Putting wall art is often the last choice for many in doing their interior design, but on this post, Devin Fitzpatrick Art Consultants names wall art as one of the priorities. Here are some good thoughts about choosing a wall art that can suit your current space and provide a more harmonious feeling to your house:

Firstly, choose a wall art that you love and have a genuine appreciation for it, and that art piece could be a stimulus in determining your room’s color palette. Knowing the color palette of your interior design often takes a lot of time because you’re having a hard time deciding, so with something to derive your color palette on, things will then get easier. Choose at least two or three shades from the wall art and select the dominant color and other shades that you would like to make as accents.

Put items in your room that match to those colors. You can use mobile applications that can help you identify the corresponding shades of paint to specific colors. And if you seek more professional approach, contact a good art consultant like Devin Fitzpatrick Art Consultants.

Secondly, a wall art can fill the position of the “central point” of a room. When you enter a room, there’s an element that will draw you into its presence, and a wall art can be that design element. It can be the main focus of the entire room or a huge space. But remember its size also holds huge importance and if it is too big or too small, it might not bring a good feeling to your visitors, so you must determine the right measurements first.

Thirdly, a wall art can bring out the sense of texture. You can also put different forms of art to help provide a varying sense of texture to particular room space. In order to have more depth to a room, consider adding sculptures or shadow boxes in your interior design. You can be certain of more visual weight to your interiors with those extra bits of texture.

Lastly, putting a wall art can also provide a feeling of completion. This piece of art can pull a space together and make it feel complete. Choose a wall art that could blend beautifully to your chosen decorating style for your interior.

Having the chance to decorate a room gives an exciting feeling, but you better remember that above that anticipation, you should not forget about the good role a wall art can give. If properly done, wall hangings can bring a good framework in your house, and as mentioned before, it can be a focal point in planning the rest of the elements to be used in a room. Art is such a good topic, discuss your art thoughts with Devin Fitzpatrick Art Consultants and gather more expert advice.

Microsoft claims it has patched most of the exploited bugs

Updated The Shadow Brokers have leaked more hacking tools stolen from the NSA's Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8.

The toolkit puts into anyone's hands – from moronic script kiddies to hardened crims – highly classified nation-state-level weaponry that can potentially compromise and commandeer systems around the world. This is the same powerful toolkit Uncle Sam used once upon a time to hack into and secretly snoop on foreign governments, telcos, banks, and other organizations.

The files range from Microsoft Windows exploits to tools for monitoring SWIFT interbank payments. Ongoing analysis of the leaked documents and executables has revealed Cisco firewalls and VPN gateways are also targets.

The Shadow Brokers tried auctioning off the stolen cyber-weapons to the highest bidder, but when that sale flopped with no buyers, the team started releasing the gear online for free anyway.

"The shadow brokers not wanting going there. Is being too bad nobody deciding to be paying the shadow brokers for just to shut up and going away," the group said in a typically garbled blog post.

"The Shadow Brokers rather being getting drunk with McAfee on desert island with hot babes. Maybe if all surviving WWIII the shadow brokers are seeing you next week. Who knows what we having next time?"

For IT managers and normal folks, the Windows-hacking arsenal, which dates to around mid-2013, is the most concerning. It contains exploits for vulnerabilities that can be used to hack into unpatched Windows systems, from Windows 2000 to Windows 8 and Server 2012. In some cases this can be done across the network or internet via SMB, RDP, IMAP, and possibly other protocols.

If you have a vulnerable aging machine with those services running, it is possible they can be hijacked using today's dumped tools – if not by strangers on the 'net then potentially by malicious employees or malware already on your network. If you're running the latest up-to-date gear, such as Windows 10, none of this will directly affect you – but not everyone is so lucky. There are plenty of organizations out there that cannot keep every box up to date, for various reasons.

The leaked archive also contains the NSA's equivalent of the Metasploit hacking toolkit: FUZZBUNCH.

