Synergy Software Systems

Synergy MMS- for hotels – updated 3.6.0 released!

September 14th, 2015 by Stephen Jones No comments »

SAI has completed the update for all properties using SynergyMMS.
Some of the changes incorporated into this update.

Duplicate checking now allows checking based on completed work request.

New Languages for the Desktop and Voice:
Japanese
Portuguese
New Language for Voice only:
Greek
.
Pooling
Manage Pools easier – Review the Pools based on Outputs and or MOD’s. You can now find all the Pools that an Output is used in by the click of a button.

Work Request
Receipts – Return receipt sent to the person who created the work request, upon completion. Never wonder if your work got done. Simply setup an Email address in the Employees area for the team members then they can choose per work request if they want to get a receipt or not when the work is complete.

See the Pool and the Output – The Dispatches tab now shows not only the output the work request is delivered to, but also the pool that that output is in.

Custom Views now show not just PM, but PM Generator vs PM on Demand.

Dispatching
Cancel Dispatch – Users with modify pooling rights are able to cancel an in progress work request. This means further delivery to the pool and or escalation will not happen. A new status symbol is then displayed.

Override Auto-Dispatch – Users with modify pooling rights allowed now have the ability to ‘NOT’ dispatch when in

In some cases Trade pools were evaluated not taking their time in account. We now evaluate the pool as a whole (Trade, Day and time) and if the work request doesn’t fit then it would look for Department pools to fit.

Preventive Maintenance
Grouping – Group PM’s to generate together (Simultaneously) or after completion of one (Sequentially). Group one or more PM’s to trigger generation at the same time as a parent, or after the parent is completed. Also easily review the grouped PM’s.

PM on Demand – SynergyMMS now shows the Check out date where interfaced to a PMS. This makes it easy to generate PM’s based on availability of the room.

Reports
Occupancy is now included on the Morning report. It is also retained for historical purposes.
Favorite Report Names are now longer. SynergyMMS now allows you 100 characters to name your reports and make these more meaningful.

Chinese text is displayed correctly for reports.

PerfectRoomIVR (only)
SynergyMMS automatically calculates and assigns rooms to Guest Room Attendants (GRA) based on credits and types of rooms. This allows for 75% of the process to happen with no user interaction beyond the click of a single button. Use the new IVR interface to receive assignments, complete service and update room status via any house phone. A printable list of assignment is also available for each GRA.

No comments »

Posted in General Synergy News, Hospitality, Sunsystems and Vision, Technology

Dynamics CRM 2016 – ask Synergy Software Systems

September 13th, 2015 by Stephen Jones No comments »

Microsoft Corp. (Nasdaq “MSFT”) last week unveiled the new capabilities it will deliver later this calendar year with Microsoft Dynamics CRM 2016, the latest release of its customer engagement solution.

The most comprehensive upgrade ever for Dynamics CRM includes advancements in intelligence, mobility and service, with significant productivity enhancements to help businesses and workers achieve more.

The new enhancements will increase productivity for organizations by:
– providing a simple and seamless experience across their Dynamics CRM application
– and across their productivity applications like email, Excel, OneDrive for Business for easier task management,
– and an enhanced mobile experience for the worker on the go,
– and enriched data and analytics,

“Microsoft’s obsession with customer success is rooted in our ambition to reinvent productivity and business processes,” said Bob Stutz, corporate vice president, Microsoft Dynamics CRM. “Dynamics CRM 2016 is designed from the ground up to deliver core capabilities all in a single system to eliminate distractions, to make it easier to get things done, and to dramatically increase productivity so our customers can spend more time serving their customers.”

According to the Journal of Experimental Psychology, every time a user switches programs or applications, there is a 40 percent reduction in productivity.

Microsoft has taken this issue head-on in the new release with a design principle that allows organizations to manage their customer-facing activities in a single experience, with no need to export or switch, drastically reducing the time to completion and saving time by automating fundamental tasks.

Through an enhanced Excel experience within Dynamics CRM, complete with new Excel templates for various tasks, functions and scenarios, users can now efficiently toggle between functions as opposed to time-consuming and complex exporting, enabling them to augment their customer processes with simple, familiar analysis within their CRM experience.

Organizations will also have access to their documents within Dynamics CRM via integration with OneDrive for Business and new document generation capabilities.

