attack Archives

AppWizard

April 13, 2025

Lava Chicken Cravings Led Us Straight to McDonald’s Minecraft Meal

After watching the new Minecraft movie, a parent and child sought a meal inspired by the film, leading them to McDonald's for the newly launched Minecraft Meal. This meal includes a choice of a Big Mac or 10-piece McNugget, a Hi-C Lavaburst drink, and Nether Flame Sauce. The child received a Minecraft-style cube toy, while the parent received a Grimace Egg toy that included a code for a matching Minecraft skin. The Minecraft Meal is available until May 6, 2025.

AppWizard

April 13, 2025

‘A Minecraft Movie’ still striking gold at the box office

“A Minecraft Movie” has secured the top position at the box office for the second consecutive Friday, earning .5 million and projected to exceed million by the weekend. It is the highest-grossing film of the year domestically and has set a record for video game adaptations with the highest-grossing opening weekend, surpassing “The Super Mario Bros. Movie.” “The King of Kings” is in second place with just over million in sales and is the first theatrically released biblical animated feature since 1998’s “The Prince of Egypt.” It is adapted from Charles Dickens’ “The Life of Our Lord.” In third place, “The Amateur” earned million, starring Rami Malek as a CIA decoder. The action film “Warfare” is in fourth place with just over .5 million, and the thriller “Drop” rounds out the top five with slightly more than .3 million.

BetaBeacon

April 12, 2025

The Best Android Games of All Time: Top Mobile Games to Play

Some of the best Android games of all time include Genshin Impact, Among Us, Clash of Clans, Pokémon Go, and Monument Valley.

Tech Optimizer

April 11, 2025

Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption

A recent study has revealed a method that bypasses Microsoft’s Windows Defender antivirus by using direct system calls and XOR encryption techniques, exposing vulnerabilities in the security solution. The technique targets the user mode and kernel mode operations of Windows, allowing attackers to execute harmful code without detection. Researchers demonstrated that by directly invoking syscall instructions, they could evade security monitoring that typically occurs at the user mode level. They utilized XOR encryption to obfuscate malicious shellcodes, making them unrecognizable and undetectable by signature-based systems. Tests showed that a Meterpreter reverse shell payload, encrypted with XOR and executed via direct syscalls, successfully bypassed Windows Defender protections without leaving traces on the disk. This method has been effective since at least 2022 and continues to work against recent updates of Windows Defender. The researchers recommend that Microsoft enhance defenses with kernel-level monitoring of syscalls and advise organizations to implement additional security measures beyond Windows Defender.

Winsage

April 9, 2025

Exploitation of CLFS zero-day leads to ransomware activity

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) identified a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), designated as CVE-2025-29824. This vulnerability has been exploited by the PipeMagic malware, attributed to the group Storm-2460, affecting organizations in various sectors across the U.S., Venezuela, Spain, and Saudi Arabia. Microsoft released security updates on April 8, 2025, to address this vulnerability. The exploit allows attackers with standard user privileges to escalate their access, and it was executed from a dllhost.exe process. The exploit utilizes memory corruption techniques and the RtlSetAllBits API to gain all privileges and inject processes into SYSTEM processes. Post-exploitation, the attackers injected a payload into winlogon.exe, leading to ransomware activity characterized by file encryption and the creation of ransom notes. Indicators of compromise include the creation of a CLFS BLF file at C:ProgramDataSkyPDFPDUDrv.blf, command lines associated with ransomware activities, and specific domains linked to PipeMagic. Microsoft advises applying security updates promptly and recommends strategies for mitigating ransomware threats, including enabling cloud-delivered protection and utilizing device discovery.

Winsage

April 9, 2025

Windows Common Log File System 0-Day Vulnerability Exploited in the Wild

A critical zero-day vulnerability in the Windows Common Log File System (CLFS) driver, identified as CVE-2025-29824, is actively exploited, allowing attackers to elevate privileges to SYSTEM level and compromise system integrity. This flaw arises from a use-after-free issue within the CLFS driver, enabling local attackers to execute malicious code. Microsoft is aware of the exploitation and is working on a security update, but no immediate patch is available. The vulnerability affects multiple versions of Windows 10, including x64-based and 32-bit systems, and can lead to privilege escalation, data breaches, operational disruption, and malware deployment. Microsoft has classified this vulnerability as "Important" and urges organizations to apply patches promptly once available.

BetaBeacon

April 8, 2025

The 15 Best Mobile Games in 2025: Top iPhone and Android Games

- Vampire Survivors is a popular bullet heaven game with Castlevania-inspired visuals and addictive combat gameplay. - The game offers multiple maps, 48 playable characters, and permanent upgrades for new attack strategies. - Players must discover powerful attack combinations and delve into meta-progression systems to excel in the game. - There are in-game achievements to unlock and five DLCs available for additional content.

Winsage

April 8, 2025

Neptune RAT malware is hijacking Windows PCs, holding them for ransom and stealing passwords

Cybercriminals have released a new malware strain called Neptune RAT, which targets Windows PCs and is capable of stealing cryptocurrencies and passwords, as well as holding data for ransom. It features a crypto clipper that can alter cryptocurrency wallet addresses, a password-stealing function affecting over 270 applications, and ransomware capabilities that lock files until a ransom is paid. The malware can disable antivirus software, monitor victims' screens in real-time, and has the ability to wipe a PC. It is distributed through platforms like GitHub, Telegram, and YouTube, making it difficult for cybersecurity researchers to analyze. Users are advised to be cautious with downloads, consider identity theft protection services, and practice safe browsing habits to mitigate risks.

Tech Optimizer

April 7, 2025

Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools

Sakura RAT is a newly developed remote administration tool available on GitHub, designed for use by malware analysts and security researchers. It features capabilities such as hidden browsing, hidden virtual network computing (HVNC), fileless execution, multi-session control, and anti-detection mechanisms to evade antivirus and endpoint detection systems. While marketed for research purposes, its open availability raises concerns about potential misuse by cybercriminals for activities like data exfiltration and ransomware deployment. Cybersecurity experts are advocating for the removal of the repository from GitHub and calling for improved detection systems to combat the risks posed by such advanced tools.

BetaBeacon

April 7, 2025

Best new mobile games on iOS and Android – April 2025 round-up

- Songs Of Conquest Mobile is available on iOS & Android for £11.99 - The game was originally released on PC last year - The game features turn-based interactions and pixel art - It involves warring fantasy characters and Final Fantasy Tactics-style battles - The game is challenging and requires players to gather power-ups - The game has a score of 7/10