Microsoft has released a visually "refreshed" version of its Office desktop apps for both Windows 10 and 11. Microsoft officials said this new Office refresh will "shine" on Windows 11 but still work on Windows 10. Microsoft also is releasing its first publicly available test build of 64-bit Office for Windows on Arm today. From a report: The updated Office uses Fluent design across Word, Excel, PowerPoint, OneNote, Outlook, Access, Project, Publisher, and Visio. The updated apps are meant to look similar to the Windows 11 OS, design-wise. Via the updated Office interface, Office is set to match users' Windows themes, including black (Dark Mode), white, colorful, or dark gray. The Quick Access toolbar is hidden by default in the name of simplifying the interface. The refreshed Office is available to Office Insider testers running Beta Channel builds. Those who don't want it can turn off the "Coming Soon" feature at the top right hand corner of the menu. Testers can toggle between the new and existing interface to move between the current and newly updated Office apps.

Some users who bought an external hard drive that's delightfully shaped like a book ended up with "terabytes' worth of data, years of memories and months of hard work vanished in an instant," reports Engadget. (Though according to a new statement from Western Digital, "Some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.")

But why were these deletions from "My Books" happening in the first place? A Slashdot reader shares the first clue from Engadget's report: Several owners looked into the cause of the issue and determined that their devices were wiped after receiving a remote command for a factory reset. The commands starting going out at 3PM on Wednesday and lasted throughout the night. One user posted a copy of their log showing how a script was run to shut down their storage device for a factory restore.
Friday Western Digital's statement offered much more detail: Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability... The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.

Additionally, the log files show that on some devices, the attackers installed a trojan with a file named ".nttpd,1-ppc-be-t1-z", which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo. A sample of this trojan has been captured for further analysis and it has been uploaded to VirusTotal.

Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning...

At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device by following these instructions on our Knowledge Base. We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users upgrade to OS 5 to continue to receive security updates for your device

AmiMoJo writes: Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. According to Dell's website, the SupportAssist software is 'preinstalled on most Dell devices running Windows operating system,' while BIOSConnect provides remote firmware update and OS recovery features. The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate Dell.com and take control of the target device's boot process to break OS-level security controls. "Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls," Eclypsium researchers explain in a report shared in advance with BleepingComputer. "The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.

Microsoft is shoving Skype out of sight in favor of Microsoft Teams, which gets a highlight spot in the new center-aligned taskbar and deep integration into Windows. The Verge reports: Today's Windows 11 news is all about where Microsoft sees computing going over the next few years, but it's just as much the story of how Skype has flourished and ebbed since its $8.5 billion acquisition a decade ago. Five years ago, Skype was the big name in internet calling and video, and Microsoft made it an "inbox app" for Windows 10 that was included at installation and launched at startup by default. Now, after a pandemic year that has had more people using their PCs for voice and video than ever before, Skype was nowhere to be seen in the Windows 11 presentation or materials.

The future vision that Microsoft had for Skype everywhere has turned into a reality -- but that reality made competitors Zoom and FaceTime into household names instead. Back in June, when Microsoft made Teams available for personal accounts, the company still paid lip service to Skype, saying, "For folks that just want a very purpose-built app, Skype is a great solution, and we support it and encourage it." But now, if you want to use Skype, you're going to have to go find it in the Microsoft Store like any other app. A company spokesperson tells The Verge: "Skype is no longer an inbox app for new devices that run Windows 11. The Skype app is available to download through the Microsoft Store for free."; Skype joins OneNote, Paint 3D, and 3D Viewer as the apps that will no longer come with the OS.

Slashdot reader xack points out that Windows 11, Microsoft's next version of its desktop operating system, will require a Microsoft account and internet connection for setup. They write: Based on Microsoft's official requirements you need an internet connection to install Windows 11. This means people without internet access at home, especially in rural and poorer households, won't be able to use Windows 11. I hope Microsoft fixes this problem before release. Previous versions of Windows "would let you opt out of Microsoft accounts by creating a local account instead," notes The Verge. "It's possible you'll still be able to use a local account afterwards." As for the internet requirement, The Verge says it "may make sense since Windows 11 will largely be delivered via a Windows Update, like many of the updates to Windows 10, so you'd need an internet connection to install it on your PC."

