Google Cloud has launched a fully integrated workspace productivity platform from which customers can access widely-used G Suite apps including Gmail, Calendar and Drive, among others.

With a new user interface, the desktop-based application will allow users to seamlessly cycle between the entire G Suite portfolio depending on the task at hand, building on the integration of core tools earlier in the year. 

The merging of these core tools, including chat, email, voice and video calling as well as content management, aims to give employees access to all the tools they need in one place. Users have previously needed to endlessly cycle between web browser tabs, or third-party desktop clients, in order to replicate the same experience. 

The launch of Google Workspace essentially overwrites the G Suite, with new branding also launched to coincide with the platform rollout. 

“Now, work itself is transforming in unprecedented ways. For many of us, work is no longer a physical place we go to, and interactions that used to take place in person are being rapidly digitized,” said VP and GM for Google Workspace, Javier Soltero.

“Office workers no longer have impromptu discussions at the coffee machine or while walking to meetings together, and instead have turned their homes into workspaces.

“These are unique challenges, but they also represent a significant opportunity to help people succeed in this highly distributed and increasingly digitized world. With the right solution in place, people are able to collaborate more easily, spend time on what matters most, and foster human connections, no matter where they are.”

Beyond merely serving as a centralised hub, among the uses of Google Workspace, customers can dynamically create and collaborate on a document with guests through a chat room, for example. This means it’s easier to share content and work together with users beyond the confines of your organisation’s network. 

Users can also preview a linked file in Docs, Sheets and Slides without having to open a new tab, meaning, again, less time is spent cycling between web tabs. Google Meet video conferencing sessions, meanwhile, can be seen as picture-in-picture in not only Gmail and Chat, as the firm previously announced, but in Docs, Sheets and Slides as well.  

There are different pricing tiers available with Google Workspace, depending on the needs of any particular organisation, in addition to varying amounts of cloud storage. Subscriptions also include administrative and security tools to manage workforce access to Google’s productivity tools, as well as threat protection.

​Microsoft has suggested it will launch its Office productivity suite of apps and services in the form of a refreshed ‘perpetual release’ edition, two years after the launch of Office 2019.

Expected to be sold at a standalone cost to customers on Windows and Mac, this variety of Microsoft Office will bring the apps and services that compromise the Microsoft 365 suite to enterprises that don’t wish to buy a subscription.

The perpetual release, touted to launch in the second half of 2021, may come as welcome news to businesses not yet fully enticed by the nature of cloud services.

Office 2019, launched for Windows 10 devices two years ago, was released with a reduced extended support period against that offered in previous offline editions, namely Office 2016.

Although Microsoft offered five years of mainstream support, lasting through to 2023, the firm would only offer an additional two years of extended support, with updates ending on 14 October 2025. This was in order for the Office 2019 end-of-life cycle to align with Office 2016.

The announcement of another standalone Office suite, likely to be named Office 2022 based on historical naming conventions, suggests Microsoft has backed away from intentions to phase out this form of software launch. The firm had previously hinted it would abandon standalone releases and instead encourage its customers to opt for subscription-based services, honed by the launch of Microsoft 365 earlier this year.

«Software that is more than a decade old, and hasn’t benefited from this innovation, is difficult to secure and inherently less productive,” Barnardo Caldas, general manager for Windows and Jared Spataro, general manager for Office said in a joint blog post to mark the launch of Office 2019, for instance. “As the pace of change accelerates, it has become imperative to move our software to a more modern cadence.»

The firm announced the expected launch of a new ‘perpetual release’ for Microsoft Office alongside updates on Exchange Server as part of its Microsoft Ignite 2020 event.

The apps and services that will be available with this edition of Microsoft Office are also yet to be confirmed, although Office 2019 launched with a host of services, many of which are likely to be bundled into the release again.

These included Word, Excel, PowerPoint, Outlook, Publisher, Visio, Access, and Project at launch, as well as Exchange Server, Skype for Business Server, SharePoint Server, Project Server and Office Online Server released later down the line.

