WebProNews

Category: IT Management

IT Management News

  • Adobe’s Figma Purchase May Be In Jeopardy

    Adobe’s Figma Purchase May Be In Jeopardy

    Adobe’s $20 billion Figma deal may be in trouble, with EU Commission weighing whether to launch an antitrust probe.

    Adobe announced in September that it had struck a deal with Figma to acquire the startup for $20 billion. Figma has been gaining in popularity, providing a web-based competitor to Adobe’s tools at a fraction of the cost. Almost immediately, the deal was met with angst and anger from users, many of whom were using the product specifically because they did not want, or could not afford, to use Adobe’s products.

    According to Bloomberg, the European Commission has received a number of requests from member states to probe the deal. The number of requests evidently fell below the threshold that would normally trigger a probe, but the Commission did acknowledge that the deal could “significantly affect competition.”

    The Commission will ask Adobe to notify the transaction, meaning the companies will need EU clearance to proceed.

    “We look forward to working constructively with the European Commission to address its questions and bring the review to a timely close,” a Figma spokesperson told Bloomberg.

  • Microsoft’s Azure Business Hit With Layoffs

    Microsoft’s Azure Business Hit With Layoffs

    Microsoft’s Azure division appears to be the latest part of the company hit with layoffs, with 150 personnel impacted.

    Microsoft announced in January that it planned to lay off 10,000 employees but did not provide details about which divisions would experience cuts. The company’s plans have only become apparent as layoffs have occurred. Yesterday news broke that LinkedIn was the latest division to experience downsizing, following similar action across the HoloLens, Surface, and Xbox teams.

    According to The Information, Microsoft’s Azure division now joins the list. A source told the outlet that approximately 150 individuals in the company’s digital cloud acquisition team had been let go. The team is responsible for “convincing medium-size companies to adopt cloud services such as Azure server rentals and Microsoft 365 productivity apps.”

    Interestingly, the impact on the Azure team goes beyond just sales personnel. Azure test engineers, systems administrators, and product managers have posted on LinkedIn within the last few days, revealing they had been laid off.

    Gaurang Deshmukh, Software Test Engineer at Microsoft, was one such individual:

    With an extremely heavy heart, I have to announce that I was one of the employee impacted by #Microsoft layoffs. Despite this setback, I’m extremely grateful for my experience at Microsoft as Software Test Engineer in Azure for Operators #A4O org for over 3 years.

    Christopher Teahan, Azure Cloud Administrator, was another:

    I was laid off from #Microsoft this week, it was a great experience working for a start up like Affirmed Networks for 4 years and then transitioning to a larger company as part of the Microsoft acquisition back in 2020. I was at Microsoft for almost 3 years and learned a lot being part of the IT and BIS teams and working on the migrations of our legacy IT systems and tools to the Microsoft’s. Working on #Azure projects and transiting legacy systems to the cloud has been amazing and I am thankful for all I’ve learned at Microsoft. I will miss being part of the Azure for Operators organization and everyone I have worked with over the past 6-7 years, but it’s time for a new challenge and journey!

    During the economic downturn, the cloud segment has been one of the more resilient elements of the tech industry. While tech layoffs have become an almost daily occurrence, it is odd that the Azure team has been this heavily impacted.

  • Google Sides With US in Holding Companies Responsible for Cybersecurity

    Google Sides With US in Holding Companies Responsible for Cybersecurity

    Google and the US government may be at odds about many things, but the two are in agreement on one big one: who should be responsible for cyberattacks.

    In a blog post by Kent Walker, President, Global Affairs & Chief Legal Officer, and Royal Hansen, VP of Engineering for Privacy, Safety, and Security, the executives make the case that companies should be responsible for improving cybersecurity:

    “Should companies be responsible for cyberattacks? The U.S. government thinks so – and frankly, we agree.”

    The two execs then quote Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security:

    “The incentives for developing and selling technology have eclipsed customer safety in importance. […] Americans…have unwittingly come to accept that it is normal for new software and devices to be indefensible by design. They accept products that are released to market with dozens, hundreds, or even thousands of defects. They accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves.”

    Walker and Hansen go on to lament that cyber threats are growing, taking advantage of “insecure software, indefensible architectures, and inadequate security investment.” The solution is a complete rethinking of how software is designed and deployed.