Microsoft is also changing the Windows 11 minimum requirements, though they are only slightly higher than what's required to run Windows 10.

The specs required to run Microsoft's new Windows 11 OS are only slightly higher than Windows 10's current requirements. All you'll need is a 64-bit CPU (or SoC), 4GB of RAM, and 64GB of storage. The Verge reports: This marks the end of Windows support for older 32-bit hardware platforms, even though it will continue to run 32-bit software. The fastest way to find out if your system can handle Windows 11 is to download Microsoft's PC Health App, which will automatically tell you if your specs and settings are ready for the new OS. The system requirements listed by Microsoft are [available here].

Microsoft, which has unveiled a new version of Windows for the first time in six years, said it will integrate its Teams chat and videoconferencing software directly into the operating system. From a report: Teams has seen a huge surge in users during the pandemic, boosting Microsoft in a product category where it's been trying to catch up with Slack and Zoom. The latest personal computer operating system, Windows 11, also features a new design and will offer changes to the app store.

Mark Wilson writes: Just a few days ago -- before it has even been officially announced -- Windows 11 leaked online and remains available to download from numerous sites. The Windows 11 ISO torrent spread like wildfire, and now Microsoft is fighting back. The company has issued a slew of DMCA takedown notices to various sites it says are distributing "a leaked copy of the unreleased Windows 11." Unsurprisingly, an article entitled "How to Download and Install Windows 11 Right Now" caught the eyes of Microsoft lawyers. The company has issued a slew of DMCA takedown notices to various sites it says are distributing "a leaked copy of the unreleased Windows 11." Unsurprisingly, an article entitled "How to Download and Install Windows 11 Right Now" caught the eyes of Microsoft lawyers.

"Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones," reports CNET: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet. Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort.

Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages...

Google credits the Linux community programmers who began the Rust for Linux project. "The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system," Google said in a blog post...

[Rust] has been the most loved programming language for five years running in Stack Overflow's annual developer survey. "Rust represents the best alternative to C and C++ currently available," Microsoft's security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust's checks happen while software is being built, the safety doesn't come at the expense of performance when the software is running.

The goal of the Linux on Rust project isn't to replace all of Linux's C code but rather to improve selective and new parts.

Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones. From a report: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet.

Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort. Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Screenshots of Microsoft's upcoming Windows 11 operating system have appeared online today. Originally published at Chinese site Baidu, the screenshots show off the new Windows 11 user interface and Start menu. The UI changes look very similar to what was originally found in Windows 10X before Microsoft canceled that project in favor of Windows 11. From a report: App icons are now centered on the taskbar, with a new Start button and menu. The Start menu is a simplified version of what currently exists in Windows 10, without Live Tiles. It includes pinned apps and the ability to quickly shut down or restart Windows 11 devices. The operating system is identified as Windows 11 Pro in screenshots, and we can confirm they are genuine. Microsoft has been dropping hints that it's ready to launch Windows 11. The software giant is holding a special Windows event to reveal its next OS on June 24th. The event starts at 11AM ET, and the event invite includes a window that creates a shadow with an outline that looks like the number 11. An ISO of Windows 11 has also leaked, according to multiple reports.

In a blog post this morning, Google announced plans to increase its update cadence for Chromebooks. Like Chrome, its operating system will now also follow a four-week Stable channel before moving to the next major milestone release. Android Police reports: Google will deliver fresh features more rapidly to Chromebooks starting with Chrome OS 96 -- all while keeping it stable, secure, and speedy. To adapt to the rigorous update release schedule, Google will skip Chrome OS 95, which will help it bridge the gap between M94 and Chrome's new four-week rollout strategy. Enterprise and education folks can opt enroll in an Extended Stable option for Chromebooks, which will update every 6 months. In light of the new rollout strategy, Google updated its documentation and pushed an update to its release calendar. The company will share plans about the choices Chrome OS administrators will have for milestone updates "in the coming months."

