Google was originally planning to get rid of third-party cookies in its browser by 2022, but that was later pushed back to 2023. That cookies deadline for Chrome is now being delayed to 2024. From a report: The Privacy Sandbox is Google's initiative to replace third-party cookies -- as well as cross-site tracking identifiers, fingerprinting, and other covert techniques -- once privacy-conscious alternatives are in place. Since then, Google has been working on new technologies for the past few years and more recently released trials in Chrome for developers to test. Citing "consistent feedback" from partners, Google is "expanding the testing windows for the Privacy Sandbox APIs before we disable third-party cookies in Chrome," with that phase out now set to begin in the second half of 2024.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. BleepingComputer reports: The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.

Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it "Luca Stealer," report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators.

The New York Times' product-recommendation service "Wirecutter" has sparked widening criticism about how laptops are reviewed. The technology/Apple blog Daring Fireball first complained that they "institutionally fetishize price over quality". That makes it all the more baffling that their recommended "Best Laptop" — not best Windows laptop, but best laptop, full stop — is a Dell XPS 13 that costs $1,340 but is slower and gets worse battery life (and has a lower-resolution display) than their "best Mac laptop", the $1,000 M1 MacBook Air.
Technically Dell's product won in a category titled "For most people: The best ultrabook" (and Wikipedia points out that ultrabook is, after all, "a marketing term, originated and trademarked by Intel.") But this leads blogger Jack Wellborn to an even larger question: why exactly do reviewers refuse to do a comparison between Wintel laptops and Apple's MacBooks? Is it that reviewers don't think they could fairly compare x86 and ARM laptops? It seems easy enough to me. Are they afraid that constantly showing MacBooks outperforming Wintel laptops will give the impression that they are in the bag for Apple? I don't see why. Facts are facts, and a lot of people need or want to buy a Windows laptop regardless. I can't help but wonder if, in the minds of many reviewers, MacBooks were PCs so long as they used Intel, and therefore they stopped being PCs once Apple switched to using their own silicon.
Saturday Daring Fireball responded with their own assessment. "Reviewers at ostensibly neutral publications are afraid that reiterating the plain truth about x86 vs. Apple silicon — that Apple silicon wins handily in both performance and efficiency — is not going to be popular with a large segment of their audience. Apple silicon is a profoundly inconvenient truth for many computer enthusiasts who do not like Macs, so they've gone into denial..."

Both bloggers cite as an example this review of Microsoft's Surface Laptop Go 2, which does begin by criticizing the device's old processor, its un-backlit keyboard, its small selection of ports, and its low-resolution touchscreen. But it ultimately concludes "Microsoft gets most of the important things right here, and there's no laptop in this price range that doesn't come with some kind of trade-off...." A crime of omission — or is the key phrase "in this price range"? (Which gets back to Daring Fireball's original complaint about "fetishizing price over quality.") Are Apple's new Silicon-powered laptops sometimes being left out of comparisons because they're more expensive?

In an update, Wellborn acknowledges that this alleged refusal-to-compare apparently actually precedes Apple's launch of its M1 chip. But he argues that now it's more important than ever to begin making those comparisons: It's a choice between a hot and noisy and/or slow PC laptop running Windows and a cool, silent, and fast MacBook. Most buyers don't know that choice now exists, and it's the reviewer's job to educate them. Excluding MacBooks from consideration does those buyers a considerable disservice.

"Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems," reports ZDNet: There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws.

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them... Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things.

ZDNet reports: Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed on the internet.

RDP remains the top method for initial access in ransomware deployments, with groups specializing in compromising RDP endpoints and selling them to others for access.

The new feature is rolling out to Windows 11 in a recent Insider test build, but the feature is also being backported to Windows 10 desktop and server, according to Dave Weston, vice president of OS Security and Enterprise at Microsoft. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks — this control will make brute forcing much harder which is awesome!," Weston tweeted.

Weston emphasized "default" because the policy is already an option in Windows 10 but isn't enabled by default. That's big news and is a parallel to Microsoft's default block on internet macros in Office on Windows devices, which is also a major avenue for malware attacks on Windows systems through email attachments and links.... The defaults will be visible in the Windows Local Computer Policy directory "Account Lockout Policy".

The default "account lockout duration" is 10 minutes; the "account lockout threshold" is set to a maximum of 10 invalid logon attempts; a setting to "allow administrator account lockout" is enabled; and the "reset account lockout counter after" setting is set to 10 minutes.