Matthew Hickey, cofounder of British security shop Hacker House, told The Register FUZZBUNCH is a very well-developed package that allows servers to be penetrated with a few strokes of the keyboard. The toolkit has modules to install a backdoor on invaded boxes to remote control the gear and romp through file systems.

"This is a nation-state toolkit available for anyone who wants to download it – anyone with a little bit of technical knowledge can download this and hack servers in two minutes," Hickey said. "It's as bad as you can imagine."

He pointed out that the timing of the release – just before Easter – is also significant. With much of the Western world taking it easy on Zombie Jesus weekend, some organizations may be caught short by the dumped cache of cyber-arms.

It looks as though the NSA is keeping up with its habit of amusing nomenclature. The files include an exploit dubbed ENGLISHMANSDENTIST, which appears to trigger executable code on victims' desktops via Outlook clients. Other examples include but are not limited to:

• ESKIMOROLL, a Kerberos exploit targeting Windows 2000, Server 2003, Server 2008 and Server 2008 R2 domain controllers.
• EMPHASISMINE, a remote IMAP exploit for later versions of Lotus Domino.
• ETERNALROMANCE, a remote SMB1 network file server exploit targeting Windows XP, Server 2003, Vista, Windows 7, Windows 8, Server 2008, and Server 2008 R2. This is yet another reason to stop using SMB1 – it's old and vulnerable.
• ETERNALBLUE, another SMB1 and SMB2 exploit. Below is a video showing ETERNALBLUE compromising a Windows 2008 R2 SP1 x64 host via FUZZBUNCH to install a remote command execution tool called DOUBLEPULSAR.
• ETERNALCHAMPION, another SMB2 exploit.
• ERRATICGOPHER, an SMB exploit targeting Windows XP and Server 2003.
• ETERNALSYNERGY, a remote code execution exploit against SMB3 that potentially works against operating systems as recent Windows Server 2012.
• EMERALDTHREAD, an SMB exploit that drops a Stuxnet-style implant on systems.
• ESTEEMAUDIT, a remote RDP exploit targeting Windows Server 2003 and Windows XP to install hidden spyware.
• EXPLODINGCAN, a Microsoft IIS 6 exploit that targets WebDav on Server 2003 only.
• EASYPI, one of a few files in the dump detected by antivirus packages as containing code from the NSA's nuclear centrifuge-bothering malware Stuxnet, suggesting the spy agency reuses code from mission to mission.

Microsoft had no comment on the leaks at time of publication, but its engineers should be scrambling to fix the flaws exploited by the tools, where they can. Most of the exploited software is no longer officially supported. Given Redmond's increasingly secretive approach to patching, we hope they'll be more open about upcoming updates to address the NSA-exploited security holes.

Swift on insecurity

The second directory is labelled SWIFT but doesn't include tools to hack the interbank payments system directly. Rather it enables the surveillance of payments that go through service bureaus used by SWIFT's banking customers.

"SWIFT is aware of allegations surrounding the unauthorized access to data at two service bureaus," a spokesperson for the group told The Reg.

"There is no impact on SWIFT's infrastructure or data, however we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties. We have no evidence to suggest that there has ever been any unauthorized access to our network or messaging services."

The data appears to originate in September 2013 and details how operatives could penetrate the firewalls and monitor the transactions of the largest SWIFT Service Bureau of the Middle East, called EastNets.

The EastNets hack was dubbed JEEPFLEA_MARKET and includes PowerPoints of the company's network architecture, passwords for the system, and thousands of compromised employee accounts from different office branches.

The attackers installed bypasses in the company's firewalls and then worked through two management servers to set up monitoring stations on nine of their transaction servers, and presumably fed that data back to analysts.

"While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way," said Hazem Mulhim, CEO of EastNets in a statement.

"EastNets continues to guarantee the complete safety and security of its customers' data with the highest levels of protection from its SWIFT certified Service bureau."

