Cisco flaw under attack after researchers publish exploit PoC

Keumars Afifi-Sabet

28 Jun, 2021

Hackers are targeting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after security researchers published a proof-of-concept (PoC) for a successful exploit.

Positive Technologies SWARM, the security company’s offensive research team, published an exploit PoC for the flaw tracked as CVE-2020-3580 last week. This was originally patched in October 2020 alongside CVE-2020-3581 through to CVE-2020-3583.

This issue, which is considered to be moderately severe, concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software. 

On unpatched systems, Cisco ASA/FTD software web services don’t sufficiently validate user-supplied inputs. To exploit the bug successfully, hackers would need to convince a user on the interface to click on a malicious link. The vulnerability is rated 6.1 out of ten on the CVSS threat severity scale.

Exploitation could allow an attacker to remotely conduct cross-site scripting (XSS) attacks on affected devices that haven’t been patched. Cisco ASA Software is the core operating system that powers the Cisco ASA family, comprising devices that offer firewall tools among other security-oriented services.

Since the PoC was posted online, Positive Technologies researcher Mikhail Klyuchnikov reported that many other researchers are also chasing bug bounties for this vulnerability. Tenable researchers have also reported that attacks are exploiting CVE-2020-3580.

Cisco issued a patch for this flaw in October 2020, but the fix for CVE-2020-3581 was only partial, and the company had to issue a second patch in April this year. As of last July, there were 85,000 ASA/FTD devices distributed across the business landscape. 

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It offers firewall tools for various ASA devices, with ASA Software also integrating with other critical security technologies to deliver security-oriented products. 

Businesses are being advised to patch their systems with the latest update to avoid falling victim to successful attacks.

AWS buys encrypted messaging app Wickr

Mike Brassfield

28 Jun, 2021

Amazon Web Services (AWS)
 is making a big splash in the encrypted messaging market with the acquisition of Wickr, a secure messaging app that’s geared toward government and military use. 

Wickr uses end-to-end encryption, which means only people on either end of a conversation can decrypt each other’s messages. The app also allows users to set their messages to self-destruct after a chosen period for additional security.

“AWS is offering Wickr services effective immediately, and Wickr customers, channel, and business partners can continue to use Wickr’s services as they do today,” AWS VP Stephen Schmidt announced.

The timing of the deal is interesting too. Amazon just bought a secure messaging app that serves government and military organizations while it’s embroiled in a legal dispute over the Pentagon’s $10 billion JEDI cloud computing contract.

“The need for this type of secure communications is accelerating,” wrote Schmidt, the company’s VP. “With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations.”

“Today, public sector customers use Wickr for a diverse range of missions, from securely communicating with office-based employees to providing service members at the tactical edge with encrypted communications.” 

Wickr has a dark side, as it’s been tied to the drug trade and other illicit industries in the past. Plus, the political climate has pressured tech firms, including Wickr, to break their end-to-end encryption to preserve national security.

It remains to be seen if Amazon has any plans to change Wickr in any way. In its initial press release, AWS seems content leaving the messaging app as is, especially amid the wave of remote and hybrid working arrangements.  

Microsoft Teams will be natively integrated into Windows 11 at launch

Bobby Hellard

25 Jun, 2021

Microsoft has announced that its business communications platform, Microsoft Teams, will be natively integrated into Windows 11 at launch.

The app’s new prominent placement on the operating system’s Start menu was one of the biggest reveals from the ‘What next for Windows’ event on Thursday, with Panos Panay, Microsoft‘s chief product officer, explaining how it will be a quicker way for users to launch and create Teams meetings.

This won’t be a direct installation of the app, rather a selection of its functions readily available in the Start menu. For the full services, users will still need to download Microsoft Teams, which will be available via the Microsoft Store.

“Now you can instantly connect through text, chat, voice or video with all of your personal contacts, anywhere, no matter the platform or device they’re on, across Windows, Android or iOS,” the company said in a blog post. “If the person you’re connecting to on the other end hasn’t downloaded the Teams app, you can still connect with them via two-way SMS.”