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data. The Verge reports: The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit's dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted. In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts. "To be honest, we're in somewhat of a state of shock," Strathdee said. "It's not a good feeling to be targeted, but the experts we've hired have identified what the threat is and are walking us through how to respond. Police are interested and have dedicated resources to the case ... there are people here working on it 24/7."

Strathdee said that after systems were locked, the town had received a ransom demand from the LockBit ransomware gang but had not paid anything to date. In general, the Canadian government's cybersecurity guidance discouraged the paying of ransoms, Strathdee said, but the town would follow the incident team's advice on how to engage further. Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Per LockBit's standard operating methods, the town was given a deadline by which to pay to have their systems unlocked or else see the data published online. The LockBit group has been responsible for 50 ransomware incidents in June 2022, "making it the most prolific global ransomware group," notes The Verge.

"In fact, St. Marys is the second small town to be targeted by LockBit in the space of just over a week: on July 14th, LockBit listed data from the town of Frederick, Colorado (population 15,000) as having been hacked, a claim that is currently under investigation by town officials."

We appear to be entering a period of Windows' development where we can expect new features and tweaks to come to the operating system several times a year. To that end, Microsoft continues to add, remove, and generally experiment with Windows 11's features and user interface via its Insider Preview channels. From a report: The most interesting addition we've seen in a while is rolling out to users on the experimental Dev Channel now: a modified version of the taskbar with much-improved handling of app icon overflow when users have too many apps open at once. Click an ellipsis button on your taskbar, and a new icon overflow menu opens up, allowing you to interact with any of those extra icons the same way you would if they were sitting on the taskbar. This would be a big improvement over the current overflow behavior, which devotes one icon's worth of space to show the icon for the app you last interacted with, leaving the rest inaccessible. That icon will continue to appear on the taskbar alongside the new ellipsis icon. Microsoft says that app icons in the overflow area will be able to show jump lists and other customizable shortcuts the same as any other app icon in the taskbar.

Microsoft is eliminating many open jobs, including in its Azure cloud business and its security software unit, as the economy continues to weaken. From a report: These hiring cuts will continue for the foreseeable future, Microsoft said, while declining to comment on which departments and businesses are affected. The company said it is honoring job offers that have already been made for open roles and will make some exceptions for critical jobs.

It's an expansion of a hiring slowdown disclosed in May, which mostly affected its Windows, Office and Teams groups. In June, Insider also reported cuts to new headcount in the security business. The latest slowdown, which was communicated by executives in the groups to their teams, impacts the company's cloud crown jewels -- a key source of growth and investor scrutiny -- as well as a newer priority area in security.

Microsoft is shifting to a new engineering schedule for Windows which will see the company return to a more traditional three-year release cycle for major versions of the Windows client, while simultaneously increasing the output of new features shipping to the current version of Windows on the market. Zac Bowden writes via Windows Central: The news comes just a year after the company announced it was moving to a yearly release cadence for new versions of Windows. According to my sources, Microsoft now intends to ship "major" versions of the Windows client every three years, with the next release currently scheduled for 2024, three years after Windows 11 shipped in 2021. This means that the originally planned 2023 client release of Windows (codenamed Sun Valley 3) has been scrapped, but that's not the end of the story. I'm told that with the move to this new development schedule, Microsoft is also planning to increase the output of new features rolling out to users on the latest version of Windows.

Starting with Windows 11 version 22H2 (Sun Valley 2), Microsoft is kicking off a new "Moments" engineering effort which is designed to allow the company to rollout new features and experiences at key points throughout the year, outside of major OS releases. I hear the company intends to ship new features to the in-market version of Windows every few months, up to four times a year, starting in 2023. Microsoft has already tested this system with the rollout of the Taskbar weather button on Windows 11 earlier this year. That same approach will be used for these Moments, where the company will group together a handful of new features that have been in testing with Insiders and roll them out to everyone on top the latest shipping release of Windows. Many of the features that were planned for the now-scrapped Sun Valley 3 client release will ship as part of one of these Moments on top of Sun Valley 2, instead of in a dedicated new release of the Windows client in the fall of 2023.

In March, Microsoft enabled audio CD playback in the new version of Media Player, something that the old version had supported for pretty much as long as it had existed. And now, Microsoft is rolling out support for CD ripping in the new version of Media Player, presumably so that we can all convert our old Weezer and Matchbox 20 CDs into files we can copy over to our iPods and Zunes. From a report: By default, CDs can be ripped to AAC files at constant bitrates ranging between 96 and 320kbps. The WMA, FLAC, and ALAC formats are also supported. MP3 support and variable bitrate support, two features that are still included in the "Media Player Legacy" app, are notably absent.

