IBM president and former Red Hat CEO Jim Whitehurst has decided to step down, following a spell of just 14 months in the role. 

Whitehurst joined the tech giant as part of its $34 billion acquisition of Red Hat back in 2018, having played a “pivotal role” in the integration. 

Announcing the shock decision, IBM did not give offer up the reasons for Whitehurst’s sudden departure, but the firm did reveal that he will continue as a senior advisor to chairman and CEO Arvind Krishna.

“In the almost three years since the acquisition was announced, Jim has been instrumental in articulating IBM’s strategy, but also, in ensuring that IBM and Red Hat work well together and that our technology platforms and innovations provide more value to our clients,” Krishna said in a statement.

“Jim has decided to step down as IBM President, however I am pleased he will continue working as senior advisor to me and the rest of the Executive Leadership Team as we continue to evolve our business.”

Following IBM’s Red Hat acquisition, Ginni Rometty called time on her stint as IBM CEO back in April 2020, with Krishna subsequently taking the reins.

He then appointed former Red Hat CEO Whitehurst on his first day in the role, leading many industry observers to view him as Krishna’s heir apparent.

At the time of Krishna’s appointment as CEO, he also announced that Bridget van Kralingen had agreed to stay on to ensure a smooth leadership transition.

She has now also decided to step down from her current role as senior vice president of Global Markets, replaced by Rob Thomas. However, she will remain SVP of Special Projects for a year before which time she will retire from IBM. 

Elsewhere, IBM announced a host of other leadership changes. Among them, the company confirmed that Tom Rosamilia will become SVP of Cloud and Cognitive Software, while Ric Lewis takes on the role of SVP of Systems. 

“I believe we are at a watershed moment in our journey,” Krishna said. “As the world begins to reopen, IBM has a unique opportunity to be positioned for a new and exciting era of growth, continue to accelerate the rate and pace of execution of our strategy, and strengthen our client-centric culture and our ability to provide technical expertise.”

REvil has infected more than 40 customers of IT management software firm Kaseya in a SolarWinds-style supply chain attack in which ransomware was distributed  through a malicious update.

Kaseya revealed this weekend that its cloud-based IT management and remote monitoring product VSA had been compromised, but that the attack affected a small number of its on-premises customers only. The number of victims is estimated to be roughly 40, according to the firm.

The cyber gang exploited a zero-day vulnerability to remotely access internet-facing VSA servers. Given this software is used by many Managed Service Providers (MSPs), this route of entry also gave them a route into these MSP’s customers. Kaseya was targeted because a key functionality of VSA is to push software and automated IT tasks on request, without checks. 

The hackers responsible are now issuing varying ransom demands to its victims. REvil is demanding $44,999 from victims if their endpoint has been hit, according to Sophos security researcher Mark Loman. The group, meanwhile, is demanding a sum of $70 million to publish the universal decryptor, while boasting that it’s infected a million devices.

Looking beyond the 40 victims that Kaseya suggests REvil has claimed, Huntress Labs claims that more than 1,000 businesses have had servers and workstations encrypted, including MSPs. 

The response to the attack has been stark, with businesses served by the VSA product cutting off their servers from access to the internet. According to Dutch security firm DIVD CSIRT, the number of reachable VSA instances dropped from the norm of 2,200 to less than 140 as of Sunday. 

The company confirmed that a DIVD researcher, Wietse Boonstra, had previously identified a zero-day flaw, tracked as CVE-2021-30116, which is now being used in the ransomware attack. This flaw was discovered as part of a wider research project in which the firm is examining flaws in tools for system administrators in products such as Vembu BDR, Pulse VPN and Fortinet VPN.

“After this crisis, there will be the question of who is to blame,” the company said in a blog post. “From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. 

“When items in our report were unclear, they asked the right questions. Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Kaseya executives are meeting again today to discuss bringing its data centres online, with a scheduled restoration date and time of 5 July “by the end of the day” local time (UTC). That timeframe is dependent on achieving some key objectives, however.

Once the software as a service (SaaS) data centres have been restored, Kaseya will publish the schedule for distributing its patch for on-premise customers. 

​Cyber criminals are abusing a severe Windows vulnerability just days after a security company inadvertently published a proof-of-concept (PoC) exploitation for this previously undisclosed flaw.

