Technology

All signs have been pointing to Microsoft releasing Windows 10X this spring. Indeed, it was initially thought Windows 10 21H1 would really be the launch of the new modular platform. Microsoft confirmed that’s not the case and now it seems Windows 10X won’t be launch next month at all.

According to Windows Central, Microsoft has decided to delay the release of Windows 10X yet again. If that’s the case, this is at least the second time the company has pushed back the launch. Initial plans were the SKU would arrive in 2020, but that never happened.

Windows 10X was firstly planned to launch with the dual-screen Surface Neo. Microsoft later said the Surface Neo has been postponed, although the company insists not cancelled outright. The COVID-19 pandemic forced the company to reevaluate the needs to customers. With that in mind, Microsoft said Windows 10X would debut on single screen laptops.

In December, the company sent out the finalized launch preview of the platform, or so it seemed. Microsoft has still not signed off on a final production build for Windows 10X. That means the company is not going to be ready for a spring launch.

Later This Year

The report suggests Microsoft is holding back to ensure the launch of the new Windows 10 experience is more secure and without issues. Late spring is now looking likely for a final production build in preview, and then a fall launch for the SKU on new devices.

Microsoft is not going to sell Windows 10X as a standalone SKU. In other words, customers cannot buy it for their current PC. Instead, the platform will be exclusive to shipping pre-installed on laptops and desktops.

Tip of the day:

Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows 10 without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows 10.

Source Winbuzzer

Developers working with Microsoft Edge can now access a pair of new DevTools for the Chromium-based browser. According to Microsoft, the new tools will aid developers when creating through Edge. The two tools are DevTools Tooltips and Focus Mode UI.

DevTools Tooltips

First up is DevTools Tooltips, which provides an overlay for Microsoft Edge DevTools. Users can use the layer to understand what panels across tabs do. Working in tandem with Focus Mode UI, developers access informative overlays by selecting the “?” icon. In this mode, users can toggle between overlays with information.

Focus Mode UI

Another new developer mode in Microsoft Edge, Focus Mode UI gives users tools for group tabs together. Importantly, this grouping is based on the developers own workflow through DevTools. Focus Mode UI is set as a default to show recommended tabs for groups like “Testing” and “Layout”. Dev’s can customize their own tab groups as well.

Both new DevTools tools are available with Microsoft Edge 90.0.810.0 and later. That’s a Canary preview build, allowing developers to work in a testing framework. Microsoft is asking for feedback from developers. Both features and feedback can be found at GitHub here.

WebView2 Release

Back in November, Microsoft brought Microsoft Edge WebView 2 to .NET developers. Users of .NET 5, .NET Core, and .NET Framework WinForms and WPF can access the new tool through Windows 10.

With WebView2, users can create custom web-based app elements or full Progressive Web Apps (PWAs). Like Microsoft Edge, the service runs on Google’s Chromium engine. In 2019, Microsoft sent out the SDK for WebView 2 to Windows 10 Developers.

Tip of the day:

Do you know that Windows 10 now has a package manager similar to Linux called “Winget”? In our tutorial, we show you how to install and use this new tool that allows the quick installation of apps via PowerShell or a GUI.

Source Winbuzzer

Popular chat service WhatsApp is rolling out a couple of cool new features for users on the web and desktops. Specifically, the Facebook-owned company is launching face and fingerprint unlock capabilities.

Clearly a move to make WhatsApp on web and desktop more secure, the tools will add an extra layer of protection when syncing the service. Interesting, the tool will not be making its way to the mobile version of WhatsApp, at least not yet.

WhatsApp has largely steered clear of the various privacy and data concerns that have plagued parent company Facebook. Clearly it wants to keep it that way and is making it clear that the feature does not tap into the biometric data on a device.

“Note: The authentication is handled by your device’s operating system using the biometrics stored there. WhatsApp can’t access the biometric information stored by your device’s operating system.”

That means any biometric data that is not stored in WhatsApp will not be accessed by the app.

Improving the Desktop Experience

This is certainly a nice feature addition to WhatsApp on Windows 10. So often this version of the app seemed to be sometimes ignored so any new feature is welcome. It’s a shift in focus we have seen recently, suggesting WhatsApp is seeing more usage on its desktop clients.

