close

Business Technology

Business Technology

Microsoft Pulls Plug on Azure Sphere Update Due to Bugs

download (81)

Azure-Sphere-Microsoft

Microsoft says it will no longer be rolling out the latest version of Azure Sphere. In a rare move, Microsoft is not only postponing the update, but the company is also cancelling it entirely. According to Microsoft, the release simply did not pass quality control.

The update was supposed to be Azure Sphere OS version 22.01. Earlier this month, Microsoft scheduled the update for January 26. However, that date passed, and users were left wondering what happened to the new version.

In a blog post, Microsoft confirmed that an issue in the Retail Eval channel meant the update has been thrown in the trash.

“During the evaluation period for 22.01, a customer reported intermittent network connection failures during the OS update process when using the ENC28J60 Ethernet interface for Internet connectivity. To adhere to our quality standards, we are cancelling the 22.01 release while we investigate this.”

While that means no 22.01 update, Azure Sphere user do not need to wait long for the next bump. Microsoft says version 22.02 will roll out in the second half of February. The company also points out the updates in 22.01 were minor and none of the improvements were security related.

Interestingly, the update was still showing in the Retail Eval feed at the time of writing.

Azure Sphere

Azure Sphere left preview in 2020 to enhance security for Internet of Things (IoT) devices. Microsoft announced Sphere in 2018 and in 2019 said the service would leave preview in February 2020.

Azure Sphere is comprised of Microsoft microcontrollers alongside Sphere Linux-based OS and a Sphere cloud security service.

Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again.

Source Winbuzzer

read more
Business Technology

Microsoft Security Highlights Importance of MFA in Combatting New Phishing Attack Methods

WIN20_PRO_RemoteWorking_031-900×360

Back in July, Microsoft acquired cloud security firm CloudKnox to bolster protection on the Microsoft Azure platform. This week, Microsoft is back to explain exactly how CloudKnox will work on Azure and how the service will function moving forward. Specifically, Microsoft says CloudKnox will continue to be available as a separate product for new and existing customers. For those who are using the service outside Azure, “sales, engineering, and service support” will now come from Microsoft. Pricing will also remain the same, says Alex Simons, corporate vice president for identity program management at Microsoft. Instead of lock down the service to Azure exclusivity, CloudKnox will continue as a multi-cloud security tool:

Phishing attacks often rely on the simplest methods to trick people. However, like other forms of cybercrime, threat actors must constantly evolve their techniques. Once a phishing scheme is understood, it is harder to keep using the same attack method. A report from Microsoft 365 Defender Threat Intelligence Team shows what the latest evolution of phishing looks like.

In a Microsoft Security blog post, the team discusses a phishing campaign that functions across multiple phases. It is a new kind of attack process that seeks to lock a gadget controlled by the threat actor into a network.

Once inside, the payload can expand quickly through the attackers target pool. Microsoft explains how the attack begins:

“The first campaign phase involved stealing credentials in target organizations located predominantly in Australia, Singapore, Indonesia, and Thailand,” Microsoft says. “Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam.”

Importance of MFA

One of the reasons Microsoft is disclosing this information is to point out the importance of multifactor authentication (MFA). Microsoft has been big on promoting MFA while stressing the need to move to passwordless security in recent years.

According to the company, phase two of the new phishing campaign can be prevented by using MFA. The company found organizations with MFA could combat attacks, while those without were at more risk of lateral spread. For those organizations, the price was theft of credentials and other data theft.

Microsoft uses an example where the threat actor used the Outlook email platform to spread the attack. Once into an account by guessing a password, the attack targets the mailbox and slowly spreads the campaign.

Tip of the day: For the most part, Windows apps are stable, but they can still be still thrown out of whack by updates or configuration issues. Many boot their PC to find their Microsoft Store isn’t working or their Windows apps aren’t opening. Luckily Windows 11 and Windows 10 have an automatic repair feature for apps that can resolve such issues.