Microsoft has said it would share additional details around the official names, pricing and availability of this edition of Microsoft Office in the near future.

Unilever has partnered with Google Cloud to harness its cloud computing and big data processing technologies to gain an overview of ecosystems the business influences, and make supply chain interventions to better conserve the environment.

The multinational consumer goods firm will collaborate with Google Cloud to build platforms that can pave the way for sustainable commodity sourcing by both Unilever and companies in its supply chain. 

As part of the implementation, cloud computing will be combined with satellite imaging and AI in order to build a more holistic view of forests, water cycles and biodiversity that intersect Unilever’s supply chain.

By working with Google Cloud’s global geo-spatial platform, which includes the Google Earth Engine, Google Cloud Storage and BigQuery, Unilver can utilise accurate satellite imagery with the ability to store and process large amounts of complex data.

Uniler will use the platform to obtain insights into the impact on its sourcing processes on the environment and local communities and will allow the company and its suppliers to make interventions when they’re required.  

The project will demand that complex datasets are simplified and analysed in order to increase transparency within supply chains and allowing collaboration across public sector and private partners. The Google Earth Engine is currently used by academic and public institutions, as well as civil society groups, and this represents the first commercial venture by the project.

“At Google, we strive to build sustainability into everything that we do. Unilever has been an industry leader in environmental sustainability for many years, and we’re excited to be on this journey with them,” said Google Cloud president Rob Enslin. 

“Together, we’re demonstrating how technology can be a powerful tool in aiding businesses who strive to protect the Earth’s resources. It will require collective action to drive meaningful change, and we are committed to doing our part.” 

Owning more than 400 brands, and with its products used by 2.5 billion people every day, Unilever bears such a massive footprint on the global environment. The Google Cloud implementation, which contributes to the company’s aim to eradicate deforestation from its supply chain by 2023, will first focus on palm oil use, and then extend to other commodities.

The two companies will work with a number of tech partners to build a centralised command centre that will provide a more complete picture of ecosystems connected to Unilever’s supply chain and create a stronger mechanism for detecting deforestation. This would lead to greater accountability while also prioritising critical ares of forests and habitats that might need special protection.

“This collaboration with Google Cloud will take us to the next level in sustainable sourcing,” said Unilever’s chief procurement officer, Dave Ingram. “We will now be able to process and combine complex sets of data like never before. 

“The combination of these sustainability insights with our commercial sourcing information is a significant step-change in transparency, which is crucial to better protect and regenerate nature.”

Mozilla has discontinued its encrypted file-sharing service Firefox Send a couple of months after suspending the service after reports it was being abused to distribute malware and conduct spear-phishing attacks.

Send was initially rolled out in March 2019 as a free encrypted file-sharing platform that allowed individuals to share files from any browser without having to install third-party software and without fear of the files being intercepted.

However, developers were made aware in July of reports that Firefox Send was being used in a number of malware operations, prompting the company to suspended the service a little more than a year after it was first launched.

Critical vulnerabilities in multi-factor authentication (MFA) protocols based on the WS-Trust security standard could allow cyber criminals to access various cloud applications including core Microsoft services.

Microsoft 365 is the most notable cloud service that can be infiltrated in such a way due to the way the platform’s session login is designed, according to Proofpoint, with hackers able to gain full access to a target’s account. Information including emails, files, contacts, among other data points would be vulnerable to such an attack.

This is in addition to the MFA bypass granting access to a host of other cloud services, including production and development environments such as Microsoft Azure as well as Visual Studio.

The flaw lies in the implementation of the WS-Trust specification, an OASIS standard that is used for renewing and validating security tokens and establishing trusted connections. Proofpoint researchers claim that WS-Trust is inherently insecure and that Microsoft’s identity providers implemented the standard with a number of bugs.

These vulnerabilities can be exploited to allow an attacker, for example, to spoof their IP address to bypass MFA through a simple request header manipulation. Changing the user-agent header, in another example, may also cause the system to misidentify the protocol, and believe it to be using ‘modern authentication’. 

