Agregátor RSS

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, Newsroomhttp://www.blogger.com/profile/[email protected]

A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's delve into the details of the Spectre v2 exploit, its implications, and the measures being taken to mitigate its impact.

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary code. Over the next few days or weeks, the Google Stable channel will be updated to 124.0.6367.78 for Linux. As security practitioners, Linux admins, infosec professionals, and sysadmins must be aware of the implications of such vulnerabilities and take appropriate action.

V úterý odhalené iPady Pro přišly s novým čipem M4. Vůbec poprvé tak Apple přišel s další generací Siliconu v tabletu místo Macu. Navíc jen sedm měsíců po představení M3. Firma sice spoustu detailů ještě tají, ale hrubý obrázek o výkonu a vlastnostech již máme. Procesor strčí do kapsy všechny ...

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.

This is our latest installment, focusing on activities that we observed during Q1 2024.

Readers who would like to learn more about our intelligence reports or request more information about a specific report, are encouraged to contact [email protected].

The most remarkable findings

The Gelsemium group performs server-side exploitation that effectively leads to a webshell, and uses various custom and public tools deployed with stealth techniques and technologies. The two main implants, SessionManager and OwlProxy, were first detected in 2022 in the aftermath of the ProxyLogon-type exploitations of Exchange Servers. Our latest investigation was prompted by the discovery of suspicious activity on a server located in Palestine in mid-November 2023, with traces of a previous breach attempt on October 12, 2023. The payloads were distinctively served, veiled as font files, in compressed and encrypted fashion. This characteristic led us to highly similar incidents in Tajikistan and Kyrgyzstan.

Careto is a highly sophisticated threat actor that has been seen targeting various high-profile organizations since at least 2007. However, the last operations conducted by this threat actor were observed in 2013. Since then, no information about Careto’s activity has been published. Recent threat hunting enabled us to gain an insight into campaigns run by Careto in 2024, 2022 and 2019. Our private report provided a detailed description of these activities, focusing on how the actor performed the initial infections, lateral movement, malware execution, and data exfiltration activities. It is notable that the Careto actor used custom techniques, such as employing the MDaemon email server to maintain a foothold inside the organization or leveraging the HitmanPro Alert driver for persistence. In total, we have seen Careto use three complex implants for malicious activities, which we dubbed “FakeHMP”, “Careto2”, and “Goreto”. The capabilities of these implants were also described in our private report.

Middle East

In March, a new malware campaign was discovered, targeting government entities in the Middle East. We dubbed it “DuneQuixote”. Our investigation uncovered more than 30 DuneQuixote dropper samples actively employed in this campaign. The droppers represent tampered with installer files for a legitimate tool named “Total Commander”. These carry malicious code for downloading further payloads, at least some of which are backdoor samples dubbed “CR4T”. At the time of discovery, we identified only two such implants, yet we strongly suspect the existence of others that may come in the form of completely different malware. The group prioritized the prevention of collection and analysis of their implants – the DuneQuixote campaigns display practical and well-designed evasion methods, both in network communications and malware code.

Our last report on the Oilrig APT discussed how IT service providers were potentially used as a pivot point to reach their clients as an end-target, and we kept tracking the threat actor’s activity to identify relevant infection attempts. We detected another activity in the process, likely by the same threat actor, but this time targeting an internet service provider in the Middle East. This new activity saw the actor using a .NET-based implant, which is staged using VB and PowerShell. The implant, which we named “SKYCOOK” for its function names, is a remote command execution and infostealer utility. The actor also used an autohotkey-based (AHK) keylogger similar to the one used in a previous intrusion.

Southeast Asia and Korean Peninsula

We have been tracking the activities of DroppingElephant in the past few years and recently detected several samples of the Spyder backdloor in its operations, as well as the Remcos RAT and, in a smaller number of cases, other malicious RAT tools. We observed that the threat actor abuses the DISCORD CDN network and leverages malicious .DOC and .LNK files to deliver these remote access tools to victims in South Asia. The Spyder backdoor has been detailed by QiAnXin, along with its use in targeting multiple entities in South Asia. In our report, we shared newly discovered IoCs and the type of targeted organizations based on our telemetry.

