Recent Posts

Pages: [1] 2 3 ... 10

Windows 11 / You can now try Microsoft’s new Start menu for Windows 11

« Last post by javajolt on June 11, 2025, 05:12:20 PM »

The updated Start menu is larger, more customizable, and has two new views.

Image: Microsoft

Microsoft is now allowing Windows 11 testers to try out a new, larger Start menu that includes a scrollable interface, new views, and more customizability. An early version of the new Start menu first started showing up in Windows 11 builds in April, followed by Microsoft’s official announcement in May. Today’s Dev Channel release lets you try it out officially for the first time.

“We’re making it easier for you to launch your apps with our updated, scrollable Start menu,” explains the Windows Insider team. This scrollable Start menu means that all apps is now at the top level, so you don’t have to navigate to a second page to find your apps.

The updated Start menu has two new views to pick from. Image: Microsoft

You’ll also be able to disable the recommended section so you can see more of your apps, and choose two new views: category and grid. The default category view groups apps by category, and the grid view is ordered alphabetically more like a traditional list view.

Microsoft has also made the Start menu larger based on the screen size of your device or monitor. “On larger devices, users can expect to see 8 columns of pinned apps, 6 recommendations, and 4 columns of categories in the Start menu,” says the Windows Insider team. “On smaller devices, you’ll see 6 columns of pinned apps, 4 recommendations, and 3 columns of categories.”

The Windows 11 Gamepad now supports PIN unlock with a controller. Image: Microsoft

There’s also a new mobile device button on the Start menu that lets you expand or collapse the Phone Link interface that appears alongside the Start menu. Microsoft is also allowing Windows 11 users to choose what lock screen widgets appear, allowing you to add or remove widgets and rearrange them for the lock screen.

Finally, this latest Dev Channel build also includes a new Gamepad keyboard update that lets you sign into a PC with a PIN code using a controller. This is part of Microsoft’s work to improve Windows 11 on handheld gaming devices like the recently announced ROG Xbox Ally devices.

source

Google | Alphabet | Gmail | Meta | YouTube | Telegram / I use email aliases to hide my Gmail address

« Last post by javajolt on June 10, 2025, 10:23:16 PM »

And it's the best privacy move I can recommend. This workaround lets me banish inbox spam once and for all.

Have you ever shopped at an online store once, and then found yourself dealing with a constant influx of marketing spam emails for weeks and even months? Virtually every online service wants me to create an account just to read what’s below the fold or browse through a few listings. The result is that on any given day, I’m dealing with at least one newsletter, discount code, “we miss you” flyer, or privacy policy update email that I don’t care about.

Sure, most marketing emails have an unsubscribe button, but those never seem to work reliably. I’ve found that plenty of services refuse to honor my opt-out request and even the honest ones will accidentally leak my personal data from time to time.

My frustration might sound like a convenient rant to sell you on a solution, but I’ve found an entirely free solution to this problem: email aliases. They’re a shockingly easy workaround that allows me to hide my real Gmail address from unscrupulous websites and keep my inbox free from spam. Here’s how.

Email aliases: My favorite privacy trick

At its core, an email alias is just an alternate email address that forwards messages to your actual inbox. Creating a new alias takes just a couple of clicks and you can create as many as you want. In fact, each online service you sign up for can get its own unique email alias. These aliases don’t have anything in common with your true email address or real world identity, so a website cannot profile or track you against other accounts.

When you use an alias, the emails you receive don’t go straight to your Gmail or personal inbox. Instead, they first land with the alias provider — a privacy-focused service that acts as a middleman. This provider receives the email on your behalf, strips out any tracking elements if necessary, and then forwards it to your actual inbox. To the sender, it looks like any ordinary email address.

But the best part? If you ever find that one of these aliases is responsible for spam, you can simply deactivate that particular alias — and the mail will stop making its way to your inbox. The service can continue sending emails but they will simply bounce back or remain undelivered. It’s a far more effective way to unsubscribe from a mailing list.

Now, you may have heard about Gmail’s limited alias support that allows you to append a + to your email address — for example, yourname+amazon@gmail.com. While this trick can help you identify which site leaked your address, you can’t do much else. Your actual Gmail address is still plainly visible before the + symbol.

Most advertisers know about this plus addressing trick and will simply drop it along with any text after the symbol. At best, you can only use the plus addressing trick to filter incoming mail or create multiple accounts using the same email address.

Using an alias that only adds a slight transformation to your real email address (like a + symbol) means that any site that scrapes or sells data will still get access to your inbox. Worse still, they can spam your real email and there’s nothing you can do to stop them. A privacy-focused alias service allows you to deactivate each email address individually — a big advantage over just plus-addressing your real Gmail address.

