WebProNews

Category: IT Management

IT Management News

  • Ubuntu Pro Is Now Available to Everyone

    Ubuntu Pro Is Now Available to Everyone

    Canonical has announced the general availability of Ubuntu Pro, a security subscription service for the popular Linux distro.

    Ubuntu is the most widely-used Linux distro, providing excellent hardware support and ease of use. Canonical releases interim releases every six months, with LTS (long-term support) releases every two years. LTS releases offer five years of support and security patches.

    The new Ubuntu Pro subscription extends LTS support to a full ten years while also improving security. In particular, Ubuntu Pro adds security patch support for the 23,000 packages in the Ubuntu Universe repo, outside of the 2,300 packages in the Ubuntu Main repo.

    Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available. Ubuntu Pro, released in beta in October last year, helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS.

    The new plan also features optional phone/ticket support.

    “I manage my own compute cluster leveraging MAAS and other Canonical tools to support my research. The open source security patches delivered through Ubuntu Pro give my team peace of mind, and ensure my servers are secure. Canonical is continuously delivering timely CVE patches covering a broad portfolio of open source applications for the entire ten-year lifetime of an Ubuntu LTS. This brings much needed stability and compliance”, said David A Gutman, MD PhD, Associate Professor of Pathology, Emory University School of Medicine.

    The subscription is available for free to personal and small-scale commercial users for up to five machines. The standard subscription is available for $25 per workstation per year or $500 per server per year.

  • Lessons From the Latest Cyber Incidents

    Lessons From the Latest Cyber Incidents

    The LastPass data breach. Ransomware on The Guardian and Royal Mail. Hackers exploiting the platform CircleCI with zero-day malware.

    January is not even over and major hacking incidents or the aftermath of last year’s exploits have already been headlining the news.

    Some malicious cyber activity took place in December that has been discovered now or not yet remedied. Other major cases such as Royal Mail are still ongoing.

    What can others learn from these major incidents and how can endpoint security, anti-ransomware solutions, and phishing prevention aid companies to secure their most valuable assets?

    Royal Mail: Long Road to Recovery After Nightmare Ransomware

    The type of malware that encrypts files to demand ransom (mostly in crypto) in exchange for regaining access to documents is known as ransomware.

    Behind these major cases are malicious ransomware groups such as LockBit, Black Cat, and Hive. Most of them operate from Russia due to a lack of sanctions for this type of criminal activity in the country.

    On January 10, Royal Mail, the major British distribution service, was targeted with ransomware.

    A member of the ransomware gang LockBit has confirmed that they are behind this damaging cyber attack.

    The aftermath of the hack is still ongoing and sending or receiving international parcels has been disabled for a week. The company is working on restoring its services.

    Businesses that rely on the shipments via Royal Mail have already said that they’re been losing their ratings, customers, and lack of service is already causing major financial losses.

    The Guardian: Phishing Is Not Going Anywhere Anytime Soon

    Social engineering techniques are often the first step for cybercriminals because it’s easier to “hack” people than systems that are protected with all types of security measures and solutions.

    The most common type of social engineering is phishing.

    Hackers use emails, social media, or phone calls to target their victims and pressure them to either click the infected link that leads to the infected link, download malware hidden in the attachment, or reveal their passwords.

    To prevent it, companies invest in advanced tools that filter emails and phishing awareness training that teaches teams to recognize the most common phishing attempts.

    On December 20, The Guardian Media Group discovered the cyber incident within their network. It was identified as ransomware and they said that the malware infected their system following the successful phishing campaign.

    Luckily, workers could continue their work and publish digitally and via the app.

    The bad news was that private information of the UK staff has been obtained by the threat actor. The data of readers and subscribers haven’t been accessed by the malicious actor.

    However, their IT systems have been disrupted (internal WiFi was taken down) and until that is remedied completely workers have to telecommute until February.

    CircleCI: Mind Your Endpoint Security

    With the rise of remote work, the security of all of the devices workers use to connect to the company’s network (AKA endpoint devices) is essential for preventing cyberattacks.