At the end of 2023, we discovered a striking malware variant orchestrated by the Kimsuky group, delivered by exploiting legitimate software exclusive to South Korea. While the precise method used to manipulate this legitimate program as the initial infection vector remains unclear, we confirmed that the legitimate software established a connection to the attacker’s server. Subsequently, it retrieved a malicious file, thereby initiating the first stage of the malware.

The initial-stage malware serves as a conventional installer designed to introduce supplementary malware and establish a persistence mechanism. Upon execution of the installer, it generates a subsequent stage loader and adds it to the Windows service for automatic execution. The culminating payload in this sequence is previously unknown Golang-based malware dubbed “Durian”. Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files.

With the help of Durian, the operator implemented various preliminary methods to sustain a connection with the victim. First, they introduced additional malware named “AppleSeed”, an HTTP-based backdoor commonly employed by the Kimsuky group. Furthermore, they incorporated legitimate tools, including ngrok and Chrome Remote Desktop, along with a custom proxy tool, to access target machines. Ultimately, the actor implanted the malware to pilfer browser-stored data including cookies and login credentials.

Based on our telemetry, we pinpointed two victims within the South Korean cryptocurrency sector. The first compromise occurred in August 2023, followed by a second in November 2023. Notably, our investigation did not uncover any additional victims during these instances, indicating a highly focused targeting approach by the actor.

Given that the actor exclusively employed the AppleSeed malware, a tool historically associated with the Kimsuky group, we have a high level of confidence in attributing these attacks to Kimsuky. However, intriguingly, we have detected a tenuous connection with the Andariel group. Andariel, known for adopting a custom proxy tool named “LazyLoad”, appears to share similarities with the actor in this attack, who also utilized LazyLoad, as observed during our research. This nuanced connection warrants further exploration into the potential collaboration or tactics shared between these two threat actors.

ViolentParody is a backdoor detected inside a South Korean gaming company, with the latest deployments observed in January this year. The threat actor distributed this backdoor over the organization’s network by infecting a batch file located on an internal network share. The execution of said infected .BAT file results in the launch of an MSI installer that in turn drops the backdoor on the machine and configures it to persist through scheduled tasks and COM objects. Analysis of this backdoor revealed that couldcollect reconnaissance data on the infected machine, perform file system operations and inject various payloads. We additionally observed the threat actor behind this backdoor launching penetration testing tools, such as Ligolo-ng, Inveigh and Impacket. We attribute the activity described in our report to Winnti with low confidence.

The threat actor SideWinder launched hundreds of attacks in recent months against high-profile entities in Asia and Africa. Most of the attacks start with a spear-phishing email containing a Microsoft Word document or a ZIP archive with an LNK file inside. The attachment kicks off a chain of events that lead to the execution of multiple intermediate stages with different JavaScript and .NET loaders, and finally ends with a malicious implant developed in .NET that runs only in memory.

During the investigation, we observed a rather large infrastructure composed of many different virtual private servers and dozens of subdomains. Many subdomains are assumed to be created for specific victims, and the naming scheme indicated that the attacker had tried to disguise malicious communications as legitimate traffic from websites related to governmental entities or logistics companies.

SideWinder has historically targeted governmental and military entities in South Asia, but in this case, we observed an expanded range of  targets. The actor also compromised victims located in Southeast Asia and Africa. Moreover, we saw different diplomatic entities in Europe, Asia and Africa that were compromised. The expansion in targeting also includes new industries, proven by the discoveries of new targets in the logistics sector, more specifically in maritime logistics.

