The first report about the attacks came from antivirus vendor McAfee after the company’s researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”
The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.
When the rogue documents used in this attack are opened, they reach out to an external server and download an HTA (HTML Application) file that contains malicious VBScript code. The HTA file is disguised as an RTF (Rich Text Format) document and is automatically executed.
“The successful exploit closes the bait Word document, and pops up a fake one to show the victim,” the McAfee researchers said. “In the background, the malware has already been stealthily installed on the victim’s system.”
By searching back through its data, McAfee has tracked down attacks exploiting this vulnerability to late January.
Following McAfee’s report, security researchers from FireEye also confirmed that they’ve been aware of these attacks and exploit for several weeks and have coordinated disclosure with Microsoft.
According to FireEye, the malicious Word documents are sent as email attachments. The company hasn’t provided examples of the malicious emails, but because this is a previously undisclosed, zero-day vulnerability, the attacks are likely targeted toward a limited number of victims.
Both McAfee and FireEye noted that the exploit can bypass most memory-based mitigations included in Windows. That’s because the vulnerability is a logic bug rather than a programming error.
Microsoft is scheduled to release its monthly security updates on Tuesday, but it’s not clear if a patch for this vulnerability will be included. The company did not immediately respond to a request for comment.
In the meantime, users should be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.
On average, the price of PCs and phones will go up by 2 percent this year, Gartner said in a research report released on Thursday. The calculations are based on U.S. dollars and average market sizes.
Breaking down those numbers, PC prices are expected to go up 1.4 percent this year, while mobile phone prices will go up 4.3 percent.
The price increases are largely due to the rising prices of components. Also, more users are upgrading to more expensive and feature-rich mobile handsets.
The days of users preferring to buy the cheapest products are gone, said Ranjit Atwal, research director at Gartner.
Buyers are less price sensitive and are instead buying devices “that suit their lifestyles,” Atwal said.
Gartner’s forecast is in line with a projection in February by Lenovo’s chief operating officer, Gianfranco Lanci, who said PC prices would go up this year due to a shortage of DRAM, SSDs, batteries and LCDs.
The cost of components like NAND flash have doubled since June, Gartner said.
The overall cost of purchasing components is going up. Moreover, millennials are willing to spend more on devices.
This year is expected to be big for smartphones. Samsung launched the Galaxy S8 smartphones, and Apple is expected to launch its 10th anniversary iPhone later this year. Premium-priced smartphones will go up by roughly 4 percent, Gartner said.
Android phones will suffer the most from the price increases. In emerging markets like China and India, Android phones are popular because of their affordability, but prices are also going up in those countries.
High-end Android smartphones offer more differentiation on features than generic low-end phones, giving a reason for buyers to spend a bit more to upgrade.
A good barometer for mobile phone pricing is the Chinese market. Global pricing of Chinese-branded smartphones will go up to RMB 2,000 (US$290) by the end of this year from RMB 1,700 (US$246) at the end of last year, analyst firm Trendforce said last month. That’s partly because NAND flash supply is tightening.
According to Gartner, smartphone shipments worldwide this year will total 1.9 billion units, up from 1.89 billion last year.
The PC market has slowed and is being driven by high-priced gaming PCs and 2-in-1s. Buyers of those PCs are willing to spend more money on their computers.
That trend is changing the types of computers shipped by PC makers, which are focused on selling higher-priced products that can deliver larger profit margins.
Low-end laptops and desktops will remain available, but PC makers like Dell and HP are slimming down those offerings. Low-cost laptops like Chromebooks typically have aging components, little storage, low-resolution webcams and limited memory.
Gartner estimates 426 million computing devices, including PCs and tablets, will ship this year, dropping from 439 million last year. PC shipments will total 265 million this year, dropping from 270 million last year. Shipment of tablet devices like the iPad will total 161 million, dropping from 169 million last year, the analyst group predicted.
