breach Archives

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

BetaBeacon

November 5, 2024

Netflix to ditch interactive movies and shows, but games remain in favour

Netflix is set to end their experiment with interactive movies and television shows, with reports suggesting that they could dump their entire lineup of interactive media as soon as December 1st.

Tech Optimizer

November 3, 2024

The best antivirus software for Mac

All products featured are independently selected, and Mashable may earn an affiliate commission from purchases made through links on their site. Macs are not immune to viruses; they are more secure than Windows but still vulnerable to attacks. Investing in antivirus software is recommended for Mac users. The rate of malware targeting Macs has surpassed that of PCs. Malware includes various harmful software types, while a virus is a specific type of malware that replicates itself. Infections can occur from emails, social media links, and downloads. Ransomware locks users out of systems until a ransom is paid. Password managers help generate and store unique passwords, enhancing security. The best antivirus software for Macs varies based on usage patterns, and research has been conducted to evaluate leading antivirus solutions for effectiveness and additional security features.

Tech Optimizer

October 31, 2024

Beyond antivirus: Other essential tools to protect your Mac

Macs are facing an increasing number of cybersecurity threats, with malware targeting macOS rising from eight families in 2021 to 21 in 2023. To protect against these threats, users are advised to implement antivirus software, maintain regular backups using tools like Apple's Time Machine and cloud services, enable the built-in firewall, use password managers for secure password storage, and utilize a VPN for secure internet connections, especially on public Wi-Fi.

Tech Optimizer

October 31, 2024

Best Antivirus Software for Small Businesses in 2024

Small businesses often face challenges in selecting antivirus software, as personal tools may lack robustness and enterprise solutions can be complex and costly. There are antivirus solutions specifically designed for smaller companies. Six top antivirus software options tailored for small businesses include: 1. Bitdefender: - Starting price: .99 for 5 devices for 1 year. - Covers: macOS, iOS, Android, Windows, Windows Server. - Features: Unlimited VPN traffic, account breach monitoring, risk management, AI-powered Scam Copilot, integrated password management. 2. Norton: - Starting price: .99 a year for 6 devices. - Covers: Windows, macOS, iOS, Android. - Features: 24/7 customer support, password management, cloud backup, secure browser. 3. Trend Micro: - Pricing: Contact for customized quote. - Covers: Windows, macOS, iOS, Android. - Features: Endpoint detection, attack surface risk management, AI-driven threat intelligence. 4. ESET: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android, Linux. - Features: Certain plans include password manager. 5. Avira: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android. - Features: Unlimited VPN traffic, device cleaner, blocks unwanted spam calls. 6. Microsoft Defender: - Starting price: .75 per user per month. - Covers: Windows, macOS, Linux, iOS, Android. - Features: Built into Windows, integrates with Microsoft tools, automatic disruption of ransomware attacks. When choosing antivirus software, small businesses should assess their specific needs and budget, consider bundled plans for better value, utilize free trials, and schedule demo calls with sales teams for clarification.

Winsage

October 30, 2024

Arm and Qualcomm are fighting–what does that mean for Windows on Arm?

Qualcomm is currently engaged in a legal battle with Arm, which has issued a 60-day ultimatum threatening to revoke Qualcomm's license to its technology before a court date in December. This conflict stems from Arm's lawsuit initiated in 2022 over Qualcomm's acquisition of Nuvia and involves financial disagreements over licensing fees. Qualcomm generates approximately billion annually from using Arm's technology, and its potential loss of access could disrupt various manufacturers reliant on its chips, including major players like Microsoft and Android manufacturers. Arm accounted for about 10% of its total revenue from Qualcomm last fiscal year, indicating a mutual dependence between the two companies. The outcome of this dispute could have significant implications for the broader technology sector.

