Microsoft has announced Cloud for Sustainability, an initiative that aims to help the company and its customers meet their carbon reduction and sustainability goals by recording, reporting, and reducing emissions on their path to net zero.

The new cloud offering, which will be available later this year, will allow customers to invest in sustainable practices and partner with experts to accelerate progress around their carbon reduction and sustainable goals. 

Microsoft today unveiled Windows 365, a Windows 10 or Windows 11 as a cloud service that streams the “full Windows experience”, such as apps, data, and settings, to any device on the Microsoft Cloud.

The company declared that Windows 365, which will be generally available on 2 August to organisations of all sizes, has created “a new hybrid personal computing category” called the Cloud PC, which uses the cloud to provide a “personalised Windows experience”.

“The Windows experience is consistent, no matter the device. You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices,” said Wangui McKelvey, general manager of Microsoft 365.

Users will be able to turn on their device, launch a native app or modern web browser and log on to their Windows 365 account. 

“From there, their Cloud PC appears with their background, their apps, their settings and their content just as they left it when they last were last there [sic]–in the office, at home or a coffee shop,” she said.

McKelvey added that seasonal workers can ramp on and off according to the needs of the business, allowing organisations to scale for busy periods without the “complicated logistical and security challenges of issuing new hardware”.

Furthermore, she underlined that all data is stored in the cloud, so “you won’t have any issues around security because you’re not saving anything on your device”.

All managed disks running Cloud PCs are encrypted, all stored data is encrypted at rest, and all network traffic to and from Cloud PCs is also encrypted.

Users will be able to choose the size of the Cloud PC that best meets their needs, with per user, per month pricing. Users select Windows 10 or Windows 11 along with a configuration of processing power, storage, and memory. They can then access their Cloud PC on this new platform, as long as they have an internet connection. 

Organisations will also be able to choose between two edition options that include a cloud-based offering with multiple Cloud PC configurations based on performance needs: Windows 365 Business and Windows 365 Enterprise.

Moreover, enterprise IT can use Microsoft Endpoint Manager to procure, deploy, and manage Cloud PCs for their organisation. The tech giant said that small businesses can use a self-service model to procure Cloud PCs for their organisations without a need for IT experience.

“Windows 365 is really going to make a huge difference for organisations that wanted to try virtualisation for various reasons but could not – maybe it was too costly, too complex or they didn’t have the expertise in house to do it,” McKelvey added.

The new platform is built on the Azure Virtual Desktop but simplifies virtualisation, according to the tech giant. Organisations can scale processing power and monitor the performance of the Cloud PC to make sure users are getting the best experience.

Microsoft has also built-in analytics to analyse connection health across the network and, from the Endpoint Analytics dashboard, the company said it is easy to identify the Cloud PC environments that are not delivering the performance needs of a given user.

McKelvey also said that the ability to log into a Cloud PC from anywhere on any device is part of the tech giant’s larger strategy around tailoring products, like Teams and Microsoft 365, for the post-pandemic hybrid workforce of the future. 

“It enables employees accustomed to working from home to continue working from home; it enables companies to hire interns from halfway around the world; it allows startups to scale without requiring IT expertise,” she said.

The Bank of England (BoE) has warned about the financial sector’s increasing reliance on “secretive” cloud service providers that operate online servers. 

In its latest survey on the state of financial systems, the BoE expressed concerns that the UK’s banks are moving more and more of their administration and accounts online, warning that this “could pose a risk to financial stability”. 

The BoE has previously raised concerns that the market for cloud services is highly concentrated, with companies such as Microsoft and Amazon Web Services (AWS) heavily dominating. Ministers have also previously questioned the government’s own reliance on those two tech giants. 

However, the organisation’s concerns have been repeated due to the pandemic, which has seen financial institutions accelerate digital transformation plans and increase their reliance on cloud service providers (CSPs). 

In a news conference, BoE Governor Andrew Bailey expressed his concerns about the “secretive” nature of these CSPs, saying that while he “understood cloud providers’ desire not to reveal too much publicly about their operations in case it opened the door to cyber attacks, firms needed to give more information to regulators and customers.”

“That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service,” he said, according to Reuters. 

The Prudential Regulation Authority and Financial Conduct Authority have recently strengthened regulations regarding operational resilience and third-party risk management, according to the BoE, but the increasing reliance on a small number of CSPs could increase financial stability risks without greater direct regulatory oversight of the resilience of those provider’s services. 

“The Financial Policy Committee (FPC) is of the view that additional policy measures to mitigate financial stability risks in this area are needed, and welcomes the engagement between the Bank, FCA and HM Treasury on how to tackle these risks,” the Bank of England said in its report. 

“The FPC recognises that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively.” 

Google Cloud has announced an update to its data centre region picker that allows customers to reduce their carbon footprint by choosing a region based on its CO2 output.

Starting today, Cloud Run and Datastream users will be able to find a region with the lowest carbon impact inside the Cloud Console location selectors, with the tool being rolled out to other Google Cloud offerings over time.

