Kategorie

Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates. [...]

Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. [...]

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...]

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. [...]

The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation."Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

In yet more top-level Apple news, Chief Operating Officer (COO) Jeff Williams plans to step down pending his retirement later this year. As expected, he will be replaced by existing Senior Vice President of Operations Sabih Khan.

The move cast shockwaves across the Apple-watching industry as Williams was widely expected to eventually replace Tim Cook as Apple CEO. The news doesn’t appear to have shocked Apple, however, which describes the retirement as part of a long-planned succession.

Supply and demand

The news is still significant, given the extent to which the company is embroiled in problems across its supply chain — principally from a US government committed to using blunt instruments in the form of tariffs to impact its business. 

Khan, who evidently helped drive Apple’s ongoing transition to internationalize its supply chain, takes a high-pressure position in which he must find some way to balance US nationalistic demands against the grim realities of the technology supply chain. Managing this correctly is of major importance to Apple.

To make sure Khan can focus on that task, Apple has changed some of the responsibilities he will face in his role. Along with his COO responsibilities, Williams also oversaw Apple’s design team, Apple Watch, and health initiatives. But that oversight is being shared elsewhere across the company’s top team, leaving Khan free to get business done. (The Apple design team — which currently reports to Williams — will report directly to Cook starting later this year, for example.)

What Apple said

Williams has been Cook’s right-hand man for decades. He helped build the incredibly complex Apple supply chain, capable of churning out millions of devices every year made using components from across the planet. He has made a huge contribution to every Apple product we use.

“Jeff (Williams) and I have worked alongside each other for as long as I can remember, and Apple wouldn’t be what it is without him. He’s helped to create one of the most respected global supply chains in the world; launched Apple Watch and overseen its development; architected Apple’s health strategy; and led our world-class team of designers with great wisdom, heart, and dedication,” said Cook. 

Who is Sabih Khan?

A 30-year Apple veteran, Khan became senior vice president for operations in 2019 and has been in charge of all aspects of Apple’s global supply chain for the past six years. Before joining Apple’s procurement group in 1995, Khan worked as an applications development engineer and key account technical leader at GE Plastics. 

“Sabih is a brilliant strategist who has been one of the central architects of Apple’s supply chain,” said Cook. “While overseeing Apple’s supply chain, he has helped pioneer new technologies in advanced manufacturing, overseen the expansion of Apple’s manufacturing footprint in the United States, and helped ensure that Apple can be nimble in response to global challenges. He has advanced our ambitious efforts in environmental sustainability, helping reduce Apple’s carbon footprint by more than 60 percent. Above all, Sabih leads with his heart and his values, and I know he will make an exceptional chief operating officer.”

“I’ve had the pleasure of working closely with Sabih for 27 years and I think he’s the most talented operations executive on the planet,” said Williams, the outgoing COO. “I have tremendous confidence in Apple’s future under his leadership in this role.”

Succession

Bloomberg‘s Mark Gurman reports that John Ternus, the senior hardware engineering chief, is now the most likely replacement for Cook once he retires. But Gurman speculates Ternus will handle Apple Watch hardware, with the operating systems and health software to be handled by Head of Software Engineering Craig Federighi and Fitness+ to become a part of Services.

That’s logical and sounds highly credible, though does call into question Apple’s ability to deliver the profoundly powerful health-related features we all think the company is working on.

This is unlikely to be the last planned transition from Apple’s top team, all of whom are about the same age.

The company must now figure out how to create a complex succession plan to create an executive team that spans numerous ages, as many of the leaders of its existing senior team inexorably head toward well-earned retirement. This sure has been a long week for Apple.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

**Microsoft uvolnil červencové servisní aktualizace pro Windows a spol. **Eliminují 140 zranitelných míst, ale také zlepšují Windows 11. **Rychleji rozbalují některé archivy, přidávají malé ikony na hlavním panelu.

Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. [...]

Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday. [...]

The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. [...]

MFA Authenticator apps aren't cutting it anymore. Attackers are bypassing legacy MFA with fake sites and real-time phishing. Token Ring and BioStick stop them cold—with fingerprint-bound hardware. Learn more from Token. [...]

A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. [...]

Linux admins, take a moment to breathe. We all know the mantra''full-disk encryption is the gold standard for safeguarding data at rest. But what if I told you there's a crack in the armor, lurking in the boot process itself? It's subtle, it's sneaky, but it's effective. A flaw in how Linux handles the early stages of booting can let an attacker sidestep your full-disk encryption and bring your system to its knees. No need for fancy malware or remote exploits''just a bit of physical access and a dash of clever manipulation.

If you're managing email infrastructure for a Linux-based environment, you've probably relied on Thunderbird at some point''or maybe you still do every day. It's the Swiss Army knife of open-source email clients: extensible, familiar, and built for the long haul. With Thunderbird 140 ESR now in the wild, it's time to take a closer look at what this release can offer, particularly in terms of security and stability, which are the bread and butter for folks running systems in enterprise or high-risk environments.