    Employees connect to the company’s network from various home devices and maybe even bring their own laptops to work. If all those devices aren’t protected, the companies that rely on global teams have a major vulnerability that can be exploited for hacking.

    Endpoint security is the term that refers to a solution that is designed for protecting data, preventing threats, and identifying advanced zero-day attacks (which are difficult to detect because hackers rely on previously unknown flaws).

    On December 16, the DevOp platform known as CircleCI was the victim of a zero-day attack.

    The company was notified of the suspicious activity on December 29 and started investigating the issue and securing the platform.

    They identified the exact scope and what kind of hacking took place on January 4. Also, they notified all customers of the security incident and advised them to rotate all secrets within CircleCI and review internal logs.

    The sophisticated hackers exploited a device one engineer has been using for work. They managed to infect it with malware that bypassed the antivirus software. Once they gained unauthorized access, they could impersonate the employee.

    LastPass: How You Handle Data Breaches Matters

    Data breaches affect both the business that has been breached and the individual whose information has been leaked.

    They can occur after a successful phishing incident in which another person revealed their credentials, unauthorized access after exploiting a vulnerability, and other methods.

    On December 22, LastPass, a well-known password manager, made an update on the data breach they experienced on November 30. They revealed that the incident had worse repercussions than they initially claimed.

    Namely, the threat actor managed to access password vaults as well as user data.

    The company hasn’t provided their customers with more information for a week after that update and security experts have suggested that users switch to something else.

    The lack of transparency has caused many users to change to another service.

    Key Takeaways and Lessons Learned

    Let’s start with Royal Mail. This ransomware shows how the cyber attack on critical infrastructure affects businesses and prompts consumers to question whether they could have been better protected against possible hacking threats.

    It takes a lot of time for companies to stand back on their feet following an incident. During that time, they lose money on the remediation and fall behind on their tasks.

    Regardless of how prepared your company might be for hacking activity, zero-day attacks can still wreak havoc on systems.

    Cyber incidents are often interlinked – as is evident from The Guardian hacking where the hacker was able to deploy ransomware following a successful phishing attack.

    At the end of the day, there is no ideal security measure because security incidents can occur even within well-protected and managed infrastructures.

    Once the attack or data breach occurs, it’s important how the news is communicated to those that are affected by the incident – that is, to be transparent and not leave worried users in the dark.

  • Google Calendar Gets Major Upgrade to Avoid Scheduling Conflicts

    Google Calendar Gets Major Upgrade to Avoid Scheduling Conflicts

    Google has rolled out a major update to Calendar, one that will make it easier for users to avoid scheduling conflicts.

    The company unveiled the news in a blog post:

    The appointment scheduling tool is a feature that allows people to share their availability via a booking page that can be used by colleagues, external stakeholders, clients, and partners to schedule a meeting. With the current appointment scheduling experience, you are unable to review multiple calendars for conflicts when exposing appointment times to others.

    As a result, we’re introducing the ability to check and see a visual preview of multiple calendars when setting up your appointment schedules. Your booking page will show you as unavailable when you’re busy based on the calendars you choose.

  • Hackers Stole LastPass Encryption Key

    Hackers Stole LastPass Encryption Key

    The news from LastPass keeps getting worse, with parent company GoTo admitting an encryption key was stolen in its latest breach.

    LastPass suffered a data breach in August and has been slowly releasing more details regarding the severity of the breach. What began as theft of source code graduated to theft of user password vaults. Even then, the company reassured users that their passwords were secure, since the vaults were still protected by encryption.

    Unfortunately, the company has revised its information — yet again — and acknowledged that an encryption key for at least some downloaded data was also stolen. The breach also impacts other GoTo products.

    “We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups,” writes GoTo CEO Paddy Srinivasan. “The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information. In addition, while Rescue and GoToMyPC encrypted databases were not exfiltrated, MFA settings of a small subset of their customers were impacted.”

    Needless to say, LastPass users should immediately change all of their passwords and closely monitor their accounts and services for unauthorized access.

