Google Cloud has announced an update to its data centre region picker that allows customers to reduce their carbon footprint by choosing a region based on its CO2 output.

Starting today, Cloud Run and Datastream users will be able to find a region with the lowest carbon impact inside the Cloud Console location selectors, with the tool being rolled out to other Google Cloud offerings over time.

Regions will receive labels such as “Lowest CO2” or a leaf symbol, which means that the region has a carbon-free energy percentage of at least 75% or, in case this information is not available yet, a grid carbon intensity of no higher than 200 gCO2eq/kWh.

Grid carbon intensity is estimated based on average lifecycle gross emissions per unit of energy and is used to compare the regions in terms of carbon intensity. For instance, although Frankfurt and the Netherlands have similar CFE scores, the Netherlands has a higher emissions factor.

The update is part of Google’s company-wide sustainability initiative which aims to achieve carbon-free status by 2030. The tech giant has been carbon-neutral since 2007.

Besides the region picker’s Carbon footprint indicator, which was first previewed earlier this year and works by measuring the amount of carbon-free energy supply for each region, users can also filter regions based on cost as well as latency. The latter is estimated based on the physical distance between the customer’s headquarters and the city or country of the data storage region.

Commenting on the announcement, Carbon-free for Google Cloud Platform (GCP) product manager Steren Giannini said the tech giant wanted to empower its customers “to make more sustainable decisions and progress with us towards this 24/7 carbon-free future”. 

“Earlier this year, we published the carbon characteristics of our Google Cloud regions. Later, we introduced a simple tool to help you pick a Google Cloud region, taking variables like price, latency and sustainability into account. Our next question was: what’s the best way to surface that sustainability info when you’re actually picking a region for your cloud resources?” he added.

“By sharing and displaying carbon information of Google Cloud regions, together we’re making tangible progress towards our goal of a carbon-free future.”

Google has announced plans to move users from its Backup and Sync file-syncing services to a new unified desktop app for Drive. 

Onboarding for the Drive for Desktop app will start on 19 July, with Google recommending users make the switch by the end of September before they’re locked out on 1 October.

The transition is just for Backup and Sync users, however, as business clients who are already using Drive File Stream – the enterprise name for Drive for Desktops – should already be set up. 

The aim of moving to a unified desktop app is to create “a powerful and unified sync client”, according to Google, with the best features from both consumer and enterprise services that should be more straightforward to use and easier for IT teams to manage.

In a blog post, Google suggests the new app will be pretty familiar to anyone who used its previous file-syncing services. Drive for Desktop will offer easy access to files and photos stored in the cloud, and will sync files in the background to keep them up to date.

Google also suggests the app can sync external storage devices like flash drives to Drive, mirror files between Drive and local files on a desktop computer, and let users choose whether they store individual photos and videos in Drive or Google Photos.

The launch of Drive for Desktop coincided with a few announcements from the tech giant, which included changes to services that helped many through the pandemic. In April 2020, for example, Google Meet was made available to all users with day-long group calls, but that has been switched to an hour as of 1 July. As such, free Gmail users will now have to make do with calls with three or more participants at a limit of 60 minutes.

Microsoft is set to strike a deal to acquire security software firm RiskIQ as it seeks to bolster the security of its core products.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Microsoft is set to purchase the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers. 

This would play into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.  

IBM is acquiring DevOps consulting company BoxBoat Technologies as part of an ongoing effort to bolster its cloud software capabilities.

BoxBoat was founded in 2016 to help create strategies for container-based software development. It advises companies on how to build software development pipelines for cloud-native applications and on how to convert existing applications for container-based environments, and offers a range of training services to support this.

​

This is the latest acquisition in IBM’s push to establish dominance in the cloud software development space, which has seen it invest heavily in Kubernetes-based container infrastructure, on which many modern cloud applications depend.

IBM has said it will fold BoxBoat into its Global Business Services unit to bolster its hybrid cloud portfolio, focusing on container strategy and services. The deal’s value has not been disclosed.

