Microsoft is set to start work on a controversial $10 billion cloud contract with the US military on 11 February, but not if Amazon has its way.

Last year, the Pentagon awarded the $10 billion contract for the Joint Enterprise Defence Infrastructure (JEDI) to Microsoft, tasking it with replacing ageing computers with a cloud network.

By the time the contract was awarded, Amazon Web Services (AWS) was the only other supplier in the race for the work and seen as a front runner by some, saying at the time it was “surprised” to lose the deal. Reports in a book suggested that may well have happened because President Donald Trump told the Pentagon leadership to “screw Amazon” as part of a spat with the company’s CEO Jeff Bezos. Weeks later, Amazon said it would appeal the decision in court.

As part of the ongoing dispute, Amazon filed a court document yesterday revealing it will seek a preliminary injunction that will “prevent the issuance of substantive task orders under the contract”, the filing says.

The three parties — the US government, Amazon and Microsoft — have already agreed on an expedited schedule for the court to consider the preliminary injunction, because the cloud system is considered important to national security, according to a report in Federal News Network. Amazon will file the formal request for an injunction by 24 January, with the other parties given a week to respond; the court should rule by the 11 February, when work is supposed to begin.

One objection could simply be that Amazon has filed the injunction request too late to stop work, raising questions of why the company didn’t make the request sooner in the case, which started at the end of November.

“The United States and Microsoft note that, in agreeing to the above schedule for briefing of AWS’s intended motion for temporary restraining order and/or preliminary injunction, they expressly reserve their right to object to the timeliness of AWS’s proposed motion,” the filing notes.

The filing also shows the US government “does not intend to file an answer to AWS’s complaint”. That’s reportedly common in bid protest cases, and means the government won’t give much detail about why it handed the contract to Microsoft.

The Department of Defense has rejected Amazon’s claims and the reports that Trump pressured staff to choose Microsoft over Amazon, and said the contract decision was made without bias or external influence.

​Google is toying with adding biometric support to its Autofill service on Android devices, deployed by users to automatically populate online forms and apps with personal and sensitive information.

Android code that hasn’t yet been enabled suggests Google’s built-in service could, in a future update, introduce an additional security layer involving fingerprint scanning or facial recognition, according to XDA Developers. 

The additional step would be handled through the ‘BiometricPromptAPI’, and would aim to resolve a security concern that has riddled Google’s auto-fill feature for years.

Autofill allows Android users to automatically populate forms and apps with information like passwords, addresses and credit card details, that’s synced with their Google account.

With Google’s Android 8 Oreo operating system, the inclusion of an Autofill API opened up support to third-party password managers like LastPass and Dashlane.

Using the equivalent of Autofill with these apps, however, generally requires users to pass an additional layer of security, like a quick fingerprint scan, to verify their identity.

Unlike these third-party apps, however, Google’s own feature has never demanded any additional form of authentication.

Attackers, therefore, could in theory gain access to a wealth of sensitive information – including financial data – by just bypassing the passcodes users set that allows access into their devices.

According to an APK teardown, biometric support options would be enabled within the Autofill settings portion of the Android settings menu, under ‘autofill security’. 

Users could then separately toggle biometric support on or off for payment information and credentials like usernames and passwords.

Biometric security is increasingly being seen as a reliable and secure alternative to traditional passwords and passcodes. The use of password managers, too, is often recommended by security experts as a means of improving cyber hygiene.

Microsoft, for instance, is a company that’s been highly vocal about the need to shift away from conventional passwords and for users to instead embrace biometrics as an alternative. Its chief information security officer Bret Arsenault has in the past called for online passwords to be eliminated entirely.

Embracing biometric support completely, however, presents its own security challenges, as the Biostar 2 data breach showed, with the nature of the biometric data taken for more permanent than usernames and passwords, which are stolen in most other breaches.

​

​Windows 7 should not be used for sensitive tasks, such as banking or email, after the decade-old software hits end of life tomorrow, the British government’s security service has warned.

The National Cyber Security Centre (NCSC), the public-facing arm of GCHQ, issued the warning ahead of Microsoft ending extended support for the ten-year-old operating system on 14 January, meaning Windows 7 will no longer get any security updates and that flaws will go unpatched and left open for hackers. Businesses will still be able able to pay to get security updates for the next three years.

“The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices,” an NCSC spokesperson told The Telegraph.