Google is releasing Chrome OS Flex today, a new version of Chrome OS that's designed for businesses and schools to install and run on old PCs and Macs. From a report: Google first started testing Chrome OS Flex earlier this year in an early access preview, and the company has now resolved 600 bugs to roll out Flex to businesses and schools today. Chrome OS Flex is designed primarily for businesses running old Windows PCs, as Google has been testing and verifying devices from Acer, Asus, Dell, HP, Lenovo, LG, Toshiba, and many more OEMs. Flex will even run on some old Macs, including some 10-year-old MacBooks. The support of old hardware is the big selling point of Chrome OS Flex, as businesses don't have to ditch existing hardware to get the latest modern operating system. More than 400 devices are certified to work, and installation is as easy as using a USB drive to install Chrome OS Flex.

Law students getting ready to take the Bar exam digitally may run into a serious issue: one of the nation's most frequently-used test-taking software packages, Examplify, is incompatible with Intel's latest generation of processors. From a report: In a notice to users, ExamSoft, the company that owns Examplify, writes that 12th Gen Intel processors aren't compatible with its software. "New Windows devices containing the Intel 12th generation chipset are triggering Examplify's automatic virtual machine check," Examplify's notice reads. "These are NOT currently supported. Therefore, they cannot be used for the upcoming July 2022 bar exam." One user drew attention to the issue in a post on Twitter, and included a screencap of what appears to be a notice given to Bar applicants.

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability. Ars Technica reports: Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they're about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled. [...] The ETH Zurich researchers have conclusively shown that retpoline is insufficient for preventing speculative execution attacks. Their Retbleed proof-of-concept works against Intel CPUs with the Kaby Lake and Coffee Lake microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

In response to the research, both Intel and AMD advised customers to adopt new mitigations that the researchers said will add as much as 28 percent more overhead to operations. [...] Both Intel and AMD have responded with advisories. Intel has confirmed that the vulnerability exists on Skylake-generation processors that don't have a protection known as enhanced Indirect Branch Restricted Speculation (eIBRS) in place. "Intel has worked with the Linux community and VMM vendors to provide customers with software mitigation guidance which should be available on or around today's public disclosure date," Intel wrote in a blog post. "Note that Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment." AMD, meanwhile, has also published guidance. "As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks," a spokesman wrote in an email. The company has also published a whitepaper.

[Research Kaveh Razavi added:] "Retbleed is more than just a retpoline bypass on Intel, specially on AMD machines. AMD is in fact going to release a white paper introducing Branch Type Confusion based on Retbleed. Essentially, Retbleed is making AMD CPUs confuse return instructions with indirect branches. This makes exploitation of returns very trivial on AMD CPUs." The mitigations will come at a cost that the researchers measured to be between 12 percent and 28 percent more computational overhead. Organizations that rely on affected CPUs should carefully read the publications from the researchers, Intel, and AMD and be sure to follow the mitigation guidance.

Microsoft today became the latest Big Tech company to cut jobs during a period of mounting economic uncertainty. Bloomberg reports that the Redmond firm is "realigning business groups and roles" after the close of its fiscal year (on June 30), even as the company intends to grow its headcount in the coming months. From a report: The layoffs reportedly affect less than 1% of Microsoft's 180,000-person workforce and follow no clear pattern with respect to geography or product division, touching on teams including customer and partner solutions and consulting. They come after Microsoft slowed hiring in the Windows, Teams, and Office groups while assuring that recruitment hadn't been affected by industry headwinds. "Today we had a small number of role eliminations. Like all companies, we evaluate our business priorities on a regular basis, and make structural adjustments accordingly," Microsoft told Bloomberg in an emailed statement. "We will continue to invest in our business and grow headcount overall in the year ahead." Microsoft reported strong earnings in Q3, with a 26% year-over-year increase in cloud revenue and overall revenue of $49.4 billion. But in early June, the company revised its Q4 revenue and earnings guidance downward, citing the impact of foreign exchange fluctuations.

