The Malicious VPNs Google recently removed 3 VPNs from the Play Store after they were found to contain a malware dropper. The removed malicious VPNs are Cake VPN, Pacific VPN and eVPN, all Android VPNs. Furthermore, 6 utility apps were discovered that contained the dropper and were thus also removed from the Play Store. These apps were BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and Qrecorder. Researchers from the cybersecurity firm Check Point Research discovered the previously unknown dropper, nicknamed Clast82, on 27 January....

Microsoft says it created the term to describe an emerging category of malware spawned by the growing (but volatile) market capitalization of digital assets, aka cryptocurrency, which peaked at almost $3 trillion in 2021. Cryware is a type of info-stealer malware that targets online passwords stored in a browser but also seeks to harvest private keys from internet-connected cryptocurrency ‘hot wallets’ stored on a device (versus cold wallets that hold cryptocurrencies offline)....

McAfee worked with Peloton in March to fix the issue and Peloton has since released an update that solves the vulnerability. In a blog post, McAfee’s Advanced Threat Research team researchers Sam Quinn and Mark Bereza explained that the flaw was with the bike’s Android Verified Boot process, which they said was initially out of scope and left the Peloton vulnerable. Quinn and Bereza shared a video of their work demonstrating how they were able to bypass the Android Verified Boot process and compromise the Android OS....

Microsoft has just made its DirectStorage application programming interface (API) available to all PC games developers. It’s a new storage API that hails from Microsoft’s DirectX graphics card technologies. Microsoft promises the newly available DirectStorage software development kit (SDK) “begins a new era of fast load times” by letting developers use the latest storage devices, namely NVMe SSDs. SEE: Windows 11: Latest updates bring a wave of new features It’s part of the picture required for Microsoft to realize its plan to push PC gaming performance closer to the Xbox....

Update: A Microsoft spokesperson asked me to reword this last sentence as follows: “Microsoft will support Exchange 2016 and 2019 until October 14, 2025. And after October 14, 2025, only the next version of Exchange Server will be supported.” Officials said because of migration enhancements coming to Exchange Server 2019 (which I explain below), the tight support cut-off period between the support end-date and the new version introduction will be doable, in their view....

Ally.io’s OKR technology will become the core of a fifth Viva module over the next year, Microsoft officials said. Ally.io is designed to give employees visibility into a company’s strategic goals and work processes. Microsoft says it also plans to improve the integration between Ally.io’s technology and Teams and integrate it with Office, Power BI and the rest of the Microsoft 365 apps and services. Besides Teams, Ally.io’s OKR software already integrates with Asana, Jira, Tableau, Box, Slack and lots of other collaboration tools....

In January, the Biden Administration released its new cybersecurity strategy following President Biden’s May 2021 executive order (EO 14028), signed in the wake of the SolarWinds software supply chain attack and ransomware attacks on critical infrastructure like Colonial Pipeline. Core to that strategy are ‘zero trust’ architectures, for which US tech and cybersecurity vendors were canvassed for suggestions by the US National Institute of Standards and Technology (NIST), specifically about how to protect software supply chains from attack....

“If I had to encapsulate what I hear Satya Nadella say and others support at Envision it is that Microsoft is not going to be a software company per se any longer but a company that is devoted to being a critical part of the infrastructure of business via Azure and businesses via thoroughly contemporary versions of Office and various Dynamics applications - and that Dynamics would become a business solutions platform and Office a unified communications platform - all with the express purpose of providing those highly personalized outcomes that lead to major gains in productivity....

“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft said. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. “Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion....

Update on ProxyLogon Attacks This second wave of attacks on Microsoft Exchange email servers, which exploit the ProxyLogon vulnerabilities, began in February. However, these attacks have reportedly increased tenfold in the last week or so with at least 10 hacking groups involved in the exploits. Cybersecurity firm Check Point Research (CPR) reported that the number of attacks increased from 700 on 11 March to over 7,200 on 15 March. CPR’s report also states that the most targeted country is the US with 17% of all exploit attempts....

Also: Tech leaders sign petition to halt further AI developments Since then, the tech giant has worked to gradually expand its chat limit and the biggest limit yet is here. Last week, Bing Chat users began noticing that their chat and session limits had increased to 20 chats per session and 200 total chats per day. Also: ChatGPT vs Bing: Which is better? Michael Schechter, vice president, growth and distribution at Microsoft, confirmed via Twitter, that Microsoft was testing the increase over the weekend to see how things went....

The new feature is being tested now in the latest daily builds of Edge in the Canary Channel, according to The Verge. After enabling the experimental feature in Canary Edge, a split-screen icon is located to the right of the address bar. Clicking the icon splits the open tab into two equally-sized tabs, with the current window appearing on the left while the other window is populated by a grid of opened tabs as thumbnails....

Smiling while seething, for example. Then there’s pretending to focus when you’re half asleep, nodding on a Zoom call when you have no idea what’s being said, and knowing who to go to when you want to scream and be understood. There’s also another useful skill. Damage control. You often know when you’ve said or done something silly, ignorant, or plain offensive. But you believe you have time to fix it before it spirals beyond your pay grade and into an ether whose gases you don’t breathe....

According to The Verge’s sources at Microsoft, the company has been testing the new Teams client broadly within the company. Also: These people are switching to a four-day working week Microsoft hasn’t been secret about the fact it is building a Teams 2.0 app. The initiative has involved moving from Angular to the React JavaScript framework, and switching from Electron, the cross-platform desktop app development framework, to Edge’s WebView2. Over the past year, it’s revealed performance improvements across messaging, calling, and meetings....

ZeroOps is a NoOps variant. The name of the game here is to automate and abstract the underlying infrastructure, so programmers can focus on building code that can easily and transparently be moved from their desktops to production. The idea’s core is in amazee.io’s open-source project Lagoon. This is an Apache 2.0-licensed application delivery platform for cloud-native application deployment, management, security, and operation. As Franz Karlsberger, amazee.io’s CEO, explained in a press release, “We built amazee....

Mozilla VPN 2.7’s addition of multi-account containers will allow users to separate personal and work profiles as well as others for shopping, banking and more. The tool in Firefox allowed people to separate each profile into color-coded tabs and custom labels. “Combined with Mozilla’s VPN, it adds an extra layer of protection to their compartmentalized browsing activity, and additional safeguarding of their location information, as well,” a Mozilla spokesperson said....

“What we’re seeing in enterprises is an incredible proliferation of applications, deployment models, hybrid ecosystems being stood up everywhere,” Shaun Clowes, MuleSoft SVP Product Management, said to ZDNet. “People are managing workloads across their own on-prem data centers and multiple clouds. What they have is complex environments; they have data held in silos, an inability to even know what exists, how to take advantage of it, or whether it is safe and reliable....

A software vulnerability can lead to drastically different scenarios e.g depending on the scope of how it will be exploited by malicious actors. On multiple occasions, security flaws have cropped up which allow a cybercriminal to remote control a system by taking advantage of security gaps. Recently, in particular, a slew of these remote code execution vulnerabilities have been noted by security researchers. These flaws can also be discovered within any app, service, or software product and are in most cases patched (updated) without affecting too many users....