How do email aliases work?

The above screenshot shows an email sent to one of my aliases instead of my true email address. See where it says “rise-unburned-ajar@duck.com”? That’s the alias I generated specifically while signing up for this Best Buy account. Another service would get a completely different address, like “cavalry-pants-hut@duck.com”. Even though all these emails eventually reach the same inbox, they can be independently tracked and managed.

It’s worth noting that any good alias provider only relays your emails from the source to the intended destination. In other words, it does not store a copy of your email, meaning your data cannot be leaked in the event of a data breach. This is why it’s important to pick a company with a great privacy and security track record.

But first, you may think it takes effort to grab a new alias for every sign up form I encounter online, but I have the process largely automated. Most respected password managers, including Bitwarden and Proton Pass, have a built-in email alias generator. It’s the same process as generating a unique and randomized password, but for email instead. However, a password manager is not responsible for creating, managing, and routing aliases — you need a trusted service for that.

Which email alias provider should you use?

If you’ve ever used an iPhone, some of this might already sound familiar. Apple offers a built-in aliasing feature through its Sign in with Apple option, which offers to hide your email address. Behind the scenes, this simply creates a unique email alias ending in “@appleid.com”. Emails sent to that address are quietly forwarded to your Apple ID-linked email address. If you’re an iCloud+ user, you can also generate an unlimited number of aliases manually and on demand. However, this is another ecosystem lock-in opportunity, so I wouldn’t recommend using Apple for your email aliases.

One of the most well-regarded services in the privacy space is SimpleLogin — an open-source email aliasing tool that was acquired by Proton in 2022. It has since been integrated into Proton’s ecosystem, including Proton Mail and Proton Pass. I tried Proton Mail as an alternative to Gmail a few weeks ago and, even though I didn’t stick with the platform, the usefulness of aliases stuck with me enough to keep using the feature long afterward.

SimpleLogin gives you 10 aliases for free, and a $36/year subscription unlocks unlimited aliases. It’s also bundled with Proton Pass’ premium tier, which is handy if you need a password manager or just want to consolidate your privacy tools. That said, there are plenty others. AnonDaddy is another trusted name in the privacy space, and it’s open source too.

Another solid option is Firefox Relay. It gives you 5 aliases for free and unlimited aliases for just $12/year. If you’re in a supported region, it can also mask your phone number — a rare feature that comes in handy for sites that require SMS verification.

I personally use DuckDuckGo’s Email Protection, which is less feature-rich than some of these platforms but offers an unlimited number of aliases for free. The search engine has a proven track record for privacy and as far as I can tell, there’s no catch to the service. The only downside is that there’s no central dashboard to view or manage all aliases like some of the other alias providers. But every forwarded email includes a “Deactivate” button, so I can kill off any alias that gets abused. That’s been more than enough for my needs.

If you’re serious about privacy, SimpleLogin is perhaps the way to go as it’s the most mature service of the lot. But if you just want to test the waters or use an alias service occasionally, I can recommend DuckDuckGo too.

Late last year, we spotted Google testing its own alias service dubbed Shielded Email. I expect this service to require a Google One subscription, similar to Apple’s Hide My Email. But unlike the latter, you will likely be able to generate aliases on any device via the Chrome browser. Still, I’m happy with the setup I have now since I don’t have to rely on Apple or Google.

source

Google | Alphabet | Gmail | Meta | YouTube | Telegram / Google Issues Critical New Threat Advisory — Take Action Now

« Last post by javajolt on June 02, 2025, 11:14:31 PM »

Google issues new scam threats advisory.
dpa/picture alliance via Getty Images

Update, June 1, 2025: This story, originally published May 30, has been updated to include a new strategic method of cutting at least some of the phishing threat off at its source, in response to the latest Google scam warnings.

Whether it’s the FBI warning about smartphone attacks leveraging fears of deportation in the U.S. foreign student population, recommendations to use a secret code as AI-powered phishing campaigns evolve, instant takeover attacks targeting Meta and PayPal users, or confirmed threats aimed at compromising your Gmail account, there is no escaping the cyber-scammers. Indeed, the Global Anti-Scam Alliance, whose advisory board includes the head of scam prevention at Amazon, Microsoft’s director of fraud and abuse risk, and the vice president of security solutions with Mastercard, found that more than $1 trillion was lost globally to such fraud in 2024. But do not despair, despite the Federal Trade Commission warning of a 25% year-on-year increase in losses, Google is fighting back. Here’s what you need to know.