The Microsoft Dynamics CRM 2016 release also introduces Delve functionality into the application.

Powered by Office Graph, Delve helps users increase productivity by surfacing key content — enabling salespeople to discover information that may help them with their opportunity or account, such as popular sales presentations and proposals.

Turning data into intelligent action is a cornerstone of business transformation and productivity, and the new Dynamics CRM release includes data management and advanced analytics capabilities powered by Cortana Analytics Suite.

This includes Azure Machine Learning that can enable business insights so that sales reps are able to predict their customers’ needs.

Mobility is core to productivity, and the next version of Dynamics CRM will provide full offline capabilities for sales and service professionals on phones and tablets and across all major mobile platforms (Android, iOS and Windows).

The release also introduces the ability to create task-centered mobile apps to streamline the completion of sales-related activities on the go; and next-generation Cortana integration to surface: core deals, accounts and activities within the personal assistant.

Customer service is a critical element of any customer engagement strategy. The next version of Dynamics CRM delivers an end-to-end solution for customer service across self-service, assisted service and field service to close the customer relationship loop.

Proven success in sales productivity

Last year, Microsoft launched sales productivity promotional offers (Sales Productivity, Connect with Customers, and Connected Cloud promotions) to make it easy for organizations to reap the benefits of productivity and intelligence in a single offering through Dynamics CRM Online, Power BI and Office 365. This solution will continue to be available for purchase as a discounted programmatic offer.

The company will offer these comprehensive services aligned to a new sales and pricing model, via the Dynamics CRM Online Professional Add On to Office 365 beginning in October.

The sales productivity offering has proved to be very popular with businesses which cite its success in breaking down silos, and the increased collaboration that leads to increased revenue, and the personalization that helps to differentiate from competition, to help in growing both the business, and retaining loyal customers.

“We want to be a better company, a stronger company, and, of course, a larger company,” said David Goff, sales & marketing manager at O’Neal Steel. “Microsoft Dynamics CRM Online and Office 365 are helping us maintain our focus on service as our business grows. When our customers need something, they know the person to call; and when they call that salesperson, they know they’re going to get accurate and timely information.”

The company this week will post the Dynamics CRM Release Preview Guide, which outlines all the advancements, features and capabilities in Dynamics CRM 2016… The company will announce additional details related to advancements made in the areas of mobility, intelligence and service in the coming weeks leading up to the availability of the update.

The company is also expected to bring the field-service capabilities it acquired when it bought FieldOne this past July together with the knowledge management and self-service capabilities it has added to its CRM family via it 2014 Parature acquisition.

No comments »

Posted in Microsoft Dynamics CRM

AX 2009 SP1 is now supported for SQL Server 2008 R2 SP3.

September 12th, 2015 by Stephen Jones 2 comments »

AX 2009 SP1 is now compatible with SQL Server 2008 R2 SP3.

(also please note that SQL2008 SP3 support ends 13-Oct-2015 and Sp4 is not yet officially added to the Dynamics Ax system requirements documentation as supported -see http://www.microsoft.com/en-us/download/confirmation.aspx?id=26568)

2 comments »

Posted in Microsoft, Microsoft Dynamics Ax

Prepare for Ax 7 – ask Synergy Software Systems, Dubai

September 6th, 2015 by Stephen Jones 6 comments »