“Most likely, these vulnerabilities have existed for years. We have tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues,” Proofpoint said.

“Vulnerabilities require research, but once discovered, they can be exploited in an automated fashion. They are hard to detect and may not even appear on event logs, leaving no trace or hint of their activity. Since MFA as a preventative measure can be bypassed, it becomes necessary to layer additional security measures in the form of account compromise detection and remediation.”

With MFA becoming an essential and more widely-adopted additional layer of security to reinforce username-and-password logins, cyber criminals are certainly more attracted to identifying and implementing bypasses.

This is particularly pertinent during the coronavirus crisis, where the mass shift to remote and home working meant critical apps and services were being accessed from insecure locations, with protocols such as MFA in place to bolster cyber security.

Red Hat and its parent company IBM have together launched a one-stop-shop marketplace for customers seeking to run OpenShift enterprise applications on their hybrid cloud infrastructures.

Red Hat Marketplace offers a broad catalogue of more than 50 open-source software, across a dozen categories, available for enterprises to purchase and deploy, including apps in the areas of AI and machine learning, security, and big data, among others.

The marketplace aims to deliver an ecosystem of software from independent vendors so enterprise customers can easily deploy new tools on their hybrid cloud infrastructures, based on Red Hat OpenShift’s container platform. Some of the vendors whose tools are available include CognitiveScale, MongoDB and StorageOS.

“We believe that removing the operational barriers to deploy and manage new tools and technologies can help organizations become more agile in hybrid multi-cloud environments,” said Red Hat’s senior director for technology partnerships, Lars Herrmann.

“The software available on Red Hat Marketplace is tested, certified and supported on Red Hat OpenShift to enable built-in management logic and streamline implementation processes. This helps customers run faster with automated deployments while enjoying the improved scalability, security, and orchestration capabilities of Kubernetes-native infrastructure.”

The companies have also launched a private form of the marketplace, dubbed Red Hat Marketplace Select, available at additional cost for enterprises that want more control and governance over purchases.

The private marketplace allows clients to provide their teams with easy access to curated, pre-approved software, and also tracks usage and spending by departments of all software deployed across hybrid cloud environments.

The marketplace has been devised especially for companies building cloud-native infrastructure and supports the wider drive to cut down on vendor lock-in. Programmes can essentially be deployed across the open hybrid cloud and operate in any environment.

Deployment is automated, too, and purchases will be readily accessible on Red Hat OpenShift consoles, with customers also being offered 24/7 support.

Enterprise customers can access the collection of open-source tools in a metered, pay-per-hour, fashion, with the platform offering a granular understanding of usage and spending patterns. Red Hat claims this payment model allows customers to experiment with an array of tools in early-stage development projects, given there’s no need to commit to any lengthy subscriptions.

US data centre provider Equinix has been rocked by a major security incident, with some of its internal company systems compromised by ransomware.

The company revealed yesterday that its security teams took immediate action against the threat, notified law enforcement agencies, and are continuing to investigate the nature and scale of the infection.

The severity of the attack at this stage is unclear, with the company pledging to release further details soon. Thankfully for its customers, however, Equinix data centres and services, including its managed services, remained fully operational during the period of the attack, according to a statement released by the company.

Cyber criminals are abusing a trusted Docker and Kubernetes cloud monitoring tool to map the networks of their victims and execute system commands.

Having previously been known to use malicious Docker images to infect victims’ servers, TeamTNT has now been observed using Weave Scope as an effective backdoor into the cloud networking infrastructure of its targets, according to analysis by Intezer.

Weave Scope is a trusted tool that gives users full access to their cloud environment, and is integrated with Docker, Kubernetes, the Distributed Cloud Operating System (DC/OS) and the AWS Elastic Compute Cloud (ECS). Hackers, however, have illicitly deployed this tool to map out the environments of prospective victims, and execute system commands without the need to deploy malicious code. 