Can Google Help Prevent A Scam Tsunami?

There can be no doubt that online scams, of all flavors, are not only increasing in volume, but they are also evolving. We’ve seen evidence of this in the increasing availability and cost-effectiveness of employing AI to empower such threat campaigns. No longer the sole stomping ground of solo actors and chancers looking to make a few bucks here and there, the scams threat landscape is now dominated by organized international groups operating at scale. The boundary between online and physical, offline fraud is blurring. Hybrid campaigns are a reality, combining phone calls with internet calls to action.

The Global Anti-Scam Alliance State of Scams Report, published in November 2024, revealed the true cost of such crimes: $1.03 trillion globally in just 12 months. A March 2025 report from the Federal Trade Commission showed that U.S. consumers alone had lost $12.5 billion last year, up 25% from 2023. And that GASA report also found that only 4% of victims worldwide reported being able to recover their losses. Something has to be done, and Google’s Trust and Safety teams, responsible for tracking and fighting scams of all kinds, are determined that they are the people to help do it.

Google Trust And Safety Team Issues New Scam Threat Advisory

“Scammers are more effective and act without fear of punishment when people are uninformed about fraud and scam tactics,” Karen Courington, Google’s vice president of consumer trusted experiences, trust & safety, said. In addition to tracking and defending against scams, Google’s dedicated teams also aim to inform consumers by analyzing threats and sharing their observations, along with mitigation advice.

The May 27 Google fraud and scams advisory, does just that, describing the most pressing of recent attack trends that have been identified. These are broken down into five separate scams, each complete with mitigating best practice recommendations, as follows:

Customer support scams, often displaying fake phone numbers while pretending to be legitimate help services, are evolving and exploiting victims through a combination of social engineering and web vulnerabilities, Google warned. Along with the protection offered by Gemini Nano on-device to identify dangerous sites and scams, Google advised users should “seek out official support channels directly, avoid unsolicited contacts or pop-ups and always verify phone numbers for authenticity."

Malicious advertising scams, often employing the use of lures including free or cracked productivity software and games, have also evolved. “Scammers are setting their sights on more sophisticated users,” Courington said, “those with valuable assets like crypto wallets or individuals with significant online influence.” Google uses AI and human reviews to combat the threat and block ad accounts involved in such activity. Only download software from official sources, beware of too good to be true offers, and pay particular attention browser warnings when they appear, Google said.

Google’s teams have seen an increase in fake travel websites as the summer vacations get closer, usually luring victims with cheap prices and unbelievable experiences. Again, these will likely impersonate well-known brands, hotels, and agencies. Google advised users to use its tools such as “about this result’ to verify website authenticity. “Avoid payment methods such as wire transfers or direct bank deposits,” Courington said, “especially if requested via email or phone.”

The old chestnut of package tracking scams has not vanished, more’s the pity. “These scams often trick users into paying additional fees that real delivery services would never request,” Courington explained. Google has seen these scammers employing a tactic whereby the websites and messages used are changed dynamically, based on when the link is sent to the victim. Scam detection in Google Messages has been deployed as one level of protection by Google, but Courington also recommended users should verify the status of any expected package with the shipping company or seller rather than by a link from an unknown source.

And finally, there’s also no escaping the road toll scams that continue to appear. “A toll road scam involves scammers sending fraudulent text messages claiming that you owe unpaid toll fees,” Courington warned. Thankfully, these are not always the most realistic of threats, with Google analysts seeing users spammed by toll road fee claims in states that don’t even have any toll roads. The best mitigating advice remains stopping to pause, count to ten, and ask yourself if the claim is a plausible one. If it is, then confirm it directly with the toll operator rather than via a link in a message.

Addressing Phishing At Source Is The Only Workable Solution, Security Veteran Insists

There are some people who just demand to be listened to, not through the loudness of their voice or the position of power they find themselves in, but rather because of the sheer experience they bring to the table. When it comes to the phishing threat, one of these people has to be Paul Walsh. I have been around the online business more than long enough to remember when, in 2004, Walsh was tasked with refining the World Wide Web creator, Tim Berners-Lee’s, vision of one web. This was when the W3C Mobile Web Initiative was co-founded by Walsh, who also happened to be head of the New Technologies Team at AOL in the 90s. See, I told you I had been around a long time, and AOL wasn’t even my first rodeo on the internet. The point being that Walsh has huge experience when it comes to the phishing threat, having helped launch AOL’s Instant Messenger AIM client and becoming one of the first people online to fall victim to impersonation attacks as a result. But, it doesn’t need there: “When I co-founded the W3C standard for URL Classification and Content Labeling in 2004,” Walsh told me, “I co-invented the very concept of classifying/labeling folders, user accounts, etc., on the web,” Walsh said. Now he’s the CEO at MetaCert, a business that seeks to cut off the phishing threat directly at its source with a network-based solution for carriers to shield subscribers from SMS phishing attacks.

