WebProNews

Category: IT Management

IT Management News

  • Verizon Reportedly Suffered a Breach Exposing 7.5M+ Customer Records

    Verizon Reportedly Suffered a Breach Exposing 7.5M+ Customer Records

    Verizon is the largest US carrier, but it appears to have joined T-Mobile in the ranks of those recently suffering a data breach.

    According to the SafetyDetectives cybersecurity team, a database containing 7.5 to 9 million Verizon customer records has been been uploaded to an online forum. The records include data for both cellular and home internet customers.

    According to SafetyDetectives, the data does not appear to be particularly sensitive, although it is recent, with the forum post claiming the data was “stolen by hackers” in January 2023.

    Our researcher believes that the leaked database contains data stored by Verizon prior to January 2022. SafetyDetectives has reached this conclusion concerning the timeframe due to clues hidden in the filenames contained in the records. However, we cannot be conclusive with these indicators alone.

    Overall, the breach does not appear to be cause for much direct concern, although the data could be cross-referenced with other breaches to build a more complete profile of impacted users.

    While the information contained in the records does not appear to be highly sensitive or to contain Personal Identifiable Information (PII) – such as full names or physical addresses – some of the data points could be merged with other leaks. For example, if combined with an existing PII leak, an attacker could have a higher chance of success in impersonating a customer.

  • LinkedIn Introduces AI-Powered Collaborative Articles

    LinkedIn Introduces AI-Powered Collaborative Articles

    LinkedIn is introducing AI-powered collaborative articles to help users tap into “~10 billion years of professional experience.”

    LinkedIn is the leading professional networking platform, giving users a place to connect and communicate with peers. Daniel Roth, Editor in Chief, VP at LinkedIn, also wants the site to serve as a destination for professionals looking to share knowledge and learn from their combined experience.

    The idea came to Roth when talking with an entrepreneur who was trying to figure out how to restructure his company without angering his employees. When Roth asked him where he planned to get help, his response was: “The internet, I guess?”

    Using that moment as inspiration, Roth and his colleges created a way to use AI to jump-start conversations where professionals can share their experience on specific topics:

    We are introducing collaborative articles — knowledge topics published by LinkedIn with insights and perspectives added by the LinkedIn community. These articles begin as AI-powered conversation starters, developed with our editorial team. Then, using LinkedIn’s Skills Graph, we match each article with relevant member experts who can contribute their lessons, anecdotes, and advice based on their professional experience.

    And, that’s when the real magic happens: when professionals share real-life, specific advice by contributing their perspectives to the work questions we’re all facing every day. Because starting a conversation is harder than joining one, these collaborative articles make it easier for professionals to come together and add and improve ideas — which is how shared knowledge is created.

    The collaborative articles provide a way for readers to give feedback, marking helpful contributions as “insightful.” Similarly, contributors earn a Community Top Voice badge in recognition of their insights.

    The new feature is a good example of what can be achieved when combining AI with the human element to create unique and helpful experiences.

  • EU Governments Are Looking to Nextcloud to Escape Microsoft

    EU Governments Are Looking to Nextcloud to Escape Microsoft

    EU governments are turning to Nextcloud to provide an alternative to Microsoft SharePoint and Google Workspace.

    Nextcloud is the open source cloud platform that provides powerful alternatives to commercial products. EU governments, ever eager to reduce reliance on Big Tech, are increasingly looking to the platform as an option. In fact, the European Data Protection Supervisor recently migrated to Nextcloud:

    Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly.”

    Wojciech Wiewiórowski, EDPS

    The upcoming end of SharePoint Server support has created a situation where governments are eager to avoid vendor lock-in, making Nextcloud an even more appealing proposition.

    As a result, Nextcloud has received a significant increase in interest from EU governments, with German state Schleswig-Holstein already making the switch from SharePoint to Nextcloud, and many others beginning to follow suit.

    Nextcloud’s initiative to offer a digitally sovereign, open-source alternative to Microsoft Sharepoint is to be welcomed. That’s why we work together with Nextcloud to optimize Nextcloud Tables.

    Ralf Sutorius, Leitender IT-Architekt, Stadt Köln

    It’s a refreshing turn of events to see a powerful, open source alternative gain more widespread use.