Source Winbuzzer

read more
Business Technology

Polkit Pkexec “PwnKit” Flaw Made Every Linux Distra Vulnerable for over a Decade

FKATBasWUAEJ44L

Cyber-Security-Lock-Pixabay

Linux is the open source dream and used by millions of people around the world. It is respected for its security, but one vulnerability puts the whole “Linux is secure” boast under threat. According to a new report, a flaw known as “PwnKit” has been running on the platform over the last 12 or more years.

More importantly, the vulnerability spans every Linux distro, and it is an exploitable security big. The news comes when more people are starting to embrace Linux and malware increases on the platform.

Linux security experts Qualys found the vulnerability that potentially leaves every major Linux distribution open to an attack. If exploited, the flaw can give a threat actor access to a system through a local privilege escalation (LPE) attack.

Researchers with the firm were able to exploit the PwnKit flaw which is described as a memory corruption in PolKit’s pkexec program. This is a Linux utility or SUID-root that is found on all the major platform distros.

Details

Qualys has labeled the vulnerability “PwnKit” with the ID “CVE-2021-4034.” It affects popular Linux distros like Debian, Ubuntu, Fedora, and CentOS.

It seems that the flaw has been in Polkit pkexec since the launch of the program. That means Linux has been sitting vulnerable for over 12 years. One of the reasons attackers have not targeted this flaw is because an attacker would need local access. The lack of remote attack makes this less dangerous, but even so there is no doubt this is a concerning flaw.

“Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host,” the researchers point out.

Qualys recommends users should immediately patch the flaw. Doing that depends on which Linux distro the user has; such is the broad surface of this bug.

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in Windows 11 and Windows 10? This is a great way to have your most used programs always at your fingertips. In our tutorials we show you how to set those hotkeys for your favorite apps.

Source Winbuzzer

read more
Business Technology

WinBuzzer News Microsoft Intune is Blocking Gmail Access on Samsung Devices

download (79)

Samsung-Galaxy-Fold-3-Samsung

Microsoft has confirmed an issue with its Microsoft Intune service on Samsung devices. Specifically, some Samsung smartphones cannot access email and VPN apps when running through Intune. The apps lose their certification access following an update to Android 12.

When a Samsung device is enrolled in a work profile on Microsoft Intune, they cannot connect to email services like Gmail or access AnyConnectVPN. There are also some other apps affected by the issue. Microsoft has not said which devices have the problem, so I presume it could happen to any Samsung phone or tablet.

Microsoft has a close mobile collaboration with Samsung and is working with the company to find a permanent solution. Until then, there are temporary workarounds to allow devices to work with Gmail and AnyConnect VPN.

“Microsoft Intune was recently alerted to an issue for Samsung devices enrolled with a work profile that, after updating to Android 12, some email and VPN applications are losing access to certificates when the user tries to access them (such as Gmail and AnyConnect VPN),” explains Microsoft.

AnyConnect VPN Workaround

  • Go to Settings > Work Profile > Apps > AnyConnect VPN > Storage > Clear Data.
  • Upon opening AnyConnect VPN again, the app will request the certificates again in a popup prompt.
  • Select the certificate to fix the problem.

Gmail Workaround

  1. Open the Company Portal app> Menu > tap Remove Company Portal.
  2. Open Google Play app > select the Intune Company Portal app > Uninstall the app.
  3. In Google Play, Install the Intune Company Portal app.
  4. Open and sign into the Company Portal.
  5. Gmail in the work profile now works as expected.

Alternatively, Gmail users can remove and re-add configuration for the app if they have admin privileges.

Tip of the day: If you need to Create, Delete or Resize Partitions, Windows has everything you thanks to the built-in Disk Management-tool.

Source Winbuzzer

read more
Business Technology

Android 11 Finally Comes to Original Surface Duo

surface-duo-android-11-1280×720

During the launch period of the original Surface Duo in 2020, Microsoft said the Android smartphone would receive regular updates. That never happened, there’s nothing like bad sales to sap a company’s update commitment. However, the Surface Duo is now getting its long-awaited upgrade to Android 11.

Microsoft originally planned to bring Android 11 to the Surface Duo before the end of 2021. However, that deadline was not met, and Microsoft put the blame on Google. Earlier this month, Microsoft explained the issues with the release and said it would arrive by the end of this month.