Walsh told me that when it comes to phishing protection, threat intelligence is a fundamentally flawed method. “Relying on historical data is useless—new URLs evade existing intelligence by design,” Walsh advised, adding that it is, in his opinion, the biggest threat in cybersecurity currently. While the advice from Google is certainly not to be ignored by users, in my never humble opinion, Walsh does not agree. Suspicious links and unexpected attachments, as red flags, Walsh claimed, are not only poor warning signs but positively harmful in 2025. With SMS taking over from email as the primary attack vector for phishing campaigns in 2024, Walsh said that “authenticating URLs before delivery” is the only way to ensure they are safe, “without relying on outdated historical data or AI.”

I will say this: while I agree with a lot of what Walsh has to say, talking about phishing protections in terms of what needs to happen in the future doesn’t help potential victims now. As such, I would not ignore the Google threat advisory. Adopt a zero-trust approach, don’t click on any link in an email or text message, instead always go to the source yourself using your web browser. Authenticate everything.

source

Microsoft / Microsoft Issues New Emergency Update For Windows Users

« Last post by javajolt on June 02, 2025, 11:07:46 PM »

Emergency update now available. Anadolu Agency

Following on from Microsoft’s warning that its most recent security update was failing for some users and breaking Windows, the company has just released an emergency out-of-band update. This is the second such fix within the last two weeks.

Microsoft had already confirmed it was “investigating reports of the May 13, 2025 Windows security update (KB5058405) failing to install on some Windows 11, version 22H2 and 23H2 devices.” Affected users will be warned “your PC/Device needs to be repaired,” and that “the operating system couldn’t be loaded because a required file is missing or contains errors.” You will see error code 0xc0000098.

Microsoft has released the out-of-band (OOB) update KB5062170, which it says is available through its Update Catalog. The update resolves the ACPI.sys driver issue, which is the critical Advanced Configuration and Power Interface driver “that enables Windows to manage hardware resources and power states.” Users are warned “there are also reports of this same error occurring with a different file name.”

This has impacted some physical setups, but primarily hits virtual environments “including Azure Virtual Machines, Azure Virtual Desktop [and] on-premises virtual machines hosted on Citrix or Hyper-V.” That means enterprise rather than home users.

This issue and fix impacts Windows 11 users, which balances out the other emergency update following May’s security fixes which only hit Windows 10 users. That was more widespread, resulting in a BitLocker Recovery screen. “Windows 10 might repeatedly display the BitLocker recovery screen at startup,” the company warned, as it confirmed that other out-of-band update was being made available.

Microsoft also advises “this [new] out-of-band update contains all of the improvements and fixes included in the May 2025 Windows non-security preview update, in addition to this issue’s resolution. Since this is a cumulative update, you do not need to apply any previous update before installing KB5062170, as it supersedes all previous updates for affected versions.” Once installed, you will need to restart your device.

source

Microsoft / Microsoft’s Bad News—500 Million Windows Users Must Now Decide

« Last post by javajolt on June 02, 2025, 07:16:38 PM »

Surprising bad news suddenly hits Microsoft. NurPhoto via Getty Images

A new warning has been issued for Windows users, whose PCs have been described as “magnets for security threats,” just as new data gives Microsoft a surprising bad news story ahead of the critical next few months. You can expect many more such warnings as 500-million Windows users face an increasingly urgent decision.

The latest advice comes courtesy of PC maker Asus pointing out that “if you’re still using Windows 10 or, dare we say it, something even older — your computer’s days of regular updates and support are numbered.” As for upgrades, “what makes Windows 11 different?," Asus says. "one word: Copilot," as it pushes the latest range of AI PCs.

Clearly, you don’t need to decide on a premium Copilot PC to benefit from Windows 11’s future-proofing, ensuring your PC receives critical security updates after Windows 10’s demise in October. AI PCs remain a niche, despite projections they will eventually dominate new PC sales. Right now, there’s a more fundamental decision to make.

Windows 10 versus Windows 11 globally. Statcounter

The latest Windows market data presents a painfully bleak picture with just over five months to run until free Windows 10 security updates end for all users. Paid extensions are available, but they’re expensive for enterprises and restricted to just 12-months for home users who also must pay. Microsoft is pushing free upgrades not paid extensions.