Back in December, WhatsApp on Windows 10 got the ability to make and receive voice and video calls. This addition remains in beta a month later. Just like the mobile app, users see the call buttons in the chat header. Clicking these buttons will start a call with the contact the user is in the chat with.

Tip of the day:

Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows 10 without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows 10.

Source Winbuzzer

Microsoft’s Surface Duo smartphone has been available for a few months, at least in the United States. The consensus on the Android device is it’s a sumptuous piece of hardware design but very much a first-generation product in terms of software, component choices, and functionality.

While all eyes are on Microsoft to improve the usability experience for the Surface Duo 2, the company is also looking at some design changes. A Microsoft Patent filing shows the company is experimenting with a folding screen unit with a removeable display.

Of course, the Surface Duo is not a folding phone like the Samsung Galaxy Z Fold 2. There is no single screen that folds on itself. Instead, the Duo uses two displays within a folding body. It is unlikely the Surface Duo 2 will stray too far away from the first device and move to a folding phone.

So, straight away this patent seems to be for future Duo devices beyond the second generation. In fact, I would wager Microsoft take Apple’s incremental design update model and barely touches the Surface Duo hardware for the sequel device.

Details

Either way, the patent shows Microsoft is still on board with folding screen tech, something the company has been toying with for years.

Redmond’s “moveable display” idea builds on regular folding screens by allowing them to fold entirely. It is worth noting Microsoft first filed this patent back in 2017, making the idea four years old. However, it was published by USPTO this month, suggesting the company is still interested in this concept.

Microsoft is expected to soon announce Surface Duo availability in more regions, expanding beyond the current exclusivity in the U.S. Hinting at this rollout, the company issued an ad before the New year focusing on the consumer aspects of the smartphone.

Tip of the day:

If you need to create an ad-hoc network, you can do it on Windows 10. In our tutorial we show you how to easily create a shareable wireless internet connection in Windows 10 as a free WIFI hotspot.

Source Winbuzzer

In this blog, we’ll walk you through how to train your users against threats with Attack Simulation Training. In the modern IT world, there is a constant battle going on between hackers and users. Viruses, phishing, and malware are a few of the examples that your organization’s users could face during their daily activities. To protect them against these kinds of threats, you can do a lot, like leveraging Defender for Office 365 to quarantine or block suspicious contents and check your emails for spoofing and other traces of identity fraud.

These actions are all performed in your Office 365 environment, but there is also the human factor to keep in mind. What if we could educate our users to detect these kinds of threats themselves? Because with this knowledge, they could make use of their company IT resources in a much safer way.

This is where Attack Simulation Training comes into the picture. With this tool, you will be able to test your user’s alertness and teach them how to detect and respond to phishing techniques in emails and other platforms.

The Attack Simulation Training we’re going to talk about here differs from the Attack Simulator you can find in the Security and Compliance center because it adds the training capabilities and extensive options for adding your own payloads.

Now that we know this feature exists, let us build our own attack simulation, shall we?

Note: This feature is currently placed in public preview by Microsoft, and therefore you might be faced with sudden unexpected behavior.

Licensing for Attack Simulation Training

To use the public preview, you will need either a Microsoft Defender for Office 365 P2, Microsoft 365 E3 or E5, or Microsoft Security E5 subscription. Microsoft 365 E3 has recently been added to the list of required subscriptions, as you will find in the following article.

Creating an Attack Simulation Training

We start by going to https://security.microsoft.com/attacksimulator. Here, we will find the Attack Simulation dashboard, where we have an overview of all the previous and currently running simulations, including all the metrics that were collected from it.

To start creating our own simulations, we will go into the Simulations tab and click on + Launch a simulation:

Then, we will select which kind of technique we want to use to trick the user and try to get them to perform a certain action. We will try to let the user click a link to download a file containing malware for this blog. Of course, this simulation won’t let us download a real malware file, but it will create a placeholder instead:

Read More: O365 Account Breaches – Detection, Investigation & Remediation with Cloud App Security

The techniques Microsoft offers are all based on real-life attacks collected by the MITRE Corporation. You will find more information about the MITRE knowledge base and how Microsoft is using the results to improve their Defender security products via the following article.

