pharmacies in the UAE ) – Oral Liquid Sachets with Keratin Sea Mineral Complex™ 

Ampis contains specially selected species of sea-based plant packs, with each one of these extremely palatable sachets offering keratin-boosting nutrients that cannot be found in land dwelling plants. The nutrient-rich marine mineral base offers a powerful dose of calcium, iodine, magnesium, potassium and other phytonutrients to promote the growth of strong nails and lustrous hair. Amphis is sugar free, gluten free, paraben free, shellfish free, not tested on animals and certified for Halal & Kosher consumers.

Medcoll Bio (AED 299 available from leading pharmacies in the UAE) – 60 Oral Capsules for a one month supply

Medcoll is a powerful anti-aging supplement that consists of a certified patent complex which combines marine amino acid collagen pre-cursors that helps activate your body to create its own collagen. The potent supplement includes hyaluronic acid required by the body for the formation of collagen (collagen synthesis), and HA, along with a high load of anti-oxidants. It also contains a high dosage of vitamin C and helps protect collagen and elastin fibres from degradation and other potent anti-aging natural compounds.

Turkish Airlines launches “TK Extra Care”, a new hygiene programme with Dr. Oz.

Leave a comment

Turkish Airlines, flying to more countries than any other airline, launched a new hygiene programme “TK Extra Care”, which highlights new protective hygiene measures, in collaboration with the global carrier’s ambassador Dr. Mehmet Oz, the producer and host of the world-renowned “The Dr. Oz Show.”

The announcement of the new animated in-flight video comes at a time when health and safety is a top consideration on travelers’ checklists. Inspired by the airline’s ongoing dedication to its passengers’ well-being, the three-minute video follows Dr. Oz through the travel experience passengers should expect when flying with the global airline today. From the moment Dr. Oz checks-in for his flight to when he arrives at his destination, viewers will not only be reminded of the airline’s hygiene protocols necessary for a safe flying experience, but will have full assurance that Turkey’s flag carrier is enforcing a higher level of protection for every stage of the journey that goes above and beyond industry standards.  

Turkish Airlines puts passenger hygiene at the forefront, protecting its guests at each stage of the journey. In the three-minute animated video, Dr. Oz shows that from checking-in online and carrying only personal items in the cabin, passenger contact is reduced. Viewers learn that upon entering the airport, all passengers must wear a mask and are provided with hand disinfectant and body temperature screenings throughout the terminal. The video also highlights that Turkish Airlines has taken extra safety steps to ensure peace of mind, such as disinfecting luggage with a UV system and boarding passengers in smaller groups from the back of the plane to the front. Hygiene Experts are present on each flight to maintain a high health and safety level, while each passenger will receive a hygiene kit upon boarding.

Turkish Airlines Chairman of the Board and the Executive Committee, M. İlker Aycı commented on the video’s debut; There is no question that travelers around the world are facing an immense need for enforced safety measures and peace of mind while traveling. At Turkish Airlines, the hygiene standards for our passengers are our top priority and we offer the highest standards. These extra safety precautions have been introduced following the authorized committees’ evaluations and approvals. With the release of ‘TK Extra Care’, we are hopeful that viewers will recognize Turkish Airlines’ hard work and dedication in keeping both passengers and crews safe, and we are pleased to have Dr. Oz share our message with the world.”  

In June, with the resumption of services, Turkish Airlines announced new ‘Guidelines for Safe Travel,’ as well as two new in-flight services to protect the health of its guests. The airline continues to distribute “Hygiene Kits,” containing a face mask, disinfectant and antiseptic tissue to its guests, while “Hygiene Expert” cabin crews are appointed to flights to enforce all on-board hygiene and social distancing measures for the healthy travel of passengers.

Dr. Oz has been sharing his expertise with Turkish Airlines’ passengers since 2017, when the airline launched its “Fly Good Feel Good” project, created to provide an even more comfortable and healthy travel experience to its passengers.

The videos are also available in one-minute and 90-second versions featuring animation of Dr. Oz. To watch the full “TK Extra Care” video featuring Dr. Oz, please visit: https://www.youtube.com/watch?v=6vvaXwuRcN0  

Zain KSA accelerates the deployment of its second phase of 5G Network rollout throughout the Kingdom with Infovista

Leave a comment

Zain KSA, one of the leading telecom operators in the Middle East region and a prominent player in Saudi Arabia’s telecom space, is bringing unprecedented change to the Kingdom of Saudi Arabia with the deployment of its 5G network in its second phase using Infovista radio planning portfolio.

In line with Saudi Vision 2030 and in order to support the comprehensive digital transformation of the Kingdom, the plan for the spread and geographic expansion of Zain KSA’s 5G network aims to deliver the new 5G services to every corner and spot in Saudi Arabia and, therefore, to ensure that citizens and residents alike have access to the latest, most advanced and efficient internet services, which will undoubtedly reflect positively on the way they work and live.

