incident Archives

Winsage

May 22, 2025

Microsoft fires employee who interrupted CEO’s speech to protest AI tech for Israeli military

An employee named Joe Lopez was terminated after protesting during Microsoft's Build developer conference, expressing concerns about the company's technology being used in the Gaza conflict. His disruption led to a series of pro-Palestinian protests at the event, resulting in multiple interruptions of executive talks and Microsoft cutting audio from a livestreamed session. Outside the venue, demonstrators gathered to amplify their message. Microsoft has a history of responding firmly to employee protests related to its operations in Israel and recently acknowledged providing AI services to the Israeli military but stated that there is no evidence of its technologies being used to target civilians. Following his protest, Lopez received a termination letter that he could not open, and an advocacy group claims Microsoft has restricted internal communications regarding terms like “Palestine” and “Gaza.” Microsoft has not commented on the protests during the conference.

Winsage

May 22, 2025

Microsoft fires employee who interrupted CEO’s speech to protest AI…

During Microsoft's annual Build developer conference in Seattle, software engineer Joe Lopez interrupted CEO Satya Nadella's address to protest the company's technology supply to the Israeli military amid the Gaza conflict. Lopez was escorted from the venue after shouting at Nadella. He later sent a mass email to colleagues challenging Microsoft's claims about its Azure cloud platform's use in Gaza. The conference saw multiple interruptions from pro-Palestinian protests, and demonstrators gathered outside. Microsoft acknowledged providing AI services to the Israeli military but stated there was no evidence linking its technologies to harm in Gaza. Lopez reportedly received a termination letter following his protest, and the advocacy group No Azure for Apartheid claimed Microsoft has restricted internal communications related to Palestine and Gaza.

Winsage

May 22, 2025

Palestinian developer disrupts Microsoft keynote: ‘my people are suffering’

Microsoft's Build developer conference experienced protests for two consecutive days due to the company's ties to Israel. During a keynote by Jay Parikh, a Palestinian tech worker interrupted to express concerns about Microsoft's contracts with the Israeli government, calling for an end to the collaboration. Security removed the protester, who was supported by the group No Azure for Apartheid. The previous day, Microsoft employee Joe Lopez also interrupted a keynote to speak against the company's contracts with Israel, urging colleagues to speak out. Microsoft is conducting an internal review of its technology's role in the Gaza conflict, maintaining that its relationship with Israel's Ministry of Defense is commercial and that its technologies are not misused. This follows previous instances of dissent within Microsoft, including disruptions at a 50th-anniversary event.

Winsage

May 22, 2025

Microsoft blocks emails that contain ‘Palestine’ after employee protests

Microsoft employees have discovered that emails containing specific terms related to Gaza and Palestine, such as “Palestine,” “Gaza,” and “Genocide,” are being blocked in the company's internal communication system. Variations of these terms, like “Israel” or “P4lestine,” do not face the same restrictions. The No Azure for Apartheid (NOAA) protest group claims this selective blocking is an attempt to suppress free speech among employees advocating for Palestinian rights, labeling it as censorship. Microsoft has acknowledged making adjustments to its email system to limit the circulation of “politically focused emails” and stated that emailing large numbers of employees about non-work-related topics is inappropriate. This situation has coincided with protests against Microsoft's contracts with the Israeli government, including disruptions during the Build developer conference.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

BetaBeacon

May 21, 2025

Google I/O 2025: Android Auto and Automotive OS Get Smarter

Google introduced major updates to Android Auto and Android Automotive OS at Google I/O 2025, signaling a push into the connected car space. Gemini AI is making its in-car debut, offering natural voice controls and contextual awareness. Navigation apps can integrate Gemini for voice-driven navigation and search. App categories are expanding across platforms, with weather apps out of beta, games entering beta, and video apps on the roadmap. Google is providing new tools and templates for developers to streamline car app development. The roadmap includes features like audio-only playback for video apps while driving and Quick Share between phone and car. The Android-powered car is becoming a standard, inviting developers to build innovative experiences beyond navigation and playlists.

Winsage

May 21, 2025

Windows 10’s latest update packs a nasty bug, and while your system might be safe, it’s vital you check now

Windows 10 users are experiencing issues with the May update, which has a bug affecting business laptops with Intel vPro processors. This bug can cause update installation failures and repeated automatic repair attempts. Microsoft has released an emergency fix, KB5061768, which users should apply before installing the May update. The problem stems from the termination of the lsass.exe service, leading to automatic repair failures and potential lockouts for users with Device Encryption or BitLocker. To recover, users may need to disable Intel Trusted Execution Technology (TXT) and Intel VT for Direct I/O in BIOS settings, which typically requires the BitLocker recovery key. A workaround allows users to disable Intel TXT without changing Intel VT settings. Users can access BIOS by pressing keys like F2, F10, or F12 during startup, navigate to the Intel TXT setting, disable it, and then restart their PC to install the emergency patch. It is recommended to install the emergency fix before downloading the May update. Similar bugs have occurred in previous updates for Windows 10 and 11. Windows 11 users should note that a clean install of version 24H2 automatically applies Device Encryption, which requires careful management of Microsoft account credentials for recovery keys.

Tech Optimizer

May 20, 2025

Shuswap resident scammed out of $9,000 by fake antivirus software representative

A resident of Blind Bay lost ,000 in a computer fraud scheme after being persuaded by a caller claiming to represent Norton antivirus. The victim, whose identity is confidential, was convinced to withdraw money from her bank account and deposit it into a Bitcoin account. Local police are investigating the case and have highlighted the importance of public awareness regarding such scams. Resources for recognizing and avoiding fraud include the BC RCMP Frauds and Scams, Canadian Anti-Fraud Centre, Canadian Telecoms Association, and Competition Bureau of Canada.

Tech Optimizer

May 20, 2025

The ol’ antivirus virus scam | Scam of the Week

A reader received a fraudulent email that appeared to be from Norton, claiming they had a subscription for a service they never signed up for. The email included a reminder about an automatic renewal for a Norton Ultimate Plus plan and provided a phone number that could lead to scams. EECU, a local credit union, warned its members about this scam and advised them to verify the authenticity of such invoices with their bank to prevent identity theft.

AppWizard

May 19, 2025

Minecraft inspired NFL 2025 schedule release removed due to licensing and tasteless joke

The Los Angeles Chargers and the Indianapolis Colts used Minecraft to unveil their 2025 NFL matchups. The Colts' video was taken down due to a licensing conflict with Microsoft, which owns Minecraft. The Colts included a crude joke about Dolphins wide receiver Tyreek Hill and an insensitive clip, leading to their apology for exceeding rights with Microsoft. Hill's agent stated that Hill found humor in the situation. The Chargers' video properly credited Microsoft, raising questions about the Colts' adherence to licensing agreements.