Next up is naming and adding a description to the attack for our own reference. Our attack will be called Practical 365, and we will check if users are conforming to company policies by not clicking links in emails sent to them before checking the source of the email and what’s behind the link:

You will then be presented with the option to select a payload.

Payloads database

A payload is a predefined set of properties that make up the contents of the attack. This will include indicators for the user on how they could have recognized the attack and the contents, such as the fake email body.

The attack simulation payload database contains 50 sample payloads created by Microsoft. They’ve looked at real-life attacks, so the samples aren’t just simple templates. You will find these samples and can add your own from the Payloads tab.

Creating your own payload

Now to get back to adding our own payload, we will click on + Create a payload:

We will then select the type of payload. Microsoft is adding more payload types along the way, but we will add an Email payload for the purpose of our own attack:

Our attack will use the Link to malware technique, so we will select this one to use the payload in our own attack:

Then, we will enter a Name and Description for the payload:

The next part is crucial in tricking the user and requires you to develop a real-life scenario, so try to specify the details like the From Email address in the most sufficient way possible:

The Attachment Details are also important because the user might be suspicious when it has to download a file to collect their prize. The Link for attachment also must comply with the email template we’re going to create. Because our users are the lucky winners of a prize, the URL www.prizegives.com will be the most appropriate one:

The last part we’ll need to create is the email body containing the link to the malware file. You can create your own email or import an existing email and add the link into the body. There’s also the possibility to add in HTML code. I’ve added the Practical 365 logo by adding the <img> tag:

To also give the users a hint that this email is not real, I’ve entered subscribers instead of subscribers in the body. he final properties we will have to enter for our payload are Indicators. These indicators are shown when the user has downloaded the placeholder file and will show them how they could have noticed that the email was fake.

My email contained the following indicators:

Spelling and grammar irregularities – Subscribers instead of subscribers

Domain spoofing – The email address noreply might or might not exist

URL hyperlinking – The URL led to a fake website www.prizegives.com

For each indicator we add we will need to specify where users could have found it. In the below sample, I have added the URL and specified in the body of the email where they could have found it:

We are then able to review the payload we have created and use it in our attack:

We then specify which user we want to target the attack at on the Target Users step:

An important thing to note here is that you cannot add guest users because this is not allowed by legal causes. From a technical perspective, the email might get blocked while your own Exchange Online Protection or Defender for Office 365 will recognize the attack and exclude it, so it doesn’t get quarantined or blocked.

We will then let Microsoft select the training modules to supply to the user or choose the modules ourselves. The advantage over selecting it ourselves is that Microsoft has predefined modules for the type of attack you select. We can also set a Due Date for the users to complete training. They will be reminded to complete the training before the specified period ends:

We would also want to specify the text for the placeholder file to personalize the message users receive after opening the file:

At the Launch details, we’re able to launch the attack at a later point in time, which can be convenient when you’re creating it near or during the weekends:

To launch the attack at the specified time, we will click Next, and on the Review Simulation tab Submit after we reviewed the options:

The end result

The selected users will receive a shiny looking email containing a link that leads them to the file:

When they click the link, download, and open the file, they will be presented with the contents from the Training Landing page. A preview of the email with the Indicators will also be shown:

There will also be an email sent to the user containing the offer to start the simulation training right away or schedule it by clicking the included ICS file. The training will be offered with the due date to complete that we specified earlier:

Training assignments

When you click on the Go to training button, you will be directed to https://security.microsoft.com/trainingassignments where you will find the training advised for the attack type you were challenged by earlier:

By clicking on the categories, the user will be presented with the affiliated training course:

You will be able to see how many users completed the training by going to the report of the attack, which we will discuss in the next topic.

Reviewing your attack status

All the actions a user takes during the attack will be reported back to the Simulation Training dashboard and will allow you to follow the progress of your attack. By going into the Simulations tab and clicking the simulation, you will be presented with the attack results:

As you can see, I have completed all the actions that were part of the attack, like clicking the link and opening the file. I will also be presented with the actions I can take as an admin to protect my users against these kinds of phishing attacks:

To view the details on a per-user base, we will select View users, which will open the details pane:

Now that you know how you can create your own attacks and educate your users: you can withstand the real-life attacks produced today.

If you have any questions, please let us know in the comment section.