The vulnerability, nicknamed PrintNightmare, concerns the Print Spooler component in all Windows devices. It’s being tracked as CVE-2021-34527, and lets attackers install programmes, view, change or delete data, or create new accounts with full privileges on targeted devices.

Microsoft had initially fixed a flaw in the Print Spooler component on 8 June as part of its Patch Tuesday round of updates. At the time this was deemed a privilege escalation flaw and was tracked as CVE-2021-1675.

The firm then upgraded the severity of the bug from just privilege escalation to remote code execution on 21 June.

At the same time, researchers with the security firm Sangfor had been conducting their own research into Print Spooler vulnerabilities, which they were preparing to discuss at the forthcoming Black Hat cyber security conference in August.

Seeing that Microsoft had upgraded the bug’s severity, the researchers assumed that it was the same flaw they had been working with and decided to publish the proof of concept for the exploit ahead of the conference, safe in the knowledge that it had been patched.

This remote code execution exploit, however, was for an entirely different Print Spooler weakness that hadn’t been previously disclosed by Microsoft, and used a different attack vector.

Once this was established, the researchers quickly took down their work, but not before the exploit code was downloaded and republished elsewhere.

Microsoft has since warned businesses that hackers have seized upon this blunder and are targeting businesses with the flaw now known as CVE-2021-34527. Since it’s an evolving situation, Microsoft hasn’t yet attached a threat severity score to the bug.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in a security advisory.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.”

Until a patch becomes available, Microsoft has recommended that businesses either disable the Print Spooler service or disable inbound remote printing through their group policy.

The first mitigation would disable the ability to print locally or remotely, while the second workaround blocks the remote attack vector by preventing inbound remote printing operations. Local printing, however, will still be possible.

HPE has announced it has entered into a definitive agreement to acquire cloud data management and protection specialist Zerto for $374 million.

The move expands HPE GreenLake and continues HPE Storage’s shift to a cloud-native, software-defined data services business, the company said.

Zerto’s journal-based continuous data protection (CDP) technology includes disaster recovery, backup, and data mobility in a single platform that spans on-premises, hybrid and multi-cloud environments.

Zerto will be available as a service through HPE GreenLake and Data Services Cloud Console.

“Zerto’s market-leading cloud data management and protection software expands HPE GreenLake cloud data services, allowing customers to protect their data and rapidly act on insights, from edge to cloud,” commented Antonio Neri, president and CEO of HPE.

The solution is designed to help customers recover quickly from ransomware, cyber attacks, and other planned data downtime, returning data to its pre-attacked state.

Zerto also easily replicates and migrates data between VMware vSphere and Microsoft Hyper-V environments, as well as natively to AWS and Microsoft Azure.

“Customers continue to face significant issues managing data complexity across hybrid and multi-cloud environments,” said Tom Black, senior vice president and general manager of HPE Storage.

“Zerto further positions HPE to help solve these customer challenges and become the leader in data management and protection through HPE GreenLake cloud services.”

Founded in 2009, Zerto is co-headquartered in Herzliya, Israel and Boston. The firm’s 500 employees serve more than 9,000 customers – including enterprises and 350 MSPs.

HPE says the addition of Zerto will “significantly accelerate” its transformation to become a leading data management and protection provider, while Zerto will benefit from HPE’s global scope and presence.

The acquisition is expected to close during HPE’s fourth quarter, subject to regulatory approvals and customary closing conditions. Zerto’s management team will join HPE following the close of the transaction, with the company organised under HPE Storage.

“The HPE GreenLake edge-to-cloud strategy and strong leadership is a perfect match for Zerto,” commented Ziv Kedem, CEO of Zerto.

“Coupling Zerto’s industry-leading cloud data management and protection software platform with HPE’s cloud data services and go-to-market reach will offer an unparalleled experience for our collective customers and partners.”

Microsoft has struck agreements with US networking giant AT&T and the cyber security organisation MITRE to bring additional 5G support as well as threat monitoring capabilities to Azure.

As part of its deal with MITRE, Microsoft will integrate the organisation’s adversarial tactics, techniques and common knowledge (ATT&CK) framework into its public cloud platform in order to build a foundation for developing threat models.

