The US Department of Defense (DoD) has cancelled its $10 billion (£7.25bn) Joint Enterprise Defense Infrastructure (JEDI) project and scrapped its Trump-backed contract with Microsoft.

The deal had been long challenged by Microsoft’s cloud rival Amazon Web Services (AWS), which alleged that then-president Donald Trump had influenced the DoD by ordering them to “screw Amazon”, thus unfairly affecting the outcome of the bidding process.

Earlier this year, the Pentagon hinted that it might scrap JEDI altogether, with Deputy Defense Secretary Kathleen Hicks saying the DoD would have to consider the project in the context of Amazon’s litigation.

However, on Tuesday, acting DoD CIO John Sherman said that the decision was due to the Pentagon’s changing needs:

“JEDI was developed at a time when the Department’s needs were different and both the CSPs technology and our cloud conversancy was less mature. In light of new initiatives like JADC2 and AI and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute mission, our landscape has advanced and a new way-ahead is warranted to achieve dominance in both traditional and non-traditional warfighting domains,” he said.

As a replacement for JEDI, the DoD announced a new project, known as the Joint Warfighter Cloud Capability (JWCC), which is to be “a multi-cloud/multi-vendor Indefinite Delivery-Indefinite Quantity (IDIQ) contract” that will consider both AWS and Microsoft.

“The Department intends to seek proposals from a limited number of sources, namely the Microsoft Corporation (Microsoft) and Amazon Web Services (AWS), as available market research indicates that these two vendors are the only Cloud Service Providers (CSPs) capable of meeting the Department’s requirements,” said the DoD.

The first awards are expected to be announced by April 2022, according to Sherman, who wouldn’t provide an estimated value “yet”.

“I wouldn’t latch onto the $10 billion figure,” he added.

Commenting on the news, Microsoft’s president of US Regulated Industries, Toni Townes-Whitley, said that the tech giant is “confident” that it will “continue to be successful as the DoD selects partners for new work”.

Meanwhile, AWS, headed by new CEO Adam Selipsky, told Reuters that it looks “forward to continuing to support the DoD’s modernisation efforts and building solutions that help accomplish their critical missions”.

Cisco has launched Webex for Defense, a collaboration platform specifically made for the US Department of Defense (DoD).

Webex for Defense has received provisional authorisation from the Defense Information Systems Agency (DISA) to operate at DoD Impact Level 5 (IL5), which means it is authorised to work with the DoD’s national security systems, higher sensitivity CUI, and mission-critical information across all workloads.

It is an all-in-one collaboration tool connected to the DoD Information Network via DISA-managed Cloud Access Points and delivered out of Cisco-hosted, DoD IL5-certified data centres.

The new tool integrates with Cisco’s full Webex portfolio of devices, allowing users to connect securely from phone, desktop, or video. 

“A full set of admin and end-user controls enables seamless, secure collaboration with internal and external users as well as DoD partners, and ensures that sensitive data never leaks and information is kept private,” said Javed Khan, senior vice president and general manager of Cisco Collaboration.

Khan added that it’s easy for administrators and organisers to apply agency-specific policies to meetings as necessary, through features like meeting context and classification indicators. Webex for Defense is also built upon the Cisco Unified Communications Manager and its feature set, including local survivability.

He also claimed that thanks to Cisco’s “mature development methodology and transparent privacy posture” Webex’s security advantage “goes above and beyond the specification of DoD IL5”.

Last month, Cisco unveiled an all-new suite of services for its Webex platform with features it hoped would serve as the foundation for “inclusive” hybrid work environments. The new suite of services included an end-to-end platform, analytics tools to track audience engagement, speech optimisation, machine learning software for video quality, data-loss prevention, and collaborative hardware.

CEO Chuck Robbins said that the company’s collaboration business is “incredibly essential to our customers”. He revealed that the company has added 800 new features and devices since September and said the platform would power the future of hybrid work.

UK prime minister Boris Johnson has confirmed that the government’s working from home guidance will be scrapped on 19 July as part of plans to lift the country’s remaining COVID restrictions.

Johnson said that it was now a decision for employees and employers to “work out for themselves” during a news conference on Monday’s evening.

​The announcement came as part of a plan to fully lift all COVID restrictions, such as requirements to wear masks and social distancing, which will be removed later this month. The government’s decision seems to be based on the success of the vaccine rollout, with a claim that the “overwhelming proportion” of the workforce has had two jabs, which it said equalled a “huge wall of immunity”. 

