authentication Archives

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

AppWizard

April 3, 2025

Android 15 blocked Phone Link from mirroring sensitive notifications, but Microsoft has a fix

Microsoft's Phone Link app can now mirror sensitive notifications from Android devices to Windows PCs after the Android 15 update had initially restricted this capability. The Android 15 update classified two-factor authentication codes as sensitive, blocking their visibility to most notification listeners, including Phone Link. To access sensitive notifications, Phone Link must be preinstalled on the device and granted the RECEIVESENSITIVENOTIFICATIONS permission. Users with devices that have Link to Windows preinstalled, like the Xiaomi 15 Ultra and Samsung Galaxy S25 Ultra, can grant permission to restore full functionality. For devices without the preinstalled app, workarounds include disabling Android System Intelligence notification processing or manually granting permissions.

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Tech Optimizer

April 2, 2025

When it comes to security, public Wi-Fi could be a risky choice for commuters worldwide

Research from NordVPN indicates that 47% of commuters use strong passwords or passcodes, 46% regularly update their software, 20% use privacy screen protectors, and only 17% utilize a VPN for added security while traveling.

Winsage

March 30, 2025

Microsoft is asking people to delete their passwords

Microsoft will introduce a new sign-in and account creation process emphasizing passkeys starting in April, impacting over a billion users. New users will verify their email and generate a passkey instead of creating a password, while existing accounts will prioritize passkeys for authentication. Microsoft's goal is to eliminate passwords entirely, as passkeys are tied to a user's device and can be unlocked using biometric methods. The company blocks approximately 7,000 password-related attacks every second, highlighting the vulnerability of traditional passwords. Passkeys are securely stored on devices, reducing the risk of unauthorized access, and are reported to be three times faster than traditional passwords.

Winsage

March 29, 2025

Microsoft’s passwordless future is here for Outlook, Xbox, 365, and more

Microsoft is transforming its sign-in screens to simplify the authentication process for over 3 billion users globally. The rollout has begun, with Xbox users already experiencing changes, and the revamped login experience will be available for Windows and other Microsoft services by the end of April. The update emphasizes passwordless authentication methods, such as passkeys, facial recognition, and fingerprint scans, moving away from traditional password reliance. Users signing up will not need to create a password but will receive a one-time security code for verification and will be prompted to create a passkey. The sign-in flow is being redesigned to reduce complexity, and the new screens will adopt Microsoft’s Fluent Design aesthetic, offering a dark theme option for customization. The updated sign-in process is currently available on the Xbox website, with web and mobile applications set to follow.

Winsage

March 29, 2025

No More Passwords? Microsoft Stock (NASDAQ:MSFT) Plunges on Paradigm Shift

Microsoft has announced a shift from traditional passwords to passkeys for user authentication, which has caused a more than 2.5% drop in its share prices. Passkeys are linked to a user's hardware, providing enhanced security, but raise concerns about device failure and account recovery. The company is also reintroducing the People app, integrating it into Teams to improve connectivity. Analysts have given Microsoft a Strong Buy consensus rating, with 32 Buy recommendations and two Holds, despite a 9.75% decline in share price over the last year. The average price target suggests a potential upside of 34.52%.

AppWizard

March 28, 2025

Keeper Security Enhances WearOS App and Android Offline Mode

Keeper Security has enhanced its Keeper WearOS app, previously known as KeeperDNA, to improve security and user experience for smartwatch users. The app now aligns with Google's Android guidelines, featuring a modern interface that allows users to securely view stored credentials and utilize Two-Factor Authentication (2FA) more easily. Key features include Time-Based One-Time Password (TOTP) code viewing, Watch Favorites for quick access to frequently used logins, and improved offline functionality that allows users to access Keeper data without an internet connection. The account setup process has been simplified, and users can manage offline access and 2FA settings separately. The updated app is available on the Google Play Store and supports zero-knowledge encryption. Future updates are planned to include passkey support and standalone functionality for managing security directly from wearable devices.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 27, 2025

Windows 11 KB5053656 update released with 38 changes and fixes

Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2, featuring 38 enhancements, including real-time translation capabilities for Copilot+ PCs with AMD and Intel processors. This update addresses authentication issues and blue-screen errors, and is classified as an "optional non-security preview update." It introduces live captions and real-time translation support for over 44 languages, enhances Windows Search with improved capabilities, and fixes issues related to the MsiCloseHandle API and boot menu entries. The update also phases out the Location History feature and acknowledges known issues affecting Citrix components and Roblox on Windows Arm devices. Users can install the update via Windows Update or manually from the Microsoft Update Catalog. The update upgrades systems to build 26100.3624. Windows 11 24H2 is broadly deployed and accessible to all users.