aliases Archives

AppWizard

May 28, 2025

The best password managers for Android of 2025: Expert tested

Safeguarding personal information like login credentials and credit card details is crucial for Android users, and a password manager is essential for generating and securely storing strong, unique passwords. Bitwarden is highlighted as the best free password manager due to its open-source nature and robust encryption, allowing unlimited credential syncing across devices. It features autofill, secure note storage, a password generator, encrypted sharing, biometric unlock, and passkey support. 1Password is recommended for its user-friendly interface and security features, offering a library of over 20 credential types, autofill capabilities, and a feature called Watchtower for security alerts. It requires a subscription after a 14-day trial. Keeper is noted for its user-friendly onboarding process and enterprise-level security, accommodating various record types and offering features like account recovery and offline access, but it may be less appealing for budget-conscious users. Proton Pass, an open-source option from the creators of Proton VPN and Proton Mail, emphasizes privacy and offers features like password health alerts and hide-my-email aliases, although it currently lacks some functionalities of more established managers. Overall, Bitwarden is the top choice for cost-effective password management, while 1Password is recognized for its user experience.

Winsage

May 14, 2025

WSL is the best feature added to Windows in the last decade

Microsoft introduced the Windows Subsystem for Linux (WSL) in the Windows 10 Anniversary Update in August 2016, initially as a tool for developers. WSL debuted as a beta version with a native-kernel translation layer, allowing Windows to run unmodified Linux ELF binaries. Its early performance was limited, leading users to prefer Linux virtual machines for full compatibility. The launch of WSL2 in May 2020 replaced the translation layer with a lightweight, real Linux kernel running in a Hyper-V utility VM, providing near-native performance and comprehensive syscall coverage. WSL2 has since seen continuous improvements, including GPU-compute and CUDA support in 2021, full GUI support for X11 and Wayland applications in 2022, and systemd support in September 2022. WSL2 approaches the performance of bare-metal Linux while integrating seamlessly with Windows, allowing users to launch a Linux shell easily. It enables developers to access the C drive and interact between Windows and Linux environments without dual-booting. WSL2 enhances productivity for data science workflows, allowing the use of tools like PyTorch with CUDA. It also offers features for non-developers, such as creating aliases for launching Windows applications and running Linux GUI applications. WSL's integration into Windows represents a significant shift, providing opportunities for users across various domains to explore Linux functionalities.

Winsage

May 8, 2025

Windows 0-Day Vulnerability Exploited in Wild to Deploy Play ransomware

Threat actors associated with the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows, identified as CVE-2025-29824, before a patch was released on April 8, 2025. This vulnerability affects the Windows Common Log File System (CLFS) driver, allowing attackers to elevate their privileges to full system access. The Play ransomware group targeted an unnamed organization in the United States, likely gaining initial access through a public-facing Cisco Adaptive Security Appliance (ASA). During this intrusion, no ransomware payload was deployed; instead, the attackers used a custom information-stealing tool named Grixba. Microsoft attributed this activity to the threat group Storm-2460, known for deploying PipeMagic malware. The exploitation affected various sectors, including IT, real estate in the U.S., finance in Venezuela, software in Spain, and retail in Saudi Arabia. The vulnerability received a CVSS score of 7.8 and was addressed in Microsoft's April 2025 Patch Tuesday updates. The attack involved creating files in the path C:ProgramDataSkyPDF, injecting a DLL into the winlogon.exe process, extracting credentials from LSASS memory, creating new administrator users, and establishing persistence. The Play ransomware group has been active since June 2022 and employs double-extortion tactics. Organizations are urged to apply the security updates released on April 8, 2025, especially for vulnerable Windows versions, while Windows 11 version 24H2 is not affected due to existing security mitigations.

Winsage

March 9, 2025

Enable old Classic Notepad in Windows 11 24H2 without AI and modern UI

Users can restore the classic Notepad experience by disabling the .txt execution for notepad.exe in the App execution aliases settings. To launch the legacy version, they can use the Windows Run dialog and type notepad.exe. Microsoft has introduced a ChatGPT-based "Rewrite" feature in Notepad, requiring a Microsoft account and a Microsoft 365 subscription for access, while core functionalities remain available without an account. To enable the classic Notepad in Windows 11, users should check if it is installed, remove the association with the new Notepad, and associate .txt files with the legacy version. They can also create a Start menu shortcut for the classic Notepad. To revert to the new Notepad, users can delete the classic shortcut and adjust settings in the Registry Editor and App execution aliases.