Microsoft is number four and the biggest R & D spender as reported in Fortune magazine’s November 2014 article ‘The Biggest R & D Spenders Worldwide’. This amounts to 10.4 billion dollars annually. . Microsoft employs over 1,000 doctorate holding researchers and countless developers and thus Microsoft is constantly improving their products to help companies drive more business value by running processes efficiently, managing change easily, and competing globally. In the context of enterprise resource planning, Dynamics AX is considered the flagship of the Microsoft Dynamics family.
Microsoft Dynamics AX 7 (also known as “Rainier”) will be released by the end of 2015, and the release will bring a change in paradigm from on-premises hosting to the cloud. The product strategy followed for Microsoft Dynamics AX 7 will be mobile first – cloud first.
• Mobile first – the new enhancements ensure that the application experience, regardless of the device platform it’s accessed on, remains the same for the user.
• Cloud first – is focused on AX 7’s new optimized platform which is suitable for both public and private cloud deployments with a “what you need, when you need it” approach on Windows Azure.
Now that we’re in the second half of the year, it’s the right time to start thinking about how to prepare for this new version.
How you should prepare for AX 7 depends on from where you are starting – whether you are currently an AX R3 user, an AX user on an older version, or are not an AX user but are thinking of implementing in the near future.
Scenario 1: You are an AX 2012 R3 user.
You can upgrade to AX 7! There are several things to consider: upgrade needs, cost, and cloud readiness.
Implementation: Right now, your AX ERP is hosted on-premises on your server. If you stay on premise then you may need to update your server, and your operating system, database version, bowser etc. As you use more of the software and move to later versions then the underlying platform also has to be considered. For many that is a reasons to move to the cloud. Should your company’s data need to be migrated to the cloud then all applications and customizations will also need to shift to the cloud.
So consider which applications and third party solutions are already integrated with AX.
Understand how you will connect those applications with your cloud AX and whether they are compatible with the latest releases of operating system, database , browser etc.

Selecting the right partner who can help move the existing application and customize from on-premises to cloud is critical. The upgrade process will take a few months.

As an R3 user, you paid a one-time license fee and pay an annual BREP as % of the license value you have purchased for on-going software enhancement. Going forward, you will have subscription-based user licenses for cloud access. For many industries this will offer advantages for several reasons. If your business is seasonal, and you have high users for only a few months, then there is no need to pay for the entire year anymore. For example ice cream and cold drinks in the summer, harvest time, retail Christmas sales, or Thanksgiving Eve and Super Bowl Sunday. It doesn’t make sense to purchase a huge number of servers just for two days’ worth of traffic. But with everything on the cloud, such companies can pay for just what they need when they need. The same holds true as you scale up and down for any reason.
Some users will have intense data processing perhaps only at month end- whether for reforecasting, scheduling, budget updates, month end close, consolidation, BI etc. However through the month there may be a more even workload.

Cloud Readiness: If you are a global AX user, identify where your AX 7 access will occur. You can purchase more than one access point to avoid any time delays or access issues. You should also review infrastructure needs. If you have a large number of users that you think will be on the ERP, then you may need to increase infrastructure bandwidth for speed and data usage, to connect to the cloud. The bottom line for R3 users is that you are well-positioned for an AX 7 upgrade, as long as you pay attention to a few issues along the way. The first of which is to get upgraded to CU or 9. The second is to ensure you have configured the new Warehouse module correctly. The third is to understand the license changes.

Scenario 2: You are an AX user, but do not have R3.
If you have not upgraded to or implemented AX 2012 R3, then you cannot go to AX 7 right away. The first step is to upgrade your current system, whether it’s AX 2009 or AX 2012 R2, to AX 2012 R3. Depending on which AX version you currently have, and how complex your system is, there will be different timeline implications.
You will also need to pay for the upgrade work and to consider your own testing time. Once all of this is complete, you’ll find yourself in “Scenario 1” and migration to AX 7 can happen immediately after.
However for many customers a reimplementation will be a better option – faster, cheaper and less business disruption because they can then take advantage of new features without being constrained by legacy data. For example the new COA dimensions at Ax 2012 may lead you to change your COA structure for enhanced analysis and reporting. In a new implementation that change will new straightforward, however if you want to migrate legacy data then the task will be significantly more complex and costly and will take at least 2 to 3 times as long. To validate and reconcile the data conversions

Licensing
An important consideration is licensing. In older versions many modules had to be purchased separately, and user licenses were concurrent. At Ax 2012 all modules are provided within one AOS license. Ax 2012 and Ax 7 are both licensed as named users. There are different levels of user at Ax 2012. License type needed is based on system use and is tied to role based security and actual tasks undertaken. Microsoft licensing does not restrict your use or the number of users-which gives flexibility if users adopt more functionality over time. However, you are expected to pay for what you use and to update your license when needed and Microsoft like other erp vendors has the right to audit the use of its licensed software and to require that you become compliant. This is similar to the approach adopted for other Microsoft products like SQl for those on an EA (Enterprise Agreement). It is likely that at Ax 7 Microsoft will further align licensing of its solutions and introduce the option of Ax 7 on azure within a package of e.g, Office 365, Exchange, ADFS, CRM, Skype Business etc..

