Google Removes Fake Minecraft Modpack Apps That Are Loading Adware to Android Devices


Earlier this month, I reported on threat actors using Minecraft as a gateway into tricking users. More accurately, the name of Minecraft is being used to push third-party apps that are less than honorable and using fleeceware on unsuspecting users. It seems the problem is even more extensive than first though.

In fact, security firm Kaspersky now says Minecraft being used by bad actors extends beyond simply monetary scams. Specifically, applications claiming to have modpacks for the game are really placing extremely intrusive ads on Android devices.

Naturally, the problem starts on Google Play, where the apps are uploaded. Kaspersky says Google has been actively removing adware applications associated with Minecraft. However, the company points out the following five remain on the store:

  • Zone Modding Minecraft,
  • Textures for Minecraft ACPE,
  • Seeded for Minecraft ACPE,
  • Mods for Minecraft ACPE,
  • Darcy Minecraft Mod.

These five apps range from mostly unknown (500 installs) to very popular (over 1 million installs). They come from different publishers but the noted modpacks seems to be largely the same across some of the apps.

Adware Attack

Each of the apps plays the classic trick of having bot reviews leaving 5-star reviews. You know the ones, those that say, “this app changed my life”. Although, mixed in with those fake 5-star reviews are a sea of 1-star comments, no doubt the true reflection on these applications.

Google has since removed all the apps mentioned by Kaspersky.

If you are a Minecraft fan, you are not alone if you downloaded one of these fake mudpack apps. If you have the app on your Android device, you will know it does not load any mod.

Users who do not remove the application will find it will remain on the device and will star displaying ads. Browser windows open and ads become increasingly obtrusive. For unsuspecting users, they will have no idea it is the Minecraft mudpack app causing the problem.

Source Winbuzzer

read more

GitHub Welcomes Back YouTube-dl After Recent DCMA Takedown


In recent weeks, we have been charting the saga around Microsoft-owned GitHub and the YouTube-DL (youtube-dl) tool. Specifically, GitHub removed the tool for violating copyrights, causing a storm of protest from users. After previously threatening to ban users for reposting YouTube-dl, GitHub has relented.

In a blog post, the code repository says YouTube-dl has now been restored to the platform. GitHub says the initial removal was in compliance with the law following a DMCA takedown of the tool. According to the company, new information shows the popular tool does not circumvent copyright laws.

“Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot. And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM), was inline with our values of putting developers first.”

If you’re unfamiliar with YouTube-dl, it is a tool for internet video download commands. It is not an illegal service but it is prohibited under section 1201 of US copyright law because it allows users to circumvent copyrights.

Many fans responded to Microsoft’s initial action by saying YouTube-DL is a legitimate tool. In fact, those YouTube-dl users claim the software is a fair use tool that also helps to download proprietary content or back up videos.

Second Chance

GitHub says no DCMA notice on the platform is necessarily permanent. In fact, projects get the chance to reorganize and remove any content that may be causing an infringement. Thanks to a patch to YouTube-dl, it now falls within the company’s rules.

This is a quick change of tactic from GitHub. Just a week ago, the company was actively threatening to ban any user who re-uploaded the tool to the platform:

Please note that re-posting the exact same content that was the subject of a takedown notice without following the proper process outlined below  is a violation of GitHub’s DMCA Policy and Terms of Service. If you commit or post content to this repository that violates our Terms of Service, we will delete that content and may suspend access to your account as well.”

Either way, YouTube-dl is now available again.

Source Winbuzzer

read more

Microsoft and Tech Giants Congratulate President-Elect Joe Biden on Election Success


Microsoft has extended a congratulations to president-elect Joe Biden after the Democrat candidate was declared the winner of the election over the weekend. Microsoft president and chief lawyer Brand Smith also called for a peaceful transition of power.

President Trump has failed to acknowledge Biden’s victory. Furthermore, he has stoked controversy by saying the election was rife with fraud and starting numerous lawsuits to halt the transition. Smith points out Microsoft also congratulated Trump on his presidential victory in 2016.

“If we are to move forward as a nation, we must build new bridges to close the gaps that divide us,” Smith said over the weekend.

“The peaceful transition of power has been an enduring and vital part of our democracy for over two centuries, and it remains so today,” Smith said in 2016.

Bill Gates also sent congratulations to Biden, although the Microsoft founders’ interests lie far beyond the success of the company these days. In fact, Gates said he is looking forward to working with Biden on humanitarian projects, starting with the ongoing fight against COVID-19.