However, the Confederation of British Industry (CBI) has called for more support for businesses to help their decision making, risk assessments, and, ultimately, boost confidence in both employees and customers. 

The organisation’s director general, Tony Danker, said the announcement would provide “huge relief” for UK businesses that have struggled to stay afloat during the pandemic. Many of those will be shops and restaurants along high streets and popular commuter routes that have been starved of footfall traffic while people have worked from home. 

“Critical now will be to build both customer and employee confidence in living with the virus,” Danker told IT Pro. “This will require businesses to continue putting safety at the heart of their approach as they have since the start of the COVID crisis and the government providing a vital role in supporting employers through guidance and advice.

“In the coming days we need the government to put in place further measures to create this much-needed confidence. Knowing whether workplace testing will continue beyond July, gaining clarity on mask-wearing for public transport and understanding how a role test and release scheme can support both domestic industry and our international travel sector can provide a further boost for firms as we all move from crisis to recovery.”

​

IBM president and former Red Hat CEO Jim Whitehurst has decided to step down, following a spell of just 14 months in the role. 

Whitehurst joined the tech giant as part of its $34 billion acquisition of Red Hat back in 2018, having played a “pivotal role” in the integration. 

Announcing the shock decision, IBM did not give offer up the reasons for Whitehurst’s sudden departure, but the firm did reveal that he will continue as a senior advisor to chairman and CEO Arvind Krishna.

“In the almost three years since the acquisition was announced, Jim has been instrumental in articulating IBM’s strategy, but also, in ensuring that IBM and Red Hat work well together and that our technology platforms and innovations provide more value to our clients,” Krishna said in a statement.

“Jim has decided to step down as IBM President, however I am pleased he will continue working as senior advisor to me and the rest of the Executive Leadership Team as we continue to evolve our business.”

Following IBM’s Red Hat acquisition, Ginni Rometty called time on her stint as IBM CEO back in April 2020, with Krishna subsequently taking the reins.

He then appointed former Red Hat CEO Whitehurst on his first day in the role, leading many industry observers to view him as Krishna’s heir apparent.

At the time of Krishna’s appointment as CEO, he also announced that Bridget van Kralingen had agreed to stay on to ensure a smooth leadership transition.

She has now also decided to step down from her current role as senior vice president of Global Markets, replaced by Rob Thomas. However, she will remain SVP of Special Projects for a year before which time she will retire from IBM. 

Elsewhere, IBM announced a host of other leadership changes. Among them, the company confirmed that Tom Rosamilia will become SVP of Cloud and Cognitive Software, while Ric Lewis takes on the role of SVP of Systems. 

“I believe we are at a watershed moment in our journey,” Krishna said. “As the world begins to reopen, IBM has a unique opportunity to be positioned for a new and exciting era of growth, continue to accelerate the rate and pace of execution of our strategy, and strengthen our client-centric culture and our ability to provide technical expertise.”

REvil has infected more than 40 customers of IT management software firm Kaseya in a SolarWinds-style supply chain attack in which ransomware was distributed  through a malicious update.

Kaseya revealed this weekend that its cloud-based IT management and remote monitoring product VSA had been compromised, but that the attack affected a small number of its on-premises customers only. The number of victims is estimated to be roughly 40, according to the firm.

The cyber gang exploited a zero-day vulnerability to remotely access internet-facing VSA servers. Given this software is used by many Managed Service Providers (MSPs), this route of entry also gave them a route into these MSP’s customers. Kaseya was targeted because a key functionality of VSA is to push software and automated IT tasks on request, without checks. 

The hackers responsible are now issuing varying ransom demands to its victims. REvil is demanding $44,999 from victims if their endpoint has been hit, according to Sophos security researcher Mark Loman. The group, meanwhile, is demanding a sum of $70 million to publish the universal decryptor, while boasting that it’s infected a million devices.

Looking beyond the 40 victims that Kaseya suggests REvil has claimed, Huntress Labs claims that more than 1,000 businesses have had servers and workstations encrypted, including MSPs. 

The response to the attack has been stark, with businesses served by the VSA product cutting off their servers from access to the internet. According to Dutch security firm DIVD CSIRT, the number of reachable VSA instances dropped from the norm of 2,200 to less than 140 as of Sunday. 

The company confirmed that a DIVD researcher, Wietse Boonstra, had previously identified a zero-day flaw, tracked as CVE-2021-30116, which is now being used in the ransomware attack. This flaw was discovered as part of a wider research project in which the firm is examining flaws in tools for system administrators in products such as Vembu BDR, Pulse VPN and Fortinet VPN.

