All posts by Zach Marzouk

Acer confirms breach after cyber attack on Indian servers

Zach Marzouk

14 Oct, 2021

A hacker group has claimed to have breached the servers of Acer India, with approximately 60GB of sensitive data belonging to several million of the company’s customers being leaked online.

Known as Desordern, the group said it had stolen customer information, corporate data, financial data, and information related to recent company audits, according to a post on a popular hacking forum, seen by Privacy Affairs researchers.

The hackers said that the breach includes data on several million Acer customers, mostly from India. It appears to have taken place on 5 October, as this is the most recent date listed in the leaked databases.

Desordern also said that it will give Acer access to the database to verify the data and prove the breach is real. A sample of the data released for free, which included information on over 10,000 individuals, was found to be accurate and genuine by researchers at Privacy Affairs, who were able to make contact with some of those affected.

The group has said that data belonging to several million more Acer customers will be released for a fee at a later date.

“We have recently detected an isolated attack on our local after-sales service system in India,” an Acer spokesperson told IT Pro. “Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India.”

The spokesperson added that the incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and there has been no material impact to the company’s operations and business continuity.

In March this year, Acer fell victim to a $50 million ransomware attack carried out by the notorious ransomware gang REvil. The group announced the Acer breach on its website where it presented images of allegedly stolen files, including financial spreadsheets, bank communications, and bank balances. The breach was believed to be linked to the Microsoft Exchange cyber attack, which was carried out by at least ten hacker groups.

IBM pledges to reskill 30 million people globally by 2030

Zach Marzouk

13 Oct, 2021

IBM plans to provide 30 million people of all ages with new skills by 2030 as it aims to close the global skills gap by expanding access to digital skills and employment opportunities.

According to data from the World Economic Forum (WEF), closing the global skills gap could add $11.5 trillion to global GDP by 2028. In the UK, nearly two in three (64%) report spending more on recruitment, with costs increasing by 49 per cent or £1.23 billion in total because of the skills shortage. 

In a bid to help tackle the growing skills crisis, IBM has announced over 170 new partnerships and programme expansions in more than 30 countries across the world and is improving its existing programmes and career-building platforms to expand access to education and in-demand technical roles.

In the UK, IBM said that the West London-based Ada Lovelace Church of England High School has joined its P-TECH programme, an online platform that offers free technical skills required to be successful in the digital economy. Students are set to benefit from access to foundational knowledge on topics like cyber securityartificial intelligence, and cloud computing.

IBM plans to educate 30 million people through its broad combinations of programmes, including collaborations with universities and key government entities. These partnerships will also extend to NGOs too, such as the British Refugee Council.

“Talent is everywhere; training opportunities are not,” said Arvind Krishna, IBM chairman and CEO. “This is why we must take big and bold steps to expand access to digital skills and employment opportunities so that more people – regardless of their background – can take advantage of the digital economy.

“Today, IBM commits to providing 30 million people with new skills by 2030. This will help democratize opportunity, fill the growing skills gap, and give new generations of workers the tools they need to build a better future for themselves and society.”

This week, Vodafone found that digital literacy is becoming as important as reading and writing for young people’s future life prospects. Limited access to an internet-connected device, or lack of skills to use one, is preventing people entering the jobs market from attending exams or online lessons, gaining the necessary digital skills, and applying for jobs. 29% of respondents to the report said they had to share a laptop, tablet, or PC for work, education, or leisure in the past year.

Microsoft mitigated ‘largest ever’ 2.4Tbps DDoS attack

Zach Marzouk

12 Oct, 2021

Microsoft claims to have mitigated a record 2.4Tbps DDoS attack targeting one of its Azure customers in Europe during the last week of August.

The company said the attack was140% larger than than the highest attack bandwidth volume Microsoft recorded in 2020 and higher than any network volumetric event previously detected on Azure. It also surpasses the previous largest DDoS attack, which peaked at 2.3Tbps and was directed at Amazon Web Services (AWS) last year.

It said the attack traffic originated from around 70,000 sources and from multiple countries in the Asia-Pacific region, including Malaysia, Vietnam, Japan, and China, as well as the US. The attack spanned over 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes.

The company monitored three main peaks, the first at 2.4Tbps, the second at 0.55Tbps, and the third at 1.7Tbps.

Microsoft’s attack mitigation lifecycle is orchestrated by its control plan logic that dynamically allocates mitigation resources to the most optimal locations, closest to the attack sources. This meant that the attack traffic, which originated in the Asia-Pacific region and the US, did not reach the customer region but was instead mitigated at the source countries.

“Azure’s DDoS mitigation employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the network,” said Amir Dahan, senior programme manager at Azure Networking.