    “The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives write. “Safety should be fundamental: built-in, enabled out of the box, and not added on as an afterthought. In other words, we need secure products, not security products. That’s why Google has worked to build security in – often making it invisible – to our users. Many of our most significant security features, including innovations like SafeBrowsing, do their best work behind the scenes for our core consumer products.”

    The executives emphasize the importance of security being smooth and streamlined, not the cumbersome experience that often exists today, and that results in customers choosing insecurity over inconvenience. Walker and Hansen also recognize there is no silver bullet but that significant steps can and should be taken to greatly improve the status quo.

    “Of course, raising the security baseline won’t stop all bad actors, and software will likely always have flaws – but we can start by covering the basics, fixing the most egregious security risks, and coming up with new approaches that eliminate entire classes of threats,” they add. “Google has made investments in the past two decades, but contributing resources is just a piece of the puzzle. It’s work for all of us, but it’s the responsible thing to do: The safety and security of our increasingly digitized world depends on it.”

  • Windows 11 Sends Massive Amounts of Data to Ad Companies

    Windows 11 Sends Massive Amounts of Data to Ad Companies

    The PC Security Channel (TPSC) analyzed Windows 11 and found it sends massive amounts of user data to Microsoft, as well as third-party ad companies.

    TPSC is a YouTube channel dedicated to cybersecurity and privacy. The channel took a brand-new laptop that had never been used and used Wireshark to monitor the computer’s traffic, starting from the moment it was booted up.

    Unsurprisingly, the computer immediately connected to a number of Microsoft services, including Bing, MSN, and the Windows Update service. While it’s not surprising a Windows machine would connect to Microsoft, it is surprising that the Bing traffic was happening without the web browser ever being opened or used.

    Even more surprising, Windows 11 also connected to McAfee, Steam, and Comscore’s ScorecardResearch.com, to name just a few. The last one is particularly alarming, as it is an ad-tech company. In fact, when TPSC first tried going to the website to see what ScorecardResearch.com was, the channel’s browser adblocker would not even load the page since it is a known ad and tracking domain.

    To make matters worse, Microsoft connects and sends data to these servers without expressly asking the user’s permission. Instead, the company relies on a vague clause in the Microsoft License Terms to constitute permission.

    Privacy; Consent to Use of Data. Your privacy is important to us. Some of the software features send or receive information when using those features. Many of these features can be switched off in the user interface, or you can choose not to use them. By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features.

    Tom’s Hardware reached out to Microsoft and was given the following statement:

    “As with any modern operating system, users can expect to see data flowing to help them remain secure, up to date, and keep the system working as anticipated,” a Microsoft spokesperson said. “We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy.”

    A legitimate case can be made for Windows 11 connecting to Microsoft services, but there is absolutely no valid justification for connecting to and sending telemetry to an ad-tech company.

    Interestingly, TPSC ran the same test with Windows XP and found that it only connected to Microsoft update servers, greatly undermining Microsoft’s claim that Windows 11’s connections to third parties were necessary to “remain secure, up to date, and keep the system working as anticipated.”

    As we have stated at WPN many times, there is NO EXCUSE for a company that charges handsomely for a product to then turn around and try to monetize its customers’ data, let alone try to do so without express and explicit permission. And no, a couple of sentences buried in a long, legalese licensing document that few people will ever read does not count as express and explicit permission.

    Microsoft should be ashamed of itself for this behavior, and one can only hope this revelation will put the companies in the crosshairs of the EU’s GDPR.

    In the meantime, TPSC’s question, “Has Windows become spyware?” is one that deserves an answer.

  • System76 Debuts Updated AMD-Based Pangolin Linux Laptop

    System76 Debuts Updated AMD-Based Pangolin Linux Laptop

    System76 has unveiled a new and updated version of the Pangolin, its AMD-based Linux laptop.

    System76 is a US-based computer maker that specializes in Linux-compatible machines. Each component is selected for maximum compatibility, so users don’t have to worry about their WiFi or Bluetooth not working reliably. Whereas most of System76’s laptops are Intel-based, the Pangolin is the company’s AMD offering, including both an AMD Ryzen 7 6800U CPU and an AMD Radeon 680M GPU.

    The fully redesigned Pangolin is ready to impress! Sleek magnesium alloy build, beautiful 15-inch display, and up to 10 hours of battery life round out its portfolio. Pursue ambition from any location. With all eyes on your System76 laptop, you’re bound to meet new allies along the way.