“After this crisis, there will be the question of who is to blame,” the company said in a blog post. “From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. 

“When items in our report were unclear, they asked the right questions. Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Kaseya executives are meeting again today to discuss bringing its data centres online, with a scheduled restoration date and time of 5 July “by the end of the day” local time (UTC). That timeframe is dependent on achieving some key objectives, however.

Once the software as a service (SaaS) data centres have been restored, Kaseya will publish the schedule for distributing its patch for on-premise customers. 

​Cyber criminals are abusing a severe Windows vulnerability just days after a security company inadvertently published a proof-of-concept (PoC) exploitation for this previously undisclosed flaw.

The vulnerability, nicknamed PrintNightmare, concerns the Print Spooler component in all Windows devices. It’s being tracked as CVE-2021-34527, and lets attackers install programmes, view, change or delete data, or create new accounts with full privileges on targeted devices.

Microsoft had initially fixed a flaw in the Print Spooler component on 8 June as part of its Patch Tuesday round of updates. At the time this was deemed a privilege escalation flaw and was tracked as CVE-2021-1675.

The firm then upgraded the severity of the bug from just privilege escalation to remote code execution on 21 June.

At the same time, researchers with the security firm Sangfor had been conducting their own research into Print Spooler vulnerabilities, which they were preparing to discuss at the forthcoming Black Hat cyber security conference in August.

Seeing that Microsoft had upgraded the bug’s severity, the researchers assumed that it was the same flaw they had been working with and decided to publish the proof of concept for the exploit ahead of the conference, safe in the knowledge that it had been patched.

This remote code execution exploit, however, was for an entirely different Print Spooler weakness that hadn’t been previously disclosed by Microsoft, and used a different attack vector.

Once this was established, the researchers quickly took down their work, but not before the exploit code was downloaded and republished elsewhere.

Microsoft has since warned businesses that hackers have seized upon this blunder and are targeting businesses with the flaw now known as CVE-2021-34527. Since it’s an evolving situation, Microsoft hasn’t yet attached a threat severity score to the bug.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in a security advisory.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.”

Until a patch becomes available, Microsoft has recommended that businesses either disable the Print Spooler service or disable inbound remote printing through their group policy.

The first mitigation would disable the ability to print locally or remotely, while the second workaround blocks the remote attack vector by preventing inbound remote printing operations. Local printing, however, will still be possible.

HPE has announced it has entered into a definitive agreement to acquire cloud data management and protection specialist Zerto for $374 million.

The move expands HPE GreenLake and continues HPE Storage’s shift to a cloud-native, software-defined data services business, the company said.

Zerto’s journal-based continuous data protection (CDP) technology includes disaster recovery, backup, and data mobility in a single platform that spans on-premises, hybrid and multi-cloud environments.

Zerto will be available as a service through HPE GreenLake and Data Services Cloud Console.

“Zerto’s market-leading cloud data management and protection software expands HPE GreenLake cloud data services, allowing customers to protect their data and rapidly act on insights, from edge to cloud,” commented Antonio Neri, president and CEO of HPE.

The solution is designed to help customers recover quickly from ransomware, cyber attacks, and other planned data downtime, returning data to its pre-attacked state.

Zerto also easily replicates and migrates data between VMware vSphere and Microsoft Hyper-V environments, as well as natively to AWS and Microsoft Azure.

“Customers continue to face significant issues managing data complexity across hybrid and multi-cloud environments,” said Tom Black, senior vice president and general manager of HPE Storage.

“Zerto further positions HPE to help solve these customer challenges and become the leader in data management and protection through HPE GreenLake cloud services.”

Founded in 2009, Zerto is co-headquartered in Herzliya, Israel and Boston. The firm’s 500 employees serve more than 9,000 customers – including enterprises and 350 MSPs.

HPE says the addition of Zerto will “significantly accelerate” its transformation to become a leading data management and protection provider, while Zerto will benefit from HPE’s global scope and presence.

The acquisition is expected to close during HPE’s fourth quarter, subject to regulatory approvals and customary closing conditions. Zerto’s management team will join HPE following the close of the transaction, with the company organised under HPE Storage.

“The HPE GreenLake edge-to-cloud strategy and strong leadership is a perfect match for Zerto,” commented Ziv Kedem, CEO of Zerto.

“Coupling Zerto’s industry-leading cloud data management and protection software platform with HPE’s cloud data services and go-to-market reach will offer an unparalleled experience for our collective customers and partners.”