Source Winbuzzer

Earlier this month, I reported on threat actors using Minecraft as a gateway into tricking users. More accurately, the name of Minecraft is being used to push third-party apps that are less than honorable and using fleeceware on unsuspecting users. It seems the problem is even more extensive than first though.

In fact, security firm Kaspersky now says Minecraft being used by bad actors extends beyond simply monetary scams. Specifically, applications claiming to have modpacks for the game are really placing extremely intrusive ads on Android devices.

Naturally, the problem starts on Google Play, where the apps are uploaded. Kaspersky says Google has been actively removing adware applications associated with Minecraft. However, the company points out the following five remain on the store:

• Zone Modding Minecraft,
• Textures for Minecraft ACPE,
• Seeded for Minecraft ACPE,
• Mods for Minecraft ACPE,
• Darcy Minecraft Mod.

These five apps range from mostly unknown (500 installs) to very popular (over 1 million installs). They come from different publishers but the noted modpacks seems to be largely the same across some of the apps.

Adware Attack

Each of the apps plays the classic trick of having bot reviews leaving 5-star reviews. You know the ones, those that say, “this app changed my life”. Although, mixed in with those fake 5-star reviews are a sea of 1-star comments, no doubt the true reflection on these applications.

Google has since removed all the apps mentioned by Kaspersky.

If you are a Minecraft fan, you are not alone if you downloaded one of these fake mudpack apps. If you have the app on your Android device, you will know it does not load any mod.

Users who do not remove the application will find it will remain on the device and will star displaying ads. Browser windows open and ads become increasingly obtrusive. For unsuspecting users, they will have no idea it is the Minecraft mudpack app causing the problem.

Source Winbuzzer

In recent weeks, we have been charting the saga around Microsoft-owned GitHub and the YouTube-DL (youtube-dl) tool. Specifically, GitHub removed the tool for violating copyrights, causing a storm of protest from users. After previously threatening to ban users for reposting YouTube-dl, GitHub has relented.

In a blog post, the code repository says YouTube-dl has now been restored to the platform. GitHub says the initial removal was in compliance with the law following a DMCA takedown of the tool. According to the company, new information shows the popular tool does not circumvent copyright laws.

“Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot. And our reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM), was inline with our values of putting developers first.”

If you’re unfamiliar with YouTube-dl, it is a tool for internet video download commands. It is not an illegal service but it is prohibited under section 1201 of US copyright law because it allows users to circumvent copyrights.

Many fans responded to Microsoft’s initial action by saying YouTube-DL is a legitimate tool. In fact, those YouTube-dl users claim the software is a fair use tool that also helps to download proprietary content or back up videos.

Second Chance

GitHub says no DCMA notice on the platform is necessarily permanent. In fact, projects get the chance to reorganize and remove any content that may be causing an infringement. Thanks to a patch to YouTube-dl, it now falls within the company’s rules.

This is a quick change of tactic from GitHub. Just a week ago, the company was actively threatening to ban any user who re-uploaded the tool to the platform:

Please note that re-posting the exact same content that was the subject of a takedown notice without following the proper process outlined below  is a violation of GitHub’s DMCA Policy and Terms of Service. If you commit or post content to this repository that violates our Terms of Service, we will delete that content and may suspend access to your account as well.”

Either way, YouTube-dl is now available again.

Source Winbuzzer

Microsoft has extended a congratulations to president-elect Joe Biden after the Democrat candidate was declared the winner of the election over the weekend. Microsoft president and chief lawyer Brand Smith also called for a peaceful transition of power.

President Trump has failed to acknowledge Biden’s victory. Furthermore, he has stoked controversy by saying the election was rife with fraud and starting numerous lawsuits to halt the transition. Smith points out Microsoft also congratulated Trump on his presidential victory in 2016.

“If we are to move forward as a nation, we must build new bridges to close the gaps that divide us,” Smith said over the weekend.

“The peaceful transition of power has been an enduring and vital part of our democracy for over two centuries, and it remains so today,” Smith said in 2016.

Bill Gates also sent congratulations to Biden, although the Microsoft founders’ interests lie far beyond the success of the company these days. In fact, Gates said he is looking forward to working with Biden on humanitarian projects, starting with the ongoing fight against COVID-19.