Separately, the firm has acquired the Network Cloud division of AT&T, which plays host to its core 5G network. Microsoft will indirectly own but won’t operate this network, and instead plans to integrate IP and expertise into its Azure for Operators platform.

These twin deals are part of Microsoft’s strategic efforts to bolster its public cloud platform on the cyber security and networking fronts.

The AT&T acquisition, for example, is part of a strategic alliance that will see network traffic managed by Microsoft Azure. This is set to begin with the 5G core, the software at the heart of AT&T’s 5G network.

Microsoft says AT&T will benefit from greater productivity and cost-efficiency as more network workloads migrate to Azure for Operators. The firm will also use the company’s hybrid and hyperscale infrastructure to reduce costs.

The Network Cloud platform, which Microsoft is acquiring, has been running AT&T’s 5G core network since 2018. Microsoft will integrate this into its Azure for Operators platform to allow operators to run telecoms networks in the cloud.

Microsoft will benefit from access to IP and technical expertise to grow its product, building on the 2020 acquisitions of Affirmed Networks and Metaswitch Networks. It’s also acquiring AT&T’s engineering and lifecycle management software that’s used to develop carrier-grade cloud that can run containerised or virtualised network services.

“With Azure, operators can provide a more flexible and scalable service model, save infrastructure cost, and use AI to automate operations and differentiate customer offerings,” said executive vice president of Azure, Jason Zander.

“Through our collaboration with AT&T, Microsoft will expand its telecom portfolio to support operators with a carrier-grade cloud that provides seamless experiences across Microsoft’s cloud and the operator’s network.”

Microsoft’s partnership with MITRE, meanwhile, has seen the firm integrate the ATT&CK framework into Azure to launch the Security Stack Mappings for Azure research project. This has introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against.

The project aims to plug an information gap for businesses seeking to proactively secure their public cloud deployment. This project creates data that shows how built-in security controls might secure their assets against the specific attack methods most likely to target them.

“Microsoft has worked to expand the suite of built-in security controls in Azure which, while highly effective for protecting customer environments, can feel overwhelming to understand across an organisation’s entire Azure estate,” said senior threat intel librarian with Microsoft’s threat intelligence centre, Madeline Carmichael.

“MITRE has developed the ATT&CK framework into a highly respected, community-supported tool for clarifying adversary TTPs. Pairing the two together provides a helpful view for organisations to understand their readiness against today’s threats in a familiar vocabulary that enables easy communication to their stakeholders.”

Opera has released a host of new features for its Chromebook web browser to position itself as a full-featured alternative to Chrome that’s also fully optimised for ChromeOS.

The new web browser boasts tools that are not available in the standard Chrome OS, such as a free browser VPN, built-in messengers, an ad blocker, and five different colour themes.

Opera suggests that its tweaked Android version is a simple and fast laptop browser, with “custom-made optimisations that deliver a full-fledged laptop experience”. The major changes will allow users more ‘laptop-style’ controls, including keyboard shortcuts such as ‘Ctrl+T’ for opening new tabs and ‘Ctrl+L’ for focusing the address bar.

What’s more, Opera suggests it has developed the only browser that lets users access chat functions without disrupting their work or the browser itself. Apps for Facebook Messenger, Instagram, Twitter, WhatsApp, and Telegram are built-in, so users won’t have to reach for a phone or specifically go to the website of each service.

The decision to develop an alternative for Chrome was largely based on a study conducted by Opera that found users wanted more than one browser, particularly for different purposes. Opera claims to be the first company to provide an alternative browser to Chrome that’s optimised for ChromeOS, since the operating system launched back in 2011.

“Chromebooks, with their user-friendly interface and touchscreens, are excellent devices for people’s everyday needs,” said Stefan Stjernelund, product manager of Opera for Android. “We decided it’s high time their users got access to an excellent alternative browser with a unique set of features they’ll find both useful and fun.”

The timing is also key, with Chromebook demand reaching an all-time high during the pandemic; according to Canalys, 11.2 million units were shipped between October and December 2020, which represents a 287% increase year-on-year. According to Opera, this highlights how important Chrome OS has become as it offers convenience for workers and students alike.

The Norwegian firm also expects a further 40 million units to be shipped during 2021.