Google is plans on funding another massive undersea fiber-optic cable as a part of its plans to build out network connectivity around the world. The company announced that it is investing in a project called Indigo, which will connect Jakarta, Singapore, Perth and Sydney to one another.
The cable will run for approximately 9,000 kilometers (almost 5,600 miles) and provide a capacity of roughly 18Tbps (bits per second). It’s being built to bring users more connectivity in a region that has growing internet needs.
Google has now invested in five submarine cables in the Asia-Pacific region and seven overall. By investing in these cables, the company hopes to better compete with other cloud providers and consumer internet companies.
Alcatel Submarine Networks will build the cable, and Google expects it to be finished by the middle of 2019. Other Indigo investors include cable company SubPartners and ISPs AARNet, Indosat Ooredoo, Singtel and Telstra.
Only Google and the other investors will be able to use Indigo, though Singtel and Telstra will be able to sell capacity to their customers as part of their telecom businesses.
Google and other users of the cable will be able to expand its capacity with future technology to keep up with growing needs. Indigo has two fiber pairs, one-third as many as the trans-Pacific FASTER cable turned on last year, where Google was also an investor.
Interestingly, Indigo’s roughly 9,000-kilometer run puts it on par with the length of FASTER. It’s that long partly because of the curving path it needs to take to connect the four cities along its length.
Twitter Inc is launching a more streamlined and faster version of its mobile service geared towards people with sporadic connections or little data on their smartphone plans, hoping to pick up users in harder-to-reach emerging markets.
The company calls the version Twitter Lite and it will be aimed largely at users outside the United States. Twitter Lite works through a web browser, not a stand-alone phone application, but its appearance and functionality are nearly identical to what app users experience, according to a preview shown to Reuters.
The launch comes on the heels of similar products from other U.S. tech firms. Facebook Inc released Facebook Lite in 2015 and on Tuesday, Alphabet Inc’s YouTube unveiled a low-data mobile app designed for India.
San Francisco-based Twitter lags behind those companies in building a user base. It had 319 million average monthly active users at the end of last year, up 4 percent year-over-year but still a fraction of Facebook’s 1.9 billion users.
A primary reason in some parts of the world is how much data its app and earlier website consumed, Keith Coleman, Twitter’s vice president of product, said in an interview.
“We didn’t feel like we were reaching these other countries well enough, and this will allow us to do it faster, cheaper and with a better experience than we’ve had before,” he said.
The company estimates that, with several changes it is making to its mobile website, mobile.twitter.com, users will see their average data consumption on the browser version go down 40 percent.
With an additional data-saving feature users can turn on, data consumption will drop some 70 percent on average, said Patrick Traughber, a Twitter product manager. The reduction will come from differences such as initially displaying previews of pictures instead of full pictures.
Parents with children who racked up bills, sometimes huge, through in-app purchases will receive some or all of that money back. Amazon could have to refund more than $70 million to affected consumers, according to the U.S. Federal Trade Commission.
The FTC and Amazon have agreed to end their legal battle over whether the U.S. company unlawfully charged its customers for the purchases.
A year ago, a court found that Amazon had.
The company’s app store can be downloaded to Android devices and it runs on certain Kindle tablets. However, parents had complained that Amazon’s system had made it all too easy for their children to buy virtual items in the apps, without their consent.
Both the FTC and Amazon had filed appeals related to the case, but on Tuesday, they dropped them. That opens the way for the refund process to begin shortly, according to the FTC.
More than $70 million in in-app charges made from 2011 to 2016 may be eligible for refunds, the U.S. regulator said.
Amazon didn’t immediately respond to a request for comment, so it’s unclear how the company will reimburse its customers. Amazon had taken a 30 percent cut from the in-app purchases, according to the FTC.
In 2014, Apple and Google settled similar cases over in-app purchases with the FTC, which resulted in a combined $51 million in refunds to customers.
In Apple’s case, the company emailed and sent postcards to every customer who might have been affected. Apple eventually received 37,000 claims, and made refunds to them all.