The Lazarus group has various malware clusters in its arsenal and continues to update its functionalities and techniques to evade detection. However, the actor can also be observed employing its old malware on occasion. We recently discovered that this notorious actor was testing its old and familiar tool, ThreatNeedle. The malware author utilized a binder tool to create initial-stage malware for delivering and implanting the final payload. The main objective of the binder tool is assembling the malware installer, actual payload and configuration. In addition, we discovered various malicious files from an affected machine fetching the next-stage payload after sending the victim’s profile. This kind of downloader malware is typical of Lazarus’s modus operandi. However, the group adopted a more complex HTTP communication format at this time to evade detection at the network level. By investigating the Command-and-Control (C2) resources used by the actor, we discovered NPM packages that contain malicious JavaScript code to deliver malware without user notification. Most of them are disguised as cryptocurrency-related programs and capable of downloading an additional payload from the actor-controlled server. This is a highly similar strategy to the scheme that we have observed and reported in the past.

Hacktivism

Hacktivism, a marriage of hacking and activism, is often excluded from a company’s threat profile. This type of threat actor is commonly active in all types of crises, conflicts, wars and protests, among other events. The goal is to send a political, social or ideological message using digital means.

SiegedSec stepped up its hacktivist intrusions and activities internationally throughout 2023. This small group, active since 2022, mainly performs hack-and-leak operations. As with past hacktivist groups like LulzSec, what started as hack-and-leak and disruptive operations “just for lulz”, evolved into multiple offensive efforts in pursuit of social justice-related goals across the globe. The activities also led to coordination with other cybercriminal groups as part of the Five Families hacktivist collective, although SiegedSec were later expelled for alleged improper conduct.

Their recent offensive activity is contingent on current socio-political events. Their web-application-focused offensive activity targets companies and industrial and government infrastructure, and they leak stolen sensitive information. SiegedSec’s social justice initiatives include demanding freedom for an arrested Colombian website defacer / hacker, U.S. state governments’ involvement in instituting anti-abortion laws, the ongoing Israel-Hamas conflict and alleged human rights violations by NATO. The group’s members, both past and present, are still at large.

During the Israel-Hamas conflict, there has been an uptick in activities by hacktivists from all around the world, including denial of service (DoS and DDoS), web defacements, doxing and recycling of old leaks. The targets and victims have been primarily Israeli and Palestinian infrastructure. But since there are supporters on both sides of this conflict, hacktivists also target the infrastructure of supporting countries.

To mitigate exposure to threat actors of this type, it is first important to update the threat/risk profile when similar events happen. Second, it is vital to understand the technology exposure connected to the respective country or institution, and prevent unauthorized access by ensuring secure access and updated software. Third, DoS/DDoS readiness is essential. Although these attacks are transient, merely denying access for a limited time before normal service resumes, the respective tools are widely available, and their disruptive impact on business operation may vary depending on attack duration and size. Therefore, it is essential to implement measures to mitigate against application and volumetric attacks. Finally, data leaks are almost inevitable nowadays. Hackers may merely start with stolen credentials to gain full enterprise access and leak sensitive data. The data may then get recycled in future events, to associate the hot topic of compromise with the hacktivist message, so that it can be heard widely. The best approach to mitigate against this is to prevent the data leak in the first place. Implementing ways to monitor the network flow can be helpful in identifying an unusually large outbound data flow, which could be blocked at an early stage.

Other interesting discoveries

In 2020, we reported an ongoing campaign, started in 2019, that leveraged what was at the time new Android malware named “Spyrtacus”, used against individuals in Italy. The tool exhibited similarities with HelloSpy, the infamous stalkerware used to remotely monitor infected devices. The threat actor first started distributing the malicious APK via Google Play in 2018, but switched to malicious web pages forged to imitate legitimate resources relating to the most common Italian internet service providers in 2019. We have continued to monitor this threat over the years and recently observed a previously unknown Spyrtacus agent developed for Windows. The implant communicates with a C2 resource already reported in one of our previous reports and shares similarities to the Android counterpart in both malware logic and the communication protocol. During the investigation, we discovered other subdomains, which indicate the existence of implants for iOS and macOS, and may indicate the expansion of the group’s activities to other countries in Europe, Africa and the Middle East.