    It is extremely disturbing that the LastPass breach continues to get worse. Despite the situation, the company has still not disclosed important information regarding the incident, such as exactly how many customers have been impacted.

    Given how LastPass has handled this breach, it is increasingly hard to justify using the service or trusting that it can protect its customers.

  • Microsoft Services Recovering From An Hours-Long Outage

    Microsoft Services Recovering From An Hours-Long Outage

    Microsoft services appear to be working after an hours-long outage that impacted Microsoft 365, Outlook, and Teams.

    According to Downdetector.com, users started experiencing problems in the early morning hours of Wednesday, January 25. The issue appeared to impact a broad range of Microsoft services and lasted for several hours.

    The company acknowledged the issue on Twitter, saying it appeared to be a networking issue.

    The company’s status page says services have been restored, as does their Twitter account.

  • OpenSnitch Application Firewall Coming to Debian

    OpenSnitch Application Firewall Coming to Debian

    Popular application firewall OpenSnitch is coming to Debian, one of the oldest and most popular Linux distributions (distros).

    OpenSnitch is an open source port of the popular macOS app Little Snitch. Little Snitch, and its open source counterpart, inform the user whenever an app tries to access the internet. It’s a useful feature to crack down on apps that try to ‘phone home.’

    Developer Petter Reinholdtsen posted a blog describing his efforts to work with the OpenSnitch developers to bring the app to Debian:

    It did not took long to find the OpenSnitch package, which has been in development since 2017, and now is in version 1.5.0. It has had a request for Debian packaging since 2018, but no-one completed the job so far. Just for fun, I decided to see if I could help, and I was very happy to discover that upstream want a Debian package too.

    After struggling a bit with getting the program to run, figuring out building Go programs (and a little failed detour to look at eBPF builds too – help needed), I am very happy to report that I am sponsoring upstream to maintain the package in Debian, and it has since this morning been waiting in NEW for the ftpmasters to have a look. Perhaps it can get into the archive in time for the Bookworm release?

    Given the well-deserved praise Little Snitch and OpenSnitch have earned over the years, its nice to see a version coming to Debian. Since Ubuntu is based on Debian, it will likely make its way there as well.

  • T-Mobile Hit By Yet Another Data Breach, 37 Million Customers Impacted

    T-Mobile Hit By Yet Another Data Breach, 37 Million Customers Impacted

    T-Mobile has once again been hit by a massive data breach, this time impacting some 37 million customers’ data.

    T-Mobile has written a blog post outlining the details of its latest breach:

    We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.

    The company says it shut down the breach within 24 hours of discovering it, and that customers’ most sensitive information was protected.

    No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.

    While the scope of this data breach may have been fairly limited, it’s still disconcerting that the company has experienced two such breaches in as many years, with the last one costing the company $350 million to settle.

    Hopefully T-Mobile will be able to shore up its security and prevent further incidents.

  • Yum Brands Hit by Ransomware, Hundreds of Restaurants Close

    Yum Brands Hit by Ransomware, Hundreds of Restaurants Close

    Yum Brands, the parent of KFC, Pizza Hut, and Taco Bell, was hit by a ransomware attack, leading to hundreds of locations closing.

    Yum Brands acknowledged the attack in a statement Wednesday, saying its IT systems were compromised.

    On January 18, 2023, Yum! Brands, Inc. announced a ransomware attack that impacted certain information technology systems. Promptly upon detection of the incident, the Company initiated response protocols, including deploying containment measures such as taking certain systems offline and implementing enhanced monitoring technology. The Company also initiated an investigation, engaged the services of industry-leading cybersecurity and forensics professionals, and notified Federal law enforcement.

    The company says the overall impact was relatively limited. Most important, Yum Brands says there is no evidence any customer data was stolen.

    Less than 300 restaurants in the United Kingdom were closed for one day, but all stores are now operational. The Company is actively engaged in fully restoring affected systems, which is expected to be largely complete in the coming days. Although data was taken from the Company’s network and an investigation is ongoing, at this stage, there is no evidence that customer databases were stolen. While this incident caused temporary disruption, the Company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results.