“I look forward to working with the new administration and leaders on both sides in Congress on getting the surging pandemic under control, engaging partners around the world on issues like poverty and climate change, and addressing issues of inequality and opportunity at home,” said Gates in a tweet.


Other Tech Company Responses

Microsoft was not the only tech giant to offer congratulations to Biden. Amazon CEO Jeff Bezos, a long-time target of Trump’s anger, congratulated Biden, and vice-president elect Kamala Harris.

“Unity, empathy, and decency are not characteristics of a bygone era. Congratulations President-elect @JoeBiden and Vice President-elect @KamalaHarris. By voting in record numbers, the American people proved again that our democracy is strong,” Bezos said in an Instagram post.

The Business Roundtable, a group of CEOs from the largest companies in the United States (Microsoft, Apple, and Amazon among them), also extended a congratulations.

“While we respect the Trump campaign’s right to seek recounts, to call for investigation of alleged voting irregularities where evidence exists and to exhaust legitimate legal remedies, there is no indication that any of these would change the outcome,” the organization said in a statement.

Source Winbuzzer

read more

Microsoft Visual Studio Code Linux ARM Support Benefits Chromebooks and Raspberry Pi


Microsoft Visual Studio Code is one of the most popular programming tools, so it’s easy to assume the platform is ubiquitous. However, that’s now the case and there are some platforms where VS Code is now unavailable.

Microsoft is working to address those gaps in availability with a couple of new support. Specifically, Microsoft Visual Studio Code now supports Linux devices on ARM.

This is an important change that will drastically expand the availability of VS Code. That’s because ARM on Linux runs on Raspberry Pi. Of course, this is a platform that has been massive in the growth of Internet of Things (IoT) devices.

These days, the Raspberry Pi is something noteworthy. Indeed, Raspberry Pi 4 now packs decent specs. With support for Visual Studio Code, developers on Linux ARM can leverage the platform to tap into remote hardware.

Supporting ARM does not only mean big news for Raspberry Pi. It also means Visual Studio Code is now available on ARM Chromebooks. Several laptops running Google’s Chrome OS pack ARM-based computing.

Developers can now use VS Code on Chromebooks, extending to ARM-based products for the first time.

VS Code September Update

Microsoft made the change through CS Code version 1.50. This was the September update that also introduced the following features and improvements:

  • “Accessible settings editor – Interact with the settings list like any other list in VS Code.
  • Pinned tabs improvements – Resize pinned tabs, unpin with one click, and more.
  • Linux ARM builds – VS Code is now available for both Linux ARMv7 and ARM64.
  • Improved debugging experience – Improved hover and filtering in debug console.
  • New JS debugger features – Toggle auto attach flows and see performance in real-time.
  • Panel layout improvements – New panel maximization settings and bottom panel size.
  • Webview Views support – Build extensions with webview views in the sidebar and panel.
  • Updated “Create a Dev Container” tutorial – Get started with Development Containers.”

Source Winbuzzer

read more

Microsoft Confirms Dangerous Zerologon Windows Bug Is Being Exploited


In recent week, we have been following the Zerologon (CVE-2020-1472) vulnerability on Microsoft Windows. Described as one of the most dangerous bugs ever, Microsoft and third-parties have been scrambling to fix the flaw. However, Microsoft now says an Iranian state actor has found an exploit for the bug.

According to the company, an advanced persistent threat (APT) group know as MERCURY has been exploiting the bug. The actor has a reputation for going after government agencies in the Middle East.

“MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (Zerologon) in active campaigns over the last 2 weeks,” according to a tweet from Microsoft this week.

Zerologon gives attackers the ability to take control of Windows Servers. It is an elevation of privilege flaw found in Netlogon, a Microsoft process that authenticates users against domain controllers. Microsoft deems the flaw extremely dangerous, rating it 10/10 in terms of severity.

It is also notable for working quickly, something that makes even more problematic. In fact, Zerologon can infiltrate an enterprise system in three seconds or less. Attackers could also use it to change passwords and relatively easily take over a whole organization’s network.

Fixing the Problem

As we reported initially, Microsoft has already sent out a patch for the flaw. This patch was supplemented a week later by two third-party patches. 0patch issued a fix saying Microsoft’s does not work on all systems. File sharing utility Samba sent out a patch for its own service.

Microsoft is currently rolling out a fix and enterprise customers are strongly advised to install it. However, the company will ramp up the patch during the first quarter of 2021. The company says another “enforced” patch will be sent out during this time.