This time the company has been able to keep its promise as Android 11 is now rolling out to the Duo. Interestingly, this is the first update of any kind the handset has gotten since last June, and even that was a stability release. So much for regular updates.

By moving to Android 11, the original Surface Duo is joining the newer Surface Duo 2 on the software. However, that is hardly impressive considering Android 12 is now available.

Moving Slowly

Earlier this month, we reported that Microsoft will now skip Android 12 for both the Surface Duo and Surface Duo 2, favoring a direct jump to Android 12L. This is the latest updated version of Android 12 that adds more features, including features that will appeal to Duo users.

When that will happen is anyone’s guess, as it seems Microsoft is ok with the Duo range lagging behind. My guess would be the Surface Duo 2 gets its Android 12L jump later this year, while the OG Duo may have to wait longer. I will be happy if I am wrong.

As for what users are getting on their Duo with Android 11, the full changelog is below. There are UI changes across the software experience. Select apps now have an auto-span ability, more support for the Surface Pen, and a new Photos app are now available.

Official Changelog

  • Upgrades the Android operating system to Android 11.
  • Addresses scenarios outlined in the Android Security Bulletin—January 2022.
  • Enabled launching of OneNote when clicking the top button on Surface Slim Pen 2. It requires Surface Slim Pen 2 to be paired with Surface Duo.
  • Enabled in Surface Duo features, in Settings, to choose preference for answering phone calls when folded.
  • Enabled in Surface Duo features, in Settings, to choose specific apps to automatically span across both screens when you open them.
  • Optimized Quick Settings and notification width for portrait and landscape orientations.
  • Adjust media volume directly from Quick Settings in any device mode.
  • Use thumb mode in Microsoft SwiftKey now with all device modes and application states.
  • Updated app drawer and folder design with improved drag-and-drop support.
  • Refreshed Microsoft feed design with updated cards and new Microsoft Start widgets for News and Weather.
  • Photos by OneDrive: New dual-screen enhanced experience for viewing and editing photos in the OneDrive app.
  • Xbox Game Pass: Discovery and play games from the cloud with an on-screen controller. Some devices, accessories, and software sold separately. Additional fees and/or subscriptions required for some apps and features.

Send feedback to Microsoft by opening Settings, then tap About, then tap Give feedback to Microsoft.

Tip of the day: If you need to Create, Delete or Resize Partitions, Windows has everything you thanks to the built-in Disk Management-tool.

Source Winbuzzer

read more
Business Technology

New .NET ‘Donald Trump’ Packer Malware is Spreading Remote Access Trojans (RATs)

download (78)

Security-Cyber-Lock-Pixabay

Security researchers are describing a novel .NET malware packer that is sending remote access trojans (RATs) alongside infostealers with a “Donald Trump” password. As such, the team at ProofPont who have been tracking the attack method since 2020 call the malware “DTPacker.”

According to the firm, DTPacker has been used by a number of attack groups and been used to target thousands of users globally. One of the most successful attempts was a weeks-long campaign using DTPacker inside a fake Liverpool Football Club (LFC) website.

As a card carrying Manchester United fan, the LFC website is always one to avoid, but in this instance everybody should be avoiding the fake site. Threat actors were using the fake LFC website could lure users to download DTPacker, placing the Agent Tesla malware on their system. Other malware types associated with DTPacker include AsyncRAT, Ave Maria, and FormBook.

“From March 2021, Proofpoint observed samples using websites for soccer clubs and their fans being used as download locations,” ProofPoint says. “These websites appear to have been decoys, with the actual payload locations embedded in the list.”

Attack

Researchers point out the malware is interesting because it is capable of deploying embedded payloads alongside a command-and-control-server. In other words, it can deliver a payload and downloader in a single attack.

“The main difference between a packer and a downloader is the location of the payload data, which is embedded in the former and downloaded in the latter,” the team adds. “DTPacker uses both forms, it is unusual for a piece of malware to be both a packer and a downloader.”

“Proofpoint observed multiple decoding methods and two Donald Trump-themed fixed keys, thus the name ‘DTPacker.’”