Opera Software is boasting that the number of new U.S. users of its browser has more than doubled days after Congress voted to repeal restrictions on broadband providers eager to sell customers’ surfing history.
Opera debuted a VPN — virtual private network — a year ago, and finalized the feature in September. A VPN disguises the actual IP address of the user, effectively anonymizing the browsing, and encrypts the data transmitted to and from sites, creating a secure “tunnel” to the destination.
By using a VPN, U.S. users block their Internet service providers (ISPs) from recording their online activity.
“The average number of daily new Opera users in the U.S. has more than doubled since Congress decided to repeal certain internet privacy protections last Tuesday,” claimed the company in a statement. As support, it offered a graph illustrating a 109% increase in new U.S. users from March 28 to March 30.
“We integrated a free, no-log VPN directly into the browser to bring everyone, not just savvy users, a simple tool for protecting their privacy,” Krystian Kolondra, the head of engineering for the desktop version of Opera, said in a statement. “The usage statistics for the past few days show that users are becoming even more conscious about their potential privacy issues when online.”
VPNs have been a hot topic since March 28, when the U.S. House of Representatives followed the Senate to overturn privacy rules that the Federal Communications Commission (FCC) passed last year. By repealing the rules — which had not taken effect — Congress allowed broadband providers to sell recorded customer data, including browsing history, location, even what apps had been used, without customer consent.
Opera’s claim of more new users, however, was not confirmed by browser activity tracking, including the numbers posted daily by Irish analytics company StatCounter.
According to StatCounter, which measures what Computerworld calls usage share, Opera accounted for 0.72% of all browsing in the U.S. during a five-day stretch from March 29 to April 2. But the usage share for the preceding five-day spans in March — from a Wednesday to the following Sunday — were little different: They ranged from 0.74% to 0.76%.
The chip maker has divested its majority holdings in McAfee to investment firm TPG for $3.1 billion.
McAfee will now again become a standalone security company, but Intel will retain a minority 49 percent stake. The chip maker will focus internal operations on hardware-level security.
For Intel, dumping majority ownership in McAfee amounts to a loss. It spent $7.68 billion to acquire McAfee in 2010, which was a head-scratcher at the time. Intel’s McAfee acquisition will stand as one of the company’s worst acquisitions.
The chip maker had the right idea when it acquired McAfee — to add layers of security to hardware and components. Intel embedded McAfee technology in firmware at the PC and server chip level, and developed security management tools.
McAfee technology was also used in hardware using real-time operating systems. However, McAfee had few ties to Intel’s core hardware strategy.
Intel was running a parallel hardware security strategy that had little to do with McAfee, which was renamed Intel Security. The chip maker was developing trusted boot systems and partnering with other companies on server security and secure payments.
The McAfee acquisition gave Intel deep insight into the security arena, said Doug Fisher, senior vice president and general manager of the Software and Services Group at Intel.
Separating the companies will put McAfee in a better position to grow in the software area, which is its core competency, Fisher said. It also leaves Intel in a better position to grow in hardware-level security at the chip and firmware levels, he added.
Intel’s focus will be on putting instructions and hooks on its silicon to protect users. It is already providing secure areas in its chips where user authentication data can be stored. For example, its SGX (Software Guard Extensions) feature can authenticate users so content providers can stream 4K video to authorized PCs. It wants to use similar features to ensure secure payments from PCs.
Security is also a big concern in IoT devices, but Intel will rely on partnerships. Intel is a member of Open Connectivity Foundation, and will work with industry partners to develop IoTivity protocols, which aim for secure connectivity between devices with multiple OSes and wireless technologies.
Intel also is expanding into self-driving cars, where security is a big consideration. Hacking into the software controls of a self-driving car could be disastrous, and Intel is putting supercomputers in vehicles that will need to be secured.
Another area of focus is the ability to securely deliver over-the-air updates to self driving cars, Fisher said.