Alex Battaglia from the YouTube channel "Digital Foundry" was able to use the "RetroArch" software emulator to run Windows 98 on the Xbox Series X, along with several PC games of the era. "Technically, you're supposed to be an Xbox developer to access this, and you will need to sign up to the paid Microsoft Partner program and turn on 'Developer Mode' for your system to activate it," notes Pure Xbox. "In DF's case, rather than directly playing emulated games through RetroArch, they used the program to install Windows 98 software." From the report: Beyond the novelty of actually booting up Win98 on a modern console the channel then decided to test out some games, running through the older version of Windows. Playthroughs of Turok, Command & Conquer, Quake 2 and more were all pretty successful, although the act of loading them onto the software requires a bit of messing about (you have to create ISO files and transfer them over -- sadly, Xbox's disc drive can't read the original discs). Of course, this wouldn't be a Digital Foundry video without some performance comparisons, so the team did just that. The video compares hardware of the era with Xbox Series X's emulation, and while the console often lags behind due to the fact that it's literally emulating an entire version of Windows, and then a game on top of that, it fares pretty well overall. You can watch Digital Foundry's video here.

From the world of proprietary software comes this report by Popular Science. "Despite the increasing number of more economical options (read also: free) on the market, many people still prefer Microsoft Office over the alternatives available..."

"The only setback? A license can be expensive, especially if you're the one shouldering the fees instead of your company. If you wish to have access to the suite for personal use, you either have to pay recurring fees for a subscription or cough up hundreds in one go for an annual license."

Sounds pretty rough. But through Thursday they're at least getting a temporary price drop: If none of these options appeal to you, maybe this Microsoft Office Home and Business: Lifetime License deal can. For our Deals Day sale, you can grab it on sale for only $39.99 — no coupon needed. This bundle is designed for families, students, and small businesses who want unlimited access to MS Office apps and email without breaking the bank. The license package includes programs you already likely use on the regular, including Word, Excel, PowerPoint, Outlook, Teams, and OneNote.

Upon purchase, you get access to your software license keys and download links instantly. You also get free updates for life across all programs, along with free customer service that offers the best support in case any of the apps run into trouble. The best part? You only have to pay once and you're set for life. The Microsoft Office Home and Business: Lifetime License normally goes for $349, but from today until July 14, you can get it for only $39.99 thanks to the special Deals Day event. Click here for Mac and here for Windows.

Microsoft has "delayed enforcement" of what could be a controversial policy change, according to the Software Freedom Conservancy: A few weeks ago, Microsoft quietly updated its Microsoft [app] Store Policies, adding new policies (which go into effect next week), that include this text:

all pricing ... must ... [n]ot attempt to profit from open-source or other software that is otherwise generally available for free [meaning, in price, not freedom].

Wednesday, a number of Microsoft Store users discovered this and started asking questions. Quickly, those of us (including our own organization) that provide Free and Open Source Software (FOSS) via the Microsoft Store started asking our own questions too.... Since all (legitimate) FOSS is already available (at least in source code form) somewhere "for free" (as in "free beer"), this term (when enacted) will apply to all FOSS...

Sadly, these days, companies like Microsoft have set up these app stores as gatekeepers of the software industry. The primary way that commercial software distributors reach their customers (or non-profit software distributors reach their donors) is via app stores. Microsoft has closed its iron grasp on the distribution chain of software (again) — to squeeze FOSS from the marketplace. If successful, even app store users will come to believe that the only legitimate FOSS is non-commercial FOSS. This is first and foremost an affront to all efforts to make a living writing open source software. This is not a merely hypothetical consideration. Already many developers support their FOSS development (legitimately so, at least under the FOSS licenses themselves) through app store deployments that Microsoft recently forbid in their Store....

Microsoft counter-argues that this is about curating content for customers and/or limiting FOSS selling to the (mythical) "One True Developer". But, even a redrafted policy (that Giorgio Sardo [General Manager of Apps at Microsoft] hinted at publicly early Thursday) will mandate only toxic business models for FOSS (such as demo-ware, less-featureful versions available as FOSS, while the full-featured proprietary version is available for a charge).
The Conservancy argues that FOSS "was designed specifically to allow both the original developers and downstream redistributors to profit fairly from the act of convenient redistribution (such as on app stores)." But it also speculates about the sincerity of Microsoft's intentions. "We're cognizant that Microsoft probably planned all this, anyway — including the community outrage followed by their usual political theater of feigned magnanimity."

The Conservancy's post Thursday received an update Friday about Microsoft's coming policy update: After we and others pointed out this problem, a Microsoft employee claimed via Twitter that they would "delay enforcement" of their new anti-FOSS regulation [giving as their reason that "it could be perceived differently than intended."]