Regions will receive labels such as “Lowest CO2” or a leaf symbol, which means that the region has a carbon-free energy percentage of at least 75% or, in case this information is not available yet, a grid carbon intensity of no higher than 200 gCO2eq/kWh.

Grid carbon intensity is estimated based on average lifecycle gross emissions per unit of energy and is used to compare the regions in terms of carbon intensity. For instance, although Frankfurt and the Netherlands have similar CFE scores, the Netherlands has a higher emissions factor.

The update is part of Google’s company-wide sustainability initiative which aims to achieve carbon-free status by 2030. The tech giant has been carbon-neutral since 2007.

Besides the region picker’s Carbon footprint indicator, which was first previewed earlier this year and works by measuring the amount of carbon-free energy supply for each region, users can also filter regions based on cost as well as latency. The latter is estimated based on the physical distance between the customer’s headquarters and the city or country of the data storage region.

Commenting on the announcement, Carbon-free for Google Cloud Platform (GCP) product manager Steren Giannini said the tech giant wanted to empower its customers “to make more sustainable decisions and progress with us towards this 24/7 carbon-free future”. 

“Earlier this year, we published the carbon characteristics of our Google Cloud regions. Later, we introduced a simple tool to help you pick a Google Cloud region, taking variables like price, latency and sustainability into account. Our next question was: what’s the best way to surface that sustainability info when you’re actually picking a region for your cloud resources?” he added.

“By sharing and displaying carbon information of Google Cloud regions, together we’re making tangible progress towards our goal of a carbon-free future.”

Google has announced plans to move users from its Backup and Sync file-syncing services to a new unified desktop app for Drive. 

Onboarding for the Drive for Desktop app will start on 19 July, with Google recommending users make the switch by the end of September before they’re locked out on 1 October.

The transition is just for Backup and Sync users, however, as business clients who are already using Drive File Stream – the enterprise name for Drive for Desktops – should already be set up. 

The aim of moving to a unified desktop app is to create “a powerful and unified sync client”, according to Google, with the best features from both consumer and enterprise services that should be more straightforward to use and easier for IT teams to manage.

In a blog post, Google suggests the new app will be pretty familiar to anyone who used its previous file-syncing services. Drive for Desktop will offer easy access to files and photos stored in the cloud, and will sync files in the background to keep them up to date.

Google also suggests the app can sync external storage devices like flash drives to Drive, mirror files between Drive and local files on a desktop computer, and let users choose whether they store individual photos and videos in Drive or Google Photos.

The launch of Drive for Desktop coincided with a few announcements from the tech giant, which included changes to services that helped many through the pandemic. In April 2020, for example, Google Meet was made available to all users with day-long group calls, but that has been switched to an hour as of 1 July. As such, free Gmail users will now have to make do with calls with three or more participants at a limit of 60 minutes.

Microsoft is set to strike a deal to acquire security software firm RiskIQ as it seeks to bolster the security of its core products.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Microsoft is set to purchase the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers. 

This would play into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.  

IBM is acquiring DevOps consulting company BoxBoat Technologies as part of an ongoing effort to bolster its cloud software capabilities.

BoxBoat was founded in 2016 to help create strategies for container-based software development. It advises companies on how to build software development pipelines for cloud-native applications and on how to convert existing applications for container-based environments, and offers a range of training services to support this.

​

This is the latest acquisition in IBM’s push to establish dominance in the cloud software development space, which has seen it invest heavily in Kubernetes-based container infrastructure, on which many modern cloud applications depend.

IBM has said it will fold BoxBoat into its Global Business Services unit to bolster its hybrid cloud portfolio, focusing on container strategy and services. The deal’s value has not been disclosed.

One of BoxBoat’s focal areas is increasing the security of DevOps processes and has spent time recently addressing software supply chain security following the SolarWinds attack. Security experts are increasingly worried about adversaries compromising software development processes and inserting malicious code into software before it is deployed.

BoxBoat has been working closely with the Cloud Native Computing Foundation (CNCF) on its Secure Production Identity Framework for Everyone (SPIFFE) project. This is an open-source initiative that assigns secure identity certificates to cloud workloads, making it easier for microservices to authenticate with each other securely in the cloud.

The company also works with another Linux Foundation initiative called in-toto, to help secure DevOps pipelines from intruders who might try to compromise software in development.

BoxBoat has parlayed some of this work on third-party software security into a contract with the US Department of Defense under its Small Business Innovation Research (SBIR) initiative to help secure software supply chains.

This is the latest acquisition in a series for IBM, which acquired Red Hat in 2019 for $34bn. More recently, it acquired cloud implementation services company Nordcloud in a December deal that closed in Q1 2021. It also bought cloud managed services provider Taos a month later.

Hackers have been discovered using a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

The technique involves send a phishing email containing a seemingly innocuous Microsoft Word attachment, according to McAfee. Once opened, it triggers a chain of events that eventually downloads the payload for the infamous banking and data exfiltration malware, known as Zloader.

​

The fact that the document isn’t embedded with any malicious code will make it easier for phishing emails to bypass initial checks and malware scanners.

Researchers have noted that users are only susceptible to infection if macros are enabled, which the phishing attack will use to trigger a series of commands once the Word document is opened.

