By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden. This change was prompted by the fact that some settings allow for Office 365 Exchange Online Protection/Advanced Threat Protection detonation verdicts to be bypassed and inadvertently allow malicious content to reach the customers' inboxes. Once the new features will be enabled, Office 365 will automatically honor EOP/ATP detonation — malware analysis — verdicts to block known malicious files and URLs regardless of custom configurations. The domain allows and transport rules are the ones most commonly responsible for content flagged by Office 365 EoP or ATP as malicious still being delivered to the end-users. "We’re updating our filters to ensure that malicious files and URLs are not delivered regardless of configuration unless manually overridden," says the features' entry on the Microsoft 365 Roadmap. The "Office 365 ATP, Secure by Default" update is currently under active development according to the roadmap and comes with an estimated release date set for February 2020, to be generally available in all environments. Microsoft previously warned Office 365 admins and users against bypassing the built-in spam filters in June 2019, as part of a support document that also provides guidelines for cases when this can't be avoided. As Redmond says, Office 365 end-users should avoid enabling Allow or Block lists within the Spam Filter policies, as well as skipping Transport Rules scanning. Microsoft also urges Outlook or Outlook on the Web users and admins not to toggle on Safe and Blocked senders. "We recommend that you do not use these features because they may override the verdict that is set by Office 365 spam filters," says Microsoft. Microsoft recommends Office 365 customers to report junk email messages using the Microsoft Junk Email Reporting Add-in "to help reduce the number and effect of future junk email messages," while Outlook users can employ the Report Message add-in to report junk email. "If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through," the support document says. "Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time." Further details can be found on OUR FORUM.

It may be tempting to try to download the latest games or applications for free, but doing so will ultimately land you in a hotbed of trouble as your computer becomes infected with adware, ransomware, and password-stealing Trojans. Tools that allow you to crack, or bypass license restrictions, in copyrighted software have been around forever and users have always known that they face the risk of being infected with unwanted software by using them. In the past, though, most of the unwanted programs that were installed were adware or browser extensions, and though definitely a nuisance, for the most part, they were not stealing your files or installing ransomware on your computer. This has changed as software installer monetization companies have started to increasingly team up with ransomware and password-stealing Trojan developers to distribute their malware. Passwords stolen through software cracks BleepingComputer has been tracking adware bundles for a long time and in the past, they would install unwanted programs, but had no long-term ramifications to your data, privacy, or financial information. Security researcher Benkøw has recently noticed that monetized installers pretending to be software cracks and key generators are now commonly installing password-stealing Trojans or remote access Trojans (RATs) when they are executed. In his tests over the past week by downloading various programs promoted as game cheats, software key generators, and licensed software, when installing them he was infected with password-stealing Trojans and backdoors such as Dreambot, Glupteba, and Racoon Stealer. In BleepingComputer's tests, we were infected with ShadowTechRAT, which would allow an attacker to gain full access to an infected computer. It is not only RATs and password-stealing Trojans that users could be infected with. One of the most prolific ransomware infections called STOP is known to be installed through these same adware bundles. Distributed via torrent sites, YouTube, and fake crack sites. To distribute these adware bundles, attackers will upload them to torrent sites, create fake YouTube videos with links to alleged license key generators, or create sites designed to just promote adware bundles disguised as software cracks. On torrent sites, you will commonly find that the same user has uploaded many different games, applications, and key generators that all have the same size.  For example, in the image below you can see a user named 'toneg374' had uploaded many torrents around the same time that all have the size of 25.33 MB. For more visit OUR FORUM.