The integration is a nod towards the success of Teams over the course of the pandemic and how it is at the forefront of our changing approaches to work. The service surpassed 145 million daily active users back in April, and it has undergone a number of changes over the last 12 months to reposition it as a tool for the hybrid workforce.

However, while Teams took top billing for the Windows 11 event, Skype was hardly spoken of, leading many to suggest it has been pushed out. Skype was originally integrated as an “inbox app” as part of Windows 10, similar to how Teams will function as part of Windows 11, but it was noticeably absent from Thursday’s promotional material.

Microsoft announces Windows 11 with redesigned UI, third-party app payments, and more

Danny Bradbury

25 Jun, 2021

Microsoft officially rolled out Windows 11 today with a slew of features targeting users and developers alike — and a sideways jab at rival Apple

Openness was the key talking point for CEO Satya Nadella when unveiling the new operating system, which will ship later this year. “Windows recognises that there is no personal computing without personal agency,” he said. Nadella added, “We want to remove the barriers that too often exist today and provide real choice and connection.” 

The new operating system will feature support for Android apps purchased from Amazon’s app store. In a swipe at Apple, the company also revamped the Microsoft Store, allowing developers to use their own payment systems when charging for apps. This lets developers keep 100% of the revenue. 

“Windows has always stood for sovereignty for creators and agency for consumers,” said Nadella, who highlighted its multi-marketplace support as a key differentiator from Apple in an interview with the Wall Street Journal today. “Operating systems and devices should mould themselves to our needs and not the other way around.” 

Openness didn’t seem to be the central theme in at least one Windows 11 feature announcement, though. 

In a move sure to worry other collaboration and video conferencing application providers, Microsoft has integrated Teams more closely into the operating system. This integration creates an interface that places contacts into the start bar and makes it easier to enter Teams video calls.

One welcome feature the company revealed in preview versions of Windows 11 is a universal mute button. This allows you to mute all video calling systems, so you can rest assured your mic isn’t hot. 

Windows 11 will also feature some user interface (UI) changes. Users will arrange their application windows into pre-configured layouts. The operating system will retain these layouts when you switch between external monitors and laptop displays. This feature, called Snap Layouts, is one of several enhancements designed to make the keyboard-free experience more intuitive when using Windows in a tablet format. 

The new UI will also include new visual cues for resizing windows and a start menu that’s centred on the screen rather than off to the side. Windows 11 will also feature a redesigned on-screen keyboard with swipe-to-type features and emojis. 

Other new features integrated directly into the start menu will include Windows Widgets, which will be tabs of content, including news tailored to users’ content viewing habits. One intriguing feature will be the ability to tip content creators through the widget platform. 

Alongside other cosmetic changes, like rounded corners, the system will also feature some under-the-hood changes. Updates will be 40% smaller and will happen in the background, so people can keep working through them. 

On the gaming side, Microsoft will bring across a few features from the Xbox platform. Games that support HDR for better contrast and more vibrant colours will now benefit from that feature on Windows 11. The operating system will also offer Direct Storage, which will use the graphical processing unit (GPU) to load data without burdening the CPU. The company will also integrate the Xbox Game Pass system directly into the desktop operating system. 

There was a notable lack of talk about privacy during the launch, which is a theme Apple has continually promoted in its products. Instead, Microsoft seems to differentiate itself from Apple by emphasizing its platform’s openness and willingness to relinquish control. 

Microsoft’s support for Android apps might also give it some traction over Google’s Chromebook platform, which has enjoyed meteoric sales in recent months. 

“Throughout its history Windows has been a democratizing force for the world”, Nadella said in the announcement wrap. Microsoft settled with the DoJ on monopoly charges in 2001 for giving preferential treatment to its Internet Explorer browser. In the same year, It also called open source software “a cancer,” though it apologized for the statement in 2020. 

Microsoft has since built support for Linux directly into the operating system. An analysis of leaked Windows 11 code suggests it might be able to run graphical Linux apps on the Windows desktop. 