  • Dish Network Customer Data Stolen in Ransomware Attack

    Dish Network Customer Data Stolen in Ransomware Attack

    More details have emerged regarding Dish Network’s recent outage, including the fact that customer data was stolen in the incident.

    Dish began experiencing major issues Thursday morning, with employees unable to work or access internal systems. The company’s website was also down. At the time, CEO Erik Carlson chalked it up to an “internal outage.”

    In a filing with the SEC, however, the company has admitted the issue was the result of a ransomware attack, one that compromised customer data:

    On February 27, 2023, the Corporation became aware that certain data was extracted from the Corporation’s IT systems as part of this incident. It is possible the investigation will reveal that the extracted data includes personal information. The measures described above are continuing while the Corporation, with the assistance of third-party experts and advisors, investigates the extent of the cyber-security incident.

    The company is working to restore the impacted services and is working with law enforcement.

  • BlackLotus Malware Is the First to Bypass Secure Boot

    BlackLotus Malware Is the First to Bypass Secure Boot

    Computer security became a little more challenging, with the BlackLotus malware becoming the first to bypass Secure Boot.

    Secure Boot is a method of signing the kernel and various boot components, ensuring that no malicious software can be inserted into the boot process and compromise a machine. While there have been many claims of malware that can bypass secure boot, BlackLotus is the first.

    According to ESET malware analyst Martin Smolár, “the first publicly known UEFI bootkit bypassing the essential platform security feature – UEFI Secure Boot – is now a reality.”

    Smolár goes on to discuss ESET’s findings, including the fact that BlackLotus can compromise even “the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.”

    The malware uses a vulnerability that was patched more than a year ago because “the affected, validly signed binaries have still not been added to the UEFI revocation list. BlackLotus takes advantage of this, bringing its own copies of legitimate – but vulnerable – binaries to the system in order to exploit the vulnerability.”

    In many ways, a bootkit like BlackLotus is the Holy Grail of exploits because the bootkit has “full control over the OS boot process and thus capable of disabling various OS security mechanisms and deploying their own kernel-mode or user-mode payloads in early OS startup stages.”

    Because the bootkit hijacks the process early on, attackers can even enroll their own keys in the system so that the malware can have unfettered access without tripping any security measures.

    ESET’s research is disturbing on many levels, not the least of which is the fact that BlackLotus can be delivered both off and online. This means an attacker does not need physical access to a device in order to compromise it.

    To make matters worse, it appears the vulnerability BlackLotus exploits is not the only one.

    “UEFI Secure Boot stands in the way of UEFI bootkits, but there are a non-negligible number of known vulnerabilities that allow bypassing this essential security mechanism,” writes Smolár. “And the worst of this is that some of them are still easily exploitable on up-to-date systems even at the time of this writing – including the one exploited by BlackLotus.”

    At this point, there are not absolute mitigation measures, only a combination of things that can reduce the likelihood of a compromise. Once a computer is compromised, the safest thing to do is to reinstall it and use the mokutil utility to delete the signed key BlackLotus deposits that enables it to bypass Secure Boot.

  • NDR: The Next Generation of Cyber Security

    NDR: The Next Generation of Cyber Security

    Cyberattack potential is expanding as the digital world expands and changes. The “pandemic era” of 2020–2021 saw a 150% spike in ransomware assaults. A total of 236.1 million ransomware assaults have been recorded in only the first half of 2022. The more frequent cyberattack is ransomware, which captures and holds crucial data from a business and only releases it once the attacker receives a predetermined sum of money. The failure of conventional security methods is a significant contributing element to the increase in these assaults.

    Basic Cyber Security Will No Longer Cut It

    Their inability to adapt to recognize newer and more sophisticated dangers is the only factor contributing to their collapse. Current security methods can discover a breach in 287 days on average. This gives the breach more than enough time to succeed several times. The “dwell time” between “stealth” assaults and intrusions grew by 36% in 2022, providing a slim window for detection and interruption of incursions. Another important thing to keep in mind is that modern cybercriminals are trying to hide their trails by erasing their logs so they can’t be found. A fresh strategy must be implemented for safeguarding the online environment. However, it’s crucial to pinpoint the danger to network security, which has been nicknamed “dark space.”