Windows 10 X is a new edition of Windows 10 designed for dual-screen devices and it’s also coming to traditional laptops at some point. Windows 10 X will come with a number of exclusives features and it will also offer a customized interface for all core components of Microsoft’s desktop OS. Although Microsoft is planning to bring Windows 10 X to traditional laptop form factors, there won’t be an official way of installing the OS on an existing Windows 10 device. The software giant isn’t planning to provide it in ISO format, but it’ll be possible through third-party tools. With Windows 10 X, Microsoft is scrapping Live Tiles, the large icons with interactive information from the Windows Phone days. The new OS comes in a more simplified look and it has icons, and Microsoft is calling it ‘Launcher’. Like Windows 8, Windows 10 X will also have gestures. For example, you’ll be able to swipe from the right side to open Action Center and swipe from the bottom of the screen to open the Start menu. There’s also a new Action Center in Windows 10 X and it puts more emphasis on quick actions. The Action Center expands in size when there are new notifications and it’s designed in such a way that you can quickly find the setting toggle without opening the settings app. The Compose Mode allows you to switch the taskbar to a more traditional taskbar. On Surface Neo-like devices, it enables productivity-friendly experience and allows users to use the keyboard accessory, touchpad and emoji panel. Windows 10 X also offers a new set up experience with a modern look and feel. Like Android and other mobile OSes, the 10X will also walk you through the device setup and help you select the correct sign-in, language, regions, update, privacy, and other settings. Windows 10 X also comes with dynamic wallpapers support and it would change content depending on your device’s time or your geolocation. For example, Microsoft plans to offer a mountain-view wallpaper and it would change its content during sunrise, afternoon, sunset, and night. Microsoft is updating the lock screen with a new model that brings up the lock screen with authentication options. You no longer need to dismiss the lock before authentication. By default, a new lock screen lets you log in via Windows Hello facial recognition, PIN or password. Full details can be found on OUR FORUM.

Microsoft just announced the launch of an Xbox bug bounty program to allow gamers and security researchers to report security vulnerabilities found in the Xbox Live network and services. Qualified Xbox Bounty Program submissions are eligible for bounty payouts ranging from $500 to $20,000 for a remote code execution submitted via a high-quality report with clear and concise proof of concepts (POCs). The bounties will be awarded "at Microsoft’s discretion" based on the severity and impact of the security issue disclosed, as well as the quality of the submission. "Higher awards are possible, at Microsoft’s sole discretion, based on report quality and vulnerability impact," Redmond says. "Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgment of their submission leads to a vulnerability fix." Vulnerabilities submitted through the Xbox Bounty Program are required to meet the following criteria to be eligible for a bounty award. To send a submission to the Xbox team you have to use the MSRC Submission portal, with the mention that you'll have to abide by the recommended format in Microsoft's bounty submission guidelines. Additional details on what activities are prohibited under the Xbox Bounty Program and the out of scope vulnerabilities are available on the Coordinated Vulnerability Disclosure throughout the vulnerability reporting process. For vulnerability submissions that are out of the scope of the Xbox Bounty Program, Microsoft may still offer the security researchers public recognition by adding them to the Online Service Acknowledgements page. The bounty amounts for in-scope vulnerabilities based on their severity levels are available in the table. You can find additional information on Microsoft bounty program requirements as well as legal guidelines in the Bounty Terms, the Safe Harbor policy, and the Bounty FAQ. "Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service," MSRC Program Manager Chloé Brown said. "The bounty program supplements our existing investments in security development and testing to uncover and remediate vulnerabilities that have a direct and demonstrable impact on the security of Xbox customers. For more navigate to OUR FORUM.