    The new model comes with 32GB of RAM and two M.2 SSD NVMe slots that can be outfitted with up to 16GB of storage.

    Pangolin is the only System76 laptop powered by both an AMD Ryzen processor and AMD Radeon graphics. The CPU—a Ryzen 7 6800U chip—tackles both at fast speeds for work and relaxation. Operate applications 40% faster and experience fluid responsiveness thanks to a higher bandwidth from DDR5 RAM and PCIe 4.0 storage.

    Another nice feature is the Privacy Switch, a hardware switch that gives users the ability to instantly kill the laptop’s camera.

    Like all of System76’s machines, the Pangolin comes with a choice of Ubuntu or the company’s own Pop!_OS Linux distro. PoP!_OS is based on Ubuntu, but System76 updates the kernel, graphics drivers, and select other packages to ensure maximum compatibility and performance with newer hardware. The distro also includes a number of productivity features, such as a tiling window mode, which we will cover in more detail in an upcoming review as part of our Linux Distro Reviews series.

    In the meantime, users wanting the latest AMD Linux laptop can order the System76 Pangolin starting at $1,299.

  • Cloudflare Announce Mastodon Support

    Cloudflare Announce Mastodon Support

    Cloudflare is throwing its weight behind the Fediverse with its first Mastodon-compatible Supercloud server, Wildebeest.

    Mastodon has emerged as the main alternative to Twitter and differentiates itself with its decentralized design. Whereas Twitter is run by a single company, with centralized servers, anyone can set up a Mastodon server. The collective of Mastodon servers forms the “Fediverse,” with users able to sign up on one server and follow and communicate with users across all of them.

    While individuals and companies may be tempted to run their own Mastodon server, doing so can present a number of challenges, as Cloudflare highlights:

    The Mastodon gGmbH non-profit organization provides a server implementation using Ruby, Node.js, PostgreSQL and Redis. Running the official server can be challenging, though. You need to own or rent a server or VPS somewhere; you have to install and configure the software, set up the database and public-facing web server, and configure and protect your network against attacks or abuse. And then you have to maintain all of that and deal with constant updates. It’s a lot of scripting and technical work before you can get it up and running; definitely not something for the less technical enthusiasts.

    Wildebeest is designed to address these issues and help individuals and companies quickly get up and running with their own Mastodon instance:

    Wildebeest serves two purposes: you can quickly deploy your Mastodon-compatible server on top of Cloudflare and connect it to the Fediverse in minutes, and you don’t need to worry about maintaining or protecting it from abuse or attacks; Cloudflare will do it for you automatically.

    Wildebeest is not a managed service. It’s your instance, data, and code running in our cloud under your Cloudflare account. Furthermore, it’s open-sourced, which means it keeps evolving with more features, and anyone can extend and improve it.

    Given the increasing popularity of Mastodon, Cloudflare may well have a hit on its hands.

  • Google Cloud & Health-ISAC Partner to Bolster Healthcare Cybersecurity

    Google Cloud & Health-ISAC Partner to Bolster Healthcare Cybersecurity

    Google Cloud and Health-ISAC have announced a partnership aimed at helping the healthcare industry bolster cybersecurity.

    Like many industries, healthcare has been hard-hit by cybersecurity threats, with ransomware attacks shutting down hospitals and compromising operations. Google Cloud and Health-ISAC (Health Information Sharing and Analysis Center) are working together to “help Health-ISAC members discover threats more rapidly” and “also assist in evicting malicious actors from their infrastructure.”

    Today, we’re announcing the general availability of our next investment in this community. Working with the Health-ISAC Threat Operations Center, Google Cloud security engineers developed an open sourced integration that connects the Health-ISAC Indicator Threat Sharing (HITS) feed directly with Google Cloud’s Chronicle Security Operations information and event management. HITS allows Health-ISAC members to easily connect and quickly share cyber threat intelligence through machine-to-machine automation.

    “The integration of Health-ISAC’s threat feed with Chronicle Security Operations is exciting to see,” said Errol Weiss, Health-ISAC’s chief security officer. “Our members can now ingest Health-ISAC’s Signature Threat Feed of member-to-member shared threat indicators into Chronicle, and use that information to help automation and threat analyst decisions when protecting critical network infrastructure.”