A month ago, it seemed Windows 11 had turned the tide against Windows 10. The newer OS already outanks its older sibling in the U.S. but not globally. Come the end of April, though, Windows 11 was within 10% of Windows 11 for the first time. “Just over half (53%) of all users are still on Windows 10, but that’s inching down month by month.”

Not any more, it seems. While more directional than exact, Statcounter’s data at the end of May shows a slight month-over-month increase for Windows 10, while Windows 11 dips. This after four months of steady progress the other way. Windows 10 is holding stubbornly above 50% while Windows 11 remains 10% behind.

Windows 10 versus Windows 11 in U.S. Statcounter

This means there are around 750 million users are yet to upgrade to Windows 11, of which at least 240 million don’t have an eligible PC. That still leaves around 500 million users who can take up Microsoft’s offer for a free Windows 11 upgrade but have not.

Even in the U.S., where Windows 11 has overtaken Windows 10, May’s data suggests Windows 10 has grown its share from 41% in April to more than 43%, while Windows 11 drops a more worrying 3.5%, from 56.5% down to below 53%.

All this makes June’s data critical. Come the end of this month, there will be just three months until Windows 10 is shuttered. If Microsoft is to avoid a cybersecurity nightmare hitting mid-October, something need to change. For all those Windows 10 users with PCs eligible for a free upgrade, do not run out of time.

source

Google | Alphabet | Gmail | Meta | YouTube | Telegram / Google’s Gmail Upgrade—Why You Need This New Email Address

« Last post by javajolt on May 28, 2025, 04:53:14 AM »

You need to change how you use Gmail.
dpa/picture alliance via Getty Images

Google’s 2 billion Gmail users have a critical decision to make. But so does Google. And the tech giant’s might be the more critical. Gmail’s latest upgrade gives Gemini free reign over all your past emails and even your stored files. If you let it. That’s the decision you need to make. As for Google, it’s sitting on a critical decision of a different kind.

"Gmail is getting personalized smart replies that incorporate your context and tone,” Google confirmed last week. “Draft replies will sound authentically like you and match your typical tone, as the responses are created from past emails and Drive files.”

But as I’ve already warned, "we are still at the early stages of these changes, and we have no clue yet as to the privacy and security risks.” There is also an awkward disconnect: Gmail’s recent encryption upgrade clashes with its AI upgrades.

What Gmail users really need is Google’s ode to Apple’s HideMyEmail. which “is a service that lets you keep your personal email address private, whether you’re creating a new account with an app, signing up for a newsletter online, making a purchase with Apple Pay or sending an email to someone you don’t know well.”

For iPhone users, it has been described as “the best Apple product you aren’t using.” Spam is out of control despite AI hunting and filtering, the problem remains. But there’s a more important reason for this email address shielding.

Per How-To-Geek this weekend, “I seem to get emails almost every week informing me that one of my online accounts has been part of a data breach… That's why using a service such as Apple's Hide My Email is more important than ever.”

That’s fine for iPhone and Apple Mail, but what about Android and Gmail? There is a solution. First revealed last November, Android’s Shielded Email feature does the same as HideMyEmail. In late February, Android Authority revealed details of the new feature following a Play Services APK teardown.

Shielded Emails “will be part of Google’s Autofill system. Just think of all the apps or screens where Google pops up with its suggested autofill details based on your saved passwords and usernames; all of these should be the new home for Shielded Email.”

When the team “tried to sign up for Amazon,” they saw that “Gboard’s smart autofill bar not only suggested the usual email address it knows we usually use but also a new Use Shielded Email option.” It’s not yet live and so didn’t work. It will require email server-side integration if some kind. But it’s clearly in late-stage development.

With headlines still circulating after vpnMentor’s Jeremy Fowler discovered a data breach exposing “184 million logins and passwords,” the need for Shielded Email that’s actually used — and HideMyEmail that’s actually used — has never been greater. “I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts.” This included “bank and financial accounts, health platforms, and government portals from numerous countries.”

Masking email addresses makes it more difficult for attackers to cross-reference your data and passwords and to socially engineer attacks in your name. It lets you turn off compromised email addresses. In tandem with strong, unique passwords and two-factor authentication (2FA), or ideally passkeys, it shuts doors into your life now wide open.

One of the most critical weaknesses in email is your address acting as the primary identifier for so many accounts. If this is masked you likely cannot be tracked across sites. But if you’re not using it, none of that matters. So while Google must decide on its release, when it comes you should use new addresses for all new platforms you use.