Huawei overtook Apple to become the world’s second best selling smartphone manufacturer in 2019, according to reports from Strategy Analytics, Counterpoint Research, and Canalys. Over the course of the year, the Chinese manufacturer reportedly shipped around 240 million phones, compared to just under 200 million for Apple. Samsung retained its comfortable lead in the first place, shipping just shy of 300 million devices. Xiaomi and Oppo rounded out the list of the top five manufacturers. The jump is especially surprising given Huawei’s continued presence on the USA’s entity list, which prevents the company from installing Google’s apps and services on its new devices, limiting their appeal outside of China. As a result, Huawei’s main strength was in its home country. Counterpoint Research says China accounted for 60 percent of its sales, allowing its shipments worldwide to increase by 17 percent between 2018 and 2019 — though not in Q4 specifically. However, tensions with the US still had an effect. Canalys notes that 2019 could have been the year that Huawei challenged Samsung for the number one smartphone spot, but ultimately this challenge never materialized. It’s unclear when the situation could change in the future. Huawei has been nipping at Apple’s heels for a while. Back in 2017 Huawei initially overtook Apple to sell more smartphones in the months of June and July, and the following year IDC reported that it had sold more phones than Apple in the second quarter of the year. But in 2019, the company overtook Apple to sell more phones throughout the entire year. Although it lost out on the number two spot for 2019 as a whole, Apple had a very strong fourth quarter as is typical for the company. All three market analyst firms agreed that it managed to outsell Samsung in the last quarter, with sales being driven by the iPhone 11’s lower pricing in particular. Analysts said that Apple’s phone sales were up by between 7 and 11 percent in Q4 2019 compared to the same quarter in 2018. Samsung is expected to rebound this quarter with the launch of its flagship Galaxy S20 series next month. Apple is also likely to receive a boost from the launch of its long-rumored successor to the more affordable iPhone SE, which could be popular in price-sensitive markets like India. Despite individual gains, all three reports agree that the industry sold fewer phones in 2019 than it did in 2018. Counterpoint Research notes that this is the first time the smartphone market has ever declined for two years in a row. With the US’s trade wars still ongoing, and China’s coronavirus scare having potential implications for supply chains, 2020 could be another challenging year. Follow the news on Huawei and lots more on OUR FORUM.

After days of frenzied speculation, Britain has allowed a limited role to the Chinese telecommunication giant Huawei in the domestic rollout of the next-generation 5G wireless network. The move, however, represents a symbolic defeat for the campaign by the U.S. to prevent the Chinese tech giant from participating in the deployment of this wireless technology within the geographical jurisdictions of America’s allies. The National Security Council (NSC) of Britain deliberated on two options: either impose a blanket ban on Huawei or impose limits on its market share and the extent of the tech giant’s participation in ‘core’ network areas. The council appears to have opted for the latter option. According to the emerging reports, the NSC has stipulated that Huawei’s telecommunication gear will not be deployed near sensitive geographical locations such as nuclear sites and military bases. Moreover, the Chinese tech giant will be "limited to a minority presence of no more than 35 percent in the periphery of the network, known as the access network ..." Bear in mind that Theresa May’s government considered the imposition of market share caps last year on Huawei vis-à-vis its participation in the UK’s 5G network deployment. However, now that this threshold of 35 percent has been finalized, it will increase the total cost of the next-gen network rollout in the country as a proportion of Huawei’s gear that has already been installed will have to be swapped with that sourced from Ericsson, Nokia, and Samsung. The officials in the U.S are concerned that an active role of Huawei in the UK’s 5G network will compromise the ability of the two nations to securely exchange intelligence. After all, this ability forms one of the cornerstones in the ‘special relationship’ that has existed between the U.S and the UK for decades. UK’s stance on Huawei might also complicate its negotiations with the Trump administration on another thorny issue – digital taxes. As a refresher, efforts are presently underway at the OECD to carve out new tax rules that limit the propensity of tech giants to engage in tax shielding practices. The forum had proposed in October that governments should tear up a century of taxation precedent by allowing individual countries to tax operations in their jurisdiction even if those companies have no physical presence there. Nonetheless, given that UK’s NSC excluded Huawei from participating in the critical portions of the 5G network, the Trump administration might be able to claim partial victory in that its concerns were heeded. Readers should remember that Washington has repeatedly stressed that Huawei provides Beijing a ‘backdoor’ access to sensitive network information. These claims are bolstered by the existence of Chinese laws that require domestic companies to assist Beijing in intelligence collection. Huawei, for its part, has consistently denied providing China’s government any access to sensitive information. Follow this and more on Huawei on OUR FORUM.

 

Translate