Final thoughts

While the TTPs of some threat actors remain consistent over time, such as heavy reliance on social engineering as a means of gaining a foothold in a target organization or compromising an individual’s device, others have refreshed their toolsets and expanded the scope of their activities. Our regular quarterly reviews are intended to highlight the most significant developments relating to APT groups.

Here are the main trends that we saw in Q1 2024:

• The key highlights this quarter include Kimsuky’s use of the Golang-based backdoor Durian in a supply-chain attack in South Korea, and campaigns focused on the Middle East, including APTs such as Gelsemium, but also hacktivist attacks.
• The Spyrtacus malware used for targeting individuals in Italy demonstrates that threat actors continue to develop for multiple platforms, including mobile malware.
• APT campaigns continue to be very geographically dispersed. This quarter, we reported campaigns focused on Europe, the Americas, the Middle East, Asia and Africa.
• We have seen attacks targeting a variety of sectors, including government, diplomatic, gaming, maritime logistics and an ISP.
• Geopolitics remains a key driver of APT development, and cyberespionage remains a prime goal of APT campaigns.
• We also continue to see hacktivist campaigns: these have been centered mainly around the Israel-Hamas conflict, but not exclusively, as the activities of SiegedSec illustrate.

As always, we would like to note that our reports are the product of our visibility into the threat landscape. However, it should be borne in mind that, while we strive to continually improve, there is always the possibility that other sophisticated attacks may fly under our radar.

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-language-speaking, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) containing words in these languages, based on the information that we obtained directly or that is otherwise publicly known and widely reported. The use of certain languages does not necessarily indicate a specific geographic relation, but rather points to the languages that the developers behind these APT artefacts use.

Building and maintaining a diverse workforce improves organizations in myriad ways, including fostering innovation, enhancing problem-solving capabilities, attracting top talent, building customer understanding, and contributing to social responsibility. Doing so typically requires that companies adopt a comprehensive diversity, equity, and inclusion (DEI) strategy to not only hire workers from diverse backgrounds, but also provide an environment in which these workers want to stay.

A key part of that strategy is setting specific goals for hiring and retaining a diverse workforce. Without clear, measurable DEI goals that leaders are held accountable for meeting, it’s all too easy for companies to say they value diversity while maintaining the status quo in their own workforces.

It’s especially important for tech companies and IT departments to set DEI goals, because certain demographics, such as women and Black, Latino, and Indigenous workers, are underrepresented in technology roles. Diversifying their workforces often means that tech leaders must step outside their comfort zones and actively seek out workers from underrepresented groups — and potentially change the corporate or department culture so that all workers feel respected and can expect equity when it comes to pay, promotions, and career growth.

That’s why workforce experts say that company-wide DEI goals aren’t enough. Tech leaders need to set — and meet — DEI goals specifically for technology workers.

“DEI goals are important in IT because underrepresented populations have traditionally been excluded from opportunities in IT and cybersecurity,” said Maxwell Shuftan, director, mission programs and partnerships at SANS Institute.

That’s because they tend to exit the STEM (science, technology, engineering, and mathematics) learning path prior to high school, providing little exposure to IT or cybersecurity as a potential career option, he said. In addition, they may not have opportunities to identify their aptitude and interest in technology, and they typically have limited access to high-quality technical education and training.

“Promoting diversity, equity, and inclusion is not just good for business; it’s the right thing to do, ensuring all individuals have opportunities to succeed and creating a more robust IT and cyber workforce,” he said.

But how do companies set meaningful DEI goals in IT? Here’s advice from IT leaders and DEI experts.

Take stock

“Setting and achieving DEI goals in IT is about creating a roadmap that reflects the world we live in,” said Greg Vickrey, a director with global technology research and advisory firm ISG. “It’s a mix of art and science — understanding the human element of the teams and backing it up with data.”

Vickrey advised organizations to begin with a complete audit, asking tough questions about the current diversity environment in IT. “This approach helps identify gaps in representation across different groups including race, gender, disability, veteran status, etc.,” he said.