Slack has added three new features in an attempt to reposition the platform as a ‘virtual headquarters’ for companies that adopt hybrid or entirely remote working strategies post-pandemic. 

These arrive in addition to the recently announced feature that enables users to schedule messages, which is very much in keeping with the idea of businesses running and operating across different regions and time zones. 

“The ‘new normal’ is here to stay – no one wants to give up the flexibility of working from anywhere,” said Slack’s VP of product, Noah Desai Weiss. “There’s a clear need for a virtual headquarters that helps employees embrace a new sense of flexibility, that makes them feel connected to their colleagues despite being physically apart, and that recreates the serendipity and creativity of the office.

“This is why we are introducing new virtual HQ capabilities like Slack Huddles and native recording of video, voice, and screen-sharing clips in Slack.”
 
Slack Huddles is essentially the company’s pitch for those ‘water cooler conversations‘ workers used to enjoy in a physical office. This is a key part of its ‘virtual HQ’ strategy, re-creating those spontaneous moments of conversation or brainstorming via an ‘audio first button in the bottom corner of the Slack sidebar. It’s a one-click operation where a ‘huddle’ can be started in any channel or direct message (including the ones users share with external contacts) where participants can virtually come and go as they please.

Another new feature has a very TikTok feel to it, as Slack users will be able to create and share video, screen recordings and audio clips, rather than conduct meetings or write long text into a channel. This was previously touched upon earlier in the year as a sort of ‘Stories’ type feature that’s used on Instagram and now Twitter with ‘Fleets’. 

The final new product for Slack’s ‘virtual HQ’ overhaul is called ‘Slack Atlas’, which is a digital directory users can navigate from within their account and connect to colleagues and partners from across their networks.
 
All of the new features are being rolled out now to paid-tier customers. Slack has yet to confirm whether they will also be rolling out to non-paying customers. 

Welcome to issue 18 of IT Pro 20/20, distilling the most important themes of the previous month into an easy-to-read package – courtesy of our sister title IT Pro.

In this cyber-security-themed issue, we highlight some of the most pressing challenges facing the industry. Our lead feature looks at the role of white hat hackers across the industry, the challenges they have faced in proving their value to companies, and whether media depictions of the traditional ‘hacker’ are creating unhelpful stereotypes.

We also look at the evolution of the security threat landscape from the 1990s until now, as well as consider whether the sudden appearance of social conscience among hackers may spell the end of the ransomware industry as we know it.

Also in this issue, you’ll find an overview of the most exciting features coming with Windows 11, as well as a look at the motivations fuelling the war against end-to-end encryption.

The next IT Pro 20/20 will be available on 30 July – previous issues can be found here. If you would like to receive each issue in your inbox as they release, you can subscribe to our mailing list here.

Lastpass hasn’t earned itself many supporters recently, and Bitwarden is coming for its password management crown with a massively feature-packed, cross-platform free consumer tier. It’s also almost unique in having a free business tier which, while limited to two users, is an obvious choice for micro-businesses and partnerships. The main drawback is that it has more limited 2FA options and lacks support for advanced features such as attaching encrypted files to entries and password vault health reports.

Bitwarden Teams expands on this free two-person tier, with an API for easy automation, event logs, user groups, a directory connector to automatically manage users when they’re added to your corporate LDAP server, extra two-factor authentication options, password vault health analysis, and the ability to grant emergency access rights to trusted users.

For larger businesses, Bitwarden Enterprise is very competitively priced, supports SSO and granular policy control, has the transparency benefit of open-source code and the convenience of a fully managed service. It’s also priced comparably to the mid- or entry-level tiers of many rivals, and if you want, you can even self-host it on your own servers with no additional licensing. 

Bitwarden review: Client features

The web-based incarnation of Bitwarden’s vault and settings are more functional than beautiful. Everything’s pretty easy to find, although we’d have liked download links to the critical Bitwarden apps to be more clearly signposted. You’ll find them on the pull-down from your profile icon at the top right, and at https://bitwarden.com/download/.

Dedicated desktop apps are available for Windows, macOS and Linux. Mobile apps cater to iOS and Android, with the open source F-Droid store hosting a copy for de-Googleised Android devices. An extensive range of browsers are covered, including Firefox, Safari, Chrome and browsers that share their rendering engines, even with the unusual addition of Tor Browser.