Antivirus creator John McAfee found dead in Spanish prison

Bobby Hellard

24 Jun, 2021

Antivirus software pioneer John McAfee has reportedly been found dead in a Spanish prison, hours after the country’s highest court approved his extradition to the United States.

The Catalan police force, the Mossos d’Esquadra, confirmed a report in El País that the 75-year-old had been found dead in the Brians 2 prison, just outside of Barcelona, late on Wednesday.

McAfee was wanted by American authorities for alleged tax evasion and was arrested last October at Barcelona’s international airport while boarding a flight to Istanbul, shortly after an indictment was made public by prosecutors in Tennessee.

In a statement, the Catalan justice department said that prison officers and medics tried to save McAfee’s life, but were unsuccessful. Judicial staff have been dispatched to the prison to investigate the cause of death, but the statement said that “everything points to death by suicide”.

US authorities claim McAfee failed to report income made from consultancy work promoting cryptocurrencies, public speaking gigs, and the sale of the rights to his life story for a documentary. McAfee, who originally made his name and fortune as a pioneer of antivirus software in the 1980s, claimed his work as a cryptocurrency ‘guru’ earned him $2,000 per day.

His namesake company quickly became a household name and still operates under ‘McAfee‘, despite his departure in 1994. However, since leaving the company, McAfee the man has became notorious for his erratic behaviour and strange lifestyle. This includes two attempts at running for the US presidency, production of herbal medicines, multiple arrests – one for possession of a weapon – and lengthy spells as a fugitive.

Most recently, he was charged by a Manhattan federal court over a ‘pump and dump‘ scheme relating to cryptocurrency he was promoting to his large social media following.

When life is difficult, Samaritans are here – day or night, 365 days a year. You can call them for free on 116 123, email them at, or visit to find your nearest branch

IBM serves up player tracking tools for Wimbledon fans

Bobby Hellard

24 Jun, 2021

IBM has announced a set of new AI-based fan experiences for this year’s Wimbledon Tennis Championships, which are set to start on Monday.

The tech giant has a 30-year history with the competition, providing innovative features through its Watson AI service.

For the 2021 tournament, three new tools have been launched to help fans to engage with the action, including a ‘Power Ranking’ player leaderboard and personalised guides for spotting new tennis talent. These will be available through the Wimbledon website and official mobile apps.

“With reduced capacity on-site at Wimbledon this year, that digital engagement is more important than ever, and by leveraging AI and hybrid cloud technologies, fans can get the experiences they are used to – no matter where they watch the tournament,” said Kevin Farrar, IBM UK’s sports partnership lead.

The Power Rankings tool uses IBM Watson to analyse player performance and provide a daily update in the form of a leaderboard. It will focus on a player’s most recent match history, combining advanced statistical analysis, the natural language processing of IBM Watson, and IBM Cloud to analyse daily performance data, mine media commentary, and measure player momentum tournament to tournament and match to match.

A series of predictive insights will then be generated, such as a “Ones to Watch” feature, an ‘upset alert’ where the Power Rankings favour a lower-seeded player, and win probability for each match.

In a similar fashion, there is also a Watson-based feature for pre-match insights, which has already been used at the 2020 US Open. This will include a ‘fact sheet’ for every main draw singles match with AI-generated content for player insights that inform fans on current player performance stats ahead of each match. The fact sheet will also feature an ‘In the Media’ section that leverages IBM Watson Discovery to create a custom news archive, and natural language processing to extract key details about each player from trusted news sources.

The final innovation is ‘Personalised Recommendations and Highlights Reels’ which are created through a Rules-Based Recommendation Engine integrated seamlessly across Wimbledon’s digital platforms. This will feature ‘picked for you’ recommended players, to help fans discover newer players by making suggestions based on their current favourite players.

The recommendations will evolve over the course of the tournament and alert the fan to newly recommended players, the company confirmed.

Oracle launches rewards scheme to cut migration costs

Bobby Hellard

23 Jun, 2021

Oracle is launching a rewards programme that promises to help customers speed up their migrations plans, while also reducing their software licensing costs. 

