attack Archives

BetaBeacon

April 7, 2025

Best new mobile games on iOS and Android – April 2025 round-up

- Songs Of Conquest Mobile is available on iOS & Android for £11.99 - The game was originally released on PC last year - The game features turn-based interactions and pixel art - It involves warring fantasy characters and Final Fantasy Tactics-style battles - The game is challenging and requires players to gather power-ups - The game has a score of 7/10

Tech Optimizer

April 5, 2025

I put Trend Micro and McAfee antivirus in a head to head showdown – here’s how it went

McAfee and Trend Micro are two antivirus software options with distinct features. Specifications: - McAfee costs per year for a single user; Trend Micro starts at per year for 2 adults and 4 children. - McAfee supports Windows 10 and 11; Trend Micro supports Windows 8.1 to 11. - Malware protection is rated as good for McAfee and adequate for Trend Micro. - Both do not offer backup software. - System resource usage is light to heavy for both. Costs and Coverage: - Both do not have a free tier but offer a 30-day trial. - Trend Micro's entry-level Antivirus + Security is priced at , while McAfee's Basic plan typically retails for for a single device. - Trend Micro offers packages for 3 devices, 5 systems, and 10 systems, while McAfee's plans cover up to two adults and four children. Antivirus Protection: - Trend Micro uses heuristic behavioral analysis, while McAfee employs cloud-based infrastructure and machine learning. - Both provide periodic updates, but McAfee features Ransom Guard for monitoring file changes. Antivirus Performance: - McAfee has a 99.8% protection rate; Trend Micro has a 98.1% rate. - McAfee has fewer false positives (10) compared to Trend Micro (76). Security and Privacy Features: - Trend Micro includes a Firewall Booster; McAfee emphasizes phishing protection and personal data privacy. Performance and System Impact: - Trend Micro has minimal impact on system resources; McAfee uses more resources during scans. Interface: - Trend Micro's interface is user-friendly; McAfee's interface is simplified but less customizable. Installation and Support: - McAfee's installation takes under five minutes; Trend Micro's takes over twelve minutes. - McAfee offers 24/7 support; Trend Micro's support is limited to business hours unless on a premium plan. Overall, McAfee is rated higher in performance and features, while Trend Micro is noted for its efficient resource management and user-friendly interface.

Winsage

April 4, 2025

Vole punts pricey plastic brick for cloudy PCs

Microsoft has introduced the Windows 365 Link, a compact device priced at £349, designed to connect users to Windows Cloud PCs hosted on Azure. Weighing 418 grams, it features HDMI, USB-C, three USB-A ports, Ethernet, Bluetooth, and Wi-Fi. The device is only compatible with organizations using Windows 365 (Enterprise, Frontline, or Business), Intune, and Microsoft Entra ID, excluding government users. It promises high-performance video playback and conferencing, particularly with Teams, but functions primarily as a cloud dongle aimed at simplifying IT administration and enhancing security. The Link connects to Windows 365 in seconds and is available through select resellers like Ricoh UK and Insight Enterprises in the U.S.

Winsage

April 4, 2025

Gone all in on Windows 365? Microsoft has a box for you

Microsoft's Windows 365 Link is a compact device priced at £349, designed to connect users to a Windows 365 Cloud PC hosted in the Azure cloud. It measures 120 mm x 120 mm x 30 mm and weighs 418 grams. The device features an HDMI port, a USB-C port, three USB-A ports, an Ethernet socket, Bluetooth, and Wi-Fi support, but lacks local storage. It is aimed at organizational use for employees utilizing Windows 365 with Microsoft Intune and Microsoft Entra ID, supporting Windows 365 Enterprise, Frontline, and Business editions, while excluding Windows 365 Government. The device is marketed towards desk-based or frontline workers in shared workspaces and is available through select resellers like Ricoh UK and Insight Enterprises in the US.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

BetaBeacon

April 3, 2025

Playing Android games in cars? Your vehicle might get hacked

Google's decision to introduce gaming capabilities in cars through Android Auto has faced criticism from experts who fear it may lead to distractions on the road and make vehicles vulnerable to cyber attacks. Akash Mahajan, CEO of Kloudle, highlighted the increased security risks associated with adding gaming features to cars.

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

AppWizard

April 1, 2025

Google’s Play Store Warning—Do Not Update This Setting

A sophisticated trojan named TsarBot is targeting over 750 legitimate banking and shopping applications on Android devices. It overlays a counterfeit login screen on real apps to capture user credentials. TsarBot is believed to have Russian origins and can remotely control the device's screen, simulating user interactions and capturing device lock credentials through a deceptive lock screen. The trojan is typically installed from phishing websites, where a dropper application delivers the TsarBot APK file. Once installed, it disguises itself as the Google Play Services app and urges users to enable Accessibility services. Users are advised to avoid installing apps from outside the Google Play Store, ensure Play Protect is enabled, and only enable Accessibility Services when necessary to mitigate risks.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.