  • Mailchimp Suffers Second Breach In Six Months

    Mailchimp Suffers Second Breach In Six Months

    Mailchimp has suffered yet another security incident that has exposed user data, the second such incident in six months.

    Mailchimp suffered a breach in April 2022, one that exposed the data of more than 100 customers. The company has now revealed in a blog post that it has suffered another breach:

    On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.

    Once again, the breach compromised the data of more than 100 customers:

    Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts. There is no evidence that this compromise affected Intuit systems or customer data beyond these Mailchimp accounts.

    It’s unclear why Mailchimp keeps having these breaches, but it certainly doesn’t instill much confidence in the company or its owner, Intuit.

  • Satya Nadella: ‘ChatGPT Coming Soon to Azure OpenAI Service’

    Satya Nadella: ‘ChatGPT Coming Soon to Azure OpenAI Service’

    Microsoft is working to bring ChatGPT to its Azure OpenAI service, according to a tweet by CEO Satya Nadella.

    OpenAI’s ChatGPT took the AI world by storm, quickly establishing itself as one of the most advanced chat AIs to date. As one of the main investors in OpenAI, Microsoft has access to the company’s technology, and has already incorporated it as part of its Azure OpenAI Service. The company is preparing to take it a step further by rolling out ChatGPT as well.

    Eric Boyd, Corporate Vice President, AI Platform, provided more details in a Microsoft blog post:

    With Azure OpenAI Service now generally available, more businesses can apply for access to the most advanced AI models in the world—including GPT-3.5, Codex, and DALL•E 2—backed by the trusted enterprise-grade capabilities and AI-optimized infrastructure of Microsoft Azure, to create cutting-edge applications. Customers will also be able to access ChatGPT—a fine-tuned version of GPT-3.5 that has been trained and runs inference on Azure AI infrastructure—through Azure OpenAI Service soon.

    Microsoft is clearly going all-in on OpenAI and ChatGPT. The company is preparing to invest $10 billion in the AI firm and is looking for ways to integrate ChatGPT into its Bing search engine in an effort to challenge Google’s dominance.

    Integrating ChatGPT into Azure OpenAI Service is a natural evolution of the company’s plans and investment.

  • AWS and SAP Expand Partnership to Accelerate Digital Transformation

    AWS and SAP Expand Partnership to Accelerate Digital Transformation

    AWS and SAP have announced a new partnership aimed at helping customers accelerate their digital transformation.

    SAP has been steadily reinventing itself with a focus on cloud computing. CEO Christian Klein made clear in late-2021 that the strategy was working.

    “Our strategy is clearly working. Customers are choosing SAP for their business transformation in the cloud. We see record adoption of our applications and our platform. This has resulted in strong acceleration of our cloud growth.”

    The company has been building partnerships with other cloud providers to help customers accelerate their digital transformation and cloud migration. SAP partnered with IBM in early 2022, and has now expanded its partnership with AWS.

    “AWS and other infrastructure providers are becoming increasingly important to SAP’s business as we help our customers benefit from digital transformation in the cloud with RISE with SAP,” said Elena Ordóñez del Campo, senior vice president and strategic partner officer, SAP. “Building on our partnership of 15 years, we move into the new year with aligned go-to-market teams in every region, an industry-leading portfolio of solutions enabled by our joint reference architecture, and a growing selection of co-innovations — all ready to help accelerate value for our customers. We look forward to an incredible 2023 together and beyond.”

    “This multiyear collaboration will facilitate stronger marketing and co-selling programs to complement our respective technologies,” said Kathleen Curry, director of AWS Worldwide Strategic Alliances. “SAP frequently leans in with AWS to deliver to customers a unified experience as they innovate and evolve their businesses in the ever-dynamic economic environment. This collaboration is an important milestone in our partnership and helps customers modernize faster with accelerated time to value, price-performance, reliability, and sustainability.”

  • SymphonyAI Taps Oracle for Cloud Services

    SymphonyAI Taps Oracle for Cloud Services

    Oracle has scored another win, partnering with SymphonyAI to provide it with Oracle Cloud Infrastructure (OCI) services.