Microsoft has struck agreements with US networking giant AT&T and the cyber security organisation MITRE to bring additional 5G support as well as threat monitoring capabilities to Azure.

As part of its deal with MITRE, Microsoft will integrate the organisation’s adversarial tactics, techniques and common knowledge (ATT&CK) framework into its public cloud platform in order to build a foundation for developing threat models.

Separately, the firm has acquired the Network Cloud division of AT&T, which plays host to its core 5G network. Microsoft will indirectly own but won’t operate this network, and instead plans to integrate IP and expertise into its Azure for Operators platform.

These twin deals are part of Microsoft’s strategic efforts to bolster its public cloud platform on the cyber security and networking fronts.

The AT&T acquisition, for example, is part of a strategic alliance that will see network traffic managed by Microsoft Azure. This is set to begin with the 5G core, the software at the heart of AT&T’s 5G network.

Microsoft says AT&T will benefit from greater productivity and cost-efficiency as more network workloads migrate to Azure for Operators. The firm will also use the company’s hybrid and hyperscale infrastructure to reduce costs.

The Network Cloud platform, which Microsoft is acquiring, has been running AT&T’s 5G core network since 2018. Microsoft will integrate this into its Azure for Operators platform to allow operators to run telecoms networks in the cloud.

Microsoft will benefit from access to IP and technical expertise to grow its product, building on the 2020 acquisitions of Affirmed Networks and Metaswitch Networks. It’s also acquiring AT&T’s engineering and lifecycle management software that’s used to develop carrier-grade cloud that can run containerised or virtualised network services.

“With Azure, operators can provide a more flexible and scalable service model, save infrastructure cost, and use AI to automate operations and differentiate customer offerings,” said executive vice president of Azure, Jason Zander.

“Through our collaboration with AT&T, Microsoft will expand its telecom portfolio to support operators with a carrier-grade cloud that provides seamless experiences across Microsoft’s cloud and the operator’s network.”

Microsoft’s partnership with MITRE, meanwhile, has seen the firm integrate the ATT&CK framework into Azure to launch the Security Stack Mappings for Azure research project. This has introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against.

The project aims to plug an information gap for businesses seeking to proactively secure their public cloud deployment. This project creates data that shows how built-in security controls might secure their assets against the specific attack methods most likely to target them.

“Microsoft has worked to expand the suite of built-in security controls in Azure which, while highly effective for protecting customer environments, can feel overwhelming to understand across an organisation’s entire Azure estate,” said senior threat intel librarian with Microsoft’s threat intelligence centre, Madeline Carmichael.

“MITRE has developed the ATT&CK framework into a highly respected, community-supported tool for clarifying adversary TTPs. Pairing the two together provides a helpful view for organisations to understand their readiness against today’s threats in a familiar vocabulary that enables easy communication to their stakeholders.”

Opera has released a host of new features for its Chromebook web browser to position itself as a full-featured alternative to Chrome that’s also fully optimised for ChromeOS.

The new web browser boasts tools that are not available in the standard Chrome OS, such as a free browser VPN, built-in messengers, an ad blocker, and five different colour themes.

Opera suggests that its tweaked Android version is a simple and fast laptop browser, with “custom-made optimisations that deliver a full-fledged laptop experience”. The major changes will allow users more ‘laptop-style’ controls, including keyboard shortcuts such as ‘Ctrl+T’ for opening new tabs and ‘Ctrl+L’ for focusing the address bar.

What’s more, Opera suggests it has developed the only browser that lets users access chat functions without disrupting their work or the browser itself. Apps for Facebook Messenger, Instagram, Twitter, WhatsApp, and Telegram are built-in, so users won’t have to reach for a phone or specifically go to the website of each service.

The decision to develop an alternative for Chrome was largely based on a study conducted by Opera that found users wanted more than one browser, particularly for different purposes. Opera claims to be the first company to provide an alternative browser to Chrome that’s optimised for ChromeOS, since the operating system launched back in 2011.

“Chromebooks, with their user-friendly interface and touchscreens, are excellent devices for people’s everyday needs,” said Stefan Stjernelund, product manager of Opera for Android. “We decided it’s high time their users got access to an excellent alternative browser with a unique set of features they’ll find both useful and fun.”

The timing is also key, with Chromebook demand reaching an all-time high during the pandemic; according to Canalys, 11.2 million units were shipped between October and December 2020, which represents a 287% increase year-on-year. According to Opera, this highlights how important Chrome OS has become as it offers convenience for workers and students alike.

The Norwegian firm also expects a further 40 million units to be shipped during 2021.