The programme is aimed at existing customers, who might be enticed into adding to their Oracle Cloud Infrastructure (OCI) plans with rewards that reduce or even “eliminate” on-premise tech licensing support bills. 

The terms of the scheme promise that all Oracle technology license support customers will earn at least 25 cents of Support Rewards for each dollar of Oracle Cloud Infrastructure ‘Universal Credits’ they purchase and consume. These are a form of pay-as-you-go subscription.

More savings can be had for Oracle’s ‘Unlimited License Agreements (ULA)’ customers, who can earn rewards at a 33% rate and potentially eliminate their bill completely by migrating $1.5m of workloads to the Oracle Cloud infrastructure.

OCI is Oracle’s fastest-growing business because we built a unique Generation 2 cloud infrastructure platform capable of running the most demanding mission-critical workloads faster, more reliably, and more securely than our on-premises systems,” said Oracle CTO and chairman Larry Ellison.  

“We want to enable more customers to take advantage of our Gen 2 Oracle Cloud Infrastructure. Oracle Support Rewards gives customers an easy way to simultaneously reduce their software support spend as they increase the speed of their cloud adoption.”

The rewards scheme has been launched to help CIOs and IT organisations under pressure to drive company-wide innovations under tight budget restrictions. Oracle has compared them to frequent flyer miles, as a customer’s Support Rewards are automatically added in their OCI Console every month, with Rewards applied anytime.

The support programme has also been praised by IDC’s cloud and edge VP Dave McCarthy, who said its transparent pricing was essential in attracting new business and accelerating the adoption of OCI.

HPE simplifies GreenLake provisioning with Lighthouse

Jane McCallion

23 Jun, 2021

HPE has announced GreenLake Lighthouse, a new element of its GreenLake portfolio that aims to reduce complexity when provisioning cloud services.

Launched during HPE’s virtual Discover conference, Lighthouse is described by the company as a “secure, cloud-native platform” that will allow customers to provision new cloud services easily in just a few clicks, reducing the time they wait between ordering and availability to just a few minutes.

The offering is built around Ezmeral, the software portfolio that formed last year’s big announcement at HPE Discover, which the company says will “autonomously optimise different cloud services and workloads” depending on business priorities, be that the best performance, lowest cost, or a balance between the two.

Lighthouse will also allow customers to run cloud services across a number of environments, including their own data centre, a colocation provider, or at the edge.

While this is being positioned as a new product, it’s not going to be a standalone service. Instead, it will be fully integrated into GreenLake Central, the console launched in 2019 that now forms the heart of the GreenLake project.

Project Aurora

Unveiled alongside GreenLake Lighthouse was Project Aurora, a new set of security capabilities that will be fully available at the end of the year.

Aurora will bring zero trust security to GreenLake, extending its existing silicon root-of-trust technology to the operating system or hypervisor, the platform the workload is running on, and the workload itself.

Keith White, GM of HPE GreenLake, described it as a “holistic security offering”, adding: “We’re really excited about making sure that all these things are connected for our customers so that they have confidence that they’re secure from that supply chain.”

Kumar Sreekanti, HPE’s CTO and head of software, added: “What we are providing is a chain of trust from Silicon to the workload all the way up. That’s the most important thing. And it is very, very hard for attackers to evade any of this.”

Silicon on Demand

The final big product news from this year’s conference was Silicon on Demand, a partnership with Intel that brings consumption-based provisioning and billing to individual cores. 

Speaking to journalists ahead of the first day of Discover, CEO Antonio Neri said: “What that means is that with a single click, I can turn cores on and off. If I need more cores, I turn it on, if I need less cores, I turn it off. 

“Today, [the consumption-based model goes to] the virtual or the container level, now I’m taking it to a silicon level.”

Neri said this was a significant development in helping combat the problem of excess hardware capacity “trapped in [customers’] infrastructure”.

GreenLake Lighthouse and Silicon on Demand are both available immediately through GreenLake cloud services and GreenLake Cloud Platform respectively. Project Aurora is scheduled to become available in HPE GreenLake Lighthouse, HPE GreenLake cloud services and HPE Ezmeral software platforms later this year.

