authentication Archives

AppWizard

June 19, 2025

‘Stargazers’ use fake Minecraft mods to steal player passwords

A malware campaign targeting Minecraft players has been identified, utilizing malicious mods and cheats to infect Windows devices with infostealers that steal sensitive information, including credentials and cryptocurrency wallets. The campaign, orchestrated by the Stargazers Ghost Network, has been active on GitHub and has previously infected over 17,000 systems with a new type of malware. Researchers found around 500 GitHub repositories linked to this operation, disguised as Minecraft mods. The malware employs a Java-based loader that downloads a stealer targeting Minecraft account tokens and user data, as well as Discord and Telegram tokens. It also includes a .NET-based stealer called '44 CALIBER,' which collects data from browsers, VPNs, and applications like Steam and Discord. The stolen data is sent via Discord webhooks, indicating a potential Russian origin for the operators. To protect against these threats, players are advised to download mods from reputable sources and use separate accounts for testing.

AppWizard

June 18, 2025

My 6 favorite open-source Android apps from the Google Play store – and why that matters

Android's ecosystem is closely linked with open-source software, attracting many enthusiasts. The Google Play Store offers a variety of open-source applications. 1. Bitwarden: An open-source password manager with essential features, industry-leading encryption, two-factor authentication, auto-fill capabilities, and a random password generator. It has a free version and a premium account for additional features. 2. Brave: A secure browser built on Chromium, featuring enhanced privacy tools, a built-in AI tool named Leo, and a toggleable VPN. It provides insights into tracker and ad blocking. 3. Wavelet: A free, open-source app for music lovers that offers preset sound profiles for various earbud models and features like AutoEQ, a graphic equalizer, and channel balance. 4. Tor Browser: A privacy-focused browser with extensive security features, though it may have slower loading times due to multiple security layers. It is free and open-source. 5. KDE Connect: An app that integrates Android devices with Linux systems, allowing users to share clipboard content, files, URLs, and notifications. It enhances productivity by enabling command execution on Linux devices from mobile phones. 6. ProtonVPN: A VPN service developed by CERN scientists, offering strong security features, access to servers in over 110 countries, and a free account with limitations. Paid plans provide higher speeds and more features.

Winsage

June 18, 2025

XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users

The XDSpy threat actor is exploiting a Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target governmental entities in Eastern Europe and Russia since March 2025. This campaign involves a multi-stage infection chain deploying the XDigo implant, developed in Go. Attackers use spearphishing emails with ZIP archives containing crafted LNK files that exploit the vulnerability. Upon execution, these files sideload a malicious C# .NET DLL named ETDownloader, which establishes persistence and retrieves the XDigo payload from specific domains. XDigo is a data collection implant capable of file scanning, clipboard capture, and screenshot acquisition, communicating with command-and-control servers. The campaign targets Belarusian governmental entities and employs advanced tactics, including anti-analysis checks and encryption for data exfiltration. Indicators of compromise include specific SHA-256 hashes for ZIP archives, LNK files, the ETDownloader, and XDigo malware, along with associated distribution and command-and-control domains.

Winsage

June 17, 2025

Microsoft has broken Windows Hello facial recognition — it no longer works in the dark

Windows Hello now requires a color camera in addition to infrared sensors for user sign-ins, which reduces its effectiveness in low-light conditions. This change was made to address a spoofing vulnerability and was implemented after an initial announcement in April. The updated system struggles in dark environments, raising concerns for users with darker skin tones, as low-light conditions can hinder facial recognition. Users can disable the color webcam to revert to using only IR sensors, but this disables video capabilities. Alternatives for sign-in include PIN, password, or fingerprint authentication.

Winsage

June 17, 2025

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark

Microsoft has made an adjustment to Windows Hello Facial Recognition that affects its functionality in dimly lit environments due to a security vulnerability. This change, introduced in the April 2025 Patch Tuesday updates for Windows 11 and Windows 10, requires color cameras to detect a visible face for sign-in. The update addresses a Windows Hello Spoofing vulnerability that was being exploited. Previously, the feature could identify users in low-light conditions using near-infrared imaging technology. Users have reported a workaround by disabling the webcam in Device Manager, allowing IR sensors to authenticate in low light.

Winsage

June 16, 2025

Microsoft has disabled a ‘key feature’ to enhance Windows security – The Times of India

Microsoft updated the Windows Hello face unlock functionality in April, which now fails to operate in low-light environments due to a strategic decision aimed at addressing a spoofing vulnerability. Users of Surface Laptops have reported frustrations as they can no longer access their devices using facial recognition in dark rooms. The update requires color cameras to see a visible face when signing in. Researchers from Nanyang Technological University identified a vulnerability in the system that allowed unauthorized access, although Microsoft categorized it as "important" and stated the likelihood of exploitation remains low. A temporary workaround for users is to disable the webcam through Windows 11's Device Manager, but this renders the camera unusable for other applications.

Winsage

June 16, 2025

Windows Hello webcams have stopped working in the dark. I don’t care

Microsoft has updated its Windows Hello biometric recognition system to use both the standard optical webcam and the infrared depth camera for user authentication, addressing a potential spoofing vulnerability. Testing on three laptops (Surface Laptop 7th Edition, Asus ZenBook S 14, and MSI Prestige 16 AI Evo) showed that all devices successfully recognized the user in dim lighting conditions. However, some colleagues reported issues with facial recognition in similar low-light environments, indicating inconsistency across devices. Microsoft has included a numeric PIN option as a backup login method. The update is said to enhance security by requiring visible light for recognition, but its practical impact on user experience appears minimal.

Winsage

June 16, 2025

Update Windows Now — Microsoft Confirms System Takeover Danger

CVE-2025-33073 is a Windows authentication relay attack vulnerability with a CVSS score of 8.8, indicating high severity. It allows attackers to gain SYSTEM privileges on affected systems. Currently, there is no evidence of active exploitation, but the public disclosure raises concerns. Exploitation involves executing a malicious script that makes the victim's machine connect to the attacker's system using SMB. Security researchers have described it as an authenticated remote command execution on machines that do not enforce SMB signing. Microsoft has released a fix as part of the June Patch Tuesday security updates to address this vulnerability.

Winsage

June 16, 2025

Windows 11 news and updates in June: Everything I know about Microsoft’s latest tweaks and beta features for Insiders

A glitch in Windows 11 Preview Build 26200.5651 has caused the Windows Vista boot sound to play instead of the standard Windows 11 sound. Microsoft is aware of this issue and is working on a fix. Users have expressed nostalgia for the Vista sound. Additionally, Windows 11 users in the European Economic Area can now export their Windows Recall data using a one-time "export code" during setup, which is necessary for accessing encrypted data. Forgetting this code will result in losing all snapshots.

Winsage

June 16, 2025

Windows Server update may disrupt IP refreshes

Microsoft has acknowledged that the June security update has caused complications for users of Windows Server systems, specifically affecting the Dynamic Host Configuration Protocol (DHCP) service, which is failing and leading to improper functioning of IP refreshes. The issue impacts multiple versions of Windows Server, including 2016 (KB5061010), 2019 (KB5060531), 2022 (KB5060526), and 2025 (KB5060842). Users have reported that the DHCP service may stop responding after installing the update, with one administrator noting their 2016 server crashed shortly after the update was applied. Microsoft is working on a solution and advises affected users to uninstall the update to restore functionality. The company has a history of DHCP-related issues dating back over a decade and has faced other problems with Windows Server updates in the past year, including issues with keyboard and mouse inputs and authentication challenges.