As a research and development leader in the technology industry, Hema Ramaswamy, SVP of engineering at data intelligence platform Tracer, runs DEI initiatives like a technology project. She starts with the “why” and develops a concrete plan with goals, progress metrics, feedback, and improvements.

“At Tracer, we started off with a demographic survey with the goal of identifying the demographic characteristics and background that comprise our team and looking for areas of improvement,” she said. “Oftentimes, we hear about DEI [in terms of] gender, race, religion, sexual orientation, age, etc. However, at Tracer, our survey showed that the diverse educational background is where we needed to focus to be equitable and inclusive.”

To achieve DEI goals in IT, tech leaders must be intentional about measuring progress and adopt a comprehensive approach, said Libby Hillenbrand, senior director, leadership development and DEI at Rocket Software. “This begins with a thorough assessment of not only the current demographics and representation mix within your workforce but also engaging your employees for feedback and ideas,” she said.

“Done together, this analysis serves as a foundation for targeted efforts and provides a baseline for measuring progress against industry benchmarks,” Hillenbrand said. “Keep your employees at the center and bring them along on the journey.”

Get specific

Armed with such data, leaders can develop concrete DEI goals that address weak areas.

For example, an IT department might set a goal to increase the representation of women in the software engineering team by 20% over the next 18 months, said Vickrey. Another example is to ensure that at least 30% of leadership roles are filled by individuals from underrepresented groups within the same timeframe.

“These are tangible targets that push us to think differently about recruitment, promotion, and development,” he said.

Other examples of measurable DEI goals include increasing the percentage of women and underrepresented minorities in the IT candidate pool by 40%, as well as sourcing 35% of IT products and services from businesses owned by women, minorities, or other underrepresented groups.

Measure progress and be prepared to adjust tactics

To gauge progress, tech organizations must establish and monitor metrics and key performance indicators (KPIs), said Rocket Software’s Hillenbrand. It’s crucial to have metrics around hiring and retaining women and underrepresented groups, including increasing the number of women and underrepresented groups in leadership roles and in specific geographies.

“Tech companies should also measure promotion rates and pay equity,” she said.

Tech Mahindra, an IT services and consulting company, has initiated targeted recruitment drives aimed at underrepresented communities, not just at the entry level but also in senior and technical roles, said Richard Lobo, the company’s chief people officer. “[This ensures that we are] challenging the status quo and fostering a culture of inclusivity from the top down,” he said.

Beyond the traditional headcount metrics, tech companies are increasingly tracking retention and promotion rates for members of underrepresented groups, as well as conducting employee sentiment analysis through surveys to gauge the effectiveness of DEI initiatives, according to Lobo. This data-driven approach allows leaders to identify gaps, make informed decisions, and continuously refine their strategies, he said.

“Accountability mechanisms have become increasingly sophisticated, with leaders using a mix of qualitative and quantitative metrics to measure progress,” Lobo said.

Esteban Gutierrez, CISO at software company New Relic, noted that it’s harder to incorporate trackable metrics for DEI outside of representational numbers. “You can set goals around this, but it’s more than just hiring [underrepresented] employees,” he said. “It’s not as easy to add metrics to concepts like inclusion or a sense of belonging.”

Gutierrez said mentoring members of underrepresented groups is key to supporting larger organizational DEI efforts. He advised team leads to set up metrics that they can track, such as “how often you [leaders] meet [with members of the underrepresented groups], whether you come prepared with talking points, set a conversation topic for the meeting, or whether you bring any specific work examples to discuss or walk through.”

Monitoring turnover rates can also be revealing, Gutierrez said. Leaders need to take time to analyze and understand the contributing factors of why people leave. IT naturally has a high turnover rate, so it’s important to create a culture of belonging and inclusion that can boost retention.

Hold IT leaders accountable

For tech leaders to hold themselves accountable for meeting DEI goals, they should regularly review progress against their metrics and solicit new approaches from their leaders and ambassadors, Hillenbrand said.