“When deviations from baselines are extremely large, our DDoS control plane logic cuts through normal detection steps, needed for lower-volume floods, to immediately kick-in mitigation. This ensures the fastest time-to-mitigation and prevents collateral damage from such large attacks.”

Dahan added that the customer did not suffer any impact or downtime, but if they had been running their own data centre instead of using Azure, they would most probably have incurred extensive financial damage as well as other intangible costs.

In 2020, Google revealed its infrastructure absorbed a 2.5Tbps DDoS attack three years previous. The attack was the culmination of a six-month campaign launched by Chinese-backed hackers that used multiple methods of attack, which ultimately had no material impact.

Oracle to launch 14 new cloud regions over the next year

Zach Marzouk

12 Oct, 2021

Oracle has announced plans to launch 14 new cloud regions over the next year to support demand for its customers worldwide.

The company plans to open new Oracle Cloud Infrastructure (OCI) regions in Milan (Italy), Stockholm (Sweden), Marseille (France), Spain, Singapore, Johannesburg (South Africa), Jerusalem (Israel), Mexico, and Colombia.

Oracle will also open second regions in Abu Dhabi (UAE), Saudi Arabia, Israel, and Chile. By the end of 2022, the company plans to take its number of cloud regions from 30 to at least 44.

The company also said that it plans to establish at least two cloud regions in almost every country where it operates, to help customers build business continuity and disaster protection while helping them address their in-country data residence requirements. The US, Canada, UK, South Korea, Japan, Brazil, India, and Australia already have two cloud regions.

“Oracle Cloud Infrastructure has seen stellar growth over the past year,” said Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure.

“We’ve introduced several hundred new cloud services and features and are continuing to see organisations from around the world increasingly turn to OCI to run their most mission-critical workloads in the cloud. With the additional Cloud regions, even more organisations will be able to use our cloud services to support their growth and overall success.”

Oracle currently provides cloud services across 30 commercial and government cloud regions in 14 countries on five continents. OCI operates 23 commercial regions and seven government regions too.

In September, AWS revealed plans to open a new data centre region in New Zealand by 2024, investing around £3.9 billion over the next 15 years and creating 1,000 jobs. The company said its new Asia Pacific region would help more of its customers run their applications by serving end users locally, provide lower latency and ensure customers can choose to securely store their data in the country.

Microsoft Cloud for Financial Services will launch next month

Zach Marzouk

6 Oct, 2021

Microsoft Cloud for Financial Services is set to launch on 1 November to help financial institutions use the Microsoft Cloud.

The new initiative integrates cloud services across Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, and Microsoft Power Platform, with new capabilities and customisations unique to financial services. It also has been designed to address the control frameworks and regulatory requirements facing the industry.

The platform provides financial institutions with a unified customer profile, easier customer onboarding, help with personalising customer interaction, and makes automation and collaboration across front and back-office easier. It also helps to identify and prevent fraud, protects the merchant services arms of financial institutions, carries out risk assurance and support, and helps organisations manage compliance requirements.

Microsoft hopes this will help financial institutions and industry partners to unlock value by optimising business processes through integrated collaboration and omnichannel communication capabilities, and enhance the customer experience through comprehensive customer insights and personalised interactions. It also helps accelerate products to market and removes data silos.

“This industry-specific cloud introduces new capabilities that unlock the power of the Microsoft Cloud to help innovate for responsible and sustainable growth,” said Bill Borden, corporate vice president of Worldwide Financial Services at Microsoft.

“Our industry cloud has a foundation of privacy, security, and regulatory compliance across Microsoft and our partner ecosystem, and it is built on an industry data model that enables interoperability and innovation.”

In September, Atos and IBM teamed up to create a new centre of excellence to help banks and insurance companies improve security and regulatory compliance when moving to the cloud. The platform aims to provide technical and financial services advice and expertise with Atos professionals trained on the IBM Cloud providing local language assistance. Atos will also offer automation services like Robotic Process Automation, AI-driven intelligent workflows, and business processes reengineering.

AWS to launch first New Zealand data centre region by 2024

Zach Marzouk

23 Sep, 2021

AWS has revealed plans to open a new data centre region in New Zealand by 2024, investing NZ$7.5 billion (around £3.9 billion) over the next 15 years and creating 1,000 jobs.

The company said that its new Asia Pacific (Auckland) Region will help more of its customers run their applications by serving end users locally, providing even lower latency, and ensuring customers can choose to securely store their data in New Zealand.

The Auckland region, which will be owned and operated by a local AWS entity, will be made up of three availability zones, joining the existing 81 zones across 25 geographic AWS regions at launch.