Tip of the day: When you boot Windows it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Source Winbuzzer

read more
Business Technology

Microsoft’s One Outlook Heading for Spring Launch

3gPc46_0duEEycg00

One-Outlook-Project-Monarch-Office-Insider-Microsoft

Microsoft has been working on Project Monarch, the company’s One Outlook app. The Redmond giant is creating a unification of its Outlook apps into a single user experience. It was widely expected the app would land in 2021, but Microsoft missed the deadline. However, Monarch is still alive and One Outlook could arrive this spring.

Project Monarch is a unified email experience through Outlook, it will gather the various versions of the services from across platforms into a single app. For example, it will replace the Win32 and UWP apps on Windows 10, Outlook Web Access, and the macOS version. It will also be hosted as Outlook for Web on browsers.

With this single version of One Outlook, Microsoft’s Mail and Calendar apps will look and function the same across desktop platforms. From leaked images and information, it is thought One Outlook will heavily borrow its design and functionality from Outlook for the Web.

ZDNet reports Microsoft will officially announce One Outlook during the spring and a test version is likely to launch immediately. It will land on the Dev and Beta channels on the Windows Insider Program.

Coming This Year

Microsoft is then planning a release to the Slow Channel in the summer. It seems the company is positioning Project Monarch for a full launch in the autumn, likely alongside the first major update for Windows 11 (Windows 11 22H2 Sun Valley 2).

While the release will coincide with Windows 11 22H2, it will also be available on Windows 10 and other desktop platforms. The report points out Microsoft is unlikely to force users to migrate to the new experience, at least not this year. That will almost certainly change in the future, but at first users will have the choice between One Outlook and the legacy experience.

Tip of the day: When you boot Windows it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Source Winbuzzer

read more
Business Technology

Activision Blizzard’s Call of Duty Studio Creates Union Ahead of $68bn Microsoft Deal

images (1)

Call-Of-Duty-Raven-Software

When Microsoft finalizes its $68.7 billion acquisition of Activision Blizzard, it will gain control of several smaller studios as well as the Activision and Blizzard brands. One of those “smaller” creators, Raven Software, says it is forming a union ahead of the merger with Microsoft.

Not only is the timing interesting, it’s a rare case of employees organizing together in the game industry. Despite its size, the gaming realm is a mostly unorganized one. It has suffered numerous problems with labor issues, such as complaints and accusations.

If any industry is in need of employees taking some power, it is gaming. Dozens of employees at Wisconsin-based Raven Software have voted favorably to start the union.

Raven is behind games such as the Star Wars Jedi Knight series, Quake 4, and of course, the Call-of-Duty franchise alongside Infinity Ward. Known as the Game Workers Alliance Union, it will become the first at any public video game publisher in the United States and only the second of any public or private studio.

Union

The new group will be part of the Communications Workers of America union, the largest in the media industry. It is worth noting, Raven employees are unionizing within their own studio. Activision Blizzard has around 10,000 employees and there are no signs a larger union will form.

Activision Blizzard has often received accusations of patent infringement and not paying royalties, but in 2021 the company’s reputation took a darker hit. As Wikipedia points out:

“In late July 2021, the company was sued by the California Department of Fair Employment and Housing on allegations of sexual harassment and employee discrimination. The suit triggered an investigation by the U.S. Securities and Exchange Commission multiple workplace walkouts the resignation or dismissal of several employees, the loss of multiple company event sponsors.”

Tip of the day: When you boot Windows it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Source Winbuzzer

read more
Business Technology

Microsoft’s $68bn Activision Blizzard Buyout Criticized by World Bank President

368bd706c7836be692bc1ffe70df9d2c

Microsoft-Xbox-Activision-Blizzard-Franchises

Microsoft’s decision to acquire Activision Blizzard in a $68.7 billion all-cash deal has raised eyebrows. Many in the gaming industry have criticized the purchase over fears of Microsoft monopolizing. The president of the World Bank also has concerns over the acquisition, but for different reasons. David Malpass believes Microsoft could be spending its money better.