New Relic’s Gutierrez advised team leads to create opportunities for feedback and encourage input from all team members, especially during brainstorms, retrospective meetings, and systematic reflections. “Employee resource group meetings also provide an opportunity for organizational reflection and a space to discuss progress and what efforts still need to be made,” he said.

Another approach that hits closer to home is to tie executives’ pay to meeting DEI goals — and that includes IT leaders.

It’s one thing to say that diversity matters, but it is a completely different thing to have it become a part of your overall compensation, said Keyla Cabret-Lewis, vice president of DEI and talent development at Aflac.

“For several years, diversity goals have been part of our management incentive program,” she said. “As such, failure to reach our goals will result in lesser compensation for company leaders.”

The results? “Women hold more than half of leadership roles and 37% of senior management roles in the company,” Cabret-Lewis said. “In Aflac’s digital services (IT) division, the CIO is a woman, and more than half of her direct reports are women or people of color who serve as Aflac officers (vice presidents).”

Lessons learned

“In my 15 years of experience in the DEI space, I’ve learned that you need both a top-down and bottom-up approach,” Rocket Software’s Hillenbrand said. “Strong executive sponsorship is required, where leadership has the will to drive change. Leaders must be willing to invest in the mechanisms to measure progress, update processes and programming, while modeling the desired behaviors themselves. You must also capture the hearts and minds of employees by inviting them to be part of the solutions.”

To that end, tech organizations should establish programs that enlist the passion of their employees to help connect them to their companies’ cultures.

“These programs should work to provide educational resources, creative events, programs, and open forums, both internal and external, to raise cross-cultural awareness and reinforce their commitment to inclusion and belonging,” she said.

Tracer’s Ramaswamy agreed that DEI requires a commitment from the top — and that it should be run as an initiative where progress is tracked and altered for its effectiveness. “To advocate for the DEI program is an arduous task. It requires allies and partners top-down and across multiple different departments and levels,” she said.

DEI isn’t a one-off campaign but an ongoing commitment, said ISG’s Vickrey. There is no final destination; it’s a continuous journey — one that requires perseverance and adaptability.

“Early on, I learned that not every initiative will work for every team or every individual, so stay flexible and adaptive,” he said.

“Another lesson is the power of transparency,” he added. “If you fall short of goals, be honest about it and it will strengthen the IT team’s commitment to DEI. It’s all about trust, and trust comes from being candid with each other, through the wins and the setbacks.”

Related reading:

• Nearly a third of women in tech jobs are considering leaving
• Women in tech statistics: The hard truths of an uphill battle
• 5 revealing statistics about career challenges Black IT pros face
• How diverse teams lead to better data
• DEI that works: 5 companies reaping the benefits of IT diversity strategies
• 4 ways DEI tools can drive change across the workplace
• How AI can give companies a DEI boost

Diversity and Inclusion, IT Leadership, IT Management

Podrobné srovnání snímačů tepu v hodinkách • Optická technologie proti přesnější elektrokardiografii • Čísla, grafy, vyhodnocení

Před rokem a půl uvedený Kindle Scribe byl návratem Amazonu k velkým e-inkovým čtečkám. Aktuálně je nabízí s 25% slevami, níž zatím nešel. Levněji se daly koupit jen repasované kusy. Základní 16GB varianta tak stojí 280 eur (7150 Kč), 32GB verze je za 320 eur (8150 Kč) a 64GB pak za 346 eur (8800 ...

Microsoft’s licensing of its software and services in the cloud is getting it into more hot water in Europe. This time it’s a group of Spanish startups that has called on regulators to investigate Microsoft behavior in the cloud marketplace.

The complaint, from La Asociación Española de Startups (AES) to the Spanish National Markets and Competition Commission (CNMC), accuses Microsoft of “anti-competitive practices” in the cloud marketplace.

The restrictive practices in the cloud marketplace are affecting both suppliers and cloud customers within the startup ecosystem in Spain, the association said.

AES, representing more than 700 startups in Spain, alleges that Microsoft is taking advantage of its dominant position in the market for operating systems (Windows) and office productivity software (Microsoft Office) to force the use of its cloud services, Microsoft Azure.