Scenario 3: You are evaluating ERPs but currently are not an AX user.
Whether you have another ERP, are planning to implement an ERP for the first time, or want to go from NAV or GP or other ERP system to AX, then you can consider going straight to the cloud and AX 7.
Identify a proven implementation partner and complete the usual business process study, fit-gap analysis, and lay down the implementation blueprint. It’s also worth doing a price comparison of the price per user per month cost of SAP, Oracle, or any other ERP vs AX 7. Understand what the price covers, and consider how a fully cloud-hosted solution will work to your advantage. Even if your current ERP is on the cloud, inquire where it is hosted and how efficient is the hosted solution. Bear in mind your initial usage, (and thus the cloud resources needed), while loading data will be quite different than when there are active users and live transactions and processes like payroll or mrp, or month end, or BI and it may take a year or more to ramp up to full system use for a multi-site operation. ‘
A question that people evaluating Microsoft Dynamics ERP often ask is, “How many companies are using Microsoft Dynamics?” These are the recently updated numbers from Convergence 2015 provided by Jim Desler, Director, Corporate Communications at Microsoft.
2015 Breakdown of the Microsoft Dynamics customer numbers worldwide by product:
Microsoft Dynamics® AX 20,000 companies
Microsoft Dynamics® GP 47,000 companies
Microsoft Dynamics® NAV 110,000 companies
Microsoft Dynamics® SL 13,500 companies
Microsoft Dynamics® CRM 40,000+ companies 4.4 million users
Also:
Microsoft Dynamics Retail: 46,500
Microsoft Dynamics C5: 85,000
Microsoft XAL,C4/Apertum: 30,000

Cloud or on premise?‘
When you estimate the sizing and costs, consider how many backs up you will take? Don’t forget the need for separate development test /training environments, and maybe to run both old and new versions during upgrade. If you want your implementation partner to access your system for data load, or for support, then also consider the cost of those licenses. The different environment may have different sizing and user numbers.
As you can see, dependent upon which category you find yourself in, there will be different ways to prepare for the AX 7 release, which will be initially offered on the Azure cloud, and with an on-premises version offered shortly after.

Also keep in mind that AX 7 is a new product release; as with any new release, there may be some initial issues. The issues will definitely get resolved, but for some may make sense to plan to go live a little later. One reason for this is that the Microsoft road map indicates there some features that may not be available in the initial release so it depends whether those features are needed. The fewer the modules you use, and the more standard i.e out of the box your system the sooner you can plan to move to Ax 7. For many customers on legacy versions they may find that complex customisations are no longer needed because of the significant product enhancements introduced at Ax 2012, and Ax 7.For others those new features may be a compelling reason to reimplement.

Whether or not to go on premise or on the cloud again has many pros and cons depending on the company. The cloud can reduce initial cash flow and investment and lead to faster deployment. Whether a company has a large IT department, or finds it difficult to recruit and retain such resources, and whether it has multiple interfaces to other solutions, or whether it uses Office 365 will influence the technical decision.

For example a company with a mobile workforce e.g. one that does international contracts may value the new web client for ‘anytime anywhere/ access more than any other feature. If internet connections are a problem in the country where the company operates, then on-premise may be a more sensible option.
Whether to move to the cloud is often seen as a cost or a cash flow issue. This will make sense for many however this is not so clear cut an assessment as it may seem. More important is the management philosophy of whether they want to vertically integrate operations, and see IT as a strategic competitive weapon, or whether they want to outsource back office functions to concentrate on the core business.

Knowing how to prepare for the soon-to-be-released AX 7 will help plan and make the upgrade or implementation a much smoother process. Besides the points stated above, how else are you preparing for AX 7? Do you have any other questions about what it will take to get ready, either from a technology or business point of view?
Budget now and take time to understand the issues and to evaluate and to plan appropriately.