Speaking at the Peterson Institute for International Economics (from Reuters), Malpass says Microsoft is spending more money to buy Activision Blizzard than some smaller countries’ national net worth. He also points out the amount Microsoft is spending is significantly more than major nations have pledged to helping poor nations.

Malpass is talking about the World Bank International Development Association, which raises funds to help poor countries. Wealthy nations have pledged $23.5 billion towards those smaller countries over the next three years. Malpass says while this is a lot, Microsoft is spending much more to buy a company.

Strawman Argument?

It seems like a bit of a stretch on Malpass’ part. After-all, Microsoft is a private company and not a country, so the comparison doesn’t really make sense. However, he also argues much of the $68.7 billion Microsoft spends will end up on the bond market, which poor nations do not have access to.

“You have to wonder: ‘Wait a minute, is this the best allocation of capital?’” said Malpass. “This goes to the bond market. You know, a huge amount of (capital) flows are going to the bond market.”

“That gets you into a situation where a huge amount of the capital is being allocated to already capital-intensive parts of the world — the advanced economies — building more and more on top of already heavily built infrastructure and real estate, for example.”

Again, Microsoft is a private company and not a country. While the amount Microsoft is spending is obscene and any company/person having that kind of money or power when people having nothing in the world is problematic. However, it seems Malpass is picking an easy target in Microsoft when the whole system from top to bottom is the problem.

He does clarify how he thinks money can be better spent: “In order to address the refugee flow, that malnutrition that’s going on, and so on, there has to be more money and growth flowing into the developing countries.”

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Source Winbuzzer

read more
Business Technology

Microsoft to Honor Activision Blizzard Contracts, Call of Duty Stays on PlayStation

download (77)

call of duty infinite warfare activision

There is no doubt that Microsoft’s decision to pay $68.7 billion for Activision Blizzard has divided the gaming industry. Whether it is gamers or Xbox rivals, some welcome the news and others see the dangers of Microsoft monopolizing the market. One such concern is Activision IP’s like Call of Duty and Candy Crush, and their potential to be Xbox exclusives.

Sony this week said it expects Microsoft to honor current contracts that keep franchises like Call of Duty on other platforms. Microsoft has now moved to ease concerns and confirmed that it will indeed honor those deals.

Microsoft Gaming chief Phil Spencer says there are no plans to remove Call of Duty from PlayStation, and by implication we guess he means other major franchises like Diablo too:

“Had good calls this week with leaders at Sony,” Spencer says in a tweet. “I confirmed our intent to honor all existing agreements upon acquisition of Activision Blizzard and our desire to keep Call of Duty on PlayStation. Sony is an important part of our industry, and we value our relationship.”

Of course, Spencer has been very clever with his wording, and I still have massive worries. At no point does he say Call of Duty will be on PlayStation after current contracts end. So, there is still potential for Microsoft to make the series exclusive to Xbox and Game Pass.

History

It is worth noting when Microsoft bought Bethesda for $7.5 billion two years ago, it promised franchises would remain cross-platform. Then, the first major Bethesda release in years, Starfield, became an Xbox/PC exclusive. Microsoft has also dropped enough hints to suggest The Elder Scrolls will be platform exclusive moving forward.

At the same time, Microsoft has kept Minecraft cross-platform and actively promotes the game as a cross-platform experience.

I am hugely pessimistic about Microsoft’s acquisition of Activision Blizzard. I believe it gives the company too much power, too many major franchises. It is Microsoft throwing its weight around. Yes, it is strange calling Sony a minnow, but next to Microsoft it truly Microsoft is trying to remove its rival.

While Spencer’s commitment means Call of Duty will remain on PlayStation for now, I have serious doubts about the long-term future. I am trying not to be too dramatic, but it is hard not to see Microsoft as a looming cloud over the rest of the game industry.

Tip of the day: Fast startup (a.k.a hiberboot, hybrid boot, hybrid shutdown) is a power setting that adjusts Windows’ behavior when it starts up and shuts down. Though it is unlikely fast startup will seriously harm your computer, there are a few reasons you might want to disable it following our tutorial.

Source Winbuzzer

read more
1 18 19 20 21 22 40
Page 20 of 40