Tech Optimizer

October 29, 2024

Comparing Antivirus Software 2025: Avast vs. AVG

Avast and AVG are antivirus software products developed by Avast Software s.r.o. Both platforms have similar pricing structures, with Avast priced at .99 per year for the first year and .99 for subsequent years, while AVG is priced at .88 for the first year and .99 for subsequent years. They support Windows, MacOS, and Android, and can protect up to 10 devices. Both offer a firewall and have a malware detection rate of 100% according to AV-Test.org's August 2024 Windows test. Avast has an overall rating of 2.5/5, with specific ratings of 2/5 for pricing, 5/5 for core features, 3/5 for advanced features, 2/5 for customer support, 4/5 for impact on device performance, and 0/5 for trustworthiness. AVG shares the same overall rating and similar scores in the same categories. Both platforms have a history of monetizing user data, with Avast facing an FTC order in 2024 and a .5 million fine for data practices. Neither platform offers antivirus solutions for iOS. Alternatives to consider include Microsoft Defender and Malwarebytes, which provide competitive features and pricing.

Winsage

October 28, 2024

Windows Update takeover lets an attacker revive a patched flaw

Microsoft's approach to security vulnerabilities has been criticized for not classifying scenarios where an attacker with administrative privileges can execute kernel-level code as critical vulnerabilities. SafeBreach researchers highlighted that this narrow definition leaves systems vulnerable to custom rootkits that can bypass essential security controls. They identified CVE-2024-21302, a privilege escalation vulnerability affecting the Windows virtualization stack, and CVE-2024-38202, which allows attackers to exploit the Windows Update process to disable security features like Driver Signature Enforcement and virtualization-based security. Microsoft is actively developing mitigations for these vulnerabilities and has released a security update for CVE-2024-38202 on October 15, with further updates planned for CVE-2024-21302.

Winsage

October 28, 2024

Windows kernel components can be installed to bypass defense systems

Cybersecurity experts have discovered a method that allows cybercriminals to bypass Windows security features, specifically Driver Signature Enforcement (DSE), enabling the installation of rootkits on fully updated systems. Alon Leviev from SafeBreach reported that the exploit involves downgrading specific Windows kernel components, making Windows 11 devices particularly vulnerable. Despite notifying Microsoft, no fix has been implemented, as the company stated the vulnerability does not breach a “security boundary” since administrator access is required for exploitation. Leviev presented this vulnerability at the Black Hat and DEF CON 2024 conferences, introducing a tool called Windows Downdate that can reactivate previously patched vulnerabilities. He demonstrated downgrading components on Windows 11 to bypass DSE and install rootkits that disable security software. A key part of his attack involved replacing the ci.dll file with an unpatched version, which requires a system restart and disguises the action as a routine update. Leviev also showed methods to disable Virtualization-Based Security (VBS) by modifying settings and files. Microsoft is working on a solution to block outdated system files and prevent downgrade attacks, but the timeline for this fix is uncertain due to the need for thorough testing. Leviev advises organizations to remain vigilant against downgrade attacks until a resolution is available.

Winsage

October 26, 2024

New Windows Driver Signature bypass allows kernel rootkit installs

SafeBreach security researcher Alon Leviev has identified a vulnerability in the Windows operating system that allows attackers to downgrade kernel components, bypassing security measures like Driver Signature Enforcement (DSE). This vulnerability enables the installation of rootkits on fully patched systems. Leviev demonstrated that attackers can manipulate the Windows Update process to introduce outdated components without altering the system's patched status. He introduced a tool called Windows Downdate, which allows the creation of custom downgrades, exposing updated systems to previously patched vulnerabilities. Leviev's method, named "ItsNotASecurityBoundary," exploits a flaw in the DSE, allowing unsigned kernel drivers to be loaded and facilitating the deployment of rootkit malware. Despite Microsoft addressing the privilege escalation aspect of this vulnerability, it does not protect against downgrade attacks. Leviev's research shows that attackers can replace the 'ci.dll' file responsible for enforcing DSE with an unpatched version during the Windows Update process, thereby circumventing protections. He also discussed methods to disable Microsoft's Virtualization-based Security (VBS), which is designed to protect critical resources, by modifying registry keys. Leviev emphasizes the need for endpoint security tools to monitor downgrade procedures to mitigate these risks.