AWS estimates this will create 1,000 new jobs as part of a NZ$7.5 billion investment, which the company also believes will generate approximately NZ$10.8 billion (around £5.6 billion) over the next 15 years.

“Our investments reflect AWS’ deep and long-term commitment to New Zealand,” said Prasad Kalyanaraman, vice president of Infrastructure Services at AWS. “We are excited to build new world-class infrastructure locally, train New Zealanders with in-demand digital skills, and continue to help local organisations deliver applications that accelerate digital transformation and fuel economic growth.”

Globally, the company said that it has plans to launch 24 additional data centre sites across eight regions in Australia, India, Indonesia, Israel, Spain, Switzerland, the United Arab Emirates, as well as the new AWS Region in New Zealand.

AWS set up its first local entity in New Zealand in 2014 and opened new offices this year in Auckland and Wellington to support a team of over 100 employees. Customers previously had to rely on the AWS region in Sydney, which was launched in 2012, although it announced in December it was going to open its second infrastructure region in Australia in Melbourne by 2022.

In July, Google Cloud announced it would also open a new cloud region in Melbourne, its second in Australia and 11th in the APAC region overall. The company said that cloud customers in Australia and New Zealand are set to benefit from low latency and high performance of their cloud-based workloads and data.

Google also announced that it would open a new Google Cloud Dedicated Interconnect location in New Zealand as part of its new investment in the region. The company has said it hopes both its Melbourne and Auckland sites would deliver geographically distributed and secure infrastructure to customers across New Zealand.

Wipro and Google Cloud launch cloud innovation space

Zach Marzouk

20 Sep, 2021

Google Cloud and Wipro have launched the Wipro-Google Cloud Innovation Arena in Bangalore, India, hoping to increase cloud capabilities and build new products across industries.

The cloud collaboration space aims to provide in-house technical expertise, ensure seamless cloud adoption, and accelerate innovation to drive business transformation for customers.

The companies said that by combining Google Cloud with Wipro FullStride Cloud Services, the jointly developed innovation centre will offer a range of people, processes, and platforms to customers around the world. The centre will showcase the talent, tools, and best practices required to develop and deploy applications on Google Cloud.

“Innovation and business differentiation are key drivers of cloud adoption, which is why innovation labs where customers can brainstorm, design, and pilot innovation use cases with the help of industry experts have become increasingly important,” said Kevin Ichhpurani, corporate vice president of Partner Ecosystem at Google Cloud.

“We are pleased to be furthering our partnership with Wipro to provide our customers with the resources they need to take their cloud journey to the next level.”

Jason Eichenholz, senior vice president and global head of Ecosystems & Partnerships at  Wipro, said that the new Innovation Arena was the latest example of the company’s commitment to providing customers with world-class resources and support, and a vision for their cloud future.

“We are excited to strengthen our partnership with Google Cloud, and look forward to leveraging the Wipro-Google Cloud Innovation Arena to increase cloud capabilities, build solutions across industries, and help our customers simplify their processes and workflows,” said Eichenholz.

In August, Wipro added a new studio to its Technology Center in Plano, Texas, to support customers’ digital transformation efforts as part of a collaboration with ServiceNow. The studio, named @now Studio, was set to draw upon ServiceNow’s simplified processes and digital workflows to create custom products. Wipro’s Texas Technology centre houses the firm’s US cyber defence unit and is an incubator for developing advanced analytics and cloud technologies.

Automated hiring systems are rejecting qualified candidates

Zach Marzouk

7 Sep, 2021

Automated hiring systems filter out qualified high skilled workers, according to a Harvard Business School report focused on how leaders can improve hiring practices to uncover missed talent pools and close skills gaps. 

Researchers found that inflexibly configured automated recruiting systems, which are “designed to maximize the efficiency of the process”, tend to hone in on candidates using very specific parameters to minimise the number of applicants that are actively considered by an organisation.

“For example, most use proxies (such as a college degree or possession of precisely described skills) for attributes such as skills, work ethic, and self-efficacy,” researchers stated in the report. “Most also use a failure to meet certain criteria (such as a gap in full-time employment) as a basis for excluding a candidate from consideration irrespective of their other qualifications.”

As a result, this excludes from consideration viable candidates whose resumes do not match the criteria “but who could perform at a high level with training”. 88% of employers who took part in the survey agreed with this statement, admitting that qualified high skilled candidates are vetted out of the process as they don’t match the exact criteria established by the job description. The number rose to 94% in the case of “middle-skill” workers.

Researchers found that automated systems represent the “foundation of the hiring process” in the majority of organisations, with 90% of employers in the survey using automated systems to “initially filter or rank potential middle-skills (94%) and high-skills (92%) candidates”.