One of BoxBoat’s focal areas is increasing the security of DevOps processes and has spent time recently addressing software supply chain security following the SolarWinds attack. Security experts are increasingly worried about adversaries compromising software development processes and inserting malicious code into software before it is deployed.

BoxBoat has been working closely with the Cloud Native Computing Foundation (CNCF) on its Secure Production Identity Framework for Everyone (SPIFFE) project. This is an open-source initiative that assigns secure identity certificates to cloud workloads, making it easier for microservices to authenticate with each other securely in the cloud.

The company also works with another Linux Foundation initiative called in-toto, to help secure DevOps pipelines from intruders who might try to compromise software in development.

BoxBoat has parlayed some of this work on third-party software security into a contract with the US Department of Defense under its Small Business Innovation Research (SBIR) initiative to help secure software supply chains.

This is the latest acquisition in a series for IBM, which acquired Red Hat in 2019 for $34bn. More recently, it acquired cloud implementation services company Nordcloud in a December deal that closed in Q1 2021. It also bought cloud managed services provider Taos a month later.

Hackers have been discovered using a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

The technique involves send a phishing email containing a seemingly innocuous Microsoft Word attachment, according to McAfee. Once opened, it triggers a chain of events that eventually downloads the payload for the infamous banking and data exfiltration malware, known as Zloader.

​

The fact that the document isn’t embedded with any malicious code will make it easier for phishing emails to bypass initial checks and malware scanners.

Researchers have noted that users are only susceptible to infection if macros are enabled, which the phishing attack will use to trigger a series of commands once the Word document is opened.

Macros are disabled by default in Microsoft Office, so the Word document itself contains a lure designed to trick users into enabling macros, claiming that if they don’t, the file won’t load correctly.

When the Word document opens, and macros are enabled, the document downloads and opens another password-protected Microsoft Excel file from a remote server.

The Word document contains combo box components that store the content required to connect to the remote Excel document, including the Excel object, URL, and password required to open the file. The URL is stored in the combo box in the form of broken strings, which are combined later to form a complete string.

The code then attempts to download and open the Excel file stored in the malicious domain. After extracting the contents from the Excel cells, the Word file creates a Visual Basic for Applications (VBA) module in the downloaded Excel file by writing the retrieved contents. It, essentially, retrieves the cell contents and writes them to XLS macros.

Once the macro is formed and ready, it modifies a RegKey to disable trust access for VBA on the victim’s device in order to execute the malicious function without any Microsoft Office warnings. After writing macro contents to the Excel file, and disabling trust access, a function from the newly written excel VBA is called which downloads the Zloader payload.

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload,” McAfee’s researchers Kiran Raj and Kishan N wrote.

“Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads. Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is safe to enable them only when the document received is from a trusted source.”

The operators of the Zloader malware are notorious for finding increasingly innovative ways of spreading their banking Trojan. The malware was found to be present in 100 coronavirus-related email campaigns as of the first half of 2020. Zloader was also hiding within encrypted Excel documents, according to research published in March this year, with its operators overseeing invoice-related spam campaigns.

​

TikTok has launched a pilot programme in the US to help job seekers create and send ‘video resumes’ to potential employers as it looks to expand the platform into recruitment.

The new service, dubbed ‘TikTok Resumes’, already has a selection of job openings from brands such as WWE, Shopify and Target.

At a time when tech companies like Facebook and Twitter are scrambling to be more like the video-sharing app, TikTok itself is aiming to be more like LinkedIn, with the company suggesting that there has been a rise in “career and job-related creative content” on its platform over the past year and that this could be used as a “channel for recruitment”.

As an example, TikTok user and Berkeley graduate ‘Christian‘ has created a short video resume with graphics and background images to showcase his skills with Adobe and Google Dialogflow and his experience working with brands, such as flight operator KLM.

Users can pursue job listings via the app or the website’s TikTok discovery page, with US job openings available till 31 July.

“TikTok Resumes is officially open and accepting TikTok video resumes,” said Nick Tran, global head of marketing at TikTok. “We’re humbled to be able to partner with some of the world’s most admired and emerging brands as we pilot a new way for job seekers to showcase their experiences and skill sets in creative and authentic ways.”

