artifacts Archives

Tech Optimizer

April 11, 2025

Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption

A recent study has revealed a method that bypasses Microsoft’s Windows Defender antivirus by using direct system calls and XOR encryption techniques, exposing vulnerabilities in the security solution. The technique targets the user mode and kernel mode operations of Windows, allowing attackers to execute harmful code without detection. Researchers demonstrated that by directly invoking syscall instructions, they could evade security monitoring that typically occurs at the user mode level. They utilized XOR encryption to obfuscate malicious shellcodes, making them unrecognizable and undetectable by signature-based systems. Tests showed that a Meterpreter reverse shell payload, encrypted with XOR and executed via direct syscalls, successfully bypassed Windows Defender protections without leaving traces on the disk. This method has been effective since at least 2022 and continues to work against recent updates of Windows Defender. The researchers recommend that Microsoft enhance defenses with kernel-level monitoring of syscalls and advise organizations to implement additional security measures beyond Windows Defender.

AppWizard

April 10, 2025

Minecraft soundtrack to enter US National Recording Registry

The Minecraft soundtrack, composed by Daniel Rosenfeld, has been inducted into the US National Recording Registry, recognizing its artistic contribution and cultural significance. It is the second video game score to be included, following the Super Mario Bros. theme. The Library of Congress aims to preserve diverse audio treasures, reflecting American history and culture. Additionally, Minecraft was included in Sweden's Game Culture Canon, acknowledging video games as an important part of contemporary culture. The recent Minecraft movie adaptation grossed 7 billion during its opening weekend, surpassing initial earnings projections.

Winsage

April 9, 2025

Koto crafts bold 50th anniversary identity for Microsoft, celebrating its past and future

Global design studio Koto has created a new identity for Microsoft's 50th anniversary, celebrating the company's influence and legacy while recognizing current innovators. The campaign is centered around the phrase "Change Needs Makers," emphasizing the contributions of individuals behind Microsoft's software and cultural innovations, especially in the context of AI. Koto's design strategy includes three storytelling structures: "Worlds," which showcases technology's potential; "Iconic Moments," highlighting significant achievements; and "Then & Now," contrasting different eras of the company. The visual identity features a 50th-anniversary logo inspired by the original Windows design, modernized with 3D elements, and uses Segoe Sans Display typography along with a vibrant palette of gradients. The campaign aims to connect Microsoft's past, present, and future, focusing on continuous innovation and inviting the next generation to shape what comes next. Koto has previously developed identities for brands like Google Gemini, Netflix, and Venmo.

Winsage

April 9, 2025

Exploitation of CLFS zero-day leads to ransomware activity

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) identified a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), designated as CVE-2025-29824. This vulnerability has been exploited by the PipeMagic malware, attributed to the group Storm-2460, affecting organizations in various sectors across the U.S., Venezuela, Spain, and Saudi Arabia. Microsoft released security updates on April 8, 2025, to address this vulnerability. The exploit allows attackers with standard user privileges to escalate their access, and it was executed from a dllhost.exe process. The exploit utilizes memory corruption techniques and the RtlSetAllBits API to gain all privileges and inject processes into SYSTEM processes. Post-exploitation, the attackers injected a payload into winlogon.exe, leading to ransomware activity characterized by file encryption and the creation of ransom notes. Indicators of compromise include the creation of a CLFS BLF file at C:ProgramDataSkyPDFPDUDrv.blf, command lines associated with ransomware activities, and specific domains linked to PipeMagic. Microsoft advises applying security updates promptly and recommends strategies for mitigating ransomware threats, including enabling cloud-delivered protection and utilizing device discovery.

TrendTechie

April 6, 2025

Overclockers.ru: Порт The Last of Us Part 2 Remastered был слит на торренты менее чем за 24 часа

The Last of Us Part 2 was released on April 3, 2025, and was pirated within 24 hours of its launch, appearing on various torrent sites. Initial player engagement is lower than its predecessor, with a peak concurrent player count of 28,134 compared to 36,496 for the first game. The sequel has better performance than the first installment, which suffered from significant optimization issues, but it still has reports of bugs and graphical artifacts. Digital Foundry's analysis indicates that while the sequel surpasses the original in several areas, it also has abrupt frame rate drops and requires a powerful graphics card, affecting accessibility.

AppWizard

April 5, 2025

Android 16 has a new trick to speed up app installation

Android 16 introduces a feature called cloud compilation, which enhances app installation speed by shifting the compilation process from the device to the cloud. This feature allows application artifacts to be loaded directly from files downloaded via the Google Play Store, rather than being generated on the device. It is particularly beneficial for low-end devices that struggle with processing power or storage speed. The Android Runtime (ART) uses a tool called dex2oat to convert APK’s .dex files into application artifacts, which include .vdex, .odex, and .art files. Cloud compilation retrieves these artifacts from a new format called Secure Dex Metadata (SDM), ensuring application integrity while expediting installation. However, the feature is not yet operational as Google needs to configure the Play Store to generate these artifacts for use during installations.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

AppWizard

March 31, 2025

I played 5 games on an RTX 5070 vs RTX 5070 Ti gaming PC — is it worth paying extra

Both the RTX 5070 and RTX 5070 Ti GPUs are being tested across five demanding PC games to evaluate their performance. The RTX 5070 is priced at £529, while the RTX 5070 Ti is priced at £729. In Cyberpunk 2077, the RTX 5070 achieved 17 FPS and the RTX 5070 Ti achieved 25 FPS at 4K Ultra settings without DLSS. With DLSS 4 enabled, both GPUs exceeded 100 FPS. In Forza Horizon 5, both GPUs showed similar 1% low performance. In Call of Duty Black Ops 6, the RTX 5070 showed limitations compared to the RTX 5070 Ti. Black Myth: Wukong revealed a noticeable performance gap between the two GPUs, while both performed well in Alan Wake II. The RTX 5070 Ti is recommended for multiplayer gaming, while the RTX 5070 may suffice for single-player experiences. Both GPUs offer enhanced performance for users with older hardware.

AppWizard

March 27, 2025

The Best Minecraft Updates (And How They Changed Multiplayer Forever)

Minecraft has evolved significantly since its inception, with various updates introducing new features and enhancing gameplay. 1. Beta 1.8 (2011): Introduced hunger, sprinting, strongholds, and villages, marking the transition to survival mode and boosting multiplayer dynamics with the rise of PvP servers and Hunger Games-style minigames. 2. Release 1.3 (2012): Unified single-player and multiplayer modes, allowing single-player worlds to function as lightweight servers and introducing command blocks for scripting events, enhancing multiplayer experiences. 3. Release 1.7 (2013): Added new biomes and improved world generation, enriching multiplayer exploration and encouraging themed survival worlds and roleplay. 4. Release 1.8 (2014): Introduced armor stands, banners, and enhanced creator tools, allowing for custom lobbies and scripted events, fostering a thriving multiplayer scene. 5. Release 1.13 (2018): Revitalized oceans with new features like coral reefs and improved swimming mechanics, leading to water-themed multiplayer worlds and ambitious server designs. 6. Release 1.16 (2020): Transformed the Nether with new biomes and mobs, introducing Netherite and creating new survival challenges and PvE zones for multiplayer. 7. Releases 1.17 & 1.18 (2021): Overhauled terrain generation, expanding world height and creating dynamic multiplayer experiences with group mining expeditions and scenic base-building. 8. Release 1.20 (2023): Focused on storytelling with new features like archaeology and sniffer mobs, promoting collaborative narratives and community-driven experiences in multiplayer.