    Dark space can be described as any network infrastructure that is not listed in the “golden store” of configuration data. Firewalls, routers, proxies, load balancers, endpoints, and hosts are all part of this data. More startling perhaps is the fact that 70% of networks are dark space. Encryption was traditionally used to hide sensitive data and make data theft more difficult. Nowadays, cybercriminals hide their operations by employing technology that is encrypted. In actuality, 91.5% of malware transits across encrypted networks.

    How Confident are IT Experts in Identifying Encrypted Cyberattacks? 

    59% of them admitted that they are unaware of all device-to-device communications on their network. They also stated that they lack the instruments necessary to identify, intercept, and assess threats, which makes them uneasy handling encrypted communications. Unfortunately, they are not alone in feeling this way since 79% of businesses have trouble finding dangers concealed in encrypted data. They don’t feel certain that they fully comprehend how to identify and prevent digital assaults.

    Network detection and response platforms (NDR) are the cybersecurity technology of the future. NDR identifies unusual network activity so that a tech team may respond to hidden hazards more quickly. Without decrypting anything, this software examines encrypted traffic to find malware during protected network connections. Additionally, it keeps an eye on how all network traffic moves and looks for external threats. Additionally, NDR can link any malicious activity to a specific IP address, making it possible to find attackers even if they erase the logs. Finally, NDR offers immediate notifications to speed up event reaction times.

    In Conclusion

    However, this is merely basic NDR. An NDR platform that will be supported by AI will be in the works to navigate dark space with greater intelligence and adaptability. Dubbed “ThreatEye,” makes use of the NDR platform to create a fingerprint of all asset and behavior patterns and keeps an eye out for unusual activity.

    What is Network Detection & Response?
    Source: Live Action
  • National Cyber Strategy Puts Cybersecurity Burden on Big Tech

    National Cyber Strategy Puts Cybersecurity Burden on Big Tech

    The White House unveiled its National Cyber Strategy, shifting the burden of providing security from individuals to Big Tech.

    Cybersecurity has become a major issue for individuals, businesses, and government agencies, with hardly a day going by without disclosure of another data breach. According to CNBC, a key component of the new strategy is putting the burden of protection on Big Tech, the segment best equipped to address security issues.

    “The president’s strategy fundamentally reimagines America’s cyber social contract,” Acting National Cyber Director Kemba Walden said during a press briefing on Wednesday. “It will rebalance the responsibility for managing cyber risk onto those who are most able to bear it.”

    Walden added, “the biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.”

    The strategy document emphasizes the importance of the public and private sectors working together:

    The most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem. Today, end users bear too great a burden for mitigating cyber risks. Individuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities, yet these actors’ choices can have a significant impact on our national cybersecurity. A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences. Our collective cyber resilience cannot rely on the constant vigilance of our smallest organizations and individual citizens.

    Instead, across both the public and private sectors, we must ask more of the most capable and best- positioned actors to make our digital ecosystem secure and resilient. In a free and interconnected society, protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems. Government’s role is to protect its own systems; to ensure private entities, particularly critical infrastructure, are protecting their systems; and to carry out core governmental functions such as engaging in diplomacy, collecting intelligence, imposing economic costs, enforcing the law, and, conducting disruptive actions to counter cyber threats. Together, industry and government must drive effective and equitable collaboration to correct market failures, minimize the harms from cyber incidents to society’s most vulnerable, and defend our shared digital ecosystem.

    The National Cyber Strategy echoes sentiments voiced by Google, in which the company threw its support behind companies being held responsible for cybersecurity. Google also emphasized the need for companies to build systems that are fundamentally more secure — rather than offloading that burden on the average user.

  • Google Cloud May Be Vulnerable to Unnoticed Data Theft

    Google Cloud May Be Vulnerable to Unnoticed Data Theft

    Google Cloud may be more vulnerable than its competitors to unnoticed data theft, thanks to logs that are not as helpful as they should be.

    Cybersecurity firm Mitiga analyzed Google Cloud’s online storage and found that the platform’s logging mechanism comes up woefully short in terms of providing useful information. This is especially concerning since these logs are used by security professionals and law enforcement to identify the scope of a potential breach.

