By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

One would be forgiven for thinking Microsoft just announced a $6000 computer and $1000 stand, as the company’s share price has surged 7% in the last 5 sessions according to Bloomberg, hitting its higher ever valuation in intra-day trades, and closing at above a $1 trillion valuation for the second time ever. Over the same period, Alphabet fell 3.5% and Facebook lost 2.9%.  While Apple rose 9%, this was 18.2% below their Oct. 3, 2018, record high. Microsoft is now worth more than $100 billion more than their nearest rival. As has become common, the results are speculated to be due to Microsoft’s limited involvement in the current hostile regulatory environment surrounding large tech companies and also their heavy involvement with enterprise services, which are less liable to be affected by economic downturns. “Management noted Microsoft is better positioned than ever to maintain wallet share of customers through an economic downturn, given the broader budget exposure beyond IT,” Piper Jaffray analyst Alex J. Zukin wrote in a June 5 note. “However, they indicated they were not seeing any signs of an economic slowdown nor any weakness in the economy.” Currently, 36 analysts have a buy rating for Microsoft with an average price target of $143 (7% up from the current close of $131.40), while one rate as hold and 2 recommend selling. “We continue to have a ‘buy it and forget it’ mentality on the stock right now as the company appears to be in midst of secular fundamental growth,” Zukin wrote. Continue following this by visiting OUR FORUM on a regular basis.

US officials and Microsoft executives say older versions of the programs may be vulnerable to malware. In the advisory, NSA officials said a flaw known as "BlueKeep" exists in past editions of Microsoft Windows. Last week Microsoft warned that "some older versions of Windows" could be vulnerable to cyber-attacks. "All customers on affected operating systems [Windows 7 and earlier] should update as soon as possible," said Microsoft. US officials said the "BlueKeep" flaw could leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments. They said ransomware can often be installed quickly, holding files hostage and demanding payment from individuals. The vulnerability in the older versions of Microsoft Windows wrote the International Computer Science Institute's Nicholas Weaver, means that bad actors could "gain complete control of the remote system". Updating systems, as the Microsoft executives explained, helps to protect computer users from these kinds of cyber-attacks. Recently a ransomware attack on the city of Baltimore disrupted municipal services, knocking city workers offline and making it harder for people to pay their traffic tickets and water bills. The New York Times has reported that the NSA knew about the system flaw, EternalBlue, but kept it secret for years. EternalBlue has been implicated in a range of cyber-attacks over the past three years, including the WannaCry assault that disrupted the UK's NHS. A senior NSA adviser, Rob Joyce, tweeted on his own account that some computer users could face a "significant risk" because of the vulnerabilities in the older versions of Microsoft Windows, but that they would be protected by updates. Read more of this warning on OUR FORUM.

The U.S. Justice Department has jurisdiction for a potential probe of Apple Inc as part of a broader review of whether technology giants are using their size to act in an anti-competitive manner, two sources told Reuters. The Justice Department’s Antitrust Division and the Federal Trade Commission (FTC) met in recent weeks and agreed to give the Justice Department the jurisdiction to undertake potential antitrust probes of Apple and Google, owned by Alphabet Inc, the sources said. The FTC was given jurisdiction to look at Amazon.com Inc and Facebook Inc, the sources said. The sources did not say what the government’s potential concern might be regarding Apple. Streaming music leader Spotify Technology SA and others have criticized the iPhone maker’s practices, describing the company as anti-competitive in a complaint to the European Union’s antitrust regulators. Central to Spotify’s complaint is a 30% fee Apple charges content-based service providers to use Apple’s in-app purchase system. Apple did not immediately respond to a request for comment. The company has defended its practices in the past, saying it only collects a commission if a good or service is sold through an app. “Our users trust Apple - and that trust is critical to how we operate a fair, competitive store for developer app distribution,” it has said previously. Stay abreast of these developments by visiting OUR FORUM on a regular basis.

A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form. Recently, we have seen quite a few interesting spam campaigns such as account cancellation notices and alerts about unusual volumes of file deletions. This campaign is just as interesting as it uses the subject line of "Notifications | undelivered emails to your inbox" and pretends to be a list of email being held on the server for you. This phishing email then prompts you to decide whether you want to delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on, you will be brought to a fake "Outlook Web App" landing page that asks you to enter your login credentials. Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date. Thankfully, unlike recent phishing landing pages hosted on Excel Online or Microsoft Azure, this phishing scam utilizes a landing page hosted on a hacked site. This makes it easier to detect as suspicious as the URL will not be the correct one for your email server. As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. If there is any doubt, always ask your system administrators. We have the text of the mail posted on OUR FORUM.

Microsoft’s Azure cloud services have become an attractive option for cybercriminals to store malicious content. From phishing templates to malware and command and control services, it seems that crooks found a new place for them. Just this month, BleepingComputer reported on two incidents related to malware on Azure. In one case there were about 200 websites showing tech-support scams that were hosted on the platform. Another article, published this week, informs of Azure being used of hosting a phishing template for Office 365. Being both products from Microsoft, the scam appears as a legitimate login request, increasing the success rate. It appears that these are not isolated incidents. Security researchers JayTHL and MalwareHunterTeam found malware on Azure and reported it to Microsoft on May 12. According to AppRiver cybersecurity company, the reported piece of malware along with other samples that were uploaded at a later time was still present on Microsoft’s Azure infrastructure on May 29. “It's evident that Azure is not currently detecting the malicious software residing on Microsoft's servers,” says David Pickett of AppRiver. One of the samples, ‘searchfile.exe,’ was indexed by VirusTotal scanning service on April 26, and Windows Defender detects it. The same goes for the malware found by the two researchers, ‘printer/prenter.exe,’ which is an uncompiled portable executable file, specifically so to avoid gateway and endpoint security solutions detecting it upon download. However, Windows Defender will kick in and block the malicious file when users try to download them on the machine. JayTHL details that the sample appears to be a simple agent that runs any command it receives from the command and control server. He determined that there could be as many as 90 bots under control if their ID numbers were generated in sequential order. Follow this security threat on OUR FORUM.

Microsoft has issued a second security warning over BlueKeep, a recently discovered vulnerability in its Remote Desktop Protocol service that could enable attackers to use a worm-like exploit to take over devices running unpatched older Windows operating systems. The software giant took the unusual step Thursday of issuing a second alert within a month concerning the BlueKeep flaw as security researchers expressed growing concerns that bad actors are rapidly developing exploits and that proof-of-concept code has already leaked online. In a new message, Simon Pope, director of incident response for the Microsoft Security Response Center, compared BlueKeep to EternalBlue, the Windows vulnerability that later opened the door to the WannaCry and NotPetya ransomware attacks of 2017. Pope warned that with reports of nearly 1 million Windows devices vulnerable to this flaw, security teams need to apply the patch that Microsoft issued with its first warning on May 14. "It's been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we're out of the woods," Pope warns. "If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner." The vulnerability affects only older versions of Microsoft's Windows operating system, some of which are no longer supported by the company. The flaw affects Windows XP, Windows 7, Windows 2003 and Windows Server 2008, the company notes. Newer versions of Windows, including Windows 8 and Windows 10, are not affected. Follow this on OUR FORUM.

 

GTranslate