  • Reddit Was Hacked, but Says User Data Is Safe

    Reddit Was Hacked, but Says User Data Is Safe

    Reddit has informed users that it was hacked Sunday night, but says user accounts and passwords appear to be safe.

    According to the social media company, its employees were targeted by a “sophisticated phishing campaign” that pointed employees to a website that attempted to steal their credentials.

    After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).

    Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.

    Hopefully the scope of the breach remains limited to Reddit’s initial findings.

  • Three Safety Precautions You Must Make When Sending Money Online

    Three Safety Precautions You Must Make When Sending Money Online

    Sending somebody an online payment has become easier than ever these days. Whether you need to pay for a product or service, repay a friend for lunch, or pay your mom back some money that you borrowed, there are now more apps and services available that you can use to do this in a couple of clicks.

    Online money transfer apps and services are also very popular among people who have moved to another country for work, as they will often use them to send some money back to help out family back home. However, with the growing popularity of online money transfer services, there are also lots of scams and risks. Here are some of the best things that you can do to keep yourself safe when transferring money online. 

    Use a Trusted Payment Provider

    The best way to stay safe when sending payments online is to use your online banking app to only make transfers to verified accounts. Make sure that you know the person that you are sending money to and have received the account information from them personally. However, if you are unable to use your online banking to make the transfer, for example, if you are sending money abroad to family back home, then it’s important to use a reputable and trusted international money transfer app such as Ria Money Transfer 

    Make Sure You Know Who You Are Sending Money To

    Only send money to people that you can verify as real. Make sure that you know the person that you are sending money to. It’s best to speak to them in-person wherever possible to get their account details to transfer to. If using a payment app, you may be able to add an additional layer of security by sending it via their email address, which you can verify first. Be wary of any emails or text messages requesting money, even if it appears to be from somebody that you know. A video call or phone call to confirm the information is a good idea, and will enable to you to make sure that it’s actually your relative or friend who has requested the money, and the details you have are correct. 

    Use An Anti-Virus Program

    Whether you are using an app on your smartphone or another device such as a laptop or tablet to send money to friends and family, it’s a good idea to ensure that you are protected with a strong anti-virus software program. This will scan your device and any software on it to keep a look out for any malicious software or viruses like spyware that might be attempting to get access to your financial accounts or the login details for the payment apps you use. Ideally, you should have the program running in the background at all times so that it can immediately alert you to anything that isn’t right. 

    Sending money online has become a common occurrence in today’s world with most of us doing it. However, it’s important to be aware of the risks involved with sending money online each time you make a transfer. 

  • What is important to know about the ELT and ETL processes?

    What is important to know about the ELT and ETL processes?

    Nowadays, it is common for companies to use ELT and ETL processes in working with Big Data. This allows running documentation from the different sources of information used in the data lake and data warehouse. 

    Moreover, ELT and ETL processes are quite affordable for every interested company or institution. So, as you may have already guessed, we are going to discuss ETL data modeling practices today. We believe that this will have a positive impact on your business growth.

    First of all, you need to know the differences and similarities between ETL and ELT. What’s more, it is recommended to understand the most used words on this topic, like data lakes and data warehouses. Let’s start! 

    How do ELT and ETL processes work? 

    The ELT (extract, load, transform) is the process in which the data is modified after having been transferred to the receiving database, without making any changes. The first stage of this operation is to extract the data. The maneuver of loading the data to the database it receives is the intermediate stage where the ELT admits that the target system executes the respective transformations.

    For this reason, we recommend you apply ELT and ETL processes while working with large amounts of data. In addition, unstructured data, the source, and the target database use the same technology when the amount of converted data is massive. 

    The transformations made on the data are improved by the database that receives them. Usually, it can be NoSQL databases or Hadoop clusters. As we can see, in the ETL process, the data circulates from the origin to its final destination. So, the whole responsibility for the success lies in the ETL and the chosen database technology. 

    What is more, ELT and ETL processes are responsible for:

    • mobilizing large amounts of data;
    • integrating them;
    • introducing them into a common site. 

    What are the main differences between ETL and ELT?

    ETL and ELT are very similar. Yet, the most obvious difference is in the order in which the ETL and ELT processes in Big data execute the various required operations. These methods are best handled in different situations.