With perfect timing, coming just after Google’s new Gmail AI announcements, Android Authority provides a different perspective, with a “Survey [that] shows Gmail users would gladly sacrifice features for more privacy… Privacy seems to become a bigger deal every year as an increasing number of people aren’t cool with their data becoming a commodity. Proton Mail purports to offer more privacy than Gmail — unlike Google, even the Proton team can’t take a look at your inbox. As such, privacy-conscious users should want to flock to Proton Mail, right?” To find out, they polled their readers.

The results are interesting. “Around 73% of you said you would use Proton Mail instead of Gmail, with more than half of those people saying that they’d even pay for it. Less than 27% of you said you were happy with Gmail.” I suspect this would be very different across a larger base, but it does highlight the current Gmail tension that was brought to the fore by Google announcing Gemini can now access all your past emails and even Google Drive to better mimic your style and tone.” In the privacy world, that’s definitely what you mighty call a mic drop moment.

As PC Mag warned “I gave Gemini access to my Gmail, and it weirds me out.” And while this focuses on unexpected results, “Google collects a variety of information when you use Gemini, which includes your entire chat history. The company uses this information to improve its products and train its large language models. However, Google doesn’t use Gemini data from Google Workspace apps, like Gmail, for training, ad targeting, or selling. I appreciate the guarantee, but I don’t fully trust Google.”

All of this simply reflects email’s identity crisis. How does it better ape secure messaging platforms while remaining an open standard? Can it secure content while acting as a shop window for cloud-based AI innovations? And will the imminent tidal wave of AI-fueled phishing and malware attacks ever be kept at bay?

It isn’t just Gmail, of course, that is now at risk given the use of email as both a primary identifier and a means to address phishing attacks and then cross-reference the credentials that are returned. Per Cybersecurity News, “a sophisticated phishing campaign [is] targeting Italian and U.S. users through fake Microsoft OneNote login prompts designed to harvest Office 365 and Outlook credentials.”

In this new attack, “victims receive emails with subject lines like ‘New Document Shared with you,’ directing them to fake OneNote pages that appear legitimate. The malicious pages present multiple authentication options, including Office365, Outlook, Rackspace, Aruba Mail, PEC, and other email services.”

And on the subject of documents, few brands have been more mimicked in recent phishing attacks than Docusign, where again the primary direct is email based. ESET warns “victims will typically receive an email with a spoofed Docusign envelope requesting that they click on a large yellow box to ‘review document’."

Sometimes, the malicious link is hidden behind a QR code in the attachment. But the objective is the same, to direct users to a fake login page for their email services, which will steal their credentials and potentially even bypass two-factor authentication.

As Deloitte points out, AI is a game-changer for such email-based attacks and has accelerated the need for users to change their account settings, their behaviors and the email addresses they give away much more freely than they would cell phone numbers. “Sophisticated phishing attacks are harder to detect by nature,” the firm says, “and sometimes even careful users can still fall into the trap.”

Deloitte says that email users are now experiencing an ‘infobesity’ through their received emails, making them less cautious to detect phishing attempts. Cybercriminals are resourceful when deceiving users by crafting content and evading detection patterns (customization of content, copy of graphical charter, etc.). Cybercriminals also take advantage of the information users share about themselves through social media, to create tailored and more authentic email templates."

“Phishing attacks attempt to trick unsuspecting users into revealing personal or financial information,” Google says, “often by mimicking content from well-known, trusted companies. AI is already making phishing attacks more sophisticated, personalised and common. Think you can tell what’s real or fake?” You might be surprised. You can put yourself to the test with Google’s Phishing Quiz, which mimics many of the tactics being used today. See how you get on.

Deloitte warns that “many users are simply not sufficiently skeptical when it comes to receiving requests to do things like transfer funds, open attachments, or provide sensitive information. Even worse, some organizations are not considering to include user training and awareness as part of their defense strategy.”

All these attacks start with an email address. Per ExpressVPN, “with so many online platforms requiring email addresses, tools like Shielded Email aim to address growing concerns about privacy and data security. Email aliases also let users trace which services might be sharing their information.”

Email needs a rethink. And in the meantime your account needs a rethink as well. Use the new Shielded Email feature as and when it becomes available, but also give some thought to the longevity and consequent vulnerability of the email address you use today, the primary identifier driving all these attacks. It might be time to open a new account and slowly shift from old to new, leaving the baggage behind.

source

Google | Alphabet | Gmail | Meta | YouTube | Telegram / This is our first look at Google's upcoming spam-fighting Shielded Email feature

« Last post by javajolt on May 28, 2025, 04:46:50 AM »

Google will soon let you hide your email address when signing up for apps and services.