Tech Optimizer

March 3, 2025

New malware exploits fake updates to steal data

Recent developments indicate that Mac users are facing an escalating threat from malware designed for macOS systems, particularly with the emergence of a strain called FrigidStealer. This malware spreads through deceptive browser update prompts on compromised websites, leading users to download a malicious DMG file that seeks elevated privileges to steal sensitive information. Cybersecurity firm Proofpoint has traced the operations of FrigidStealer to two threat actors: TA2726, a traffic distribution service provider, and TA2727, which delivers the malware. This campaign also targets Windows and Android devices, indicating a multi-platform strategy. Additionally, the rise of infostealer malware has compromised approximately 330 million credentials in 2024, with around 3.9 billion credentials circulating from infostealer logs. Users are advised to adopt protective measures, including being cautious of fake software updates, enabling two-factor authentication, using password managers, and exercising caution with downloads and links.

Winsage

February 12, 2025

New Sandworm Attacks Use Trojanized MSFT Activators

The Russian state-sponsored threat group Sandworm has intensified its campaign against Ukrainian Windows users since late 2023, executing sophisticated malware intrusions. They have deployed counterfeit Microsoft Key Management Service (KMS) activators and fraudulent Windows updates. One recent incident involved a deceptive KMS activation tool containing the BACKORDER malware loader, which enabled the delivery of DarkCrystal RAT after disabling Windows Defender. DarkCrystal RAT allows attackers to extract sensitive information, including saved credentials, browser cookies and histories, keystrokes, FTP credentials, and system details. The rise of pirated software from untrusted sources has facilitated these attacks, posing a threat to Ukraine's national security, critical infrastructure, and private sector resilience.

Winsage

February 3, 2025

Microsoft blocks free Windows 11 24H2 system requirements bypass app as potential malware

Flyby11, a third-party utility for navigating Windows 11 system requirements, has received a significant update that includes a Registry tweak and refined scripts for improved stability. Microsoft Defender flags Flyby11 as a Potentially Unwanted Application (PUA:Win32/Patcher), which may deter some users. The application has been adjusted to comply with Microsoft's updated CPU and TPM policies, although Microsoft does not officially support this method. Users are advised to test Flyby11 in a virtual machine due to its lack of digital signatures. The latest version, 1.2, is available for download on its official GitHub repository.

Tech Optimizer

December 16, 2024

AI-powered deception: The sneaky macOS malware masquerading as your next video call

Artificial intelligence (AI) is being used by cybercriminals to enhance their scams, exemplified by a malware called Realst that masquerades as video-calling software. This malware targets macOS and Windows users and has been active for about four months. The hackers behind Realst operate under the fake company name "Meetio" and have used various aliases. They employ social engineering tactics, often contacting victims through platforms like Telegram, presenting fraudulent business opportunities, and leading them to download the malware from a deceptive website. Once installed, Realst scans for sensitive information, organizes it, and sends it to a remote server. It can extract credentials from applications like Telegram and web browsers. To protect against such malware, users are advised to verify software sources, be cautious of unexpected contacts, enable two-factor authentication, use strong passwords, keep software updated, and consider personal data removal services.

Winsage

December 1, 2024

How to enable and use Rewrite AI in Notepad on Windows 11

The tutorial explains how to enable and use the Rewrite AI feature in Notepad on Windows 11, which utilizes GPT for text editing. Users can rephrase sentences, change the tone, or rewrite documents with AI credits. The feature is currently in preview mode for Windows 11 Insider users in the US, UK, Canada, France, and Italy, with 50 credits available. Users in Singapore, Malaysia, Australia, New Zealand, Thailand, or Taiwan can access it with a Copilot Pro or Microsoft 365 subscription. To enable Rewrite, users must adjust their region settings to a supported country and update Notepad. The Rewrite functionality includes options to rewrite, shorten, lengthen, change tone, and format text, with each action consuming one AI credit. Users can access Notepad settings by clicking the gear icon in the top-right corner.

Winsage

November 28, 2024

Firefox and Windows zero-days exploited by Russian RomCom hackers

The Russian-based RomCom cybercrime group has exploited two zero-day vulnerabilities to target Firefox and Tor Browser users in Europe and North America. The first vulnerability, CVE-2024-9680, is a use-after-free bug in Firefox's animation timeline feature, allowing code execution within the browser's sandbox. Mozilla issued a patch for this on October 9, 2024. The second vulnerability, CVE-2024-49039, is a privilege escalation flaw in the Windows Task Scheduler service, which Microsoft addressed on November 12. RomCom combined these vulnerabilities into a zero-day chain exploit that enables remote code execution without user interaction, requiring victims only to visit a malicious website. The attacks specifically targeted Tor Browser users, particularly versions 12 and 13. ESET estimates the campaign's scale could affect between one and 250 victims per country. RomCom has a history of exploiting zero-day vulnerabilities, including an incident in July 2023 targeting organizations at the NATO Summit. The group is linked to various financially motivated campaigns and is currently targeting organizations in Ukraine, Europe, and North America across multiple sectors.