    SymphonyAI is a leading artificial intelligence firm, creating applications that leverage AI to help businesses gain insights and educate their decision-making process. According to Zacks Equity Research, the company plans to use OCI services to further help it deliver real-time insights, combined with the cost-efficiencies of cloud computing.

    The partnership is the latest in a long line of Oracle successes that have seen the company gain significant ground in the cloud market. While not in the top three, Oracle has increasingly been turning heads and gaining recognition for the value proposition it offers.

    In fact, the company appears poised to be a big winner in the cloud industry in 2023, and this latest partnership is one more step toward that goal.

  • Inflation Is Outpacing IT Spending

    Inflation Is Outpacing IT Spending

    A new report is bad news for the IT industry, finding that inflation is outpacing IT spending by a significant margin.

    The IT industry, along with every other, is struggling with an economic downturn, with inflation increasing at near record highs. While IT spending is increasing, it’s not keeping pace with rising inflation.

    Gartner surveyed more than 2,000 CIOs to gain insight into the state of IT spending. The survey found that, on average, CIOs expected their IT spending budgets to increase by 5.1% in 2023, but that’s behind the estimated inflation rate.

    “The pressure on CIOs to deliver digital dividends is higher than ever,” said Daniel Sanchez Reina, VP Analyst at Gartner. “CEOs and boards anticipated that investments in digital assets, channels and digital business capabilities would accelerate growth beyond what was previously possible. Now, business leadership expects to see these digital-driven improvements reflected in enterprise financials.

    “CIOs expect IT budgets to increase 5.1% on average in 2023 – lower than the projected 6.5% global inflation rate. A triple squeeze of economic pressure, scarce and expensive talent and ongoing supply challenges is heightening the desire and urgency to realize time to value.”

    To help combat the trend, Gartner said CIOs must prioritize spending in the right sectors, such as

    “CIOs must prioritize digital initiatives with market-facing, growth impact,” said Janelle Hill, Distinguished VP Analyst, Gartner. “For some CIOs, this means stepping out of their comfort zone of internal back-office automation to instead focus on customer or constituent-facing initiatives.”

    “Leading CIOs are more likely to leverage data, analytics and AI to detect emerging consumer behavior or sentiment that might represent a growth opportunity,” added Hill.

  • Ecommerce, Search, Social… and Conversational Space?

    Ecommerce, Search, Social… and Conversational Space?

    “When I look at the conversational space I think it’s going to have as much impact as ecommerce or search or social,” says LivePerson CEO Rob Locascio. “The conversational space is going to be just as big. I think you’ll see one day that there will be a trillion dollar company in this space and I want it to be us. The things we’re investing in right now and setting up for will allow us to do that. That’s what’s important.”

    Rob Locascio, CEO of LivePerson, predicts that the AI-driven conversational space will ultimately have as much impact and be as big an industry as ecommerce, search, or social. Locascio was interviewed by Jim Cramer on CNBC:

    Ecommerce, Search, Social… and Conversational Space?

    When I look at the conversational space I think it’s going to have as much impact as ecommerce or search or social. The ability to talk to a machine and have a natural conversation, it’s in the collective consciousness of people. We all believe the Alexa type situation should happen with every company. 

    We do that with Delta and T-Mobile and all these big brands. What we’re looking at now is how do we take that to the world? LiveIntent is proprietary technology to look at the intent that a consumer is having with the brand. In terms of I want to buy something, we have a way to analyze that and then use machine learning algorithms to then scale those conversations. That’s what this is about. 

    Healthcare Companies Defending Themselves From Amazon Via AI

    In Q4 we signed a couple healthcare companies. They want to talk about defending themselves from Amazon because Amazon said they want to go into healthcare. The way they think they can do that is scaling the conversations they are having with their customers and creating a totally different experience. You go to a doctor, you have an experience with them, you capture that on a messaging platform and an AI will help you with whatever is wrong with you. You want to process a bill instead of calling and being put on hold, you do that through a conversational experience. 