A couple of months ago, our Android Authority team discovered clues pointing to Google’s work on a new Shielded Email feature. The clues were hidden in a Google Play Services APK and hinted at a system where Google generates a new email alias for you so you don’t have to sign up for apps and services with your primary email address. Now, we have another hint at how this feature will work.

Shielded Emails, as we’d previously discovered, will be part of Google’s Autofill system. Just think of all the apps or screens where Google pops up with its suggested autofill details based on your saved passwords and usernames; all of these should be the new home for this new Shielded Email. And that’s what we’re now seeing after enabling the option.

In the two screenshots above, where we were trying to sign up for Amazon, Gboard’s smart autofill bar not only suggested the usual email address it knows we usually use but also a new Use Shielded Email option. Tapping that doesn’t work since the feature isn’t live yet — Google probably needs to enable the alias-creation system server-side.

But work is clearly coming along nicely on the new option. When it becomes functional, and based on the strings we’ve previously discovered, it should technically offer to generate a new single-use or limited-use email address for that app or website in an Apple Hide My Email-like fashion. Any email you receive at that new address will be auto-forwarded to your main address, which is kept private, and you can stop forwarding at any point to avoid any bad spam.

I’ve previously used a throwaway account or added “+whatever” to my main email address (if your email address is xyz@gmail.com, Google will recognize any email coming to xyz+[something]@gmail.com as yours and send it to you) when signing up for some questionable apps and services. But I’m not too disciplined about it and I end up with random spam or tons of logins for services that no longer exist but that still have my data and primary email address. I like Google’s approach here because it’ll literally be there on the keyboard, and it’ll save me from manually creating and maintaining multiple email accounts.

This should also stop apps from tracking you across services because you’ll leave breadcrumbs associated with different addresses on each of them — as if you were a different person. And it’ll have a bonus side effect of protecting you from some data breaches since you’re not giving away your primary email, and nefarious people can no longer consolidate your data across services. All in all, it’s a fantastic new feature, and I can’t wait for it to roll out. I can’t believe it took this long to implement, either.

source

Linux, gOS, Harmony OS, Moblin, Ubuntu, OpenSuse / AnduinOS Linux: Major updates for Windows 11 clone - what's new & how to install

« Last post by javajolt on May 27, 2025, 02:17:06 AM »

Anduin Xue, the main developer behind AnduinOS, has announced the availability of three new versions of the Windows-like Linux operating system. Today’s announcement from the Chinese Microsoft employee introduces AnduinOS 1.1.5, 1.2.5 and 1.3.2. We will cover some of the highlights as well as how to upgrade your system.

Some of the highlights from these releases, present in all of the versions, include out-of-the-box AppImage support, enhanced password security, a more optimized X11 experience (especially in Hyper-V), and more stable torrent downloads for each of the versions.

Out-of-the-box AppImage support is the real biggie here, this is an increasingly popular containerized app format that more and more developers are adopting. They’re similar to snaps and flatpaks in that they bundle many of the dependencies for the application, ensuring increased reliability that the program will run without issues. They can also be run on any Linux distribution that supports AppImages, helping with fragmentation.

AnduinOS 1.3.2

In 1.3.2, a standout feature is the inclusion of the deskmon.service, a systemd service that allows executing desktop files in the ~/Desktop directory. This should simplify the “Create Desktop shortcut” process for users.

For anyone installing this version cleanly, this version includes support for Intel’s latest audio devices through the thesofproject/sof-bin firmware. This has been tested on the Lunarlake CPU. It’s important to note that this is not available when upgrading, it’s only included if you perform a new install.

AnduinOS 1.2.5 and 1.1.5

The changes in these releases are a bit smaller but improve the overall user experience. One of the changes that is included in both of these versions is consistent installer theme integration. This addresses and fixes an issue where the ubiquity installer didn’t follow the system theme. Now it does, delivering a more aesthetically consistent installation experience.

Another small aesthetic change these two updates got included the text shown during the boot sequence on the grub menu. Instead of saying “Install AnduinOS”, it now says “Try and Install AnduinOS”. While users may appreciate this change, it’d be good if it could be improved upon further because right now it sounds like a challenge, “try and install AnduinOS… I bet you can’t.”

How to upgrade

Upgrades between major versions such as 1.2.5 to 1.3.2 are not currently possible, a clean install is needed for that right now. However, it is possible to upgrade between point releases, for example, 1.3.1 to 1.3.2.