The report also found that the rapid pace of change in many occupations, driven in large part by advancing technologies, has made it “extremely difficult for workers to obtain relevant skills”. 

“The evolution in job content has outstripped the capacity of traditional skills providers, such as education systems and other workforce intermediaries, to adapt,” said the report, highlighting that to develop the capabilities employers seek increasingly requires the candidate to be employed.

To deal with these problems, the report recommended refreshing job descriptions, shifting from “negative” to “affirmative” filters in automated recruiting systems, establishing new metrics for evaluating talent acquisition, and enlisting a senior leader to champion, direct, and monitor the evolution of hiring and onboarding practices.

HBS’s global study included a survey of over 8,000 “hidden” workers, those who miss hours, unemployed and seeking work, or those who are not working or seeking employment but are willing to work under the right circumstances, as well as over 2,250 executives across the US, UK, and Germany. Researchers also found that the situation, although it has worsened over the pandemic, has been growing over recent decades.

“A single data point made the intractability of the problem apparent—just under half (44%) of middle-skill “hidden workers” reported that finding work was just as hard pre-COVID-19 as it was during our 2020 survey period,” stated the report.

Windows 11 rollout will begin on 5 October

Zach Marzouk

31 Aug, 2021

Microsoft has confirmed that Windows 11 will be released on 5 October, with all eligible devices to be offered the free upgrade by mid-2022.

From 5 October, Microsoft will start rolling out Windows 11 to eligible Windows 10 PCs, while PCs that come preloaded with Windows 11 will start to become available for purchase. The update is set to be rolled out in a phased approach, which means that new eligible devices will be offered the upgrade first. 

For UK customers, the new update will be available “beginning this holiday season”.

“The upgrade will then roll out over time to in-market devices based on intelligence models that consider hardware eligibility, reliability metrics, age of device and other factors that impact the upgrade experience,” the company stated.

Microsoft expects all eligible devices to be offered the free upgrade to Windows 11 by mid-2022. Users that have a Windows 10 PC that’s eligible for the update will be notified by Windows Update when it’s available. Alternatively, users can check to see if it is ready by going to Settings>Windows Update and select “Check for updates”.

New features in Windows 11 include “Start”, which uses the power of the cloud and Microsoft 365 to show users their recent files, no matter what device they were viewing them on. Chat from Microsoft Teams is integrated into the taskbar, a new Microsoft Store will be available, and Snap Layouts, Snap Groups and Desktops will allow users to multitask and optimise their screen space.

One feature that won’t be included at launch is the inclusion of Android apps support in Windows 11 and the Microsoft Store, through the company’s collaboration with Amazon and Intel. Microsoft said that it will start with a preview for this feature for Windows Insiders “over the coming months”.

Microsoft recently provided more details on the reliability of computers that could update to Windows 11, saying that those systems were more reliable in use.

“Those that did not meet the minimum system requirements had 52% more kernel mode crashes (blue screens) than those that did meet the requirements,” Microsoft said. “Additionally, app hangs are 17% more likely, and for first-party apps, we see 43% more crashes on unsupported hardware.”

Microsoft accused of making it harder to ditch Edge in Windows 11

Zach Marzouk

19 Aug, 2021

Microsoft has been accused of making it harder to switch default browsers in Windows 11, prompting complaints from browser competitors like Firefox and Opera.

The tech giant has changed the way users can set default apps on its new operating system, according to The Verge. Similar to Windows 10, a prompt appears when a user installs a new browser or opens a web link for the first time.

The problem lies with a change in the way default browser apps are handled in Windows 11. Where Windows 10 allowed users to change default apps based on a program, Windows 11 requires users to set defaults by file or link type instead, much in the same way that PDFs or image extensions are handled.

For example, in Chrome, this means individually changing the default behaviour for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPs, with each having its own drop-down menu.

Rival browsers tend to prompt users to set them as default, forcing them to navigate the default apps part of settings to do this.

Critics have argued that this creates unnecessary complications in what otherwise should be a simple process, causing many users to simply stick with Edge.

“Being able to select your preferred web browser is essential to shaping the internet experience that everyone deserves,” Selena Deckelmann, senior vice president of Firefox said to IT Pro. ”We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user’s choice for a non-Microsoft browser.”

Krystian Kolondra, Opera’s EVP and head of desktop browsers, told IT Pro that it is “unfortunate” when a platform vendor is “obscurifying a common use case to improve the standing of their own product”.

“We would like to encourage all platform vendors to respect user choice and allow competition on their platforms. Taking away user choice is a step backwards,” added Kolondra.

IT Pro has contacted Google and Microsoft for comment.