    They want to game change it. The only way they’re going to defend themselves is to get into the conversational space. That’s what they see and we’re the company they’re trusting to scale their operations with the conversational platform.

    Conversational Space Is Going To Be As Big As Search and Social

    The conversational space is going to be as big as search and social. I think you’ll see one day that there will be a trillion dollar company in this space and I want it to be us. The things we’re investing in right now and setting up for will allow us to do that. That’s what’s important. The Amazon’s and the Facebook’s and Apple’s, they’re in the space. Jeff Bezos made a big bet obviously in Alexa to say this is the way it’s going to be. 

    It can’t just be Amazon and Alexa. It has to be other companies getting access to that technology and that’s what we are providing. Who else is providing it? We’re one of the largest companies in the world to do this. Even though we’re not big tech, we are large enough to go ahead and go after them. We are large enough to go ahead and define a space and win it.

  • How Information Technology Can Streamline Your Business

    How Information Technology Can Streamline Your Business

    The modern business landscape is more knotted than ever before with the use of advanced IT solutions and tools. Business owners use the latest technologies to streamline several business operations from basic changes in day-to-day processes to long-term improvements to sales and customer support teams. Every industry has been transformed and improved by IT solutions from email to AI and IoT. Technology helps businesses and companies to leverage limited resources in a smarter and in a productive manner. Employing technologies to your different business operations provides greater efficiency and productivity.

    In this article, we will discuss proven ways information technology can help you streamline your business and improve the bottom line.

    Better Communication and Project Management

    With help of intuitive IT solutions and tools, you can efficiently improve communication and project management within your workplace. A variety of communication and project management tools are out there that you can buy as per the individual needs and requirements of your business. As a result, you can effectively streamline both internal and external communications to adjust the way you manage projects. Cloud-based project management tools allow your employees and teams to collaborate proficiently. It helps them set milestones, share documents and useful information to reach business goals without getting out of track. Customer relationship management system solution is a perfect example of such tools to manage business operations in a smooth and more effective way.

    Integrated Software Solutions

     Every business or company comprises different departments that work together to run operations in a seamless manner. Software solutions and business tools are accessible that can be integrated with each other to keep them all connected. For example, a business can integrate its asset tracking software into helpdesk management to rationalize its maintenance operations and processes. Businesses also invest in custom software development to get a customized solution that can easily be integrated into their existing systems and tools for increased operational efficiency. The utilization of integrated software solutions in conjunction with smart tools and devices can completely transform the way you run your operations.

    Online Sales

    In this modern era of life, consumers tend to make purchases online by using their smartphones. The use of the latest IT tools and solutions has totally changed the way businesses sell and consumers buy. Online sales are common these days and it is very much important for businesses to employ the latest tools and technologies to promote and sell their products/services online. Thanks to modern tech like mobile-friendly websites, social media profiles, mobile apps, chatbots, and online POS systems businesses are better able to provide their customers with a better online experience.

    Increased Operational Efficiency and Bottom Line

    Better communication, easier collaboration, and business process automation mean increased overall operational efficiency, productivity, and improved bottom line. IT solutions allow business settings to improve their processes by streamlining how things are executed. Several repetitive, manual, and paper-based tasks like inventory management, asset tracking, and payroll processing can be simplified through technologies. Cloud-based CRMs, inventory management solutions, and asset tracking software can put all the mundane tasks on autopilot. Other technologies like AI, the IoT, and VR can help you get more done in less time even without using a lot of business resources.

    Better Marketing Opportunities

    We are living in a digital world where consumers want the required details and information right on their mobile devices. This is where digital marketing comes into play and allows you to reach your target audience effectively. Marketing techniques like search engine optimization, social media marketing, paid advertising, and content marketing can help you build a robust online presence for your brand. You can also run email marketing campaigns to reach directly into the inboxes of your target customers. Not only this, but you can also monitor your marketing efforts using tools like Google analytics. You can generate a huge amount of customer data with your website that later can be used to create personalized marketing campaigns to provide an excellent experience.

