Tea

I once believed university was a shared intellectual pursuit. That faith has been obliterated

• Scammers are relentless and continuously evolve their tactics to try to evade detection, so we’re building on our existing defenses by testing new ways to protect people and make it harder for scammers to deceive others.
• We’re testing the use of facial recognition technology to detect and prevent celeb-bait ads on our platforms.
• We’re also testing this technology as a means for people to verify their identity and regain access to compromised accounts.

In recent months, we’ve seen an increase in the use of Windows Packet Divert drivers to intercept and modify network traffic in Windows systems. This technology is used in various utilities, including ones for bypassing blocks and restrictions of access to resources worldwide. Over the past six months, our systems have logged more than 2.4 million detections of such drivers on user devices.

The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. They started distributing malware under the guise of restriction bypass programs and injecting malicious code into existing programs.

Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives. This plays into the hands of attackers by allowing them to persist in an unprotected system without the risk of detection. Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency. The most commonly used malware families were NJRat, XWorm, Phemedrone and DCRat.

Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. While they haven’t been observed directly targeting Microsoft cloud services, they do exploit unpatched applications that allow them to elevate their access in targeted organizations and conduct further malicious activities. After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks where they can then abuse a variety of deployed applications, including Microsoft services and others, to achieve their espionage objectives. Our latest blog explains how Microsoft security solutions detect these threats and offers mitigation guidance, aiming to raise awareness and strengthen defenses against Silk Typhoon’s activities.

What's Changing

• Under our existing policies relating to illegal or regulated goods or services, we don’t allow any method of directing viewers to gambling sites or applications that are not certified by Google. This now includes URLs, links embedded in images or text, visual displays (incl. logos) or verbal references. Please note that content promising guaranteed returns may be removed regardless of whether the online gambling site or application has been approved by Google.
• Content that does not violate our Community Guidelines but still features depictions or promotions of online casino sites or apps may be age-restricted. This means that online gambling content (excluding online sports betting and depictions of in-person gambling) won’t be viewable to signed-out users or users under 18.

A recent measurement study by Prof. Doug Leith, Professor of Computer Systems in Trinity’s School of Computer Science and Statistics, shows that advertising and tracking cookies and other device and user identifiers are sent by Google servers and stored on a handset, even when no Google apps have ever been opened by the user.