    So, here are to your attention some of the most crucial differences between ETL and ELT:  

    1. ETL is the process of extracting, transforming, and loading data. 
    1. ELT is the process of extracting, loading, and transforming data. 
    1. Within ETL, data is moved from a data source to an intermediate data store. 
    1. ELT uses a data warehouse to perform basic transformations. There is no need for data staging. 
    1. ETL can help ensure privacy and compliance by cleaning sensitive and secure data before it is loaded into the data warehouse.
    1. ETL can perform complex data transformations and can be more cost-effective than ELT. 

    The difference between ETL and ELT can be explained quite easily. However, realizing the whole picture and the cool benefits of ETL over ELT requires some time. Plus, a deeper understanding of how ETL works with data warehouses and how ELT works with data lakes is also necessary.

    The result of using both ETL and ELT 

    Organizations, companies, and institutions always need to make the most of the advantages of these two computer methodologies. They use ELT and ETL processes in Big Data, where ELT is responsible for quick introductions of unstructured data. As for ETL, it is helpful to make them more flexible and secure. 

    For this reason, the vision has expanded towards ETLT, which executes the following steps that you need to know:

    • Extraction. Data from the different sources are collected and transferred to the development area for preparation.
    • Loading. At this stage, data is uploaded to the Data Warehouses.
    • Transformation. It is the last stage, but not the least. It is where operations are executed to transform and integrate data from various sources.

    This result of the operations carried out on the existing data. It allows adjusting the times and technologies used to improve the amount of work. Therefore, the first group of changes is faster and more effective in providing the data with the necessary preparation and greater security.

    Can the ETLT bring any benefits to the ETL and ELT processes?

    The ETLT in Big Data provides us with the advantages of both – ETL and ELT processes. In this way, it manages to lighten the introduction of data. At the same time, the ETLT provides the security and quality required in modern companies, organizations, and institutions that use such technologies.

    ETLT processes are commonly used when it is necessary to filter, anonymize or mask data for regulatory reasons, before capturing it in the data warehouse.

    How to choose the best solution 

    As we have already mentioned, the ELT and ETL process in Big Data have become fundamental and essential for numerous organizations. The ETL can brag about many years of popularity. As well, it has a sufficiently high maturity and flexibility. This is really impressive, as it was not designed to work correctly with structured data and relational databases.

    As for ELT, it was created to execute activities with NoSQL solutions. For this reason, the difficulty of the operations it performs is less. Still, the size of the data it can process is greater than those processed by ETL.

    In this order of ideas in the execution of the two processes, it is possible to observe the accuracy, in terms of the type and structure of the data in the ETL processes. This hinders future transformations. At the same time, in ELT processes it is normal to make movements of unstructured and structured data with equal procedures.

    In summary, the data lake is unlimited, but you should have deep knowledge and comprehensive documentation about the ETL and ELT processes. This will help you achieve the required transformations and maximum quality for the use of the stored data. 

    Luckily, you can choose an option to work with professional IT services, like Visual Flow, to save your time and energy. This way, your team, and customers will get a better experience with data analytics. Moreover, obtaining a data warehouse is a reasonable investment that can raise your profits.

  • macOS Ventura Bug Breaks Some SMB Connections

    macOS Ventura Bug Breaks Some SMB Connections

    Some macOS users are experiencing a major bug, one that breaks SMB network connections.

    According to AppleInsider, users are reporting issues with SMB connectivity in macOS Ventura, although there doesn’t appear to be a consistent set of parameters that trigger the issues. Some users report issues connecting an iPhone to a MacBook Pro, while others have trouble connecting Macs and Windows PCs.

    The issue seems to affect a range of users, from individuals to some enterprise users. Others, however, are completely unaffected.

    While Apple has yet to comment on a possible cause, one solution that seems to universally work is downgrading to macOS Monterey.

  • Google Brings VMware to Google Cloud

    Google Brings VMware to Google Cloud

    Google is rolling out support for VMware in Google Cloud in the form of “a Google-managed VMware platform.”

    VMware is a major player in the virtualization and cloud computing markets. The company’s software powers some of the world’s biggest companies across a range of industries, and Google is bringing that software to its cloud offerings.