Tran added that TikTok is hoping to “reimagine recruitment and job discovery”, and the social media platform has already made a start on that ambition with the hashtag ‘CareerTok‘ which pools together resume examples, career advice and interview tutorials.

According to the Pew Research Centre, 48% of 18 to 29-year-olds in the US have reported having a TikTok account, compared to just 30% who say they have a LinkedIn profile.

Nvidia has switched on what it claims is the UK’s fastest supercomputer, the Cambridge-1, which will be made available to outside researchers and academic scientists such as AstraZeneca and GlaxoSmithKline.

The company said it will offer use of Cambridge-1 for free and will use what it learns from running the system to improve its future healthcare-specific products. 

“Cambridge-1 will empower world-leading researchers in business and academia with the ability to perform their life’s work on the UK’s most powerful supercomputer, unlocking clues to disease and treatments at a scale and speed previously impossible in the UK”, said Jensen Huang, founder and CEO of NVIDIA.

“The discoveries developed on Cambridge-1 will take shape in the UK, but the impact will be global, driving groundbreaking research that has the potential to benefit millions around the world.”

The system, which has been installed at the Kao data centre in Harlow, Essex, uses artificial intelligence (AI) for complex health research. For AstraZeneca, for example, the system will be used to learn about one billion chemical compounds represented by groups of characters that can be assembled into sentence-like structures. King’s College London and a special unit from the NHS will also use the system, as will privately held firms such as Oxford Nanopore Technologies. 

According to a report by Frontier Economics, an economics consulting firm, Cambridge-1 has the potential to create an estimated value of £600 million over the next 10 years.

“Disease prevention, climate change and efforts to drive a post-pandemic, green recovery are some of the most pressing issues of our time,” said Lee Myall, CEO at Kao Data. “I believe that Cambridge-1, and the continued efforts of its founding partners will be instrumental for the future of humankind. At Kao Data, we are delighted to be hosting the UK’s fastest supercomputer sustainably, and supporting ambitions to build back better through our work with Nvidia.”

Nvidia has spent around $100 million on the installation and has also suggested that figure was just “a starting point”. The move is part of a set of steps to show a commitment to the UK while it completes its controversial $40 billion deal to take over Cambridge-based Arm from Japanese investment group SoftBank. 

The deal is under heavy scrutiny from regulators around the world, including the UK’s Competition and Markets Authority, over concerns Nvidia will use it to create a monopoly within the chip manufacturing industry. 

Nvidia has also said it plans to build a supercomputer centre in the UK with Arm-designed chips. 

The US Department of Defense (DoD) has cancelled its $10 billion (£7.25bn) Joint Enterprise Defense Infrastructure (JEDI) project and scrapped its Trump-backed contract with Microsoft.

The deal had been long challenged by Microsoft’s cloud rival Amazon Web Services (AWS), which alleged that then-president Donald Trump had influenced the DoD by ordering them to “screw Amazon”, thus unfairly affecting the outcome of the bidding process.

Earlier this year, the Pentagon hinted that it might scrap JEDI altogether, with Deputy Defense Secretary Kathleen Hicks saying the DoD would have to consider the project in the context of Amazon’s litigation.

However, on Tuesday, acting DoD CIO John Sherman said that the decision was due to the Pentagon’s changing needs:

“JEDI was developed at a time when the Department’s needs were different and both the CSPs technology and our cloud conversancy was less mature. In light of new initiatives like JADC2 and AI and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute mission, our landscape has advanced and a new way-ahead is warranted to achieve dominance in both traditional and non-traditional warfighting domains,” he said.

As a replacement for JEDI, the DoD announced a new project, known as the Joint Warfighter Cloud Capability (JWCC), which is to be “a multi-cloud/multi-vendor Indefinite Delivery-Indefinite Quantity (IDIQ) contract” that will consider both AWS and Microsoft.