Ransomware is nothing new to us as Linux admins and infosec folks''it's pretty much part of the modern threat landscape now. But when I say "BERT ransomware," you may want to sit up and pay closer attention. Officially tracked as "Water Pombero" by Trend Micro, BERT isn't just another ransomware strain making a splash. It's a calculated, cross-platform threat that specifically hones in on both Windows and Linux systems. Oh, and for those of you running ESXi in your virtualized data centers? BERT has you in its crosshairs, too.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by usingRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at [email protected]

The Crowdstrike disaster in July 2024 gave Microsoft a black eye. How could third-party security software fail so spectacularly — to the point that millions of Windows PCs became unbootable unless system administrators physically fixed them in person? 

That’s the question Microsoft has been trying to answer with the Windows Resiliency Initiative, which is now bearing fruit. Beyond that, Microsoft has been implementing changes to make Windows more resilient in general, ensuring Windows PCs can fix themselves and another outage can’t wreak the same havoc Crowdstrike did.

With that in mind, let’s look at what Microsoft has in store for Windows 11 PCs. And, yes, this includes the end of the famous blue screen of death.

Want more Windows PC insights? Sign up for my free Windows Intelligence newsletter. I’ll send you free in-depth Windows Field Guides as a special welcome bonus!

The advent of hotpatching

Hotpatching, which is usually buried in talk about enterprise reliability, is one of the most interesting changes Microsoft has been working on — and while this change is currently aimed at enterprise users, it isn’t hard to imagine a version of it extending to regular PC users down the road. And it has the potential to affect how everyone uses Windows.

Despite the technical name, hotpatching is simple: When Windows downloads and installs the monthly security update, it can immediately apply the update without a reboot. 

The difference may seem subtle, since Windows 11 PCs could already install an update without a reboot. But previously the security fix wouldn’t take effect until after rebooting — something that many people delayed until it was more convenient for them, leaving their PC unprotected in the meantime. 

With hotpatching, it all happens automatically, eliminating the need to reboot for Windows updates. Perhaps you’ll still have to reboot once a year for the biggest update, but overall, your PC is going to be better protected than before.

A recent Microsoft blog post buries talk of hotpatching and instead discusses how only organizations running Windows 11 Enterprise can use hotpatching with the “Windows Autopatch” cloud service.

That’s true — this is first and foremost for IT departments with Windows 11 PCs. But as Microsoft continues working on the technology, it’s worth considering how easily this could expand beyond Enterprise versions of Windows at some point down the line. Imagine a future version of Windows — perhaps Windows 12? — where a headline feature was “no more rebooting for Windows Updates.” We might be closer to that than you think!

The self-healing PC

Quick Machine Recovery may be the best new Windows feature most people will never think about — even if they use it!

Windows has something called the Windows Recovery Environment, and Windows boots right to it if your PC can’t start properly —  often fixing common problems your PC faces. However, when CrowdStrike dragged down PCs across the world, the recovery environment couldn’t automatically fix it, forcing system administrators to manually fix each affected PC in person.

Quick Machine Recovery is designed to avoid situations like that by acting as a “self-healing” system of sorts for Windows computers. In short, it ensures that the recovery environment can get solutions to problems from the internet. Let’s say another antivirus program, a bad driver, or even a buggy Windows Update takes down PCs and the recovery environment can’t fix them. With this update, when in the recovery environment, your PC can connect to Microsoft’s server (over Wi-Fi or wired Ethernet) and download fixes directly from Microsoft. And if Microsoft spots a problem affecting a large number of PCs, it can address it preemptively without all the manual fixes that were needed during CrowdStrike.

The Windows Recovery Environment has been able to access the network for years — dating back to Windows 10 — but now Microsoft is putting that network access to better use.

The Windows Recovery Environment is getting a huge upgrade.

Chris Hoffman, Foundry

Microsoft says this will be available later in this summer. While enterprises can activate it on Windows 11 Professional and Enterprise, it’s also available on Windows 11 Home, where it’s turned on by default. It should help Windows silently recover from the worst errors without all the manual work.

The…black screen of death?!

Microsoft is about to end blue screen of death errors forever — by getting rid of the traditional blue screen. Instead, if your system encounters an unexpected failure and needs to restart, you’ll see a black screen of death instead. (Luckily, we’ll still be able to call them “BSODs.”)

The new black screen of death won’t show you a frowny face anymore.

Chris Hoffman, IDG

Surprisingly, this color swap isn’t just an aesthetic choice — it’s part of a “simplified user interface.” Instead of the large frowny face and scannable QR code that were ushered in with the Windows 8 BSOD (and that, by most counts, few people actually used), almost all that appears on the new black screen of death is the stop code and the explanation of what caused the problem — in short, the technical information that actually matters. This should make it easier for people to remotely troubleshoot systems without the clutter.

More importantly, Microsoft already did a lot of work with Windows 11’s 24H2 update on speeding up this reboot. According to the company, the crash dump collection process, which is how Microsoft captures pertinent crash information when your system blue-screens or black-screens, now takes about two seconds. With the reboot process faster than ever, the idea of whipping out your phone to scan a QR code seems quaint.