    According to Mitiga, Google’s current logging system cannot effectively differentiate between a threat actor viewing data versus exfiltrating it:

    Even with the detailed logging constraint applied, Google logs events of reading Metadata of an object in a bucket the same way it logs events of downloading the exact same object. This lack of coverage means that when a threat actor downloads your data or, even worse, exfiltrates it to an external bucket, the only logs you would see will be the same as if the TA just viewed the metadata of the object.

    While this issue doesn’t inherently make Google Cloud any more insecure than the next cloud provider, it does mean that customers impacted by a data breach on Google Cloud may have a much harder time taking the appropriate investigative action.

    Mitiga reached out to Google Cloud and received the following response:

    “The Mitiga blog highlights how Google’s Cloud Storage logging can be improved upon for forensics analysis in an exfiltration scenario with multiple organizations. We appreciate Mitiga’s feedback, and although we don’t consider it a vulnerability, have provided mitigation recommendations.”

  • Hackers Had Access to News Corp’s Systems For Two Years

    Hackers Had Access to News Corp’s Systems For Two Years

    News Corp has revealed that a previously acknowledged breach was much worse than originally thought.

    News Corp, which owns The Wall Street Journal, revealed in February 2022 that it had suffered a cybersecurity breach. The company said the breach involved “persistent cyberattack activity” in a third-party cloud service it used.

    Unfortunately, in a breach notification first spotted by Ars Technica, the company has admitted that the breach went on for two years:

    “Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the letter stated. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

    The company did say that it does not believe any fraud or identity theft has been committed as a result of the breach. Instead, News Corp told Ars that investigators “believe that this was an intelligence collection.”

    That conclusion would certainly be in line with conclusions gathered last year when the breach was first discovered. At the time, News Corp enlisted security firm Mandiant to help it resolve the situation. Mandiant’s conclusion was that the attack was carried out by hackers affiliated with the Chinese government.

  • Google Workspace Finishes Client-Side Encryption Rollout

    Google Workspace Finishes Client-Side Encryption Rollout

    Google has taken a major step toward improving privacy and security for Workspace users, rolling out client-side encryption (CSE).

    CSE is an integral part of a complete security approach since it ensures that only the owner can decrypt and view their own data. Google already deployed CSE for Drive, Docs, Slides, Sheets, and Meet last year, but is now finishing the rollout by bringing it to Gmail and Calendar.

    Writing in a blog post, Google Workspace Director of Product Management Andy Wen and Product Manager Ganesh Chilakapati, outline how CSE compliments the privacy and security features already present in Workspace:

    Workspace already encrypts data at rest and in transit by using secure-by-design cryptographic libraries. Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys — and thus complete control over all access to their data. Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers.

    Remaining compliant with various regulations is a key benefit of CSE:

    Users can continue to collaborate across other essential apps in Google Workspace while IT and security teams can ensure that sensitive data stays compliant with regulations. As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities.

    The rollout of CSE could help Google make significant headway, especially in those markets that require heightened security:

    “We have been searching for the capability to guarantee that our encrypted communications remain inaccessible to third-parties, including our technology providers, for some time. Google appears to be uniquely positioned with client-side encryption in providing us with complete control over our sensitive data, ensuring that we remain compliant as an organization in the ever changing world of data regulation. These features now being available across Google Workspace represent a pivotal moment for us. We’re enthusiastic about the ability to continue to benefit from the efficiency in working that Workspace provides us with, whilst at the same time maintaining trust with our customers that their confidential data will stay private and compliant,” said Shaun Bookham, UK Operations & Technology Director at PwC.

  • Hackers Reportedly Compromised T-Mobile 100+ Times in 2022

    Hackers Reportedly Compromised T-Mobile 100+ Times in 2022

    T-Mobile does not have a good reputation when it comes to cybersecurity, and that’s about to get a whole lot worse.

    T-Mobile has had multiple cybersecurity breaches over the last few years, impacting tens of millions of users and costing the company hundreds of millions in settlements. Unfortunately, that may be just the tip of the iceberg, according to a new report from Krebs on Security.