NSW extends IBM contract for another three years

Zach Marzouk

23 Jun, 2021

IBM has expanded its agreement with the New South Wales (NSW) government which will see the company continue offering services to its departments and agencies for another three years.

The vendor has revised the whole-of-government agreement, which was originally signed in 2019, claiming it would deliver cost savings to the NSW government over the next three years, according to IT News. It will also reportedly provide a more streamlined process for agencies to access emerging technology, including IBM hybrid cloud, AI, and security.

“When the agreement was signed in 2019, it was limited to IBM technology hardware and software, and has now expanded to include IBM professional services and IBM cloud services,” IBM said. 

In addition, the NSW government can now use IBM Garage as part of the professional services offering, which is a network of physical hubs that aims to help customers quickly turn ideas into products

“With access to this, government agencies will be able to explore impacts of new technology such as blockchain, IoT and AI computing on government services,” the IBM spokesperson continued. 

Furthermore, Katrina Troughton, IBM’s Australia and New Zealand managing director, said the partnership would create job opportunities and advance the skill profile of the state.

“After more than 30 years of working with the NSW government, this is an important milestone for our relationship and we look forward to collaborating on solutions that impact the lives of the more than eight million people who call NSW home,” she said.

In May, DCI Data Centers announced it would invest AU$70 million (£38 million) into South Australia and construct a new data centre to meet the needs of local business and government. The funds were destined to be used in the region’s first purpose-built Tier-Ready III/IV secure cloud edge data centre which came with defence-grade security requirements.

Moreover, the Australian government announced at the start of May it was investing $1.2 billion AUD (£670 million) in its digital future as part of a strategy to transform the country into a modern and leading digital economy by 2030. The investment included over $100 million to support digital skills and the launch of a $124.1 million National Artificial Intelligence Centre.

Intel data centre boss exits as CEO plots major shake-up

Sabina Weston

23 Jun, 2021

Intel’s executive vice president of the Data Platforms Group, Navin Shenoy, is to resign his role next month, after over a quarter of a century in the company.

The move is part of a wider restructure at Intel, which involves the creation of two new business units focused on software and high-performance computing (HPC) and graphics.

The Software and Advanced Technology Group will be led by former VMware SVP & CTO Greg Lavender, while the Accelerated Computing Systems and Graphics Group will be led by Apple and AMD veteran Raja Koduri.

Intel also announced that its Data Platform Group will be restructured into two new business units: Datacenter and AI as well as Network and Edge. The new groups are to be headed by Intel’s chief people officer Sandra Rivera and Stanford University professor Nick McKeown, respectively.

Lavender, Koduri, Rivera, and McKeown will report directly to CEO Pat Gelsinger, who said that, despite being “impressed with the depth of talent and incredible innovation throughout the company”, Intel “must move faster to fulfil our ambitions”.

“By putting Sandra, Raja, Nick and Greg – with their decades of technology expertise – at the forefront of some of our most essential work, we will sharpen our focus and execution, accelerate innovation, and unleash the deep well of talent across the company,” he added.

In an internal company memo, Gelsinger asked Intel employees to join him in “thanking Navin for his service and leadership at Intel over the past 26 years”. 

“We wish him well as he starts his next chapter,” he added, without further describing the reason behind Shenoy’s departure. 

Shenoy, who ran Intel’s PC business until 2017, will formally leave Intel on 6 July, which will also be the day that McKeown will assume his role as SVP and general manager of the new Network and Edge Group. Prior to this, McKeown has served as a part-time Intel Senior Fellow, having joined the chipmaker in 2019 following its acquisition of Barefoot Networks, which he co-founded in 2013.

The mass reorganisation is the first of its kind under the leadership of Gelsinger, who re-joined Intel earlier this year. However, the restructuring shouldn’t come as a surprise, as he said that his decision to return to the chipmaker was partly due to the attraction of leading one of the “great turnarounds” in tech