By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft is releasing Windows 10 Insider Preview Build 18894 (from the 20H1 branch) to Windows Insiders in the Fast ring. There are a number of improvements, bug fixes, and performance enhancements coming with today’s preview build. However, there is also quite a long list of known issues so make sure to pay attention to those before installing the latest Windows 10 2020 Preview Build. We’ve heard your feedback asking for increased consistency, and to make it easier to find your files. Over the next few days, we’ll be starting to roll out a new File Explorer search experience – now powered by Windows Search. This change will help integrate your OneDrive content online with the traditional indexed results. This rollout will start with a small percentage, and then we’ll increase the rollout to more Insiders as we validate the quality of the experience. What does that mean for you? Once you have the new experience, as you type in File Explorer’s search box, you’ll now see a dropdown populated with suggested files at your fingertips that you can pick from. These improved results can be launched directly by clicking the entry in the new suggestions box, or if you want to open the file location, just right-click the entry and there’ll be an option to do so. If you need to use commands or dig deeper into non-indexed locations, you can still press enter and populate the view with the traditional search results. For more visit OUR FORUM.

Security researchers brought to life and released a wicked variant of Clippy, the recently resurfaced assistant in Microsoft Office that we all loved so much to hate, that makes it more difficult to detect a malicious macro in documents. Dubbed Evil Clippy, the tool modifies Office documents at file format level to spew out malicious versions that get by the static analysis of antivirus engines and even utilities for manual inspection of macro scripts. To do this, it takes advantage of undocumented features, unclear specifications, and deviations from intended implementations. Macros are snippets of VBA (Visual Basic for Applications) code that automate tasks in Microsoft Office applications. They are constantly used to deliver malware when the user opens a document. Researchers at Dutch security testing company Outflank developed Evil Clippy for professionals running red team attacks against a client organization. The tool runs on Windows, macOS, and Linux. The tool can be used with documents formats for Microsoft Office 97 - 2003 (.DOC and .XLS), and  2007 and above (.DOCM and .XLSM, which are basically ZIP containers and come with macros enabled). All these file types use the Compound File Binary Format (CFBF) and Outflank's program modifies it using the OpenMCDF library. One technique Evil Clippy uses to generate a maldoc is "VBA stomping," a method detailed by Walmart's security team, by which the original code of the VBA script can be replaced by a compiled version for the VBA engine called pseudo-code, or p-code in short. Infosec expert Vesselin Bontchev detailed publicly that VBA scripts can execute at runtime in three forms, with p-code being the most popular. We more posted on OUR FORUM.

Microsoft will begin to ship an in-house custom built Linux kernel starting with the Windows 10 Insider builds this summer. This kernel is to become the backbone for the new Windows Subsystem for Linux 2.0 or WSL2. Unlike WSL1, which used a Linux-compatible kernel, WSL2 will use a genuine open-source kernel compiled from the stable 4.19 version release of Linux at Kernel.org. While Microsoft will be providing the Linux kernel, they will not provide any Linux binaries to go with it. Instead, users will still need to download their favorite Linux distribution from the Microsoft Store or by creating a custom distribution package. While the source code for the kernel will come from Kernel.org, Microsoft has stated that they will apply custom patches that reduce the memory footprint of the kernel and provide hardware compatibility. In the first iteration of the Windows Subsystem for Linux (WSL1), Microsoft had to translate Linux system calls so they could communicate and work with the Windows NT kernel. With the use of a true Linux kernel, it is no longer necessary to use a translation layer and apps will have full access to their normal system calls. Removing the translation layer not only improves compatibility for Linux apps but also increase file system performance. According to tests performed by Microsoft, the new Linux kernel has improved the performance of WSL, with unpacking archives up to 20x faster and tools such as npm, git, and cmake being 2-5x faster. To make it easier to administer WSL2, Microsoft will also include the Linux kernel in Windows Update so that security updates and improvements will automatically be delivered to Windows 10. Learn more by visiting OUR FORUM.

Google is looking at more options to boost its bottom line, and one of them seems to be shopping links tucked under YouTube videos. The company is running a test where it displays recommended products along with prices on its video-sharing platform, according to The Information. It seems some test ads have popped up under Nike videos. Clicking on them would take you to the Google Express marketplace to complete the purchase. More and more retailers are joining Express, according to the report, while earlier this year Google started testing shoppable ads in image searches. The company is said to be banking on these features to boost its shopping business. Parent company Alphabet reported this week that revenue for physical products such as Pixel phones and Home smart speakers year-over-year, highlighting that there's an opportunity for growth. Meanwhile, Amazon's ad business is growing, which might be prompting Google to focus on other revenue streams since ads are a key source of its income. Google takes a cut from goods sold through Express, though revenue pales next to Amazon's retail income. Express is said to have pulled in a little under $1 billion is 2018, while Amazon's retail arm generated around $141 billion in North America last year. Google is set to hold an event later this month called Google Marketing Live (at which it has revealed ad products in the past), while the I/O developer conference takes place next week, so we might have an official word about the YouTube product ads soon. There's more posted on OUR FORUM.

A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers. In a new report, Sophos has stated that they have seen customers in the United States, Italy, Canada, France, the Netherlands, and Ireland being infected with this new ransomware. As this is a fairly new ransomware, not much is currently known about its encryption algorithms, exactly how attackers are gaining access to a network, and whether ransom payments are being honored. As Sophos has found that the Emotet or Qakbot Trojans have been present on networks that have also been infected with MegaCortex, it may suggest that the attackers are paying Trojan operators for access to infected systems in a similar manner as Ryuk. While it is not 100% clear how bad actors are gaining access to a network, victims have reported to Sophos that the attacks originate from a compromised domain controller. On the domain controller, Cobolt Strike is being dropped and executed to create a reverse shell back to an attacker's host. Using this shell, the attackers remotely gain access to the domain controller and configure it to distribute a copy of PsExec, the main malware executable, and a batch file to all of the computers on the network. It then executes the batch file remotely via PsExec. When encrypting a computer, the ransomware will append an extension, which in one case is .aes128ctr,  to encrypted file's names. For more detailed information visit OUR FORUM.

Chromium-based Microsoft Edge users who try to use Google Earth are welcomed by an error message and a link directing them to download Google's Chrome web browser. This might be a surprise for some given that the new Edge uses the same HTML engine as Chrome and that, after 12 years of being a cross-platform desktop application, Google Earth has been converted into a web app which should allow users to "explore worldwide satellite imagery and 3D buildings and terrain for hundreds of cities," according to its website. At the moment though, when users try to launch the Google Earth web app in Microsoft's new Chromium Edge, they get the following error: "Aw snap! Google Earth isn't supported by your browser yet. Try this link in Chrome instead. If you don't have Chrome installed, download it here. Learn more about Google Earth." As Microsoft Edge Product Manager Eric Lawrence explained in a Twitter thread following user reports the issue stems from the fact that the Chromium-based Edge browser does not ship with the Portable Native Client (PNaCl) component, the architecture-independent version of Native Client (NaCl) which was used by Google when converting Earth into a web app during 2017. Google updated its company-wide UA sniffer code last week to recognize Chromium-based Edge as its own browser instead of lumping it in with "Chrome." Some Google products have an explicit allow-list of supported browsers, and those products didn't all update their allow list to say "Oh, and new Edge is fine too." Get better informed by visiting OUR FORUM.

 

GTranslate