6 comments »

Posted in Microsoft, Microsoft Dynamics Ax, Technology

Dynamics Ax 7 Preview

August 28th, 2015 by Stephen Jones No comments »

Dynamics AX 7 will be accessible through a web-based client instead of a Windows desktop client. This means any shared in user will be able to access the Dynamics database through a basic web browser instead of needing to install customised applications on every system and device. Thus Web-based clients allow anyone in any location to access the different Dynamics modules. Having common web-based clients can improve productivity and facilitate business-wide collaboration on projects online regardless of location.
Access the client, anytime, anywhere and only one development UI to manage.
The user experience in Dynamics AX 7 is based on the same framework used in Windows 8, and being improved upon in Windows 10. This interface uses the hypertext markup language version 5 (HTML5) as a base. The HTML5 interface is designed to be lightweight and intuitive. It is context sensitive and the AX redesign is a dramatic departure from the normally bland windows and menus that have been found in previous versions of Dynamics AX. The new environment brings Dynamics in line with many other current Microsoft products. It will also make it easier to use Dynamics on mobile devices without a mouse or keyboard.

Following the pattern that has been adopted by many other cloud-first software developers, Microsoft will end version-based releases of Dynamics similar to what was done with Office 365. Replacing the strict versioning system will be an approach based on the deployment platform. Each Dynamics platform will receive updates whenever necessary instead of re-releasing the entire software suite. This will make it easier to stay current since compatibility problems will no longer be an issue with incremental upgrades.

Some of the new features that catch our eye:

Financial management.

1. Ability to export account structures to Excel
2. Functionality to view ledgers and advanced rule structures that are affiliated with a particular account structure on a single view
3. Ability to filter Management Reporter reports based on dimension, attributes, dates and scenarios (this is within report viewer instead of exclusively in report designer)
4. New functionality to manage budget vs. actuals and create ledger forecasts
5. Capability to create an unlimited number of layouts for budget plans and forecasts
6. Print the Vendor Invoice Transactions report with information from the Detailed Due Day List which includes the days past due.

Human capital management.

1. Ability to transfer skills and certificates to employees that have completed a course and/or class
2. Increased efficiency for verifying employment
3. New functionality to enable employees (and their managers) to edit their own personal information within the system
4. Encrypt ID numbers (SSN) for more secure data
5. Capability to view date effective timeline changes
6. Employee and Contractor lists are automatically filtered by the company you’re logged into.

Warehouse
The Warehouse management module released in AX 2012 R3, in CU8 and CU9, including planned enhancements, will replace the current Warehouse management II features. The new module has more advanced features and flexible warehouse management processes than those offered in the Warehouse management II features

There are some features that may not make it to the first release (e.g. support right to left Arabic text) so discuss with us before deciding on whether to go with Ax 2012 R3 CU9 or Ax7 or when to upgrade).

Note: to upgrade to Ax 7 your should be at Ax 2012 R3 CU8 or later.
(For many a reimplementation will be faster, less disruptive and more cost effective but you need to think ahead. Migrating history data seldom makes sense in practice- he pain of doing without it is usually shorter than the time to migrate! and the effort and cost is better invested into the new system.)

No comments »

Posted in Microsoft Dynamics Ax

Windows 10 – WaaS – Windows as a Service

August 24th, 2015 by Stephen Jones No comments »

Windows 10 Pro and Enterprise editions have a new upgrade delivery method called Windows as a Service, and the inclusion of Microsoft Desktop Optimization Pack (MDOP) as an SA benefit.
Windows as a Service acts as the transition from periodic major releases to continual updates, and it gives enterprise organizations added flexibility in how they update user devices.

Microsoft has three methods by which customers can receive updates:
1.Current Branch: Updates will stream to devices, akin to the present Windows Update. However, Current Branch users cannot delay updates.
2. Current Branch for Business: This model regularly delivers security updates, and it permits update deferrals for eight months, giving IT the chance to install updates after broad preview validation. Business customers can start testing as soon as preview features are released via the Windows Insider Program.
3. Long-Term Servicing Branch (LTSB): Under this more traditional model, security updates and fixes are delivered regularly, and organizations will be able to update at a service pack-level pace.

Windows 10 gives customers several options to manage delivery of updates based on their needs.
For example, Windows 10 Enterprise includes LTSB, which caters to devices with strict change management policies where only security and critical updates are required and feature updates are not delivered. Customers that purchase the Enterprise edition can add SA coverage to gain access to Current Branch and Current Branch for Business, along with the ability to deliver new feature updates after increased assurance of validation. On the other hand,
Windows 10 Professional only includes Current Branch and Current Branch for Business.
Windows 10 Education Current Branch and Current Branch for Business is available to active SA customers.