    Final Thoughts

    Information Technology has totally transformed the way businesses operate. It’s opened up new opportunities to grow their operations, and tied teams together for better collaborations. Businesses should keep an eye on the latest IT solutions and tools to all the available growth opportunities and improve customer experience. Stay ahead of the game now that you know how information technology can streamline your business.

  • Why Service Consolidation is the Future of Managed IT

    Why Service Consolidation is the Future of Managed IT

    In today’s marketplace, technology is the backbone of growth and innovation. Corporations need more than an IT management partner; they need a provider that can offer consolidated, best-of-breed Enterprise Solutions (SP), Managed Services & Security Services (MSP/MSSP), and Cybersecurity services. Identifying this need in the marketplace and the opportunities therein guide Calian ITC Solutions’ unique combination of best-of-breed manufactures managed by one partner that frees CIOs and CISOs from compromise. You know the old saying: “Nobody gets fired for buying IBM.” 

    The Case for Managed IT

    Most managed security service providers tend to focus on one thing or the other. It’s either threat hunting or NOC/SOC—and hardly ever a comprehensive suite of network and security services. This is where ITC Solutions is different. It has a cohesive managed security portfolio that combines a comprehensive platform, network, cloud, and data services. With digital transformation, distributed workforces, geopolitical threats, natural disasters, and sophisticated cyber threats, enterprises need IT providers who can build and protect their servers and data. 

    Calian ITC Solutions uses tested, Gartner-informed solutions in their stack, and has strong relationships with Crowdstrike, Palo Alto, XSoar, Cisco, Okta, AT&T Cybersecurity, Microsoft, VMWARE, Dell and Nutanix.

    “Environments are only getting more complex, and the threat landscape more sophisticated. Networks need constant detection, monitoring, testing, and response,” says Faisal Bhutto, SVP of Cloud and Cybersecurity at Calian. “So customers are gravitating towards providers who can be partners and provide the attention, expertise, and level of detail that only MSP/MSSP consolidation can provide.” 

    Some of the industry-leading features of Calian’s ITC Solutions offering include: 

    • XaaS—Everything as a Service—comprehensive 24/7/365 coverage of cybersecurity, communications, connectivity, workstation, systems, and productivity for clients
    • Complete NIST framework guided coverage of all cybersecurity managed services
    • Hybrid, cloud, on-and-off premises enterprise data and networking solutions 
    • A list of assessments, including ransomware, vulnerability, technical, and many others to test your environments on a regular basis

    In Conclusion

    Modern threats need modern solutions, and compromising quality for simplicity is no longer viable. Customers are looking for providers who can offer a strong mix of both—one who can provide the framework to drive the business forward while protecting the gains that they have made. The more managed IT providers understand this trend, the better equipped they’ll be to give customers what they want and need.

  • The Guardian Suffers Ransomware Attack, Staff’s Data Accessed

    The Guardian Suffers Ransomware Attack, Staff’s Data Accessed

    The Guardian has suffered a major ransomware attack and has revealed that some staff’s personal data was accessed.

    The Guardian broke the news in late December that it suffered an IT incident it believed was a ransomware attack. Yesterday morning the outlet confirmed that it was indeed a ransomware attack, one that compromised the personal data of its UK-based employees.

    The outlet described the attack as a “highly sophisticated cyber-attack involving unauthorised third-party access to parts of our network,” and likely the result of a phishing attempt.

    There was a bit of good news, however, as there appears to be no evidence that readers’ data was accessed.

    The Guardian said it had no reason to believe the personal data of readers and subscribers had been accessed. It is not believed that the personal data of Guardian US and Guardian Australia staff has been accessed either.

    In an email to staff, The Guardian also said there was no evidence the compromised data had made its way online.

    “We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” said chief executive Anna Bateson and editor-in-chief Katharine Viner.

    “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries.”

    They added: “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely.”

  • Microsoft’s January 2023 Security Update Fixes 98 Vulnerabilities

    Microsoft’s January 2023 Security Update Fixes 98 Vulnerabilities

    Microsoft has released the January 2023 Security Update, fixing 98 vulnerabilities, including one zero-day exploit.