    According to Krebs, three different hackers groups claim to have accessed the company’s internal systems:

    Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

    The hackers’ goal was SIM-swapping, a term for when a hacker is able to gain control over a victim’s cellphone number.

    The data regarding attacks was collected by monitoring various Telegram channels used by the hacker groups. The message “Tmobile up!” or “Tmo up!” was posted anytime a hacker successfully SIM-swapped a target.

    Krebs initially planned on counting the instances for all of 2022, working backward from the end of the year. Unfortunately, the number of hacks racked up much faster than anticipated.

    But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary. The tally shows that in the last seven-and-a-half months of 2022, these groups collectively made SIM-swapping claims against T-Mobile on 104 separate days — often with multiple groups claiming access on the same days.

    It’s unclear why T-Mobile is suffering so many of these attacks. While there are similar efforts against Verizon and AT&T, the number of successful attempts is far less. Some experts believe the magenta carrier is not doing enough to secure its systems.

    “These breaches should not happen,” said Nicholas Weaver, a UC Berkeley researcher. “Because T-Mobile should have long ago issued all employees security keys and switched to security keys for the second factor. And because security keys provably block this style of attack.”

    For its part, T-Mobile told Krebs it is combating the issue while also emphasizing it is an industry-wide problem.

    “And we are constantly working to fight against it,” the statement reads. “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.”

    There is evidence to suggest the company is making progress, with the hacker groups complaining that their access after a successful swap is being severed much sooner than before. Some have even theorized that T-Mobile’s security team may be monitoring the Telegram channels.

    While it’s encouraging to see T-Mobile is making progress, it’s still disturbing that the company is experiencing this many breaches.

  • Amazon Reports First Unprofitable Year in Almost a Decade

    Amazon Reports First Unprofitable Year in Almost a Decade

    Amazon delivered its quarterly report and it was bad news as the company turned in its first unprofitable year in almost a decade.

    Amazon reported net sales for 2022 of $514.0 billion, an increase of 9% year-over-year. The company’s AWS cloud business came in at $80.1 billion for the year, an increase of 29%.

    Despite the increased sales, the company posted a net loss of $2.7 billion for the year, or $0.27 per share, its first since 2014. While a $2.7 billion loss is bad enough on its own, it’s even worse when compared to the $33.4 billion net income the company posted in 2021.

    Much of the company’s loss can be attributed to its investment in electric vehicle maker Rivian.

    2022 net loss includes a pre-tax valuation loss of $12.7 billion included in non-operating income (expense) from the common stock investment in Rivian Automotive, Inc., compared to a pre-tax valuation gain of $11.8 billion from the investment in 2021.

    “Our relentless focus on providing the broadest selection, exceptional value, and fast delivery drove customer demand in our Stores business during the fourth quarter that exceeded our expectations—and we’re appreciative of all our customers who turned to Amazon this past holiday season,” said Andy Jassy, Amazon CEO.

    Jassy also was optimistic about the future, especially given the cost-cutting measures the company has already taken.

    “We’re also encouraged by the continued progress we’re making in reducing our cost to serve in the operations part of our Stores business,” Jassy continued. “In the short term, we face an uncertain economy, but we remain quite optimistic about the long-term opportunities for Amazon. The vast majority of total market segment share in both Global Retail and IT still reside in physical stores and on-premises datacenters; and as this equation steadily flips, we believe our leading customer experiences in these areas along with the results of our continued hard work and invention to improve every day, will lead to significant growth in the coming years. When you also factor in our investments and innovation in several other broad customer experiences (e.g. streaming entertainment, customer-first healthcare, broadband satellite connectivity for more communities globally), there’s additional reason to feel optimistic about what the future holds.”

  • Apple’s New M2 Pro Mini May Have Serious Ethernet Issues

    Apple’s New M2 Pro Mini May Have Serious Ethernet Issues

    Apple’s M2 Pro Mini is gaining attention for the wrong reasons, with users reporting serious ethernet issues.

    A forum thread has popped up on MacRumors where a number of users have detailed issues with their ethernet connections on the new machines. Some users have even resorted to wiping and reinstalling macOS to no avail.