It’s important that customers understand the delivery method included in each Windows 10 edition, so that they can license Windows based on how they want updates to be delivered to end-user devices.

What in the SA coverage?

MDOP was a subscription license a customer needed to buy in addition to SA to take advantage of a suite of technologies that personalize the user experience, simplify application deployment, improve application compatibility, and assist in management and device security. With the release of Windows 10, MDOP is now included through SA coverage.
Customers interested in MDOP can purchase the Windows 10 Enterprise Edition with SA to receive this benefit.
Organizations renewing SA, through either the Enterprise Cloud Suite or Windows Enterprise, need to plan for a price increase due to the inclusion of the MDOP technologies.

On Aug. 17, Microsoft released MDOP 2015 with complete support for Windows 10, and it is now available for download for volume licensing customers (as well as MSDN subscribers). Microsoft has more details on enhancements to the MDOP suite.

In addition, Microsoft has published Windows 10 content to help organizations with planning and deploying Windows 10. Those resources include: technical demos, IT Pro FAQ and forums, system requirements, and details on key features.

No comments »

Posted in Microsoft, Technology

Mobile malware coming your way every day

August 24th, 2015 by Stephen Jones No comments »

This is a summary of a blog post by Michael Canavan is the Vice President, Sales Engineering, Kaspersky Lab North America
That I feel is important enough to share.

Malware is a threat to all platforms not just to Windows devices.
The more popular the O/s the more it is targeted , and the more vulnerabilities are found.
Smartphones connect us with social media accounts, banking services, and retailers.
The important question for a mobile device is not just whether its operating system is secure, but whether it has an effective security patching strategy for when (not if) the latest malware eludes a device’s safeguards.
The mobile device market is dominated by two operating systems.
Android owned 81.5 percent of the market in 2014, compared to 14.8 percent for iOS
However, only Apple can patch its mobile operating system similar to the way desktop OS manufacturers patch security holes and shortcomings.
Android’s openness is a strength, but is also its greatest security weakness – Google doesn’t have the last say when distributing security updates and patches – the OEMs and service providers hold that power. Google is virtually powerless to stop malware from compromising an Android device, unless the program comes through the Play Store.
Controls that block the installation of unknown, third-party software are easily circumvented, which an easy means of attack for cybercriminals.
Mobile malware — 99 percent in fact —mainly targets Android devices.
The number and kinds of attacks of mobile malware are growing at a staggering pace,
In 2014, the number of mobile malware attacks against Android more than quadrupled, affecting about one in five Android devices.
When you consider that mobile devices now often store critical information – credit card numbers, online banking logins, etc. – and are more vulnerable to a host of attacks, it’s critical to defend devices against malware. Most users don’t get updates in time, or at all.
Users are installing unknown, third-party software and no controls (e.g., security software) in place to detect malicious apps or activity.
Complicating matters is Apple’s controls for iOS. It’s true that software sources are more tightly controlled through the App Store, but protection software is banned, and it’s unclear how often iOS devices are compromised.

In these days of BYOD this raises questions for the safety of your corporate systems.
If the mobile devices are provided by your company the you can restrict what is loaded by whom, enforce patching, control what sites are accesses us etc.
Ask us about mobile device management.

No comments »

Posted in Technology

Martyr’s Day – new U.A.E. public holiday

August 19th, 2015 by Stephen Jones No comments »

UAE President Sheikh Khalifa bin Zayed Al Nahyan announced on Wednesday that November 30 will be observed as in memory of those who have died while serving their country.

The President also ordered that this national event be declared a public holiday.He added that national ceremonies and events will be organised where all state institutions, nationals and non-nationals will be engaged to promote, mark and remember the values of sacrifice, dedication and loyalty.

In a statement c, Sheikh Khalifa said the day is ” tin ribute to the sacrifices offered by the nation’s martyrs and its loyal people, who offered their lives so as to keep the UAE flag flying aloft while they were performing their national duties within and outside the country, in civilian, military and humanitarian fields”.