Intel will deliver a reference architecture to harden edge devices and gateways for automobile security. There will also be automobile security standards that could protect self-driving cars from hacks, Fisher said.
VR is still in its infancy, and so are the security considerations. In virtual worlds, security could be much like it is in the real world, where certain virtual areas are cordoned off from unauthorized users. Also, Intel wants to cut the cord from VR headsets with secure wireless connections to PCs, Fisher said.
The fate of some products like True Key — which allows users to log into Windows PCs via biometric authentication — are not yet known. True Key is a competitor to Microsoft’s Windows Hello. Intel will also work with Microsoft to promote Windows Hello.
Before we tell you how well Snapdragon 835 benchmarked we wanted to share one more important thing. The 10nm chip really stays cool even after five runs of the same benchmark. Some of its competitors will fail significantly after five runs.
Qualcomm gave us access to a Mobile Development Platform (MDP), which can be seen as a demo device, or a prototype of an actual phone based on the Snapdragon 835 SoC. This “phone” comes with 6GB of LP-DDR4 RAM, 64 GB storage, a 5.5-inch 2560×1440 display, and a 2850 mAh battery. We tested a few benchmarks and we were not surprised to see that the Snapdragon 835 defeats the Snapdragon 821 based Google Pixel and some of its heavyweight competitors, including the brand new Kirin 960 based P10 or the Exynos 8890 based Galaxy S7.
It is a well-known fact that when running benchmarks, phones get hot and after every single run, you score a bit lower result. This happens due to the heat and the chip has to downclock its CPU and GPU in order to keep the chip health in place.
We decided to try to test AnTuTu 6 exactly five times to see if the score would dramatically change. The first run was, as expected, the fastest. We scored 182395 which is the fastest score we’ve ever seen on an Android phone.
The second run was slightly slower with 181608 followed by 181596, an almost identical score. The fourth time we managed to score 181104 and the last time we got 179657.
Huawei P10 scored 140011 on the first run and only 131313 on the second run, while it dropped sharply to 117119 on the third run. On the fourth run, we got an almost identical score to the third attempt, which proved our point that SoCs such as the Kirin 960 will throttle when it gets hot. The fifth time we got 116236, which is around 17 percent slower than the first score.
Google Pixel scored 142607 on the first run, followed by 141823. The third run, with 141421, was quite impressive and even on the fourth run the Snapdragon 821 based Google Pixel XL scored 139658. So you see that a Snapdragon 821 based phone holds out quite well in this benchmark, where the fifth score deviated only slightly from the first one. The fifth score we got with the Pixel was 2.3 percent slower than the first, again proving that this SoC doesn’t really throttle.
If you do the math, Snapdragon 835 makes 1.5 percent difference between the first and the fifth run, which is quite a great achievement. Bear in mind that Antutu 6 runs both CPU and GPU extensively and that it takes a few minutes to finish.
The phone was never hot, and we could not see any signs of overheating to the level that would jeopardize performance and force the chip to throttle down.
There are many factors that should be taken into account, eight Cores based on Kryo 280 custom architecture, powerful Adreno 540 GPU powered by fast memory controller, LP DDR 4 memory and fast storage.
The benchmark didn’t test GigabitLTE – yes this is the first device that we had the chance to play with that supports GigabitLTE. This is not all, as the Snapdragon 835 also supported 2×2 866 Mbps Wi-Fi, but we will talk about this some other time.
One more thing, the Snapdragon 835 powered (MDP) phone performed faster and needed less power too.
The information included names, addresses, email addresses, phone numbers and employment backgrounds of candidates who applied online for jobs at McDonald’s Canada restaurants between March 2014 and March 2017.
The careers website was shut down after McDonald’s learned of the attack, and will remain closed until an ongoing investigation is complete, the unit said.
The company said it currently had no evidence that the information taken had been misused.
McDonald’s Canada said its job application forms do not ask for sensitive personal information such as social insurance numbers, banking or health information.