“The Department intends to seek proposals from a limited number of sources, namely the Microsoft Corporation (Microsoft) and Amazon Web Services (AWS), as available market research indicates that these two vendors are the only Cloud Service Providers (CSPs) capable of meeting the Department’s requirements,” said the DoD.

The first awards are expected to be announced by April 2022, according to Sherman, who wouldn’t provide an estimated value “yet”.

“I wouldn’t latch onto the $10 billion figure,” he added.

Commenting on the news, Microsoft’s president of US Regulated Industries, Toni Townes-Whitley, said that the tech giant is “confident” that it will “continue to be successful as the DoD selects partners for new work”.

Meanwhile, AWS, headed by new CEO Adam Selipsky, told Reuters that it looks “forward to continuing to support the DoD’s modernisation efforts and building solutions that help accomplish their critical missions”.

Cisco has launched Webex for Defense, a collaboration platform specifically made for the US Department of Defense (DoD).

Webex for Defense has received provisional authorisation from the Defense Information Systems Agency (DISA) to operate at DoD Impact Level 5 (IL5), which means it is authorised to work with the DoD’s national security systems, higher sensitivity CUI, and mission-critical information across all workloads.

It is an all-in-one collaboration tool connected to the DoD Information Network via DISA-managed Cloud Access Points and delivered out of Cisco-hosted, DoD IL5-certified data centres.

The new tool integrates with Cisco’s full Webex portfolio of devices, allowing users to connect securely from phone, desktop, or video. 

“A full set of admin and end-user controls enables seamless, secure collaboration with internal and external users as well as DoD partners, and ensures that sensitive data never leaks and information is kept private,” said Javed Khan, senior vice president and general manager of Cisco Collaboration.

Khan added that it’s easy for administrators and organisers to apply agency-specific policies to meetings as necessary, through features like meeting context and classification indicators. Webex for Defense is also built upon the Cisco Unified Communications Manager and its feature set, including local survivability.

He also claimed that thanks to Cisco’s “mature development methodology and transparent privacy posture” Webex’s security advantage “goes above and beyond the specification of DoD IL5”.

Last month, Cisco unveiled an all-new suite of services for its Webex platform with features it hoped would serve as the foundation for “inclusive” hybrid work environments. The new suite of services included an end-to-end platform, analytics tools to track audience engagement, speech optimisation, machine learning software for video quality, data-loss prevention, and collaborative hardware.

CEO Chuck Robbins said that the company’s collaboration business is “incredibly essential to our customers”. He revealed that the company has added 800 new features and devices since September and said the platform would power the future of hybrid work.

UK prime minister Boris Johnson has confirmed that the government’s working from home guidance will be scrapped on 19 July as part of plans to lift the country’s remaining COVID restrictions.

Johnson said that it was now a decision for employees and employers to “work out for themselves” during a news conference on Monday’s evening.

​The announcement came as part of a plan to fully lift all COVID restrictions, such as requirements to wear masks and social distancing, which will be removed later this month. The government’s decision seems to be based on the success of the vaccine rollout, with a claim that the “overwhelming proportion” of the workforce has had two jabs, which it said equalled a “huge wall of immunity”. 

However, the Confederation of British Industry (CBI) has called for more support for businesses to help their decision making, risk assessments, and, ultimately, boost confidence in both employees and customers. 

The organisation’s director general, Tony Danker, said the announcement would provide “huge relief” for UK businesses that have struggled to stay afloat during the pandemic. Many of those will be shops and restaurants along high streets and popular commuter routes that have been starved of footfall traffic while people have worked from home. 

“Critical now will be to build both customer and employee confidence in living with the virus,” Danker told IT Pro. “This will require businesses to continue putting safety at the heart of their approach as they have since the start of the COVID crisis and the government providing a vital role in supporting employers through guidance and advice.

“In the coming days we need the government to put in place further measures to create this much-needed confidence. Knowing whether workplace testing will continue beyond July, gaining clarity on mask-wearing for public transport and understanding how a role test and release scheme can support both domestic industry and our international travel sector can provide a further boost for firms as we all move from crisis to recovery.”

​