By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

With the arrival of the Magic Leap competition is heating up in the Mixed Reality arena, but Microsoft’s successor to the HoloLens appears to be slipping further and further into the distance. Petri.com reports that Microsoft was planning to show off the HoloLens 2 sometime this year, but due to development issues, they are now targeting late Q2 2019. Petri does not identify the cause of the delays, but we have earlier speculated that, like many of Microsoft’s other projects, the headset was waiting for Windows Core OS to become available. The report states that the HoloLens 2 will address much of the issues that held back HoloLens 1, including a larger field of view and longer battery life. We already know the next HoloLens will have an improved Holographic Processing Unit with more AI capabilities, and an improved Kinect-like depth camera. HoloLens 2 will reportedly be powered by the recently announced Qualcomm Snapdragon XR1 processor, which has been designed with the express purpose of delivering a “high quality” VR and AR experience. With the Surface Phone, Surface Hub 2x and HoloLens 2 all apparently waiting for Windows Core OS, did Microsoft put too many eggs in one basket? There's more to read on OUR FORUM.

Microsoft at its October 2nd event announced the new Surface Pro 6 and Surface Laptop 2 in black. The devices are now available for purchase in select markets starting today. Both the devices come with an 8th gen quad-core Intel processors to boost the performance of the devices. However, as was expected both the devices don’t come with the USB-C port. The Surface Pro 6 supports up to 13.5 hours of battery life and comes with an Intel Core i5 processor, 8GB of RAM and 128GB of storage. Microsoft has priced the device at $899.00. If you are looking to buy the black variant then you would need to choose the model with 256 GB SSD and has been priced at $1,199. Microsoft has made minor changes to the keyboard and thermal system of the Surface Pro 6 and Surface Laptop 2. Microsoft is selling the Black version of the Surface Pro 6 and Surface Laptop 2 along with the existing Platinum, Burgundy, and Cobalt Blue. The Surface Laptop 2 comes with the new Intel Core 8th Gen processors with i5 and i7. The devices are paired with Intel UHD Graphics 620 card. The Surface Laptop 2 comes in two variants of 8GB and 16GB of RAM and you can expand the storage up to 1TB. However the Surface Laptop 2 doesn’t come with the USB-C but Microsoft has left the connectivity options similar to the 1st generation which means that users will be getting one USB 3.0 port, a Mini DisplayPort and a Surface Connect Port. We have all the necessary links posted on OUR FORUM.

A malicious app called "Album by Google Photos" was found in the Microsoft Store today that pretends to be from Google. This app pretends to be part of Google Photos but is actually an ad clicker that repeatedly opens hidden advertisements in Windows 10. This free Album by Google Photos app claims to be created by Google LLC and has a description of "Finally, a photos app that's as smart as you.".  You can see an image of its Microsoft Store page below. As this is an ad clicker, the reviews for the app are not very good. One review calls it a "Fake App" and another is titled "Fake, do not install". The Album by Google Photos app is a PWA app (progressive web app) that acts as a front end to Google Photos, but with a bundled ad clicker. While the app is running, this ad clicker will repeatedly connect to remote hosts and display advertisements in the background in order to generate revenue for the developers. The ad clicker component consists of three files located in the app's folder called Block Craft 3D.dll, Block Craft 3D.exe, and Block Craft 3D.xr. You can see these files in the image of the folder below. When a user starts the Album by Google Photos app they will be greeted by a screen asking them to log in to Google Photos. This is a legitimate login screen from Google and though I did not see any indications that your logins are being stolen, I would still not advise logging into Google Photos with this app. After the app reads the configuration file, it will connect to the various "AdBanner" URLs and display them in the background. You can see in the Fiddler traffic below the app connecting to each of the ad URLs. Navigate to OUR FORUM to learn more.

No this is not a drill. The internet is going to shut down in less than 12 hours for a DNS encryption update by ICANN. However, you don’t need to panic as you won’t lose access to your precious cat videos. The Internet Corporation of Assigned Names and Numbers (ICANN) is planning to update the cryptographic key that helps protect the Domain Name System (DNS). For those who don’t know, DNS is like a directory which records all the domains and the owner of those domains. Seeing the ever-increasing security attacks and breaches ICANN decided to update the encryption keys for the DNS addresses. This means that when the update is taking place on a certain website, it won’t be accessible to the users. This also implies that the internet won’t be completely down as the update will happen in batches. The update has been scheduled strategically to happen over the weekend so it won’t disturb the day-to-day work of the organizations that rely on the internet. However, this also means that there’s a fair chance that you won’t be able to binge watch your favorite show on Netflix over the week. ICANN has already run several tests and has confirmed that only 1% of the world will experience issues but the number still comes to a little over 36 million users. That said if you’re one of the unlucky 1% of the users, then you don’t need to panic. The shutdown is temporary and requires no extra steps from the users. The best you can do is restart your modem or double check your DNS to make sure your DNS address is updated by your Internet Service Provider (ISP). For more detail visit OUR FORUM.

A newly discovered piece of malware for Android raises the bar in terms of sophistication and flexibility, offering its operator adaptability to various tasks. Cybercriminals are currently running tests on GPlayed but malware analysts warn that it is already shaping up as a serious threat. The modular architecture extends its functionality through plugins that can be added without the need to recompile and update the package on the device. The operator can also inject scripts and send .NET code to the infected Android that GPlayed can compile and execute. it is built using the Xamarin environment for mobile apps and uses a DLL called "eCommon" that "contains support code and structures that are platform independent." This model shows a new step on the evolution ladder, where code can migrate from desktop platforms to mobile ones, resulting in a hybrid threat. It disguises itself on the device as the Play Store app, using an icon very similar to the original and the name "Google Play Marketplace." It asks for many permissions, including "BIND_DEVICE_ADMIN," which gives it almost complete control over the infected device. Researchers at Cisco Talos analyzed GPlayed and discovered a hefty set of native capabilities covering spying, data exfiltration, and self-management functions. Visit OUR FORUM for complete details.

In Windows 10, Microsoft added a new ransomware protection feature called Controlled Folder Access that can be used to prevent modifications to files in protected folders by unknown programs. At the DerbyCon security conference last week, a security researcher showed how DLL injection can be used by ransomware to bypass the Controlled Folder Access ransomware protection feature. Controlled Folder Access is a feature that allows you to protect folders and the files inside them so that they can only be modified by an application that is whitelisted. The whitelisted applications are either ones that you specify or ones that are whitelisted by default by Microsoft. Knowing that the explorer.exe program is whitelisted in Controlled Folder Access, Soya Aoyama, a security researcher at Fujitsu System Integration Laboratories Ltd., figured out a way to inject a malicious DLL into Explorer when it is started. Since Explorer is whitelisted, when the DLL is injected it will launch and be able to bypass the ransomware protection feature. To do this, Aoyama relied on the fact that when explorer.exe starts, it will load DLLs found under the HKEY_CLASSES_ROOT*shellexContextMenuHandlers registry key. The HKEY_CLASSES_ROOT tree is a merge of registry information found in HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. When performing the merge, Windows gives the data in the HKCU tree precedence. Tune into OUR FORUM to learn more.