    The company announced the initiative in a blog post:

    Google Cloud VMware Engine is a Google-managed VMware platform that customers can use to run their VMware workloads on Google Cloud. VMware Engine private clouds consist of VMware ESXi clusters that are managed by Google. Customers manage the virtual infrastructure of private clouds using VMware vCenter and VMware NSX-T for software-defined networking. The GCVE IaC Foundations code guides customers to automate the configuration of several layers of the infrastructure and virtualization stack, using infrastructure as code. This includes the integration of platform logging and monitoring with the Google Cloud Operations Suite, configurations such as VM folders, permissions and VM deployments in vCenter and network configurations in NSX-T, including subnets, firewalls, and load balancers.

  • Google Invests $300M in AI Startup Founded by OpenAI VP

    Google Invests $300M in AI Startup Founded by OpenAI VP

    Google is continuing its quest to come up with an answer to OpenAI’s ChatGPT, investing in a rival founded by a former OpenAI VP.

    Google has reportedly invested $300 million in Anthropic, founded by Dario Amodei. Amodei previously worked at OpenAI, ultimately rising to VP of Research, before leaving to found Anthropic in early 2021.

    The injection of cash from Google is part of a partnership that will see Anthropic adopt Google Cloud.

    “We’re thrilled to be able to partner with Google Cloud on training and deploying useful AI systems,” said Anthropic CEO Dario Amodei. “We’ve been impressed with Google Cloud’s open and flexible infrastructure. We are excited to partner with Google to scale-up our systems in the coming months.”

    “AI has evolved from academic research to become one of the biggest drivers of technological change, creating new opportunities for growth and improved services across all industries,” said Thomas Kurian, CEO, Google Cloud. “Google Cloud is providing open infrastructure for the next generation of AI startups, and our partnership with Anthropic is a great example of how we’re helping users and businesses tap into the power of reliable and responsible AI.”

    As part of the deal, Anthropic will run its Claude AI model on Google Cloud. Claude’s capabilities are believed to be competitive with the much-hyped ChatGPT.

    The deal is reminiscent of Microsoft’s multibillion investment in OpenAI, albeit on a smaller scale. Microsoft and Google both see AI as a way to revolutionize search, as well as a plethora of other fields.

    With Microsoft already at work to integrate OpenAI’s ChatGPT into Bing, it’s not surprising to see Google invest in one of OpenAI’s rivals in an effort to catch up.

  • Privacy and Cybersecurity Challenges in 2023 – Part One

    Privacy and Cybersecurity Challenges in 2023 – Part One

    With a new year comes new privacy and cybersecurity challenges for companies large and small, not the least of which is new regulation. The tech industry is facing new regulations in 2023, some of which will have profound impacts on day-to-day business and carry heft penalties for non-compliance.

    Here’s some of the top regulatory issues companies need to be aware of:

    Voluntary Cooperation Is Out; Regulation Is In

    One of the major changes moving forward in 2023 is an expected change in the US government’s approach to cybersecurity. In the past, the government was largely willing to allow companies to handle cybersecurity issues on a voluntary basis, but those days appear to be over.

    The White House Office of the National Cyber Director is expected to unveil major new initiatives in the first half of 2023, and many of them will be mandatory.

    “We’ve been working for about 23 years on a largely voluntary approach,” said Mark Montgomery, the senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. “The way forward is going to require thinking about regulation.”

    California Consumer Privacy Act of 2018

    One of the biggest regulatory challenges businesses will face is the California Consumer Privacy Act of 2018 (CCPA), including the Proposition 24 amendments that were passed in 2020 and expanded the scope of the CCPA.

    Per the California Attorney General’s office, the CCPA guarantees the following rights:

    • The right to know about the personal information a business collects about them and how it is used and shared;
    • The right to delete personal information collected from them (with some exceptions);
    • The right to opt-out of the sale or sharing of their personal information; and
    • The right to non-discrimination for exercising their CCPA rights.

    In addition, the Proposition 24 amendments add the following:

    • The right to correct inaccurate personal information that a business has about them; and
    • The right to limit the use and disclosure of sensitive personal information collected about them.

    The latter two rights, in particular, are of special note since they went into effect on January 1, 2023.

    Most important, however, is a provision that allows customers to take legal action against companies that fail to properly protect their data and expose such data as a result of a breach. This places a tremendous responsibility on companies to ensure all possible measures are being taken to reduce their possible liability.

    Increased GDPR Enforcement

    Another major hurdle many businesses will face is increased enforcement of the European Union’s GDPR. While the GDPR has been in effect for years, companies on both sides of the Atlantic have largely ignored some of its provisions.