A second weapon, called JEEPFLEA_POWDER, targeted an EastNets partner in Venezuela and Panama called BCG Business Computer Group. Administrator accounts were targeted using attack code dubbed SECONDATE and IRONVIPER. No data was collected at the time, according to the slides in the dump.

It's not surprising that the NSA would be targeting banks in the Middle East – given the terrorist threat and the 14-year war the US has been fighting in the regions – and its focus on Venezuela and Panama could be related to drug money or the US' somewhat rocky relationship with both countries. Spies do spying, right?

Where's James Bond when you need him?

The Equation Group's ODDJOB folder appears to contain spyware that runs on Windows machines up to Server 2008, and, like other NSA software nasties, it is rather modular: you can plug features into it by adding more modules.

The directory contains instructions on how to set up ODDJOB with Microsoft's IIS 7 and, once installed, the malware can be updated remotely to gain new attacks and monitoring tools. It can use HTTP and HTTPS to receive and install its new code.

"ODDJOB will expect an encrypted payload. To encrypt the payload, open the Builder and navigate down to the 'Payload Encryption' section," the instructions read. "Select an Unencrypted Payload, ie, what you want to run on target. Then select an encrypted payload, which is really a dummy file for now. Then select exe or dll, depending on whether the Unencrypted Payload is an exe or dll."

Based on an Excel spreadsheet shared with the malware, ODDJOB is effective on Windows 2000, XP, Server 2003, Vista, Server 2008 and Windows 7, although in each case only the Enterprise versions of the operating systems, rather than consumer builds.

"This is a worst-case estimate for which Windows releases will work with ODDJOB," the spreadsheet states. "An updated version of bits is available as a download for many of these releases, such as XP SP1. Also, ODDJOB v3 will fallback gracefully from HTTPS to HTTP. So, when in doubt, throw HTTPS at the target."

How's that vulnerability hoarding looking now?

This latest release is going to be uncomfortable reading for the NSA. Not only has some of its classic exploits – thought to be worth maybe a couple of million on the gray market – been burned in a single day, the agency has also known for months that its Equation Group goodies are in the hands of crooks who are going to leak the files.

Could the NSA have considered the programs lost for good, and alerted Microsoft, Cisco and others, to fix the vulnerabilities before the tools were dumped all over on the web? Microsoft says no one has given it any form of heads up on the materials leaked by the Shadow Brokers thus far.

Now all these cyber-arms are in the hands of anyone who wants them. Governments with an interest in hacking America – ie, all of them – can now use these. Even worse, every script kiddy on the planet is going to be downloading these tools and using them this weekend for hacking around online for older, vulnerable gear.

Updated to add

Microsoft reckons it has already patched the exploited bugs except for ENGLISHMANDENTIST, ESTEEMAUDIT and EXPLODINGCAN, which don't work on supported versions of Windows, eg: Windows 7, 8 and 10, and so won't be patched anyway. If you've been keeping up with your Patch Tuesday updates, you should be protected, according to Microsoft.

What's rather curious is that a Redmond spokesperson claimed earlier on Friday: "Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers."

In other words, apparently no one privately tipped off Microsoft about the exploited security bugs so that they could be fixed – not the brokers and not the NSA. And yet it now turns out Microsoft quietly patched a bunch of the SMB vulnerabilities exploited by the US spy agency in March this year. And then the Shadow Brokers went public with the SMB exploits exactly a month later. What fortuitous timing for Redmond!

Today, the software giant's principal security group manager Phillip Misner said: "Microsoft triaged a large release of exploits made publicly available by Shadow Brokers ... Customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched."

How odd, but also: what a relief. If you want to check which exploits affect which operating systems, someone's made a handy table here.

From internal threats to creative ransomware to the industrial Internet of Things, security experts illuminate business cybersecurity threats likely to materialize in the next year.