We do hope Microsoft will ultimately rectify the matter, and look forward to the change they intend to enact later. Twitter is a reasonable place to promote such a change once it's made, but an indication of non-enforcement by one executive on their personal account is a suboptimal approach. This is a precarious situation for FOSS projects who currently raise funds on the Microsoft Store; they deserve a definitive answer.

Given the tight timetable (just five days!) until the problematic policy actually does go into effect, we call on Microsoft to officially publish a corrected policy now that addresses this point and move the roll-out date at least two months into the future. (We suggest September 16, 2022.) This will allow FOSS projects to digest the new policy with a reasonable amount of time, and give Microsoft time to receive feedback from the impacted projects and FOSS experts.

System76, the Colorado-based Linux laptop, desktop, and server specialist, has announced a new highly portable laptop with an Intel Alder Lake processor inside. Tom's Hardware reports: The new Lemur Pro(opens in new tab) is a "lighter than Air" 14-inch form factor laptop with excellent battery life and attractions such as open firmware (powered by Coreboot) and a 180-degree hinge. In addition, buyers can choose to go with Pop!_OS 22.04 LTS or Ubuntu 22.04 LTS pre-installed. The new Lemur Pro has many attractive modern features you might see advertised in many rival mainstream thin and light designs. However, the special sauce here is the "System76 Open Firmware with Coreboot." Coreboot, known initially as LinuxBIOS, is significant as it is an open-source BIOS implementation embraced by Linux users. It is lightweight, flexible, and feature-rich. [...]

System76 has designed the Lemur Pro with monitor-based docking in mind. It envisions users connecting to a big screen using the USB-C connection to benefit from the more expansive workspace and laptop charging. Like Windows, Linux had to have some serious tinkering under the hood to prepare for the mix of Performance and Efficiency cores in Alder Lake chips. However, rest assured, efficient hybrid scheduling is taken care of with the two OS options that can be pre-installed on the Lemur Pro.

System76 allows customers to configure and buy Lemur Pro laptops right now. There are many RAM and storage configurations to pick through, and you can add external keyboards and monitors to the bundle. The entry price with an Intel Core i5-1235U, 8GB RAM, 240GB of storage, and no extras is $1,149. However, the Core i7-1255U model is a bit of a stretch, adding $200 to the base price for the faster CPU clocks.

As noted by a Reddit user and confirmed by Ars Technica, Microsoft's xCloud game streaming looks noticeable worse when running on Linux than Windows. From the report: With the Linux User-Agent, edges are generally less sharp and colors are a little more washed out. The difference is even more apparent if you zoom in on the Forza logo and menu text, which shows a significant reduction in clarity. Interestingly, the dip in quality seems to go away if you enable "Clarity Boost, an Edge-exclusive feature that "provid[es] the optimal look and feel while playing Xbox games from the cloud," according to Microsoft. That's great for Linux users who switched over to Microsoft Edge when it launched on Linux last November. But Linux users who stick with Firefox, Chrome, or other browsers are currently stuck with apparently reduced streaming quality.

That Linux quality dip has led some to speculate that Microsoft is trying to reserve the best xCloud streaming performance for Windows machines in an attempt to attract more users to its own operating system. But using a Macintosh User-Agent string provides streaming performance similar to that on Windows, which would seem to be a big omission if that theory were true. Microsoft also hasn't published any kind of "best on Windows"-style marketing in promoting xCloud streaming, which would seemingly be a key component of trying to attract new Windows users. (The quality difference could be a roundabout attempt to get Linux users to switch to the Edge browser, where Clarity Boost offers the best possible quality. But that still wouldn't fully explain why Windows users on other browsers, without Clarity Boost, also get better streaming quality than their Linux brethren.)

Others have suggested that the downgrade could simply be a bug caused by Microsoft's naive parsing of the User-Agent strings. That's because the User-Agent strings for Android browsers generally identify themselves as some version of Linux ("Linux; Android 11; HD1905," for example). Microsoft's xCloud code might simply see the "Linux" in that string, assume the user is running Android, then automatically throttle the streaming quality to account for the (presumably) reduced screen size of an Android phone or tablet.

"Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors," reports BleepingComputer.

The "Raspberry Robin" malware (first spotted in September) spreads through USB devices with a malicious .LNK file Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims' networks. This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools. Microsoft shared this info in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers and seen by BleepingComputer....

Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd .exe to launch a malicious file stored on the infected drive. It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads...

Microsoft has tagged this campaign as high-risk, given that the attackers could download and deploy additional malware within the victims' networks and escalate their privileges at any time.