«To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure,» said Intezer security researcher Nicole Fishbein. «When abused, Weave Scope gives the attacker full visibility and control over all assets in the victim’s cloud environment, essentially functioning as a backdoor.»

«By installing a legitimate tool such as Weave Scope the attackers reap all the benefits as if they had installed a backdoor on the server, with significantly less effort and without needing to use malware,» she adds. 

The open-source tool, developed by Weave Works, providers monitoring and visualisation over Docker and Kubernetes servers, with users gaining full control over the infrastructure through a dashboard accessible through a web browser.

When successfully abused, attackers are granted access to all information about the server environment, in addition to the ability to install applications, establish connections between cloud workloads, and start or stop or open interactive shells in containers. 

This degree of functionality is equivalent to an attacker having installed a backdoor on the server, with significantly less effort and without needing to use malware, Fishbein added.

To install Weave Scope, a hacker would need to use an exposed Docker API port and create a new privileged container with a clean Ubuntu image. This container would then be configured to mount the file system of the container to the file system of the victim server, and therefore grant attackers access to all files on the server. 

The initial command, as observed by Intezer, was to download and execute several cryptominers. The attacker then attempted to gain root access to the server by setting up a local privileged user on the host server, using this to connect back via Secure Shell (SSH). The attackers subsequently downloaded and installed Weave Scope, which, once launched, connected the cyber criminals with the Weave Scope dashboard via HTTP on port 4040.

From this dashboard, the hackers can see a visual map of the Docker runtime cloud environment and give shell commands without deploying any backdoor. This is the first time that an attacker, to Intezer’s knowledge, has downloaded legitimate software to be used as an admin tool on the Linux operating system.

The cyber security firm has recommended that organisations close any exposed Docker API ports to prevent the initial infiltration, given this attack takes advantage of a common misconfiguration of the Docker API. All Docker API ports should, therefore, be either closed or contain restricted access policies in the firewall.

Organisations should also block incoming connections to port 4040 given Weave Scope uses this as a default to make the dashboard accessible. This port should also be closed or restricted by the firewall.

A former Cisco employee has pleaded guilty to damaging Cisco’s internal network in an incident during 2018, leading to the deletion of 16,000 Webex Teams accounts belonging to company employees.

Sudhish Kasaba Ramesh was charged with intentionally accessing a protected computer without authorisation and recklessly causing damage after he accessed Cisco’s cloud infrastructure and deleted 456 virtual machines (VMs).

Several months after resigning from the company in April 2018, he concsiously deployed a piece of code from his Google Cloud Project that destroyed these VMs in Cisco’s cloud infrastructure, hosted by Amazon Web Services (AWS). 

These VMs hosted Cisco’ Webex Teams application, which meant that more than 16,000 employees lost access to video conferencing, video messaging, file sharing and other collaboration tools, as their accounts were wiped.

This shutdown lasted two weeks and caused Cisco to spend around $1.4 million in time to restore the damage, as well as more than $1 million in refunds to consumers. No customer data was compromised as a result of these actions, according to the US Attorney’s Office fo the Northern District of California.

“Cisco addressed the issue in September 2018 as quickly as possible, ensured no customer information was lost or compromised, and implemented additional safeguards,” a Cisco spokesperson told IT Pro. 

“We brought this issue directly to law enforcement and appreciate their partnership in bringing this person to justice. We are confident processes are in place to prevent a recurrence.”

Ramesh was charged on 13 July and pled guilty to the single count, admitting that he acted recklessly in deploying the code, and consciously disregarded the substantial risk of his actions harming Cisco. His hearing is scheduled for 9 December 2020. 

The maximum penalty for committing such an offence is five years imprisonment and a fine of $250,000, although Ramesh’s guilty plea is likely to mean the final sentence is much softer than this.

Cisco is planning to integrate artificial intelligence (AI) technology from BabbleLabs into its collaboration division to improve the audio quality of participants in Cisco Webex meetings and remove background noise.

BabbleLabs specialises in developing AI that can detect speech, distinguish this from background noise, and use speech enhancement tech to improve the quality and clarity of speech.