    Patch Tuesday is Microsoft’s term for when it releases updates and security fixes for Windows. The first Patch Tuesday of 2023 fixes a slew of issues, including 11 critical and 87 important issues. One of them, CVE-2023-21674, is currently being exploited.

    Microsoft offers the following description of the zero-day exploit:

    This vulnerability could lead to a browser sandbox escape.

    Once the vulnerability is exploited, an attacker can achieve the following:

    An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

    All users should update immediately.

  • US Supreme Court Allows WhatsApp Case Against Pegasus’ NSO Group

    US Supreme Court Allows WhatsApp Case Against Pegasus’ NSO Group

    The US Supreme Court has shot down the NSO Group’s attempt to gain immunity from lawsuits over its Pegasus spyware.

    NSO Group maintained that it only sold the Pegasus software to law enforcement and intelligence agencies, but was revealed to have sold it to authoritarian regimes as well. As a result, Pegasus spyware was used to hack phones and spy on journalists, human rights activists, and diplomats.

    NSO Group has since faced a plethora of lawsuits and has tried to avoid them by arguing it should receive immunity since it was working on behalf of foreign governments.

    According to Reuters, the Supreme Court has shot down that argument, upholding a decision of a lower court that NSO Group does not qualify for immunity. The Biden administration had urged the court to arrive at this decision, pointing out that the State Department had never given a private company sovereign immunity.

    As a result of the decision, WhatsApp’s case against NSO Group is free to proceed. WIth the precedent established, other cases will likely be free to proceed as well.

    WhatsApp parent Meta welcomed the decision.

    “NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists and government officials,” Meta said. “We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations.”

  • Rackspace Founder: ‘They’re On a Trajectory of Death’

    Rackspace Founder: ‘They’re On a Trajectory of Death’

    Rackspace has had a tough couple of months, leading the company’s founder to predict “they’re on a trajectory of death.”

    Rackspace Hosted Exchange experienced a security issue in December resulting in the company shutting the service down and recommending users switch to Microsoft 365. Weeks later, the situation was still not resolved, leaving Hosted Exchange offline.

    According to the San Antonio Express-News, founder Richard Yoo says the company’s reputation “is eroding rapidly.”

    “This is the beginning of the end,” Yoo said. “It’s already just a midsize business in San Antonio. This is not a company that’s on a trajectory of growth. They’re on a trajectory of death. It will not be around.”

    Yoo believes much of the problem is the company’s current generation of managers and board members, none of whom are the kind of tech-oriented leaders the company once had. As a result, the company is now led by individuals “who don’t have any connection with the product.” He added that there’s “no culture.”

    Yoo’s condemnation is certainly not going to help Rackspace as the company tries to recover from its recent issues. Only time will tell, however, if Yoo’s long-term assessment is correct.

  • Microsoft Acquires Fungible to Improve Its Data Centers

    Microsoft Acquires Fungible to Improve Its Data Centers

    Microsoft has announced its acquisition of Fungible, a company that produces data processing units (DPUs) used in data centers.

    Microsoft Azure is the second-largest cloud computing platform behind AWS. Microsoft clearly wants to improve its data center offerings, and sees Fungible as a way to achieve that.

    “Fungible’s technologies help enable high-performance, scalable, disaggregated, scaled-out datacenter infrastructure with reliability and security,” writes Girish Bablani, Corporate Vice President, Azure Core.

    “The Fungible team will join Microsoft’s datacenter infrastructure engineering teams and will focus on delivering multiple DPU solutions, network innovation and hardware systems advancements.”

    Microsoft sees Fungible as a long-term investment that will help it differentiate its offerings.

    “Today’s announcement further signals Microsoft’s commitment to long-term differentiated investments in our datacenter infrastructure, which enhances our broad range of technologies and offerings including offloading, improving latency, increasing datacenter server density, optimizing energy efficiency and reducing costs,” Bablani adds.

    No financial terms of the acquisition were revealed.