Bitwarden’s command line tool (which primarily exists to make automation easier) is available for bash and PowerShell, and can be found via a number of package managers including NPM – the recommended install path if you’re already using node.js – Homebrew, Chocolatey and Snap.

The client is eminently easy to use and does exactly what you’d expect from a password manager. Corporate users of Bitwarden get a free personal account, which they’ll log into to access their corporate password collection. When they save a password, they’ll be prompted to choose whether it belongs to their personal account or in the business’. Business passwords have to be in a collection, and the collections that each user is given access show up in their clients and online vault.

The Google Play Store version of Bitwarden’s Android client was recently found to include two trackers, which the company has convincingly justified as required for push notifications and crash reporting; if you’d rather avoid them, they are not included in the version distributed on F-Droid.

Bitwarden review: Management features

Users can be invited with standard, limited privileges to access items in collections that have been assigned to them and, if they are given write access, to add, edit and delete passwords and secure notes from those collections.

Managers have the power to assign users and groups to collections, as well as to create and delete said collections. Admins can create and assign users to user groups, invite new users, manage policies, check event logs and export the organisation’s vault data en masse, making this a role of trusted authority.

Only the owners can control billing, subscriptions and integrations for third-party applications and services. However, custom roles can also be created, providing granular control over exactly who gets to do what. Additional permissions are available to Enterprise admins via the Bitwarden Business portal.

We’re not too keen on this division between the main management interface and this dedicated portal for making policies and SSO. It’s easy to use, and we like the addition of features such as the ability to deny personal password ownership for organisation users and mandate specific security and password options. However, there aren’t quite as many settings here as you’ll find in comparable services from Dashlane, Keeper, and LastPass, and relatively few options are spread across rather too many pages.

Bitwarden review: Verdict

Bitwarden’s Free Organization tier has limited features, but is entirely free. For those who need more than two users and two collections, Bitwarden Teams costs $36 per user, per year or $4 per user, per month and the Enterprise tier costs $60 per user, per year or $6 per user, per month if you don’t want to commit to a full year.

This puts it among the cheapest business password management services around, and the Enterprise tier, with its fine-grained policy control, would benefit businesses of almost any size, even if they don’t need SSO. Furthermore, Bitwarden’s transparent, audited, zero-knowledge approach to security is solid and thoroughly documented.

Although its admin interface isn’t the most polished around, Bitwarden’s excellent feature set and well-designed range of cross-platform clients, as well as its low prices, make it our favourite business password management service. 

GitHub has launched a preview of GitHub Copilot, a new AI pair programmer that helps developers to write better code.

The Microsoft-owned company said the tool “draws context from the code you’re working on,” and suggests whole lines or entire functions. This, GitHub says, could enable engineers to be more productive and potentially lower the barriers to enter software development.

“It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet. As you type, it adapts to the way you write code—to help you complete your work faster,” said Nat Friedman, CEO of GitHub.

GitHub Copilot was developed in collaboration with OpenAI, an AI research startup backed by Microsoft, and powered by OpenAI Codex, a new AI system created by the company. Essentially, the GitHub Copilot editor extension sends comments and code to the GitHub Copilot service, which in turn uses OpenAI Codex to synthesise and suggest individual lines and whole functions.

The company said the system “has broad knowledge of how people use code” and is more capable than GPT -3 in code generation, as it was trained on a data set that includes a larger concentration of public source code.

GitHub expects the technology to “enable existing engineers to be more productive, reducing manual tasks and helping them focus on interesting work”. It also believes the tool has the potential to lower barriers to entry, enabling more people to explore software development and join the next generation of developers.

GitHub added that the new tool works with a broad set of frameworks and languages, but the technical preview, which is now open to be signed up to, works “especially well” for Python, JavaScript, TypeScript, Ruby and Go.

The company benchmarked the tool against a set of Python functions and blanked out the function bodies and asked GitHub Copilot to fill them in. The model got them right 43% of the time on the first try and 57% of the time when allowed 10 attempts.

If the technical preview is a success, GitHub plans to build a commercial version of GitHub Copilot in the future. Through the preview it aims to learn how people use the tool and what it takes to operate at scale.