No comments »

Posted in Dubai and regional news

Windows 10 Introduction

August 12th, 2015 by Stephen Jones No comments »

No comments »

Posted in Microsoft, Uncategorized

Security – major threats revealed – August 2015

August 8th, 2015 by Stephen Jones No comments »

A major vulnerability plaguing Firefox has Mozilla warning users to update the Web browser to Firefox 39.0.3 to fix the vulnerability The browser is set to automatically update by default, but users should manually check to ensure that the update has indeed gone through.
An advertisement on a news Web site in Russia was offering an exploit for the browser that searched for specific, sensitive files, before uploading those to a server that appeared to be located in the Ukraine.
The vulnerability allows hackers to violate the browser’s same origin policy and inject script into a non-privileged part of Firefox’s built-in PDF viewer. Same origin is a security practice in which a Web browser allows scripts running from one Web page to access data from a second one, if both pages are from the same origin. The bug allows an attacker to read and steal sensitive local files on the victim’s computer.
Mozilla said that since the vulnerability is specific to its PDF Viewer, versions of the browser that do not contain the PDF Viewer, such as Firefox for Android, are not at risk.
The company said that the exploit leaves no trace of itself on the local machine, making it difficult for users to know if their files had been compromised. Mozilla urged users running Firefox on Windows and Linux systems to change any passwords and keys for programs targeted by the exploit. Mac users were not vulnerable to the particular exploit found in the wild, but would be vulnerable if another hacker designed a payload targeting Macs.

Firefox users on Windows machines should change the passwords for the following files: subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.

Linux users, meanwhile, should change passwords associated with global configuration files such as /etc/passwd, user directories including .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts

Before the dust has had a chance to settle on one major security flaw uncovered in the Android mobile operating system, a second massive vulnerability — dubbed “Certifi-gate” — has burst onto the scene.
The new vulnerability can allow attackers to “gain unrestricted device access, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and more,” according to Check Point. The problem cannot be completely fixed with a patch.

Check Point has a scanner app that Android users can download from the Google Play Store and run to determine whether their devices are vulnerable. The Certifi-gate vulnerability allows applications to gain illegitimate privileged access rights that are normally used to support remote applications, according to Check Point. Those applications might have come pre-installed on the device, or been intentionally downloaded by the user, but currently there is no way in Android to revoke the certificates that allow those privileged permissions.

This latest flaw “affects hundreds of millions of Android devices, as most popular OEMs (original equipment manufacturers) have collaborated with these vendors. The same scale applies to the previously disclosed Stagefright vulnerability, which potentially affects 95 percent — about 950 million — of Android devices.

Google, Samsung and LG this week said they would start providing more frequent — about once a month — security updates for their Android devices. Google’s own Nexus devices are not affected, nor has the company seen any attempts to exploit the vulnerability.

Apple users have largely skirted the bugs, viruses and other malicious software that plague Microsoft Windows and Google’s Android. But this flaw in Apple’s OS X is serious enough to sound the alarm.
German security researcher Stefan Esser published details about a zero-day vulnerability in OS X without telling Apple first and hackers moved quickly to exploit the flaw. It’s an adware installer that actually modifies a file that controls who can run what commands on a machine while Thomas was testing it.

The Sudoers File

The sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.

The worse part is that Apple has reportedly known about the zero-day vulnerability for quite some time because another security researcher had disclosed it previously.
There is no good way to protect yourself, short of installing Esser’s software to protect against the very flaw that he released into the hands of hackers worldwide, which introduces some serious questions about ethics and conflict of interest.
Another Apple bug, Thunderstrike 2, which will be revealed at Black Hat security conference in Las Vegas this week, is more concerning. That’s because firmware bugs can cause lots of headaches for both regular users and advanced users and are almost always harder to eradicate than any other bug.

A massive hack infiltrated Yahoo’s ad network for at least seven days, according to Malwarebytes’ official security blog- this anti-malware security company, discovered the attack and immediately notified the search company. With more than 6.9 billion visitors to Yahoo’s Web site every month, the attack, which began on July 28, constitutes one of the farthest reaching malware attacks ever recorded.
The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.

Malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.
Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.

The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of this year, registering a 260 percent increase over the same period in 2014,

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on Web sites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

“This machine-to-machine ecosystem has also created opportunities for cybercriminals to exploit display advertising to distribute malware,” according to the company. “For example, malicious code can be hidden within an ad, executables can be embedded on a Web page, or bundled within software downloads.”