Consequently, Zain KSA rolled out its 5G network in its first phase on Oct 2019, and was ranked first in its 5G rollout in the Kingdom, the Middle East, Europe, and Africa, and fourth globally. It is also recognized by ICT government authorities as the number one operator for covering all Saudi’s administrative regions, having the largest 5G reach within governorates, and covering to date 50 cities enabled by more than 4,700 towers.

This high level of commitment drove Zain KSA to select best of breed technologies. In order to optimize and roll-out its second phase of 5G network at a fast pace, where it selected Infovista, the leading provider of network planning, testing, performance and application control solutions for that mission.

Leveraging crowdsourced dataset, including a large volume of social media data, for traffic map creation, Infovista radio planning solution helped Zain KSA reach an unmatched level of accuracy when it comes to precise planning for densification in order to successfully introduce 5G in new cities of the Kingdom. As a result, Zain KSA maximized and accelerated the deployment of its innovative 5G network.

Eng. Abdulrahman Al-Mufadda, Chief Technology Officer at Zain KSA, said: “As we accelerate the rollout of 5G services in the country with new cities being covered, we want to ensure we deliver best-in-class experience in the location of our customers and to better serve them. As well as provide residents and citizens alike with tools for innovation and development that will benefit the diversification and the competitiveness of the national economy.”

Faiq Khan, managing director, East Europe, Asia and Africa at Infovista said: “We are committed to helping Zain KSA deliver in its second phase the incomparable 5G experience to its customers throughout the entire Kingdom. Our innovative, market-leading radio planning software and optimization solution aims to support the fast and complete deployment of Zain KSA’s 5G network as well as help Zain KSA in creating a paradigm shift in the telecommunications infrastructure by leveraging network automation capabilities.”

To reliably provide the best subscriber performance, capacity and coverage, Zain KSA benefits from the Infovista advanced End-to-End 5G planning capabilities, which covers radio to transmission in a synchronized and automated way.

Fortinet Extends Availability of Free Self-Paced NSE Cybersecurity Training Courses to Further Build Industry’s Workforce

Leave a comment

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced that all self-paced advanced security training courses will remain free beyond 2021. Fortinet is committed to developing a diverse cybersecurity workforce by continuing to offer free security training for anyone around the world.

Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet said,“With over 800,000 registrations for our free training offerings in 2020, it has become clear that Fortinet’s NSE training is fulfilling a huge need for all levels of security professionals. As such we are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse. Together with our ecosystem of academic and commercial training providers as well as government and NGO partnerships, we will continue  to provide the industry with a diverse, equitable and inclusive pipeline of security professionals.”

Fortinet’s free training initiative provides learners with the following:

  • Access to more than 30 free security courses: These courses are on topics ranging from secure SD-WAN to operational technology (OT) security to cloud security with more courses expected to be added throughout the year. Additionally, pre-recorded lab demos by cybersecurity experts are available for on-demand viewing.

  • Preparation for NSE Certification exams: Most of the free courses are from the official curriculum for the Fortinet NSE Certification Program. Fortinet’s Certification Program is an eight-level program that has issued more than half a million certifications.
  • Continuing professional credits: Through a partnership with (ISC)2, individuals can use their free training completion – as well as any NSE training course – to gain Continuing Professional Education (CPE) credits for CISSP and other (ISC)2 designations. Learners earn one credit for every hour of NSE Training Institute training they do with Fortinet.

Increasing Access to Cybersecurity Knowledge

As the pandemic led to the exponential increase of teleworkers, the need for securing remote networks and users became a top priority for organizations. IT teams already challenged with finding security professionals due to the skills gap were faced with an even greater need for expertise to securely transition to a remote workforce.

One way Fortinet responded to this need was by opening its entire Network Security Expert (NSE) Training Institute catalogue of self-paced courses free of charge in April 2020. In doing so, Fortinet provided IT and security professionals the opportunity to learn new skills, reskill or upskill their security knowledge. Since opening these courses to the public, there have been more than 800,000 registrations. Through the course of the year, Fortinet saw an increase in registrations for its cyber awareness training – consisting of the NSE Certification Program’s training levels 1-3 – its mid-levels 4-6 designed for a technical audience and levels 7-8 for advanced expertise.

As the need for enterprise-wide cybersecurity awareness has become such a critical priority for so many organizations, Fortinet also introduced the free Information Security Awareness and Training service. The service leverages the NSE level 1 training and packages it together with a library of awareness assets and administration tools. The service provides organizations with a low barrier, zero cost solution to get started on an enterprise-wide cybersecurity awareness program for all employees. 

A More Diverse and Inclusive Cyber Workforce of the Future

NSE Training Institute partners with global leaders like the World Economic Forum, academic institutions and nonprofits to deliver cyber training to students, veterans, women, minorities and other untapped resources. NSE Training Institute’s extensive ecosystem of public and private partnerships further enables Fortinet to address the skills gap by increasing the access and reach of its award-winning NSE training curriculum.