At issue are questions around data portability (moving information from one cloud platform to another) and restrictive contractual limitations on software licensing.

Technical and contractual barriers are limiting startup competition and innovation, according to AES. The association is calling on regulators to investigate their complaint and acting to ensure a more open, fair and competitive marketplace for cloud services in Spain.

Microsoft denied any wrongdoing or market manipulation.

“Microsoft provides choice and flexibility for our customers to switch to another cloud provider at no cost, and our licensing terms enable our customers and other cloud providers to run and offer Microsoft software on every cloud,” a Microsoft spokesperson told Computerworld. ”We will engage with the Spanish Start Up Association to learn more about its concerns.”

Cumulus

The Spanish complaint adds to a growing volume of similar complaints against Microsoft across Europe.

Last year CISPE (Cloud Infrastructure Service Providers in Europe), which represents European cloud infrastructure providers, filed a complaint against Microsoft with the European Commission.

CISPE’s complaint alleged that anti-competitive practices such as discriminatory packaging, linking, and pricing are among the technical and economic barriers that made it difficult for customers to freely choose between cloud service providers.

Francisco Mingorance, secretary general of CISPE, told Computerworld that “not only the target, but also the practices [targeted in the Spanish complaint], present some overlap with our pending EU-level complaint.”

CISPE is holding talks with Microsoft aimed at “resolving ongoing issues related to unfair software licensing for cloud infrastructure providers and their customers in Europe”. Any remediations or resolution agreed ought to be public and apply across the sector, CISPE insists.

Egress fees

In the UK, telecoms regulator Ofcom has referred the public cloud infrastructure market to to UK’s Competition and Markets Authority for further investigation.

High fees for transferring data out, committed spend discounts and technical restrictions are “making it difficult for business customers to switch cloud provider or use multiple providers”, according to Ofcom. The regulator’s is concerned that the business practices of market leaders Amazon Web Services and Microsoft could limit competition.

At issue are factor such as egress fees, the charges that customers pay to transfer their data out of a cloud. Hyperscalers – such as AWS, Google Cloud and Microsoft – set them at significantly higher rates than other providers.

“The cost of egress fees can discourage customers from using services from more than one cloud provider or to switch to an alternative provider,” according to Ofcom.

Technical barriers to interoperability and portability, factors that mean that customers need to reconfigure their data and application to work on different clouds, and committed spend discounts are also an issue in alleged vendor lock-in and restrictive practices in the cloud.

Microsoft, Microsoft 365, Microsoft Azure, Regulation

Podle statistik Mercury Research se AMD dostala na nejvyšší úroveň podílu v serverových i desktopových procesorech v novodobé éře. V segmentu notebooků si meziročně polepšila…

Dva američtí lovci konzumovali zvěřinu z jelenců s prionovým onemocněním. • Zemřeli na Creutzfeldt-Jakobovu chorobu. Lékaři se obávají, že jsme svědky prvních případů přenosu choroby z jelenovitých na člověka. • Inkubační doba je dlouhá. Pokud se příčina onemocnění potvrdí, tiká mezi lovci a ...

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Newsroomhttp://www.blogger.com/profile/[email protected]

Výrobci na Tchaj-wanu: Je to k ničemu, Intel nám jen přidělal práci a z Core i9-14900K udělal „třísekundového hrdinu“…

BogusBazaar ripped off shoppers and scraped card details, but not in China

A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.…

Úrokové sazby nad 6 % p.a. jsou už minulostí. Stále ale lze získat úrokovou sazbu nad 5 % p.a., zvláště u spořicích účtů. Zato termínované vklady s pětkou na začátku začínají rychle mizet.

Vedoucí zaměstnanec firmy vybíral její peníze prostřednictvím bankovní karty. Výběry formálně neproúčtoval, ale neporušil přitom žádnou svou povinnost, nic nezavinil, a tak není odpovědný za škodu. Jenže ještě platí, že obohacený zaměstnanec musí vydat bezdůvodné obohacení.