If 2016 was the year hacking went mainstream, 2017 will be the year hackers innovate, said Adam Meyer, chief security strategist at SurfWatch Labs. Meyer analyzes large and diverse piles of data to help companies identify emerging cyber-threat trends. "2017 will be the year of increasingly creative [hacks]," he said. In the past, cybersecurity was considered the realm of IT departments, Meyer explained, but no longer. As smart companies systematically integrate security into their systems, the culture hackers too will evolve.

"Cybercriminals follow the money trail," Meyer said, and smart companies should adopt proactive policies. Ransomware attacks grew quickly, he said, because the attacks are "cheap to operate, and many organizations are not yet applying the proper analysis and decision-making to appropriately defend against this threat."

It's equally cheap to identify internal vulnerability to hacks and to apply preventative best practices, Meyer said. But for many companies it's not as easy to understand the cybersecurity threats most likely to impact business. To help, TechRepublic spoke with a number of prominent security experts about their predictions for near-future cybersecurity trends likely to impact enterprise and small business in 2017.

Cyber-offense and cyber-defense capacities will increase - Mark Testoni, CEO at SAP's national security arm, NS2

We will see an increased rate of sharing of cyber capabilities between the commercial and government spaces. Commercial threat intelligence capabilities will be adopted more broadly by organizations and corporations... High performance computing (HPC), in conjunction with adaptive machine learning (ML) capabilities, will be an essential part of network flow processing because forensic analysis can't stop an impending attack. HPC + adaptive ML capabilities will be required to implement real-time network event forecasting based on prior network behavior and current network operations... [Companies will] use HPC and adaptive ML to implement real-time behavior and pattern analysis to evaluate all network activity based on individual user roles and responsibilities to identify potential individuals within an organization that exhibit "out of the ordinary" tendencies with respect to their use of corporate data and application access.

Ransomware and extortion will increase - Stephen Gates, chief research intelligence analyst at NSFOCUS

The days of single-target ransomware will soon be a thing of the past. Next-generation ransomware paints a pretty dark picture as the self-propagating worms of the past, such as Conficker, Nimda, and Code Red, will return to prominence—but this time they will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short timespan. We have already seen this start to come to fruition with the recent attack on the San Francisco Municipal Transport Agency, where over 2,000 systems were completely locked with ransomware and likely spread on its own as a self-propagating worm. As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common.

As more devices become internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. Aside from the obvious risks for attacks on consumer IoT devices, there is a growing threat against industrial and municipal IoT as well. As leading manufacturers and grid power producers transition to Industry 4.0, sufficient safeguards are lacking. Not only do these IoT devices run the risk of being used to attack others, but their vulnerabilities leave them open to being used against the industrial organizations operating critical infrastructure themselves. This can lead to theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time, which can cause long-lasting, damaging results. This alone will become one of the greatest threats that countries and corporations need to brace themselves for in 2017 and beyond.

Industrial IoT hacks will increase - Adam Meyer, chief security strategist at SurfWatch Labs

IoT security threats have been talked about, but not really worried about by most because a serious incident had yet to occur. With the 2016 DDoS attack on Dyn, and the ripple effect it created, we will see more scrutiny on security within the IoT marketplace. Vendors will work in new security precautions, but at the same time, criminals will also increase their attention on new ways to leverage IoT devices for their own malicious purposes. There are plenty of "As-A- Service" attack capabilities on the Dark Web for hire now and we should expect creative new IoT hack services to pop up in the near future.

Internal threats will increase - James Maude, senior security engineer at Avecto

As organizations adopt more effective strategies to defeat malware, attackers will shift their approach and start to use legitimate credentials and software - think physical insiders, credential theft, man-in-the-app. The increased targeting of social media and personal email bypasses many network defenses, like email scans and URL filters. The most dangerous aspect is how attackers manipulate victims with offers or threats that they would not want to present to an employer, like employment offers or illicit content. Defenders will begin to appreciate that inconsistent user behaviors are the most effective way to differentiate malware and insider threats from safe and acceptable content.