    Some users, such as “purplefuku,” reported success stabilizing the ethernet connection after multiple reinstalls:

    +1 for me, too! Base model M2 Pro Mac mini. Shipped with 13.0, oddly enough. It took me THREE complete clean installs from a Ventura USB installer before the laggy networking has finally seemed to stabilize…

    At this point, it is unclear if it is a software or hardware issue, although the fact that reinstalling can fix it would seem to indicate a software problem. Hopefully, Apple will be able to release a patch soon that will resolve the issue.

  • Windows 11 Now Displays a Watermark on Unsupported PCs

    Windows 11 Now Displays a Watermark on Unsupported PCs

    Microsoft is upping the ante in its war on unsupported PCs, displaying a watermark on those systems running Windows 11.

    Windows 11 has stricter system requirements than its predecessors, requiring a CPU with Trusted Platform Module (TPM). While there are ways of installing Windows on an unsupported machine, Microsoft is not keen on the idea and is making it more irritating to do so.

    According to Gizmodo, reports are surfacing of Windows 11 displaying a watermark when running on an unsupported PC. The issue appears to have started with the January 2023 Windows 11 update.

    Microsoft already has a major adoption problem with Windows 11 and it’s unlikely this stunt will improve the situation.

  • Akamai Is Taking on the Cloud’s Top Dogs With Linode

    Akamai Is Taking on the Cloud’s Top Dogs With Linode

    Akamai is hitting the ground running with its Linode purchase, using it as the backbone of its cloud ambitions.

    Akamai made its name as the world’s leading content delivery network (CDN), but has been aggressively transforming itself into a cloud provider. It’s $900 million purchase of Linode was a major piece of that transformation and the company is using it as a launchpad to challenge the cloud industry’s giants.

    Last week, Akamai unviled its Connected Cloud service, and promised a “a fundamentally different approach to cloud.” The company plans to build “three new enterprise-scale core cloud computing sites” in the US and Europe. The new sites are expected to go live by the end of Q2 2023 and will be based on the Linode assets. The sites will also serve as a template for 10 additional core sites the company will deploy throughout the year.

    The company also plans to roll out out at least 50 distributed sites in 2023, greatly expanding cloud computing’s reach, especially in remote locations.

    In what is sure to be good news for many companies, Akamai plans to bring CDN economics to cloud egress pricing in an effort to help drive down cost. This has been a growing concern for many companies, with cloud computing costs growing much faster than many expected.

    “The cloud’s next phase requires a shift in how developers and enterprises think about getting applications and data closer to their customers. It redefines how the industry looks at things like performance, scale, cost, and security, as workloads are no longer built for one place but are delivered across a wide spectrum of compute and geography,” said Dave McCarthy, Research VP, IDC. “Akamai’s innovative rethinking of how this gets done — and how it is architecting Akamai Connected Cloud — puts it in a unique position to usher in an exciting new era for technology and to help enterprises build, deploy, and secure distributed applications.”

    “We’re taking a fundamentally different approach to cloud computing — building on 25 years of experience scaling and securing the internet for the biggest companies in the world,” said Tom Leighton, Akamai’s Co-Founder and CEO. “Akamai is building the cloud the next decade needs.”

  • GoDaddy Suffered Multi-Year Breach, Malware Installed On Servers

    GoDaddy Suffered Multi-Year Breach, Malware Installed On Servers

    GoDaddy has informed customers it suffered a multi-year breach, one that involved hackers installing malware on its servers.

    GoDaddy said it started receiving complaints from customers in December 2022. Some customers reported their websites intermittently redirecting to other domains. The company investigated, but the issue was difficult to prove since it appeared to be happening randomly across its customer base.

    Ultimately, the company realized it had been hacked and malware was responsible for the unusual behavior:

    As our investigation continued, we discovered that an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites. Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.

    In the company’s 10-K filing, it acknowledged the breach was the result of a multi-year campaign against the it:

    Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.

    GoDaddy says it is applying the lessons it has learned from this breach in an effort to improve security. The company also says “these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business.”

    Despite its assurances, it’s a safe bet many customers will likely start migrating away from GoDaddy to more secure hosting services, something that will likely have a major impact on its business.

