The ITAM Roundup: 6/16/24

roundup Jun 16, 2024
📰
News

Kyndryl reportedly in talks to buy DXC Technology

Kyndryl is in discussions to potentially acquire DXC Technology, a move that could significantly impact IT infrastructure services. The acquisition talks, reportedly with Apollo Global's involvement, may see Kyndryl offering between $22 and $25 per share for DXC, driving up DXC's stock price. If successful, the deal could leverage Kyndryl's scale and expertise in mainframe modernization, contrasting with DXC's recent struggles and its exploration of selling its insurance software business under new leadership.

Kyndryl reportedly in talks to buy DXC Technology
If the deal goes through, CIOs struggling with legacy integration strategies may have some new options.

IBM dream to gobble up HashiCorp challenged in court

An investor has sued HashiCorp and its executives over IBM's proposed acquisition for $6.4 billion, alleging the deal primarily benefits company insiders rather than public shareholders. The lawsuit, filed in federal court, claims HashiCorp's board agreed to the acquisition to enrich themselves, omitting critical financial details in SEC filings. Despite initial legal action, the plaintiff's law firm has moved to dismiss the case abruptly, raising questions about the lawsuit's legitimacy and the involvement of the named shareholder.

IBM plan to buy HashiCorp challenged in court by investor
This benefits management, but not us shareholders!

Oracle Java police start knocking on Fortune 200's doors for first time

Oracle has begun sending Java audit letters to Fortune 200 companies for the first time, following a shift to a per-employee licensing model introduced in January 2023. This change significantly impacts businesses previously using Java under different terms, potentially increasing costs two to five times. Industry experts like Craig Guarente advise companies to assess their Java usage carefully to avoid unnecessary payments and potential future cost escalations under long-term agreements with Oracle.

Fortune 100 get Java audit letters for the first time
Expansion of compliance activity follows per-employee licensing change

Broadcom ends easy elasticity for VMware Cloud on AWS

Broadcom, which now owns VMware, has shifted VMware Cloud on AWS to a subscription-only model, ending the on-demand use of software licenses. This change eliminates the ability for customers to dynamically adjust resource usage as needed, now requiring a one-year subscription for new hosts instead of self-service provisioning. AWS has responded aggressively with migration promotions, highlighting concerns among IT leaders about the future of VMware under Broadcom's ownership and the impact on pricing and service flexibility.

Broadcom ends easy elasticity for VMware Cloud on AWS
Amazon is not taking this lying down, as shown by aggressive migration promotions

Copilot in SharePoint, Recall is Recalled, plus Karin Skapski Talks Automation: The Practical 365 Podcast S4 E21

In the latest Practical 365 podcast episode, Karin Skapski discusses automation using Copilot and upcoming features in SharePoint. Microsoft's Copilot+ PCs introduce controversial features like Windows Recall, which has been delayed amid security concerns and will undergo further review. The podcast also explores new capabilities for Copilot in Teams, including the introduction of customizable agents for enhancing productivity and collaboration.

Copilot in SharePoint, Recall is Recalled, plus Karin Skapski Talks Automation: The Practical 365 Podcast S4 E21
On this week’s show, Steve and Paul are joined by Microsoft’s Karin Skapski to discuss automation, Copilot, TEC, and much more.

IT leaders go small for purpose-built AI

In the latest insights, IT leaders are increasingly favoring small AI models over large ones like GPT-4, emphasizing cost-effectiveness and specialized functionality. Companies like Microsoft and Apple are launching small language models (SLMs) tailored for specific tasks, offering flexibility and lower deployment costs compared to LLMs. This trend highlights a shift towards purpose-built AI solutions that provide better control over data and address niche needs effectively, challenging the notion that bigger AI models are always superior.

IT leaders go small for purpose-built AI
Companies don’t need to adopt large language models to get real benefits from AI, some experts say.

Visual Studio and Team Foundation Server End of Life

Microsoft Visual Studio Version 17.4 (LTSC channel) is reaching its end-of-life on July 11, 2024, prompting users to update installations to mitigate security risks. Visual Studio, a longstanding IDE since 1997, supports various editions and channels, including the Long-Term Servicing Channel (LTSC) for extended support. Additionally, Visual Studio Team Foundation Server (TFS), now Azure DevOps Server, provides tools for collaboration throughout application lifecycles, emphasizing the importance of staying updated to receive security patches and new features.

Visual Studio and Team Foundation Server End of Life - Lansweeper
Discover all Visual Studio and Team Foundation Server installations in your IT environment along with their end of life status and dates.

Microsoft delays Windows Recall amid privacy and security concerns

Microsoft has postponed the release of its AI-powered Windows Recall feature amid significant privacy and security concerns. Originally set for a public preview on Copilot+ PCs starting June 18, 2024, it will now debut first with Windows Insiders to gather feedback before wider release. Critics warn that Recall, which takes frequent screenshots analyzed by Azure AI, poses serious privacy risks despite Microsoft's assurances of encryption and opt-in features for security.

Microsoft delays Windows Recall amid privacy and security concerns
Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs.
📖
Tips

Microsoft Customers: Your Security Strategy Needs an Overhaul, Too

Microsoft faces criticism from the U.S. Cyber Safety Board, prompting a company-wide security overhaul. Analysts advise customers to bolster their security strategies with proactive measures like patch management and multi-factor authentication in response to recent vulnerabilities. Check out the guidance from Directions analysts Michael Cherry and Mary Jo Foley:

Microsoft Customers: Your Security Strategy Needs an Overhaul, Too
After the U.S. Cyber Safety Board gave Microsoft a terrible report card, what should customers be doing?

Microsoft warns Azure Tags could be targeted by hackers

Microsoft has revised its stance on Azure Service Tags, warning users that these tags could potentially be exploited by hackers to gain unauthorized access to cloud resources, despite initially stating they weren't meant for security purposes. The company acknowledged a vulnerability highlighted by cybersecurity researchers from Tenable, involving the misuse of Service Tags to impersonate trusted Azure services and bypass firewall rules. While Microsoft emphasized no real-world abuses have been detected yet, it advises users to implement additional security measures beyond Service Tags for network traffic authentication.

Microsoft warns Azure Tags could be targeted by hackers
Azure Tags were never meant to be a security boundary, Microsoft says
🐛
Bugs & Exploits

CISA warns of Windows bug exploited in ransomware attacks

The U.S. CISA has flagged CVE-2024-26169, a high-severity Windows vulnerability exploited in ransomware attacks, allowing local attackers to gain SYSTEM permissions without user interaction. Microsoft patched the flaw on March 12, 2024, but it had been exploited by the Black Basta ransomware gang before the update. CISA mandated federal agencies to patch the vulnerability within three weeks to mitigate widespread ransomware threats, emphasizing its critical risk to organizational security.

CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.

Tags