Following Apple's acquisition of popular weather app Dark Sky in March 2020, Dark Sky's iOS app and website will be available until the end of 2022, co-founder Adam Grossman said in a Monday update to Dark Sky's blog. The Verge reports: The update about the 2022 shutdown hit the same day that Apple announced new weather features coming to iOS 15 as part of its WWDC keynote presentation. The stock Weather app is getting a new design, full-screen weather maps, next-hour precipitation notifications, and even new animated backgrounds. Dark Sky shut down the Android and Wear OS versions of its apps on August 1st, 2020. But the iOS app is still available for $3.99 on the App Store, if you're interested in buying it ahead of next year's shutdown. The Dark Sky API will also continue to work for existing customers until the end of 2022. Previously, the API was set to stop working at the end of this year; now, it will work for a little while longer.

AmiMoJo shares a report from Phoronix: The Linux x86/x86_64 kernel code already had logic in place for reserving portions of the first 1MB of RAM to avoid the BIOS or kernel potentially clobbering that space among other reasons while now Linux 5.13 is doing away with that 'wankery' and will just unconditionally always reserve the first 1MB of RAM. The Linux kernel was already catering to Intel Sandy Bridge graphics accessing memory below the 1MB mark, the first 64K of memory are known to be corrupted by some BIOSes, and similar problems coming up in that low area of memory. But rather than dealing with all that logic and other possible niche cases besides the EGA/VGA frame-buffer and BIOS, the kernel is playing it safe and just always reserving the first 1MB of RAM so it will not get clobbered by the kernel.

For the first time, you can code, iterate and build apps on the iPad itself. 9to5Mac reports: Using Swift Playgrounds on iPadOS 15, customers will be able to create iPhone and iPad apps from scratch and then deploy them to the App Store. It remains to be seen how limited or not the development experience will be. It is probably notable that Apple chose not to rebrand this as "Xcode," signifying that you aren't going to be able to do everything you can do with Xcode on the Mac. TechCrunch highlights some of the other new features available in iPadOS 15: iPadOS 15 retains the overall look and feel of the current iPad operating system. The updates in the new OS are mostly centered around multitasking. The iPad's widget support gets a big update with iPadOS 15. The widgets are larger, more immersive and dynamic. And, iOS's App Library is finally available on the iPad, where it tweaks the overall user experience. The feature, added to the iPhone in 2020, presents the user with an organized view of the apps on the iPad.

Also added to iPadOS 15 is a new multitasking system. Called Split View, a drop-down menu at the top of the screen unlocks several multitasking, multiwindow options. The system seems much smoother than the current multiscreen option on iPad OS, which is clunky and hidden. With Split View a feature called Shelf makes it easy to switch between different screens and screen grouping.

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. BleepingComputer reports: The malware, dubbed FreakOut by CheckPoint researchers in January (aka Necro and N3Cr0m0rPh), is an obfuscated Python script designed to evade detection using a polymorphic engine and a user-mode rootkit that hides malicious files dropped on compromised systems. FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters. The malware's core functionality enables operators to launch DDoS attacks, backdoor infected systems, sniff and exfiltrate network traffic, and deploy XMRig miners to mine for Monero cryptocurrency.

As Cisco Talos researchers shared in a report published today, FreakOut's developers have been hard at work improving the malware's spreading capabilities since early May, when the botnet's activity has suddenly increased. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command and control (C2) communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," Cisco Talos security researcher Vanja Svajcer said. FreakOut bots scan for new systems to target either by randomly generating network ranges or on its masters' commands sent over IRC via the command-and-control server. For each IP address in the scan list, the bot will try to use one of the built-in exploits or log in using a hardcoded list of SSH credentials.

Two years into its ban from the US Government and, in turn, access to the Play Store on its Android-powered devices, Huawei is unveiling HarmonyOS. The platform is an alternative to Android that powers TVs, smartphones, tablets, and smartwatches. 9to5Google reports: Announced at an event today, Huawei is positioning HarmonyOS as an operating system that can handle just about everything, from the smartphone in your pocket to IoT devices such as "power sockets and lamps." The company says the goal of the platform is to have one set of code that can be used across virtually any device, saying that it is not aware of "any other operating system in the world" that can cover such a wide range of devices. Leaning into this ability, Huawei developed a "Control Panel," which gives users the ability to connect multiple devices together, with the example of using the "music widget" to throw audio playback to nearby speakers or TVs. A "Super Device" widget shows icons for other nearby devices and enables a quick and easy pairing mode.