To perform an upgrade like this, just run the following command:

Code: [Select]

do_anduinos_upgrade
For a complete list of the new changes to these updates, check out the changelogs in the announcement. Anduin Xue also recently announced the plans for AnduinOS 1.4 and 1.5.

source

Linux, gOS, Harmony OS, Moblin, Ubuntu, OpenSuse / Windows 11-like AnduinOS 1.4 and 1.5 LTS plans revealed

« Last post by javajolt on May 27, 2025, 02:15:34 AM »

The sole developer behind AnduinOS, a Windows-like Linux distribution, has revealed the path forward in terms of the upcoming releases. Anduin Xue revealed that AnduinOS 1.4 will be based on Ubuntu 25.10 and will arrive in late-October, while AnduinOS 1.5 will be based on Ubuntu 26.04 LTS and arrive in late April 2026.

This Linux distribution has caught some significant attention recently. With the impending death of Windows 10, users that want to keep older devices running may choose to switch to Linux. With AnduinOS, they get a distribution that looks similar to Windows 11, reducing the learning curve.

AnduinOS 1.4, just like version 1.3, will not be an LTS, but AnduinOS 1.5 will be, so that’s going to be the best for people who don’t want to keep reinstalling the operating system. The developer said that he’s aware of the issues people have with AnduinOS, such as the inability to smoothly update from AnduinOS 1.2 to 1.3, but said resources are limited, though, we can expect improvements in the future.

This year, the project has extensive improvements planned, with the primary goal being to establish its own apt software repository that can manage all changes directly through dpkg. By doing this, it will simplify the process of using apt for system updates and will give users the option to smoothly transition to future AnduinOS releases. It’s expected that this will be available experimentally in AnduinOS 1.4 and fully implemented in AnduinOS 1.5.

AnduinOS is not only trying to become just another Linux distribution, it has ambitions to set itself apart too. One of its objectives is to modularize and consolidate system components so that users can pick to add or remove features such as app stores, GNOME Shell, professional tools, container technologies, and WSL through “layered combinations.” It will also compile more of the system core components to give users more customization options.

By the time of AnduinOS 1.5, it’s expected that there will be a Server and Lite Edition of AnduinOS. The Lite Edition will provide a basic GNOME Shell environment with only a little bit of pre-installed software so that it’s not bloated. There are no plans to charge for any of these editions and they’ll remain under the GPLv3 license.

Another feature AnduinOS could offer in the future is a versatile customization tool and builder for Linux distributions. It said that this could cater to users looking for an ISO that meets all their personal requirements within a Live environment; Live environments are run directly from the installation media without Linux being installed on your computer.

Regarding AI features, Anduin Xue said that they could be selectively integrated in future versions to give users more functionality. He specifically mentioned system-level MCP, which Microsoft recently added to Windows 11. For users who do not like artificial intelligence, AnduinOS says these features will be easily removable.

Due to the fact that Anduin Xue is based in China (he's also a Microsoft employee), some people have raised concerns about whether the project is linked to the Chinese government in any way. Here’s what he had to say about transparency:

Quote

“We are aware of concerns that AnduinOS might become influenced or controlled by particular governments or institutions. Therefore, transparency remains a top priority in our development process. We commit to fully disclosing all source code, development progress, planning, and even details about our team composition. Efforts will be made to establish a diverse, globally distributed team communicating primarily in English to foster open collaboration and community building.”

source

eBooks all to know / Get The Cybersecurity Control Playbook

« Last post by javajolt on May 27, 2025, 01:57:52 AM »

Implement effective cybersecurity measures for all organizations

Cybersecurity is one of the central concerns of our digital age. In an increasingly connected world, protecting sensitive data, maintaining system integrity, and ensuring privacy have never been more important. The Cybersecurity Control Playbook offers a step-by-step guide for implementing cybersecurity controls that will protect businesses and prepare them to compete in an overwhelmingly networked landscape. With balanced coverage of both foundational and advanced topics, and concrete examples throughout, this is a must-own resource for professionals looking to keep their businesses safe and secure.

Readers will also find:

• Clear, jargon-free language that makes it accessible to a wide range of readers

• An introduction to developing, deploying, monitoring, testing, and retiring controls and control frameworks across large, medium, and small enterprises

• A system for identifying, prioritizing, and managing cyber risks based on the MITRE ATT&CK framework, with additional coverage of other key cybersecurity frameworks

The Cybersecurity Control Playbook is ideal for cybersecurity practitioners, IT professionals, and security managers who are responsible for implementing and managing cybersecurity strategies in their organizations.

How to get it

Follow this link to get your copy of 'The Cybersecurity Control Playbook' of this free guide. This link will redirect you to my One Drive account and click Download. [system administrator]

source