However, now that Zerologon is in the wild the threat it poses has taken on a new level of danger.

Source Winbuzzer

read more

Microsoft Reminds Customers of Surface Duo Unique Features


Microsoft’s Surface Duo smartphone is now out in the wild. Reviews for the company’s first handset in years have been mixed. It seems the overall experience is obviously first-gen, but people are in love with the hardware and design. Microsoft is now aiming to sell users on some handy features available on the Duo.

In a recent video, Microsoft is highlighting some of the new technology it developed for the Surface Duo. Many of the new tools are already known about but it seems Microsoft wants to remind users of what the Duo can do.

As noted, early reviews say the device is interesting but much of the software tricks are clearly still in development. However, it is clear the Duo has the potential to become a powerhouse device. Whether Microsoft can solve early software ticks with updates or will need to wait until a second generation remains to be seen.

Interesting Abilities

Either way, here are some of the tools the company walks through in the video:

  • “Duo uses a custom pixel stack and each set of panels undergo extensive color and luminance calibration.
  • Microsoft developed new manufacturing processes to actively align pixels across screens.
  • The proprietary digitizer algorithms even consider when you are crossing the seam with your finger, making it feel like it’s one fluid screen.
  • Within the dynamic 360-degree hinge, custom-designed cables connect the displays to work together, across a variety of postures.
  • Microsoft designed a completely new dual-system architecture to deliver optimal performance and battery life within the thinnest, lightest design possible.
  • Every detail, from the layout of the motherboard and multi-cell battery, to the placement of inertial sensors, mics and antennas, was purposefully designed to unlock an entirely new interaction model across two screens.”

Microsoft’s Android running Surface Duo is available now for $1,399.

read more

Surface Duo Gets Microsoft Garage Sketch 360 Application


While the Microsoft Garage division can be hit and miss with successes, when a new idea lands it’s usually a good one. We can file Sketch 360 under Microsoft Garage wins. This is a design app that has been relatively popular on Windows 10. Now, Microsoft is bringing the tool to the new Surface Duo smartphone.

As you may guess from the name, Sketch 360 is a digital design tool that allows users to quickly take notes of ideas for 3D spaces. The app takes those drawings and projects them inside a sphere, with the user in the center. In this space, users can test concepts before heading to a full model.

Microsoft’s Michael Scherotter, who developed the app as a “passion project” confirmed its availability on the Google Play Store. Below is the company’s description of the app

“Whether you are an architect, a VR designer, an urban sketcher, a 3D game designer or a 360 video producer, you can easily construct an accurate sketch from a single viewpoint that’s easily shareable online using Sketch 360.”

Available Now

Of course, the dual screens of the Surface Duo make it a perfect device for apps like this. Microsoft says Sketch 360 is fully optimized for its new Android smartphone. This means it reads the pressure-sensitive Surface Pen as it would on a touch-screen laptop.

More interestingly, the app will also function on any other Android smartphone. Users can download Sketch 360 for Surface Duo on Android at the Google Play Store here.

Microsoft has been shipping the Surface Duo smartphone since earlier this month, although only to customers in the United States. Reviews have been mixed for the $1,399 handset, with most agreeing it’s amazing hardware, average performance, and very much a first-gen product.

Source Winbuzzer

read more

Welcoming Paul Robichaux to the Practical 365 Team


Let me tell you a story.

My father loved every sort of gadget. He was an avid ham radio outlet, loved tinkering with engines and mechanical things, and had a lengthy background in industrial construction, doing everything from selling large projects such as hospitals and airports to working as a site foreman to driving a backhoe. I inherited a lot of his qualities, including a tendency to chase shiny objects and a deep love for taking things apart to understand how they work.

One magical day in 1977, he came home with a large, scuffed-up cardboard box that said “TRS-80” on the side. He’d built a new building for a local appliance vendor and had received the computer as payment for a side job of adding a wet bar in the owner’s office. We eagerly set it up, made a quick jaunt to Radio Shack to buy a book on BASIC programming, and that was the last my mom saw of us for quite some time. I was 9. By the time I was 11, I had spent so much time hanging around the local Radio Shack asking annoying questions that the manager there introduced me to a customer who needed some minor changes made to his accounts payable reports, and I got my first paying job as a software developer—and I’ve been doing it ever since.

The technology world has changed immensely since then, of course. The microcontroller in my bicycle light has more computing power than that old TRS-80 Model I, Microsoft has grown from a scrappy vendor of BASIC interpreters to the behemoth we all know, and ubiquitous computing and analytics have had a massive impact on nearly every aspect of our lives, from how the food we eat is grown to how, where, and when we work to how we spend our leisure time.