    The EU sent a clear message in 2022, however, that companies will continue to ignore the GDPR at their own peril. For example, in January 2022, the Austrian Data Protection Authority ruled that Google Analytics violated the GDPR and was therefore illegal, impacting countless EU-based companies and websites.

    At the heart of the issue is the protection of EU citizens’ data when it is in the hands of US-based companies. The EU is especially concerned that US intelligence agencies could have unwarranted access to such data. While the US and EU are working to establish a new data-sharing deal that would address such concerns, such a deal is still a ways off, leaving companies to navigate the complicated situation on their own.

    In the meantime, the EU has made it clear it will continue to go after companies that ignore its privacy and cybersecurity regulations.

    “Instead of actually adapting services to be GDPR compliant, US companies have tried to simply add some text to their privacy policies and ignore the Court of Justice,” says Max Schrems, honorary chair of The European Center for Digital Rights. “Many EU companies have followed the lead instead of switching to legal options.”

    General Issues

    In addition to the above specific concerns, there are a number of general concerns companies face. Ransomware attacks have been a growing threat in recent years, especially attacks that target vital infrastructure.

    As a result of the growing threat, cybersecurity has been a major focus of the Biden administration, with multiple executive orders, memorandums, and fact sheets addressing the issue. Some of these include unprecedented requirements, including mandatory measures to improve the overall cybersecurity of US businesses and agencies.

    Dealing With the Challenges

    Understanding the challenges is just the first step in properly preparing for and dealing with them. In Part Two of this series, we’ll look at some specific steps companies and organizations can take.

  • Red Hat Signs Partnership to Bring RHEL to Oracle Cloud

    Red Hat Signs Partnership to Bring RHEL to Oracle Cloud

    Red Hat has signed a major partnership with Oracle to bring Red Hat Enterprise Linux to Oracle Cloud Infrastructure.

    Red Hat is a leading Linux and open source company, with its RHEL being one of the most popular enterprise Linux offerings and the backbone of the company’s hybrid cloud tech. The expanded partnership with Oracle will see RHEL running as a supported operating system on OCI.

    “Starting today, customers can deploy Red Hat Enterprise Linux on OCI and receive full support for these certified configurations from both Red Hat and Oracle,” said Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure. “Deepening our collaboration in the future will see us support additional products and workloads on OCI so customers have more flexibility.”

    The two companies clearly see a chance to capitalize on their combined popularity.

    Ninety percent of the Fortune 500 currently rely on Red Hat and Oracle solutions. For many of these companies, Red Hat Enterprise Linux serves as their operating system foundation and OCI offers them high-performing, mission-critical cloud services, to power digital-forward operations. Now these organizations are able to standardize their cloud operations with Red Hat Enterprise Linux running on OCI, which enables customers to gain a common platform that stretches from their datacenter to the OCI distributed cloud.

    “Customer choice, from hardware to cloud provider, is a crucial commitment for Red Hat, whether these organizations are running operations in their own datacenters, on multiple public clouds or at the far edge,” said Ashesh Badani, senior vice president, head of Products, Red Hat. “Our collaboration with Oracle to deliver full support for Red Hat Enterprise Linux on OCI further cements this commitment to choice by extending cloud deployment options for our customers, and laying the foundation to make additional Red Hat solutions available to customers digitally transforming on OCI.”

    The deal is a big win for Red Hat and its parent company IBM, as well as for Linux in general.

  • Google Cloud May Be Alphabet’s Saving Grace in Tomorrow’s Earnings

    Google Cloud May Be Alphabet’s Saving Grace in Tomorrow’s Earnings

    Alphabet is poised to deliver its Q4 2022 earnings tomorrow, and analysts are looking to Google Cloud to be the bright spot.

    Alphabet, like many in the tech industry, has had a rough few months. The company is facing antitrust action by the US government, new threats to its core business, and a economic downturn that has resulted in its first-ever layoffs.

    With the company reporting its earnings tomorrow, analysts are looking to Google Cloud to be one of the driving elements to the company’s performance.

    “Alphabet’s fourth-quarter 2022 results, scheduled to be released on Feb 2, are likely to reflect gains from its strengthening cloud service offerings,” writes Zacks.com.