“I look forward to working with the new administration and leaders on both sides in Congress on getting the surging pandemic under control, engaging partners around the world on issues like poverty and climate change, and addressing issues of inequality and opportunity at home,” said Gates in a tweet.

Other Tech Company Responses

Microsoft was not the only tech giant to offer congratulations to Biden. Amazon CEO Jeff Bezos, a long-time target of Trump’s anger, congratulated Biden, and vice-president elect Kamala Harris.

“Unity, empathy, and decency are not characteristics of a bygone era. Congratulations President-elect @JoeBiden and Vice President-elect @KamalaHarris. By voting in record numbers, the American people proved again that our democracy is strong,” Bezos said in an Instagram post.

The Business Roundtable, a group of CEOs from the largest companies in the United States (Microsoft, Apple, and Amazon among them), also extended a congratulations.

“While we respect the Trump campaign’s right to seek recounts, to call for investigation of alleged voting irregularities where evidence exists and to exhaust legitimate legal remedies, there is no indication that any of these would change the outcome,” the organization said in a statement.

Source Winbuzzer

Microsoft Visual Studio Code is one of the most popular programming tools, so it’s easy to assume the platform is ubiquitous. However, that’s now the case and there are some platforms where VS Code is now unavailable.

Microsoft is working to address those gaps in availability with a couple of new support. Specifically, Microsoft Visual Studio Code now supports Linux devices on ARM.

This is an important change that will drastically expand the availability of VS Code. That’s because ARM on Linux runs on Raspberry Pi. Of course, this is a platform that has been massive in the growth of Internet of Things (IoT) devices.

These days, the Raspberry Pi is something noteworthy. Indeed, Raspberry Pi 4 now packs decent specs. With support for Visual Studio Code, developers on Linux ARM can leverage the platform to tap into remote hardware.

Supporting ARM does not only mean big news for Raspberry Pi. It also means Visual Studio Code is now available on ARM Chromebooks. Several laptops running Google’s Chrome OS pack ARM-based computing.

Developers can now use VS Code on Chromebooks, extending to ARM-based products for the first time.

VS Code September Update

Microsoft made the change through CS Code version 1.50. This was the September update that also introduced the following features and improvements:

• “Accessible settings editor – Interact with the settings list like any other list in VS Code.
• Pinned tabs improvements – Resize pinned tabs, unpin with one click, and more.
• Linux ARM builds – VS Code is now available for both Linux ARMv7 and ARM64.
• Improved debugging experience – Improved hover and filtering in debug console.
• New JS debugger features – Toggle auto attach flows and see performance in real-time.
• Panel layout improvements – New panel maximization settings and bottom panel size.
• Webview Views support – Build extensions with webview views in the sidebar and panel.
• Updated “Create a Dev Container” tutorial – Get started with Development Containers.”

Source Winbuzzer

In recent week, we have been following the Zerologon (CVE-2020-1472) vulnerability on Microsoft Windows. Described as one of the most dangerous bugs ever, Microsoft and third-parties have been scrambling to fix the flaw. However, Microsoft now says an Iranian state actor has found an exploit for the bug.

According to the company, an advanced persistent threat (APT) group know as MERCURY has been exploiting the bug. The actor has a reputation for going after government agencies in the Middle East.

“MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (Zerologon) in active campaigns over the last 2 weeks,” according to a tweet from Microsoft this week.

Zerologon gives attackers the ability to take control of Windows Servers. It is an elevation of privilege flaw found in Netlogon, a Microsoft process that authenticates users against domain controllers. Microsoft deems the flaw extremely dangerous, rating it 10/10 in terms of severity.

It is also notable for working quickly, something that makes even more problematic. In fact, Zerologon can infiltrate an enterprise system in three seconds or less. Attackers could also use it to change passwords and relatively easily take over a whole organization’s network.

Fixing the Problem

As we reported initially, Microsoft has already sent out a patch for the flaw. This patch was supplemented a week later by two third-party patches. 0patch issued a fix saying Microsoft’s does not work on all systems. File sharing utility Samba sent out a patch for its own service.

Microsoft is currently rolling out a fix and enterprise customers are strongly advised to install it. However, the company will ramp up the patch during the first quarter of 2021. The company says another “enforced” patch will be sent out during this time.

However, now that Zerologon is in the wild the threat it poses has taken on a new level of danger.

Source Winbuzzer