McDonald’s said earlier this month its official Twitter handle was compromised after a tweet sent from the account slammed U.S. President Donald Trump.
The move comes just days after larger rival Facebook Inc stepped up efforts to encourage users to take more photos and edit them with digital stickers that show the influence of Snapchat.
Snapchat will enable users to search for photos and videos known as “Snaps” posted to the “Our Story” option on the app, by creating new “Stories” using machine learning technology, the company said in a blog post.
The “Our Story” option is derived from Snap’s widely-copied “Stories” feature that is a slideshow of user content that disappears after 24 hours.
“Our Story” allows users to post their Snaps as part of a larger public collection, which users will be able to search through with the latest update.
For instance, users can use the search feature to find “Snaps” related to events such as local basketball games and topics such as puppies.
The search feature, which will be rolled out in some cities starting Friday, is an addition to curated “Stories”, where public “Snaps” about major events like Wimbledon or the Coachella music festival already appear.
Snapchat popularized the sharing of digitally decorated photographs on social media, especially among teenagers, but faces intense competition from larger Facebook and Facebook-owned Instagram.
Users will now be able to search for over one million “Stories” on Snapchat, Snap said, making the app more accessible.
Snap’s shares were up 1.5 percent in afternoon trading, while Facebook’s stock was down marginally.
After months of waiting, beta tests, and tiny morsels of information about new features, the next major update for Windows 10 will arrive on April 11. Microsoft has announced that the Creators Update, as it’s known, will start rolling out to users of the company’s latest operating system in roughly two weeks.
The update includes a slew of new features, including changes to the Microsoft Edge browser, improvements to gaming on Windows 10 and more features for devices with touch screens. As the name implies, the Creators Update includes new tools for people who make and consume media on their PCs, including a new Paint3D app that updates Microsoft’s classic drawing tool to create three-dimensional models.
When it’s released, the Creators Update will be Microsoft’s second major update for Windows 10, which was released in July 2015.
It’s important to note that April 11 is just the start of the Creators Update rollout. Microsoft makes the update available to different users at different times, and will withhold the update from people if the company is unsure that it will work with their hardware.
Unlike past major feature updates, Windows 10 users will also have greater control over when the update is applied. Users will be able to schedule a specific time for the update to be applied, and “snooze” the update for as many as three days when they need to use their computers without going through a massive patching process.
Microsoft has also expanded a device’s possible “active hours,” so the updates don’t try to install themselves when users are still working.
The internet is littered with user reports of updates that arrived at inopportune times, shutting users’ computers down while they were still in use. These changes are supposed to help alleviate some of those complaints.
Google’s Calendar app is finally making a long-awaited arrival on a new device: Apple’s iPad. You read that right: Until Wednesday, the tech titan hadn’t optimized its marquee calendar application to run on Apple’s tablets.
The app provides users with a view of their calendars that are shared with them through Google’s service. In addition, they get a handful of features Apple’s native calendar app doesn’t have, like the ability to more easily find time and space for a meeting with other people inside their organizations.
Making iPad users wait for a native Calendar app is hardly a surprise coming from Google, considering that it’s the company behind Android, and frequently ships new features first to apps for devices running its mobile operating system.
That’s not to say Google Calendar was completely unavailable for iPad users for the past several years. The iPhone app for Calendar could run on Apple’s tablets, but it wasn’t optimized for use on those devices.
The move is a part of Google’s continuing push to make its G Suite productivity services useful to as broad a set of people as possible. Google is working aggressively to get customers to switch to its productivity suite from their current systems, which in many cases, revolve around Microsoft Office. Microsoft offers its own calendar app for the iPad in the form of Outlook for iOS, which has supported Apple’s tablet since its launch in 2015.
Google has more iOS-specific features planned, including a Today widget that will let users see their upcoming events in an iPad’s Notification Center, according to a blog post by Calendar product manager Sharon Stovezky.
British chip designer ARM is announcing the next evolution of its ARM chip design which it calls DynamIQ which gives AI and ML control of the chip’s cores.
