Posts

Microsoft: This Office 365 feature update lets you open attachments without fear of malware

Image
  Microsoft releases public preview of Application Guard for Office. Microsoft is edging closer to general availability of its Application Guard security technology for Microsoft 365 apps, which gives IT admins and security staff a little more assurance that users opening risky attachments won't cause a malware outbreak.  Application Guard offers additional protections for enterprises using Word, Excel, and PowerPoint for Microsoft 365 and Windows 10 Enterprise.  Microsoft argues that Application Guard for Office or Microsoft Defender Application Guard for Office "helps prevent untrusted files from accessing trusted resources, keeping your enterprise safe from new and emerging attacks". Microsoft released the private preview of Application Guard for Office in February, extending a feature that had until then only been available for the new Edge browser.  The feature allows users to open websites safely with the protection of hardware-level containerization. The ...

What we've lost in the push to agile software development, and how to get it back

Image
  The process of software design often begins on a messy whiteboard that doesn't prepare anyone for anything, according to design advocate Simon Brown. It's time for more upfront thinking. In the age of agile, too many software designers are afraid to over-design their applications upfront. As a result, many software teams have abandoned architectural thinking, up front design, documentation, diagramming, and modelling. "In many cases this is a knee-jerk reaction to the heavy bloated processes of times past, and in others it's a misinterpretation and misapplication of the  Agile Manifesto ." That's the word from  Simon Brown , author of  Software Architecture for Developers , who urged, in a compelling  talk  at the Yow! conference, that more thinking about applications be moved up to the whiteboard phase of software creation. Incidentally, he eschews whiteboards, noting they often result in confusing or unintelligible sketchings. "Tragically, as an indus...

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

Image
  Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices. Microsoft has started rolling out today the August 2020 Patch Tuesday security updates. This month, the company has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework. Among the 120 vulnerabilities fixed this month, 17 bugs have received the highest severity rating of "Critical," and there are also two zero-days — vulnerabilities that have been exploited by hackers before Microsoft was able to provide today's patches. Zero-day #1 The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as  CVE-2020-1464 , Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures. The OS maker says attackers can (ab)use this bug to "bypass security f...

Samsung Galaxy Phone Users, Beware of this Fraud Android App

Image
  Samsung Galaxy phones users download this app thinking it will offer them software updates from the company. Samsung phones are known for getting slow updates compared to other manufacturers and its users have shared that concern regularly. But this month, there’s a big warning for the users of Samsung, who could’ve easily downloaded a fraud app on the phones. This app called  Update for Samsung - Android Update Version  was reportedly asking users to pay to get regular software updates, which should never be the case. The app, downloaded by over 10 million users, according to this report was merely showing them ads and charging them for doing it. Unfortunately, most of these users didn’t realise they were downloading a fraud app, which meant that a lot of people lost money to it. Thankfully, ZDNet reported that Aleksejs Kuprins, malware analyst at the CSIS Security Group reached out to Google Play Store team about the fraudulent app and asked them to remove it imm...

Google and Facebook to bargain with Aussie news outlets for 'fair' payment terms

Image
  The platforms would be forced to inform news media businesses of algorithm changes that are likely to materially affect referral traffic to news, the ranking of news behind paywalls, and any substantial changes to the display and presentation of news and advertising directly associated with news. The Australian Competition and Consumer Commission (ACCC) has developed a draft code for how media organisations can bargain with Facebook and Google to secure "fair" payment for news content shown on their respective platforms. The draft code of practice [PDF] adopts a model based on negotiation, mediation, and arbitration to "best facilitate genuine commercial bargaining between parties, allowing commercially negotiated outcomes suited to different business models used by Australian news media businesses". Each media business is expected to come to an agreement with the digital platform, with no one-size-fits-all model intended. But the code, as it stands, would allow g...

Garmin hit by massive outage after possible ransomware attack

Image
  Garmin’s fitness wearables remain disconnected after almost a day Garmin fitness devices have been left disconnected for nearly a day after the company suffered a major outage, possibly caused by a ransomware attack. The outage first reported by Garmin over 20 hours ago, as of this writing, affects Garmin wearables and apps, as well as Garmin call centers. “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats,” wrote the company  on Twitter  and its Garmin Connect website. Garmin Connect is the service that allows owners of Garmin devices like Forerunner smartwatches to obsessively track their running performance, for example.  Tech News reports  that flyGarmin, the navigation service that supports Garmin’s aviation devices, has also been down affecting some pilots. Garmin was forced to shut down a number of cr...

Samsung plans full-scale investment in next-generation display QNED from next year

Image
  "Contrast ratio, response speed, high brightness" are all superior to OLED and micro LEDs Samsung Display has begun developing quantum dot nano-light emitting diodes (QNED) as a next-generation display that surpasses organic light emitting diodes, and is expected to begin full-fledged investment in 2021. QNED refers to a self-emitting display utilizing a nanometer (1nm = 1 billionth of a meter) semiconductor particles quantum dot (QD) and gallium nitrogen light emitting diode (GaN LED). This is theoretically evaluated as having a long life and high brightness compared to the organic light emitting diode (OLED), low power consumption, burn-in removal, etc. strengths. "QNED is the highest-end display with both contrast ratio, high response speed, and high brightness characteristics of micro-LED, which is the biggest advantage of QD technology and OLED TVs being used in LCD (LCD) TVs," said Yim Seong-seong, Managing Director of Ubiresearch, at the Next Generation Dis...

Microsoft makes changes in its field sales, support groups as FY'21 begins

Image
  Microsoft also is creating a new standalone Microsoft Consulting org as part of its new structure. As it often does at the start of a new fiscal year, Microsoft is making some changes in its sales and support organizations. During the past few days, word began trickling out regarding some of the shifts that will affect those working with its "Customer Success" unit, its technical account managers, and other support staff. Microsoft's goal with its latest shifts is to try to improve customer use and engagement of various Microsoft products and services, my contacts say. Microsoft officials are shooting for more support-role clarity and improved "right-sizing" of customer support plans with these latest moves. I'm not hearing that Microsoft will be doing any big layoffs as part of the changes. (There could be some separate, smaller layoffs, but these are due to the usual churn, not the dismissal of a large number of individuals associated with any given team...

Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

Image
  The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online. A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment. The attacker is giving companies two days to pay, and threatens to leak their data and then contact the victim's local General Data Protection Regulation (GDPR) enforcement authority to report their data leak. Attacks planting this ransom note (READ_ME_TO_RECOVER_YOUR_DATA) have been seen as early as April 2020. In a phone call,  Victor Gevers , a security researcher with the GDI Foundation, said initial attacks didn't include the data wiping step. The attacker kept connecting to the same database, leaving the ransom note,...

Facebook says many don't visit its platform with the intention of viewing news

Image
  It also says it is 'not healthy nor sustainable' to expect two private companies to be solely responsible for solving the challenges faced by the Australian media industry. The federal government is hoping to make tech giants such as Facebook and Google pay for Australian content if it is a source of profit, and the country's consumer watchdog is leading the charge on a mandatory code of conduct to address "bargaining power imbalances" between news media businesses and digital platforms. While Facebook doesn't agree that it possesses unequal bargaining power compared to some of the largest media companies in Australia, it said there is a level of merit in setting regulatory frameworks to provide confidence that it is contributing "appropriately" in the Australian news ecosystem. The social media giant used its submission to the Australian Competition and Consumer Commission's (ACCC)  Mandatory news media bargaining code Concepts paper  to say i...