“We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts,” the spokesperson added. “They should also consider accessing email from a different device.”

The NCSC noted that criminals started targeting Windows XP immediately after extended support ended in 2015, though Microsoft has issued a handful of emergency patches for serious vulnerabilities despite officially ending support.

As of the end of 2019, Windows 7 was still used on 27% of desktops and laptops globally, according to Net Applications’ Market Share, while 55% were on the most recent version, Windows 10. Indeed, a tiny slice, just over 2%, remain on Windows XP.

That includes consumer devices around the world, but Kaspersky warned last year that as many as half of small businesses still use older operating systems, such as Windows 7, despite the significant security risk. That’s partially down to cost and dependence on apps unsupported on newer systems, but also down to habit, the security firm said. This is despite a number of high-profile attacks such as WannaCry, which targeted Windows 7 machines.

For those who prefer to plan ahead, Microsoft has already announced that it will end support for Windows 10 in 2025.

Microsoft has unveiled a set of new features for its flagship Teams platform to appeal to what the company calls “firstline workers” in industries like medicine, retail and manufacturing.

Over the course of 2020, the major Slack rival will introduce a suite of tools, including features like an in-app walkie-talkie, shared device sign-out and off-shift access controls for IT administrators.

The news marks the company’s second major push around ramping up functionality for frontline-workers, hinting that Microsoft is aggressively trying to fill what it sees as a gap in the market.

Microsoft had previously revealed simple sign-in for Microsoft 365 and Teams at its Ignite conference in November. The previously announced SMS sign-in tool would allow frontline workers to log onto Teams using an SMS authentication code obtained by entering their phone number.

Companies in the retail industry, in particular, with high staff turnover, could be the main beneficiaries from this feature, as well as from new tools like off-shift access controls and shared device sign-out.

“Companies at the forefront of digital transformation recognize how critical it is to enable all of their people with the right technology and tools,” said Microsoft’s corporate vice president of modern workplace verticals Emma Williams.

“That’s why, in industries like retail, hospitality, and manufacturing, there’s a movement underway to digitally empower the Firstline Workforce – the more than two billion people worldwide who work in service- or task-oriented roles.

“Giving Firstline Workers the tools they need requires companies to address unique user experience, security and compliance, and IT management.”

Allowing workers to sign in using SMS, for instance, would allow IT departments to avoid the need to set up fully-fledged user accounts for individuals who may not stay in the job for very long.

One of the most eye-catching new features, the walkie-talkie tool, is aimed at supplanting the need to buy additional equipment like radios, with workers able to conduct voice conversations over Wi-Fi and mobile data.

Microsoft sees this walkie-talkie feature as a means to help companies ditch “analog devices with unsecure networks”, with workers no longer having to worry about crosstalk or eavesdropping from third-parties.

Principal analyst for digital workplace at CCS Insight, Angela Ashenden, said frontline workers have become a growing area of focus for Microsoft, with this segment of the workforce historically unserved with any apps or tools.

“We’ve seen Microsoft target this group already with its collaboration solution Teams,” she said. “And with its mixed reality applications as part of Dynamics 365, and we’re now starting to see these two worlds coming together as the company focuses on key verticals like retail.”

“Today’s announcements of a new push-to-talk, walkie talkie feature in Teams will be hugely valuable for retail businesses, and SMS sign-in helps address the challenge of the high-turnover storefront workforce who aren’t always given an email address to use to sign in with (this is a feature we’ve also seen Workplace by Facebook rollout).”

The use of off-shift access controls, similarly, gives IT admins the capacity to limit worker access to the app on personal devices outside of working hours. This would ensure employees are not working longer hours than they’re supposed to and helps employers comply with employment regulations.

While these features don’t have fixed release dates, Microsoft has penned broad estimates that range from later this quarter, to over the course of the first half of the year. All capabilities are expected to have been released by midway through 2020 or earlier.

Warner Bros will trial a machine-learning platform to help predict how movies will perform at the box office. 

The iconic film studio said it will use Cinelytics’ AI and cloud-based project management system to inform its decision around talent valuations and release strategies.

Cinelytic is a Hollywood-based business that applies machine-learning models to licensed performance data from the box office, home rentals and even pirated downloads, which it cross-references with information about genres, seasonal release dates and even actors. 