Despite all the bad things happening in the world right now, it’s also an amazing time to be alive if you’re a curious tinkerer. Although Microsoft takes great pains to make Microsoft 365 look like a black box that outsiders can’t see into or fiddle with, there are many parts of its ecosystem that are amenable to investigation and experimentation—which is why I’m genuinely excited to be joining the Practical 365 editorial team as co-editor-in-chief. The spirit of P365 is deeply oriented towards hands-on figuring out how things work and giving practical guidance on how to get the most from Microsoft’s tools. I look forward to helping our readers learn and grow with the platform to get the most from it.

Source Practical365

read more

BLURtooth Flaw Targets Bluetooth Technology to Create Attack Methods


Security researchers have discovered a vulnerability in Bluetooth technology which could allow a bad actor to hack communications on a nearby device.

Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University call the Bluetooth bug “BLURtooth”. According to the team, the flaw (CVE-2020-15802) is high-severity and is found in the pairing technology for Bluetooth 4.0 and 5.0.

Specifically, a problem in the Cross-Transport Key Derivation (CTKD) could give an attacker within wireless range access to communications on a victim device. This would include spying on communications and altering the link between devices.

“Devices… using [CTKD] for pairing are vulnerable to key overwrite, which enables an attacker to gain additional access to profiles or services that are not restricted, by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key,” according to a security advisory by the Carnegie Mellon CERT Coordination Center.


CTKD is used when two dual-mode devices pair. Dual mode means they support both Bluetooth Low Energy (BLE) and Basic Rate/Enhanced Data Rate, (BR/EDR). BLE is the latest iteration of the tech, whereas BR/EDR is the classic version. Dual-mode devices can run both these protocols.

When dual-mode devices link, they generate encryption keys known as Link Keys. However, the vulnerability in CTKD means the potency of the Link Key is compromised. Attackers could leverage this flaw, exploit it, and pair their own dual-boot device to a victim device without needing authentication.

While it is deemed a severe risk flaw, the nature of Bluetooth tech means an attacker would need to act under specific circumstance. Specifically, they would need to be in wireless range. However, it’s worth noting the range of Bluetooth 5.0 capabilities is 800 feet.

“If a device spoofing another device’s identity becomes paired or bonded on a transport, and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur,” according to a security advisory on Wednesday by the Bluetooth Special Interest Group (SIG), the group that oversees the technology. “This may permit a man-in-the-middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”

Source winbuzzer

read more

Google Brings Microsoft Office Editing to G Suite on Android


Google’s G Suite productivity bundle is arguably the biggest competitor to Microsoft’s Office/Office 365. However, it’s probably fair to say Office remains more powerful and usable. One of the areas Google has struggled is in making editing Office documents in G Suite easier. Now, the company is working on improving this gap.

Simply put, G Suite has not traditionally played nice with Office files. Microsoft has been far more open in allowing non-Office files, including G Suite, to work in Office. Users of Microsoft’s service can edit, comment, and collaborate with G Suite files.

In contrast, Google has taken more time to return the favor. A year ago, the company brought Office files editing, commenting, and collaboration to G Suite apps on the web. However, the same tools were still off limits on Android.

The company’s increasing embrace of Office files could stem from former Microsoft Office head Javier Soltero now leading G Suite.

Coming to Android

Google is now working to change that, bringing those web abilities to Docs, Sheets, and Slides on Android. At the moment, users are still forced to convert Office files into a working G Suite format. According to Google, allowing Office editing will replace QuickOffice on the Android platform.

QuickOffice is a defunct application that allowed users to view, edit, and create Microsoft Office files.

“Office editing will make it easy for G Suite users to open and edit Microsoft Office files that have been shared by partners, vendors or other teams. In cases where some members of your organization use Office while others use G Suite, this ensures seamless collaboration and eliminates the need to consider or convert file types,” Google says.

The feature supports the following apps and file types:

  • Word files: .doc, .docx, .dot
  • Excel files: .xls, .xlsx, .xlsm, (macro enabled Excel files), .xlt
  • PowerPoint files: .ppt, .pptx, .pps, .pot

Google says the new ability is rolling out this week but will not reach all Android users at once. It’s worth noting the feature is now on by default. Google says the same tool will come to iOS variants of the G Suite apps later this year.

Source Winbuzzer

read more
1 2 3 4
Page 1 of 4