A big part of the challenge with cyberattacks is how businesses think threats can be filtered at the perimeter. Be warned that this is not the case. Attackers are aware of how to directly target users and endpoints using social engineering. The industry needs to be more proactive in thinking about how to reduce the attack surface, as opposed to chasing known threats and detecting millions of unknown threats. With an increasingly mobile workforce and threats coming through both personal and business devices and services, the impact of perimeter defenses has decreased. Security needs to be built from the endpoint outwards.

Business security spending will increase - Ed Solis, Director of Strategy & Business Development at CommScope

Security is part of every business and IT discussion these days and it will only become more intense in 2017. We see an increase in the demand for video for surveillance, both for government and private businesses. This issue includes physical security—securing the building, people, and assets—as well as network and data security... In 2017, security conversations will continue to intensify around not only securing data and networks but physical security as well-think buildings, people, and assets. We also expect to see an increased demand for video surveillance across the public sector and private business.

Security will no longer be an afterthought - Signal Sciences' Co-Founder & Chief Security Officer, Zane Lackey

2017 will be a critical year for security, starting with how it's built into technology. DevOps and security will change the way they work together as they realize the need to integrate with each other in order to survive. With IoT on the rise, security will continue to be the primary obstacle preventing consumers from fully welcoming connected devices into their homes and lifestyles. Consumers and businesses are getting smarter and security vendors will be held more accountable in keeping them safe.

Our Story

Hill & Associates has been operating for more than 20 years, with offices in China, Hong Kong, Singapore, India, Indonesia, Malaysia, Thailand, and Vietnam.

We are owned by G4S plc, the world’s largest private security company, but operate completely independently. Our management, legal and information technology structures are protected by inter-company agreements to protect confidential client information.

Our Team

Our strength is the breadth of our Asia-based team and depth of local knowledge. Our staff of more than 150 includes experts from around the world in fields ranging from law, accounting and banking to military, intelligence and computer forensics. All adhere to strict ethical and internal codes of conduct. Discretion, effectiveness and professionalism make our team – individually and as a unit – your trusted adviser.

Meet some of our team members.

Neil Marshall

Managing Director

Neil has more than 30 years of experience in security and business risk consulting across Asia, Africa and the Middle East. He helps corporate clients manage internal fraud matters, labor and commercial relationships, and crisis and contingency management issues, working with stakeholders and senior management to create solutions that are logical, ethical and economically sound. Clients include top-tier Fortune 500 organizations during times of exponential growth into new markets and operations.

Mike Groves

Security Risk Management

Prior to joining Hill & Associates, Mike completed a 28-year career in the Hong Kong Police Force, rising to directorate rank. During his service, Mike commanded the VIP Protection and Tactical Units, and oversaw operations at events including the Handover of Hong Kong in 1997 and meetings of the World Bank, IMF and WTO. Mike works with clients to pre-empt and address issues that impinge on business operations and reputation risk.

John Bruce

Corporate Intelligence

John Bruce runs our Corporate Intelligence service line, which encompasses business intelligence and integrity and background checks. In addition to this, he has specific responsibility for gaming related due diligence, having become involved in the gaming industry due to the burgeoning expansion in worldwide gaming that took place alongside the expansion of the worldwide web. He has considerable experience in providing independent consulting services to companies in the gaming industry on the nature of the industry in Asia.

Adelene Wee

Fraud Prevention & Integrity Risk

Adelene has worked throughout Asia and has extensive experience in the practicalities of doing business – both local and cross-border. She is responsible for managing and conducting client engagements focused on the areas of fraud, bribery and corruption, ethics, corporate governance and integrity and compliance matters. Prior to joining Hill & Associates, Adelene worked in tax and legal services in a Big Four firm and in corporate and commercial law at several international firms.