On smartphones, the HarmonyOS homescreen can use a swipe-up gesture on apps developed for the platform to see a widget pulling information from that app. Those widgets, apparently, can also be used across devices because of the shared codebase Huawei says HarmonyOS offers. The homescreen can also intelligently add apps to a folder based on the category. Interestingly, Huawei says HarmonyOS devices will also be able to move running apps from one device to another, which is really neat and unique. Moving apps between devices apparently also works between watches and TVs, with a workout app being used on both simultaneously given as an example. A video calling app was also shown moving between devices. Huawei says that performance of HarmonyOS is "superior" to Android with EMUI, specifically calling out long-term use.

While there are certainly new elements in HarmonyOS, it appears to be a "fork" of Android. The Verge spent time with the HarmonyOS-powered MatePad Pro and described the act of installing Android APKs as "though I was using an Android device." Visually, there are also a tremendous number of similarities between HarmonyOS and Android, though there are some distinct elements of Apple's iPad OS in the platform's tablet-optimized homescreen, seen below as Evan Blass posted to Twitter. Android Authority further described HarmonyOS as "ultimately a spin on Android 10" with a "slight rebrand." TechRadar said the software was "clearly" based on Android. These findings from the media appear to back up a previous report from ArsTechnica, which showed the developer preview as basically a clone of EMUI-skinned Android.

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

AmiMoJo shares a report from Tom's Hardware: Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticized the way security flaws have started to be shared with the public. Martin's executive summary for M1RACLES sounds dire: "A flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [...] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision."

He also noted that this was the result of an intentional decision on Apple's part. "Basically, Apple decided to break the ARM spec by removing a mandatory feature, because they figured they'd never need to use that feature for macOS," he explained. "And then it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability." The company would have to make a change on the silicon level with its followup to the M1 to mitigate this flaw. But he also made it clear in the FAQ that Mac owners shouldn't be particularly worried about M1RACLES because that covert channel affects two bits. It can be expanded, and Martin said that transfer rates over 1 MB/s are possible "without much optimization," but any malicious apps that might take advantage of such methods would be far more likely to share information via other channels. Calling this a two-bit vulnerability would be both technically and linguistically correct. It's a real security flaw, sure, but it's unlikely to pose a real threat to Apple's customers.

An anonymous reader quotes a report from TorrentFreak: Every day, people who download and share pirated content receive DMCA notices via their ISPs, warning them to cease and desist their infringing behavior. While the majority of these notices are accurate, one Ubuntu user says he has just been targeted by an anti-piracy company alleging that by torrenting an OS ISO released by Ubuntu itself, he breached copyright law. Posting to Reddit's /r/linux sub-Reddit, a forum with more than 656K subscribers, 'NateNate60' reported the unthinkable. After downloading an official Ubuntu ISO package (filename ubuntu-20.04.2.0-desktop-amd64.iso) he says he received a notice from Comcast's Infinity claiming that he'd been reported for copyright infringement.

"We have received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over your Xfinity Internet service," the posted notice reads. NateNate60 wisely redacted the notice to remove the 'Incident Number' and the precise time of the alleged infringement to protect his privacy but the clam was reported filed with Comcast on May 24, 2021. "The copyright owner has identified the IP address associated with your Xfinity Internet account at the time as the source of the infringing works," it continues, adding that NateNate60 should search all of his devices connected to his network and delete the files mentioned in the complaint.

The allegedly infringing content is the 64-bit Ubuntu 20.04.2.0 LTS release but the first big question is whether the file is actually the official release from Canonical. Given that the listed hash value is 4ba4fbf7231a3a660e86892707d25c135533a16a and that matches the hash of the official release, mislabeled or misidentified content (wrong hash, mislabeled file etc) appears to be ruled out. Indeed, the same hash value is listed on Ubuntu's very own BitTorrent tracker and according to NateNate60, this is where he downloaded the torrent that led to the DMCA notice. It doesn't get much more official than that. According to the DMCA notice sent by Comcast, the complainant wasn't Ubuntu/Canonical but an anti-piracy company called OpSec Security, which according to its imprint is based in Germany. Presuming the notice is genuine (albeit sent in error), Comcast needs to be informed that mistakes have been made. The ISP has a repeat infringer policy and given the current hostile environment, terminating users is certainly on the agenda. Indeed, the notice states just that.