  • Snap Is Cutting Google and AWS Cloud Spending

    Snap Is Cutting Google and AWS Cloud Spending

    Snap is cutting back its cloud spending, reducing how much it pays both Google Cloud and AWS.

    Snap relies on both cloud providers to power its operations. Like many tech companies, however, Snap is looking to cut costs and operate more efficiently. According to Business Insider, CFO Derek Andersen said the company had identified its cloud contracts as an area to cut back, with cloud expenditures second only to employee pay in cost.

    As a result, the company has “restructured and renewed to achieve lower pricing and better ongoing leverage in those relationships,” Andersen said.

    There was likely quite a bit of room for negotiation, with the company signing a five-year, $2 billion deal with Google in 2017. Similarly, the company had signed a $1 billion deal with AWS that lasted through December 2021.

    “We’ve focused intently on efficient unit-cost management by engineering our products efficiently, and by migrating among cloud services and products to drive down our unit costs,” Andersen said.

    The efforts appear to be paying off. While Andersen did not say exactly how much the company had reduced its cloud costs, he did say that infrastructure cost per daily user had dropped from $2.78 two years ago to $2.31 today.

    Snap’s actions illustrate the dilemma many companies now face. The pandemic helped fuel a record-breaking rush to adopt cloud services in an effort to better support remote and hybrid work. The pandemic also helped drive record sales for many tech companies. As the pandemic has waned, however, many companies are now paying for massive cloud contracts at a time when business is nowhere near as profitable as it was a year ago.

    While the cloud segment has been relatively insulated from the economic downturn, that could quickly change as more companies follow Snap’s lead.

  • Microsoft Is Working on Comprehensive SaaS Security

    Microsoft Is Working on Comprehensive SaaS Security

    Microsoft is working to improve SaaS security, shifting to “to a comprehensive SaaS security solution.”

    Software as a service is an increasingly important part of the remote and hybrid workplace, and is only growing in popularity. Unfortunately, properly securing SaaS applications can be a logistical nightmare. In fact, citing research from Better Cloud, Microsoft points to the 59% of security professionals that struggle to manage SaaS security.

    Microsoft believes the key lies in protecting data within cloud apps, rather than just focusing on cloud access security. The company has expanded the scope of its Defender for Cloud Apps to help provide that layer of security.

    Today, we are excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to some of the most critical apps organizations use today, including Microsoft 365, Salesforce,3 ServiceNow,4 Okta,5 GitHub, and more.

    Another important component of Defender for Cloud Apps is the ability to help personnel research configuration best practices for SaaS app security.

    To streamline this process, Defender for Cloud Apps launched SSPM in June 2022 to surface misconfigurations and provide recommendations to strengthen an app’s posture.

    In preview starting today, Defender for Cloud Apps now provides security posture management for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and more. Not only are we expanding the breadth of app coverage but also the depth of assessments and capabilities for each application.

    The tight integration within Microsoft 365 Defender will give organizations security across the full scope of their operations.

    That’s why Defender for Cloud Apps is natively integrated into Microsoft 365 Defender. The XDR technology correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities like automatic attack disruption. The integration of SaaS security into an XDR experience gives SOC teams full kill chain visibility and improves operational efficiency with better prioritization and shorter response times to ultimately protect the organization more effectively.

  • Neville Ray, T-Mobile’s President of Technology, Is Retiring

    Neville Ray, T-Mobile’s President of Technology, Is Retiring

    Neville Ray, T-Mobile’s President of Technology, is retiring after 23 years of leading some of the company’s biggest innovations.

    T-Mobile announced Ray’s intention to retire by Fall 2023, with Executive Vice President and Chief Network Officer Ulf Ewaldsson taking his place. Throughout his tenure, Ray helped the company transition from a 2G carrier to the 5G powerhouse it is today.

    During that time, Ray was a fixture in the company’s commercials, quarterly calls with investors, and the company’s biggest product announcements.