User-mode antivirus

More importantly, the biggest architectural change for Windows is getting antivirus and other security software out of the Windows kernel. This is why CrowdStrike’s disastrous update was so difficult to fix: Because the security software runs at such a low level in Windows, Windows couldn’t say “Oops, this didn’t work, let’s fix it” — instead, the whole system crashed.

When Microsoft was designing Windows Vista nearly 20 years ago, the company wanted to get security software out of the Windows kernel. But, with Microsoft starting to offer its own antivirus at the time, security companies argued it was being anti-competitive and would hurt their business. Stung by the US government going after it allegedly monopolizing the web browser market on Windows, Microsoft backed off and let security companies continue to integrate at a low level with Windows, despite tightening down other parts of the operating system.

With CrowdStrike’s explosion, though, Microsoft decided to take another crack at this. The result is the “Windows endpoint security platform,” which will arrive in private preview form for Microsoft’s antivirus partners this month. They’ll be able to create antivirus and endpoint security software that runs outside the Windows kernel, ensuring they won’t cause the operating system to fail if they encounter a problem. 

In other words, this is user-mode antivirus — antivirus software that runs as a normal process without getting its hooks into the Windows kernel in a way that can cause serious problems. 

This isn’t ready to go for regular PC users yet, but antivirus companies will be starting to work on software that takes advantage of it soon. And in a Microsoft blog post, the company provides quotes from a variety of companies like Bitdefender, Sophos, Trend Micro, and CrowdStrike itself about how excited they are to be partnering with Microsoft on this. Microsoft appears to be trying to move carefully so that it’s not seen as a monopolist — especially in case a security company comes after them, like back in 2006.

Overall, this is good news and should make Windows more reliable. It’s possible the reduced access to deep parts of Windows could make some security software less powerful. But, after the CrowdStrike disaster, it’s clear changes to Windows were needed — and should have been made long ago.

Protected print mode and driver cleanup

Speaking of the Windows kernel, many hardware drivers run in there, too. It was major news when USB showed up all those years ago and you could plug in a USB drive, keyboard, mouse, or another standard device and it would just work without needing to hunt down a hardware driver for each device. We take it for granted now, but imagine having to install SanDisk’s driver suite to copy files off a USB flash drive!

Printers never quite caught up, though. (That was a bigger problem than you might realize, since printer drivers have historically been a frequent source of security problems.)

That’s all starting to change. We’re in the middle of a big migration to a standard printer driver system, though it’s easy to miss it. Windows is currently in a hybrid mode where it accepts both traditional legacy printer drivers and modern printer drivers for Mopria-certified printers. You can activate Windows Protected Print mode under Settings > Bluetooth & devices > Printers & scanners on Windows 11. When you do, Windows will block the installation of older third-party drivers and force the usage of the “Windows modern print stack.” 

Windows protected print mode isn’t on by default yet, but it’s the future.

Chris Hoffman, Foundry

Microsoft is also starting to delete old legacy drivers from Windows Update — you can still install them if you want, but Windows Update won’t automatically download them on your PC when you plug in an old device. It looks like Microsoft is slowly cleaning up the hardware driver, which can only be good news for security and reliability. (Microsoft doesn’t mention this work as part of the Windows Resiliency Initiative, but it’s closely related.)

Encryption by default

Last but not least, disk encryption has always been a little confusing on Windows. Professional editions of Windows got access to full BitLocker drive encryption, while Home editions of Windows got access to the simplified BitLocker device encryption feature — but only if their hardware supported it.

Encryption is critical for data security, though — it’s the only thing that stops a thief, or anyone else who gets ahold of your laptop, from digging through all your personal documents. 

With Windows 11’s 24H2 update, released near the end of 2024, Microsoft lowered the hardware requirements and started activating BitLocker device encryption by default on new Windows 11 installations in more scenarios. It still requires you sign in with a Microsoft account — Microsoft will back up your BitLocker recovery key to your Microsoft account, ensuring Home users have a backup method if they lose their password.

While this also isn’t part of the resiliency initiative — at least, not officially — with more Windows 11 PCs using secure encryption for their storage, this definitely falls into the same general bucket. It’s important to note, though, that while you can poke around in Settings or Control Panel to see whether Windows is using encryption, Windows doesn’t normally call this out or warn you if your PC’s storage isn’t encrypted for some reason.

Windows often automatically encrypts the storage on new PCs.

Chris Hoffman, Foundry

AI features on Copilot+ PCs get a lot of hype, and it’s easy to drum up interest by showing off screenshots of new Start menu and taskbar designs. But these rarely-discussed, under-the-hood features that increase security and resiliency are what will ultimately make Windows better for everyone — both enterprises with fleets of PCs and the average user with a Windows 11 PC at home. It’s great to see Microsoft focusing on improvements like these.

Want to stay up to date on Windows? Sign up for my free Windows Intelligence newsletter. You’ll get free copies of Paul Thurrott’s Windows Field Guides as a bonus when you sign up, too!

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]