The company claims it can predict the economic value of a film and potentially the total revenues it will have over its lifetime. The deal is only a trial at the moment and will only involve the international side of the studio. 

“Warner Bros is excited to employ Cinelytic’s cutting-edge system,” said Tonis Kiis, Senior VP for international pictures at Warner Bros. “In our industry, we make tough decisions every day that affect what – and how – we produce and deliver films to theatres around the world, and the more precise our data is, the better we will be able to engage our audiences.”

Cinelytics’ platform is a subscription-based interface that works like a questionnaire, similar to an online insurance form. Users can enter information about their projects, such as budget, who is in it, who is directing, when and where it’s being released and the machine learning algorithms match that its dataset. 

The company’s CEO Tobias Queisser spoke to IT Pro last year and used the movie Hellboy as an example. Before its release, Queisser’s team ran the film’s information through the platform and its estimated box office takings were $23.3 million – less than half of its $50 million budget. 

It earned $21.8 million and the reason appeared to be the timing of its release. The film came out in a comic book-heavy spring schedule between DC’s Shazam and  Marvel’s Avengers: Endgame.

​Mozilla has patched a critical flaw in its Firefox browser that’s being actively exploited by criminals in targeted attacks.

The critical vulnerability, branded CVE-2019-17026, allows an attacker to seize control of an affected computer through a mechanism that leads to ‘type confusion’, according to an advisory released by Mozilla. 

The company confirmed that the critical flaw, which has now been patched, affects users running version 72.0.1 of Firefox and version 68.4.1 of Firefox ESR. The developer added that it’s “aware of targeted attacks in the wild abusing this flaw”. 

The severity of the flaw is such that the US Cyber Security and Infrastructure Agency has issued a separate warning urging Firefox users to apply the necessary updates.

The attack works by causing ‘type confusion’, which is a potentially critical error that can lead to data being read from or written to locations of memory normally out of bounds. When triggered, this can lead to an exploitable crash because of issues caused when the browser attempts to manipulate JavaScript objects.

It’s the second time within seven months that Firefox has sustained a critical zero-day vulnerability being actively exploited in the wild.

A previous flaw, discovered in June 2019, gave attackers the tools to execute arbitrary code on flawed machines and in some cases take over users’ devices remotely.

The latest emergency fix follows a round of 11 CVE-rated bug fixes Mozilla has issued, five of which were rated ‘high’ and four rated ‘medium’. Among these highly-rated issues were memory safety bugs in Firefox 72, another type confusion issue, and a memory corruption flaw.

The second major security scare within a matter of months is a blow to a developer trying to forge a fresh identity for Firefox as a privacy-centric web browser. Mozilla has teased and rolled out a suite of changes to how Firefox functions in the last year, including tools like a virtual private network (VPN).

In September last year, Mozilla also instigated a change in Firefox that would block known third-party tracking cookies and cryptocurrency mining by default as part of its Enhanced Tracking Protection (ETP).

Data management firm Veeam has been acquired by software investors Insight Partners in a deal worth approximately $5 billion.

The change will see the Swiss firm become a US company, with an American leadership team take the helm.

Veeam offers backup solutions for cloud data management. According to the latest IDC Software Tracker, it’s the number one market share leader in EMEA and number four in the world, behind Dell, Veritas and IBM.

The deal will be completed by the end of the first quarter of 2020 and will enable Veeam to expand its hybrid cloud platform.

“Veeam’s strong growth, coupled with high customer retention, unparalleled data management solutions and the opportunities to expand services into new markets, make it one of the most exciting software companies in the world today,” said Mike Triplett, Insight Partners managing director.

“We are committed to supporting Veeam’s next phase of leadership and growth in the United States, continued market-share leadership position in EMEA and continued global expansion,” Triplett said. 

As part of the deal, former chief of staff to the VP of the United States, Nick Ayers will join Insight Partners managing director Mike Triplett and Veeam CEO, William H. Largent on the board. Co-Founders Andrei Baronov and Ratmir Timashev will step down. Additionally, Insight Partners managing directors Ryan Hinkle and Ross Devor will each serve on the Board once the acquisition has been completed.

“With the acquisition, we are excited that our current US workforce of more than 1,200 will be expanded and strengthened to acquire and support more customers,” said Largent. “Veeam has one of the highest calibre global workforces of any technology company, and we believe this acquisition will allow us to scale our team and technology at an unrivalled pace.”