    “The Google Cloud segment, which derives revenues from fees collected for Google Cloud Platform services and Google Workspace collaboration tools, has constantly been driving substantial revenue growth for Alphabet,” Zacks continues.

    Cloud computing has, in general, weathered the economic downturn better than many other segments of the tech industry. Alphabet’s earnings tomorrow may shed light on just how resilient the cloud industry really is.

  • ChromeOS Bringing Microsoft 365 and OneDrive Integration

    ChromeOS Bringing Microsoft 365 and OneDrive Integration

    Google is making it much easier for ChromeOS users to access their Microsoft data, adding Microsoft 365 and OneDrive integration.

    While Google offers excellent storage options for ChromeOS users, many still need access to their Microsoft 365 files and data. The company is easing that pain point, integrating Microsoft’s services via a Progressive Web App.

    The company announced the changes in a support article:

    Today, users of Microsoft 365 and OneDrive software can use the Progressive Web App (Installable here) for their Microsoft Word, PowerPoint or Excel needs. To further help these users, we will have a new integration later this year on ChromeOS, making it easier to install the app and open files.

    Users will be offered a guided setup experience that takes them through the process of installing the Microsoft 365 web app and connecting Microsoft OneDrive to their Chromebook Files app. Files will be moved to Microsoft OneDrive when opening in the Microsoft 365 app.

    Microsoft 365 On ChromeOS – Credit Google

    The new feature is a win-win for customers and is a nice example of two rivals working together to improve the customer experience.

  • Google Is Now Rolling Out Its New Gmail Interface

    Google Is Now Rolling Out Its New Gmail Interface

    Google is currently rolling out its updated Gmail interface, bringing together various elements in one view.

    Google has been planning a new Gmail interface for some time, in an effort to make the service a one-stop-shop for communication. The new interface brings together “Gmail, Chat, and Meet in one unified location.”

    Google began rolling out the new interface to scheduled domains on Friday, and expects to be finished by February 3. Once complete, users will not be able to roll back to the previous interface.

    Beginning today, the new Gmail user interface is rolling out for scheduled release domains, with anticipated completion by February 3, 2023. This will become the standard experience for Gmail, with no option to revert to the original UI.

  • It’s Not Just You: Windows Updates Are Failing

    It’s Not Just You: Windows Updates Are Failing

    Microsoft Windows users are experiencing major problems updating their systems, with updates failing without explanation.

    According to Windows Latest, the problem has been going on for months, but seems to be impacting the most recent security and essential updates. It is impacting some optional updates as well.

    KB5022303, the mandatory security update and essential for Windows 11 users, is failing with mysterious error messages, with 0x800f0831 being the most common error code. This bug is also hitting KB5022360, which is the latest optional update for Windows 11.

    While failed updates are bad enough, cryptic error messages that do not provide any assistance make it that much more difficult to troubleshoot.

    While Microsoft is aware of the situation, there has been no word yet on a possible fix.

  • Google Fi Impacted by Latest T-Mobile Breach

    Google Fi Impacted by Latest T-Mobile Breach

    T-Mobile’s latest data breach may have cast a wider net than previous ones, with Google Fi customers among those impacted.

    T-Mobile alerted customers in mid-January that it had been hit by a data breach, one that impacted some 37 million customers. However, it appears T-Mobile’s customers weren’t the only ones affected.

    Google Fi has sent a notice to its customers indicating their data may also have been included in the T-Mobile breach. Below is the email customers received, via 9to5Google:

    Dear Google Fi customer,

    We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.

    There is no action required by you at this time.

    This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.

    It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.

    Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third party system and notify everyone potentially impacted. There was no access to Google’s systems or any systems overseen by Google.

    If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue.

  • JD Sports Notifies Customers of a Data Breach

    JD Sports Notifies Customers of a Data Breach

    JD Sports has notified customers of a data breach, although it says “the affected data is limited.”

    JD Sports published a notice on January 30 that it had suffered a “cyber incident” in which a hacker gained unauthorized access to customer data involving online orders that were placed between November 2018 and October 2020. Despite the amount of data accessed, the company says the data does not include full payment information, nor does it have any reason to believe account passwords were breached.

    Despite the reassurance, the company says the compromised data does include “the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.”

    “We want to apologise to those customers who may have been affected by this incident,” said Neil Greenhalgh, JD Sports CFO. “We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”