    “Under Neville’s network leadership we have accomplished so much together, and it’s amazing to think that milestones he’s helped T-Mobile achieve – the many network firsts, breakthroughs and innovations – have brought us to where we are today, taking the crown as the nation’s overall network leader,” said T-Mobile CEO Mike Sievert. “There are so many things Neville has contributed to this company but one of the most important has been his commitment to building the best, most effective Technology team in this industry that will continue to deliver for our future. Neville and his team have worked tirelessly to bring the Un-carrier from last to best in network performance and made T-Mobile’s network a true competitive weapon. What’s even more exciting is that we’re just getting started! As this next chapter of the Un-carrier story is beginning to unfold, we owe a lot of gratitude to Neville for all he’s done to carve this path that will continue to lead us into the future!”

    Sievert continued, “This has been a thoughtfully planned succession and I am thrilled we have an excellent leader in Ulf Ewaldsson to lead our Technology teams. When Ulf joined T-Mobile four years ago, he brought years of experience and deep network strategy leadership capabilities that allowed him to hit the ground running and bring our leading 5G network to life. That’s exactly what he did – and what he will continue to do as President of Technology, leading the best team in our industry! Our goal is always to build a strong bench of leaders who are ready to fill key positions when they’re needed, and this is a perfect example of that approach.”

    Ewaldsson joined the company in 2019 after a 27-year career at Ericsson. He was quickly promoted to EVP and Chief Network Officer in 2021. Ewaldsson has played a crucial role in helping T-Mobile achieve many of its recent milestones, especially in the 5G race. There’s no doubt Ray will be missed, although Ewaldsson certainly has the experience needed to succeed him.

  • Microsoft/Parallels Deal Brings Windows 11 to Apple Silicon

    Microsoft/Parallels Deal Brings Windows 11 to Apple Silicon

    Microsoft and Parallels have reached an agreement allowing the latter to bring Windows 11 to Apple’s custom chips.

    Parallels is a popular solution for Mac users that need to run Windows apps. While the company has already made the transition to supporting Apple’s M-series custom chips, Windows 11 was a major sticking point, leaving users stuck on Windows 10.

    The two companies have reached a deal, however, that will finally bring an Arm-based Windows 11 to Apple’s new machines via Parallels. Alludo, Parallels parent company, announced the news:

    Alludo, a global technology company helping people work better and live better, today announced that Microsoft has authorized the use of Arm versions of Windows 11 Pro and Enterprise installed in a virtual machine with Parallels Desktop for Mac for customers on Mac with Apple silicon. IT administrators can now enable their users to run Windows 11 on Arm on the Parallels platform, with the support from Alludo and assurance that Microsoft has authorized this solution.

    There are some serious limitations to Windows 11 running in Parallels. Specifically, according to a Microsoft support document, anything that requires additional layers of virtualization is unsupported. As a result, Windows Subsystem for Android, Windows Subsystem for Linux, Windows Sandbox, and Virtualization-based Security (VBS) will not work.

    Nonetheless, the news is sure to be welcome by Mac users that need or want to run the latest version of Windows inside Parallels.

    “At Alludo, we believe that all employees should have the freedom and flexibility to choose where, when, and how they do their best work. Therefore, the vision for our Parallels portfolio has been to allow users to access their applications on any device, anywhere,” said Prashant Ketkar, Chief Technology and Product Officer at Alludo. “In line with our vision, we are excited to see that, in collaboration with Microsoft, Arm versions of Windows can run in a virtualized environment on Parallels Desktop on the latest Mac systems running Apple’s powerful M-series chips.”

    “Three years into the ’new’ world of hybrid work, IDC research indicates that equality of access to enterprise resources is still a top concern for hybrid work and digital workspace strategies,” said Shannon Kalvar, IDC Research Director. “Mac is increasingly an integral part of enterprise’s digital workspaces, and Windows on Arm is a key component in ensuring they have equal access to all corporate resources.”

  • Apple Releases macOS Big Sur Security Update

    Apple Releases macOS Big Sur Security Update

    Apple has released a security update to its Big Sur version of macOS, bringing it to version 11.7.4.

    Big Sur was originally released in November 2020, and has since been superseded by macOS Monterey and macOS Ventura. Nonetheless, Apple has a solid track record of providing fixes for older versions of macOS.

    According to the company’s support page, “this update has no published CVE entries,” but users should still apply it as soon as possible to be safe.