ARM compares this new DynamIQ technology to the revolutionary big.LITTLE technology it introduced back in 2011.
For those who came in late ARM’s big.LITTLE enabled a processor to have two different sets of cores, one high-power and one energy-efficient, and which works depending on the task required to save power.
DynamIQ takes this big.LITTLE technology to the next level, improving the heterogeneous processing capabilities of ARM processors. Only the cores that are really needed will be activated, no matter the combination, be those be one, three, four, or seven.
Currently processor configurations would have a more or less even number of cores, ARM DynamIQ would pave the way for different combinations.
It is unlikely that ARM DynamIQ processors will pop up in smartphones for a while. ARM wants it for workstations and servers dedicated to artificial intelligence and machine learning. This is bad news for Intel because it is mostly its home turf and is now getting increasingly squeezed.
For the second time in as many weeks, developers of the popular LastPass password manager are working to patch a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.
Like the LastPass flaws patched last week, the new issue was discovered and reported to LastPass by Tavis Ormandy, a researcher with Google’s Project Zero team. The researcher revealed the vulnerability’s existence in a message on Twitter, but didn’t publish any technical details about it that could allow attackers to exploit it.
According to Ormandy, the flaw affects the latest version of the LastPass browser extension for all major browsers. He claims to have tested the exploit successfully on Windows and Linux, but believes that it likely works on Mac as well.
If the extension’s binary component is also installed, the vulnerability allows attackers to execute malicious code on users’ computers when they visit a rogue website. If the component is not present, the flaw can still be used to extract passwords from users’ secure password vaults.
To make things worse, it seems the extension’s presence in the browser is enough for the flaw to be exploitable. Ormandy said on Twitter that the attack still works even if the user is logged out.
This is supposedly true only for the remote code execution attack, because without a logged-in session the password vault would remain encrypted and not accessible to a website.
“We are now actively addressing the vulnerability,” the LastPass developers said Monday in a blog post. “This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties.”
LastPass recommends that users launch websites for which they have stored passwords directly from inside their password vaults by using the “launch” feature. The company also advises users to turn on two-factor authentication for any online services that offer this option and to beware of phishing attacks and potentially malicious links.
Facebook Inc is giving the camera the spotlight on its smartphone app for the first time, urging users to take more pictures and edit them with digital stickers that show the influence of camera-friendly rival Snapchat.
With an update scheduled to take effect today, Facebook will allow users to get to the app’s camera with one swipe of their finger and then add visual details like a rainbow or a beard of glitter.
Users will be able to share a picture privately with a friend, rather than to the user’s entire list of friends, and add a picture to a gallery known as a “story,” similar to a feature on the Snapchat app.
Snapchat, owned by Snap Inc, popularized the sharing of digitally decorated photographs on social media, especially among teenagers, and exposed a weakness of Facebook as the companies battle for eyeballs and leisure time.
Snap, which went public this month, has recently emphasized its ambitions to build gadgets and has called itself a camera company rather than a social media firm.
Facebook, the world’s largest social network with some 1.86 billion users, denies it took its camera ideas from Snapchat and says it got them from Facebook users.
“Our goal here is to give people more to do on Facebook and that’s really been the main inspiration,” Connor Hayes, a Facebook product manager, said in a briefing with reporters.
In a glimpse of how the features could tie in with other businesses, one of the first camera effects will be the ability to morph someone in a photograph into a yellow, cartoon “Minion.” The latest Minion movie, “Despicable Me 3,” is due out in a few months from Comcast Corp’s NBC Universal.
Facebook has deals to license content from six film studios, as well as from two artists, said Kristen Spilman, design director at Facebook.
Another visual effect that can be added to pictures allows someone in a picture to “become a laser cat with super powers,” Spilman said.
The effects will vary by location. Spilman said that when Facebook tested the ability to add the phrase “LOL” – the acronym for “laugh out loud” – to a picture, users in Ireland were confused by what it meant.