Macros are disabled by default in Microsoft Office, so the Word document itself contains a lure designed to trick users into enabling macros, claiming that if they don’t, the file won’t load correctly.

When the Word document opens, and macros are enabled, the document downloads and opens another password-protected Microsoft Excel file from a remote server.

The Word document contains combo box components that store the content required to connect to the remote Excel document, including the Excel object, URL, and password required to open the file. The URL is stored in the combo box in the form of broken strings, which are combined later to form a complete string.

The code then attempts to download and open the Excel file stored in the malicious domain. After extracting the contents from the Excel cells, the Word file creates a Visual Basic for Applications (VBA) module in the downloaded Excel file by writing the retrieved contents. It, essentially, retrieves the cell contents and writes them to XLS macros.

Once the macro is formed and ready, it modifies a RegKey to disable trust access for VBA on the victim’s device in order to execute the malicious function without any Microsoft Office warnings. After writing macro contents to the Excel file, and disabling trust access, a function from the newly written excel VBA is called which downloads the Zloader payload.

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload,” McAfee’s researchers Kiran Raj and Kishan N wrote.

“Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads. Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is safe to enable them only when the document received is from a trusted source.”

The operators of the Zloader malware are notorious for finding increasingly innovative ways of spreading their banking Trojan. The malware was found to be present in 100 coronavirus-related email campaigns as of the first half of 2020. Zloader was also hiding within encrypted Excel documents, according to research published in March this year, with its operators overseeing invoice-related spam campaigns.

​

TikTok has launched a pilot programme in the US to help job seekers create and send ‘video resumes’ to potential employers as it looks to expand the platform into recruitment.

The new service, dubbed ‘TikTok Resumes’, already has a selection of job openings from brands such as WWE, Shopify and Target.

At a time when tech companies like Facebook and Twitter are scrambling to be more like the video-sharing app, TikTok itself is aiming to be more like LinkedIn, with the company suggesting that there has been a rise in “career and job-related creative content” on its platform over the past year and that this could be used as a “channel for recruitment”.

As an example, TikTok user and Berkeley graduate ‘Christian‘ has created a short video resume with graphics and background images to showcase his skills with Adobe and Google Dialogflow and his experience working with brands, such as flight operator KLM.

Users can pursue job listings via the app or the website’s TikTok discovery page, with US job openings available till 31 July.

“TikTok Resumes is officially open and accepting TikTok video resumes,” said Nick Tran, global head of marketing at TikTok. “We’re humbled to be able to partner with some of the world’s most admired and emerging brands as we pilot a new way for job seekers to showcase their experiences and skill sets in creative and authentic ways.”

Tran added that TikTok is hoping to “reimagine recruitment and job discovery”, and the social media platform has already made a start on that ambition with the hashtag ‘CareerTok‘ which pools together resume examples, career advice and interview tutorials.

According to the Pew Research Centre, 48% of 18 to 29-year-olds in the US have reported having a TikTok account, compared to just 30% who say they have a LinkedIn profile.

Nvidia has switched on what it claims is the UK’s fastest supercomputer, the Cambridge-1, which will be made available to outside researchers and academic scientists such as AstraZeneca and GlaxoSmithKline.

The company said it will offer use of Cambridge-1 for free and will use what it learns from running the system to improve its future healthcare-specific products. 

“Cambridge-1 will empower world-leading researchers in business and academia with the ability to perform their life’s work on the UK’s most powerful supercomputer, unlocking clues to disease and treatments at a scale and speed previously impossible in the UK”, said Jensen Huang, founder and CEO of NVIDIA.

“The discoveries developed on Cambridge-1 will take shape in the UK, but the impact will be global, driving groundbreaking research that has the potential to benefit millions around the world.”

The system, which has been installed at the Kao data centre in Harlow, Essex, uses artificial intelligence (AI) for complex health research. For AstraZeneca, for example, the system will be used to learn about one billion chemical compounds represented by groups of characters that can be assembled into sentence-like structures. King’s College London and a special unit from the NHS will also use the system, as will privately held firms such as Oxford Nanopore Technologies. 

According to a report by Frontier Economics, an economics consulting firm, Cambridge-1 has the potential to create an estimated value of £600 million over the next 10 years.

“Disease prevention, climate change and efforts to drive a post-pandemic, green recovery are some of the most pressing issues of our time,” said Lee Myall, CEO at Kao Data. “I believe that Cambridge-1, and the continued efforts of its founding partners will be instrumental for the future of humankind. At Kao Data, we are delighted to be hosting the UK’s fastest supercomputer sustainably, and supporting ambitions to build back better through our work with Nvidia.”

Nvidia has spent around $100 million on the installation and has also suggested that figure was just “a starting point”. The move is part of a set of steps to show a commitment to the UK while it completes its controversial $40 billion deal to take over Cambridge-based Arm from Japanese investment group SoftBank. 

The deal is under heavy scrutiny from regulators around the world, including the UK’s Competition and Markets Authority, over concerns Nvidia will use it to create a monopoly within the chip manufacturing industry. 

Nvidia has also said it plans to build a supercomputer centre in the UK with Arm-designed chips.