By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft has been warning us that this day would come. And now, it’s almost here. Windows 7 end of life lands on January 14, 2020. After that deadline, Windows users running older versions of the desktop operating system will face a difficult choice – cough-up for a hefty bill to upgrade to Windows 10 or brace themselves for some dangerous risks on their home PC. By ending support for the aging Windows 7 operating system, which was first launched back in July 2009, Microsoft will stop rolling-out updates with new features, security updates or protections against malware. That means any issues with the software – or any new vulnerabilities discovered by cybercriminals – can be leveraged from indefinitely. Less serious, perhaps – but this also means any annoying bugs or glitches that crop-up will also be immortalized in the operating system. If you’d like to benefit from the latest security protections and anti-virus solutions from Microsoft, you’ll have to update your machine to an operating system the Redmond-based company does support – namely, Windows 10. Although Microsoft has offered free upgrades to users running official versions of its operating systems in the past, that’s not possible at the moment. We’ve heard from a number of loyal readers who swear there are still ways to upgrade to Windows 10 from Windows 7 for free using tools provided by Microsoft, however representatives from Microsoft tell us that its no-cost upgrade offer expired on July 29, 2016, and there is no officially sanctioned way to update your machine without paying. The firm also says that for the vast majority of Windows 7 users, moving to a new device with Windows 10 preinstalled is the recommended path – not upgrading the operating system on the older hardware. "Today’s PCs are faster, lightweight yet powerful, and more secure, with an average price that’s considerably less than that of the average PC over nine years ago," Microsoft said in an email sent to us. If you’re still pretty fond of your old computer and don’t like the idea of upgrading the hardware simply to ensure that Microsoft supports the operating system that you’re using – it could be a costly update. Further details are posted on OUR FORUM.

Microsoft sued a cyber-espionage group with North Korean links tracked as Thallium for breaking into its customers' accounts and networks via spear-phishing attacks with the end goal of stealing sensitive information, as shown by a complaint unsealed on December 27. "To manage and direct Thallium, Defendants have established and operate a network of websites, domains, and computers on the Internet, which they use to target their victims, compromise their online accounts, infect their computing devices, compromise the security of their networks, and steal sensitive information from them," Microsoft's complaint says]. The lawsuit was filed by Microsoft on December 18 in the U.S. District Court for the Eastern District of Virginia, as first reported by Bloomberg Law's Blake Brittain. According to Microsoft, Thallium targets both public and private industry targets and it has been observed while previously attacking "government employees, organizations and individuals that work on Nuclear Proliferation issues, think tanks, university staff members, members of organizations that attempt to maintain world peace, human rights organizations, as well as many other organizations and individuals." The North Korean hackers are also believed to have been active since at least 2010 according to Redmond's complaint, and it is known for being behind spear-phishing attacks they operate via legitimate services such as Gmail, Yahoo, and Hotmail. A list of 50 domains used by Thallium in their attacks is available in Appendix A of Microsoft's complaint against the hacking group. Netscout's ATLAS Security Engineering & Response Team (ASERT) also tracks one of the North Korean hacking group's campaigns as STOLEN PENCIL. According to Netscout, the hackers' STOLEN PENCIL APT campaign has been targeting academic institutions since at least May 2018 in spear-phishing attacks with the end goal of stealing credentials. Based on several shared resources, Palo Alto Networks' Unit42 also linked Thallium's STOLEN PENCIL campaign with a malware dubbed BabyShark and delivered as part of a spear-phishing campaign focused "on gathering intelligence related to Northeast Asia’s national security issues," starting with November 2018. "Well-crafted spear-phishing emails and decoys suggest that the threat actor is well aware of the targets, and also closely monitors related community events to gather the latest intelligence," Unit42 said. Follow the link to OUR FORUM for more.

Microsoft is working on adding support to the Outlook on the web browser-based client for sending emails via alias email addresses (also known as aliases or proxy addresses). After the feature's release, Office 365 customers will be able to send messages via Outlook on the web using any previously set up alias besides their primary SMTP address. Email sender aliases support will prove useful for users who need to send emails from multiple branded domain names or on behalf of a specific company team or department. Having the choice to choose any alias available for their account will also remove the hassle of setting up shared Office 365 mailboxes or creating additional POP or IMAP accounts. "So to kick-off our journey to provide you and your users with the flexibility to send email using an alias, we're excited to announce that soon Outlook on the web (aka OWA) will natively support the ability to choose the sender or FROM from a drop-down list right within the compose pane," says the planned feature's Microsoft 365 roadmap entry. "And when the recipient receives that message, the FROM and REPLY TO will show that alias, regardless where the recipient's mailbox happens to live." This new feature designed to allow Office 365 customers to send email from proxy addresses (aliases) from Outlook on the web is currently under development, with Microsoft planning to make it generally available in all Exchange environments during Q4 2020. In related news, Microsoft is working on adding the highly popular Outlook for Windows Message Recall feature to the Exchange Online hosted cloud email service for businesses. Once it will roll out to all Office 365 environments during Q4 2020, the Message Recall feature will make it possible for users of Microsoft's cloud email to retrieve emails not yet opened by the recipients, regardless of the email client they use. Redmond is also planning to add protection against Reply-All email storms in Exchange Online sometime during Q3 2020, an issue impacting Office 365 members of improperly locked down email distribution lists. Reply-All storms (aka reply-allpocalypses) are huge chain reaction email sequences usually started by one of the members of a large email list who replies to the entire list using the "Reply All" feature. This can lead to accidental Distributed Denial of Service (DDoS) incidents that could take down some of the email servers used to deliver the numerous replies. Follow this and more on OUR FORUM.