breach Archives

Tech Optimizer

May 31, 2025

Study offers a national report on antivirus software trends

Nearly half of Mac users have encountered viruses despite having protective software installed, challenging the belief that Apple products are immune to malware. The report highlights that 71% of Android users have antivirus software, but only 49% seek third-party tools. More than half of Americans do not use additional security measures beyond antivirus. Among iOS users, 38% are unaware of third-party antivirus options. While 84% have antivirus on computers, only 68% have it on smartphones and 60% on tablets. Despite widespread adoption, only 16% of antivirus users feel their software is ineffective. The virus encounter rates are 44% for Mac users, 36% for Windows users, and 30% for other platforms.

Tech Optimizer

May 28, 2025

M&S shoppers urged to set up security measure on ‘all accounts’

M&S shoppers are being urged to enhance their online security following a cyber attack that disrupted customer services. The retailer has acknowledged ongoing challenges, stating they cannot process online orders while stores remain open. Sensitive customer information, including phone numbers, email addresses, and order histories, was compromised in the breach. Security expert Luis Corrons from Norton recommends activating two-step verification for online accounts, being cautious about stored personal and payment information, deleting unused accounts, using strong passwords, and keeping devices and software updated to improve security. He emphasizes that cyber threats are increasingly targeting human behavior and that these security measures are essential for digital safety.

Winsage

May 27, 2025

Windows 11 is getting top-level protection against the next generation of quantum cyberattacks

Microsoft has announced new protective measures against potential quantum-powered cyber threats by rolling out post-quantum cryptography (PQC) capabilities for Windows Insiders using Canary Channel Build 27852 and higher, and for Linux users through SymCrypt-OpenSSL version 1.9.0. The newly introduced PQC algorithms, standardized by NIST, will evolve in response to emerging threats, emphasizing the need for "Crypto Agility." The updates enhance OpenSSL’s API surface for Linux developers, allowing experimentation with TLS hybrid key exchange. Experts warn that quantum computing could breach even the most robust encryption systems, highlighting the urgency for software companies to adapt their security measures.

AppWizard

May 27, 2025

What are the most secure messaging apps in 2025? Here’s how to keep your online communications safe

A leaked Signal group chat, referred to as Signalgate, has raised concerns about national security and the use of messaging applications for sensitive information exchange. The incident involved former U.S. National Security Adviser Mike Waltz and Jeffrey Goldberg, the editor-in-chief of Atlantic, who was mistakenly added to the chat meant for national security leaders discussing military operations. This breach has prompted discussions about the security protocols of digital communication tools used by government officials.

Winsage

May 26, 2025

Windows 11 gets quantum-hardened cryptography technology

Microsoft has integrated post-quantum cryptography (PQC) into Windows 11, starting with the Canary build 27852, to protect against quantum computer threats. The upgrade to SymCrypt, Microsoft's cryptographic library, now supports two PQC algorithms: ML-KEM and ML-DSA. This enhancement aims to improve security, performance, and compatibility across platforms. PQC is also being adopted in industry standards such as TLS, SSH, and IPSec. SymCrypt underpins various Microsoft services and operating systems, including Microsoft 365, Azure, and Windows 11. Microsoft is preparing its ecosystem for future quantum attacks, with PQC currently trialed in Windows 11 and expected to reach Linux soon. There are no specific timelines for updates to BitLocker. Recent research demonstrated a D-Wave quantum computer's ability to crack military-grade encryption, highlighting the increasing threat of quantum computing to classical cryptography.

AppWizard

May 24, 2025

Vietnam orders ban on popular messaging app Telegram

Vietnam's Ministry of Science and Technology has accused the messaging app Telegram of not cooperating in addressing criminal activities conducted by its users. The ministry has instructed internet service providers to restrict Telegram's operations in the country, citing that nearly 70 percent of the 9,600 channels on the app disseminate harmful information and engage in illegal activities such as selling user data and drug trafficking. A Telegram representative stated the company has been timely in addressing legal requests from Vietnam and is processing a recent request. Despite the government's actions, Telegram was still accessible in Vietnam as of Friday. In Vietnam, approximately 11.8 million users use Telegram, while the app has nearly one billion users globally.

Winsage

May 22, 2025

Windows Server Flaw a Shortcut to Privilege Escalation

An unpatched vulnerability in Windows Server 2025, identified by Akamai researchers, is associated with a method called "BadSuccessor." This flaw, considered "trivial" to exploit and present in the default configuration, allows for privilege escalation and potential full domain compromise. The vulnerability arises from delegated managed service accounts (dMSA), which were intended to enhance security during the migration of legacy service accounts. However, dMSAs can inherit permissions from legacy accounts, enabling attackers to simulate a migration and gain access to the permissions and encryption keys of those accounts without verification. The attack requires prior permissions within an Active Directory organizational unit, indicating a previous breach. Akamai reported the vulnerability to Microsoft on April 1, but Microsoft classified its severity as "moderate." Akamai recommends organizations restrict the creation of dMSAs to mitigate risks associated with this vulnerability.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 21, 2025

New Windows Server 2025 Attack Compromises Any Active Directory User

A significant security flaw, named BadSuccessor, has been discovered in Windows Server 2025, posing a serious risk to Active Directory users. This privilege escalation vulnerability allows attackers to compromise any user in Active Directory and is alarmingly easy to exploit, requiring only basic permissions on any organizational unit. Currently, no patch is available for this vulnerability. In 91% of environments examined, users outside the domain admins group had the necessary permissions to execute the attack. The exploit leverages the delegated Managed Service Account (dMSA) feature, enabling attackers to take control of any principal within the domain. Microsoft has rated the vulnerability as moderate severity and plans to address it in a future update, noting that elevated user permissions are required for successful exploitation. Organizations are advised to identify and eliminate unnecessary permissions to mitigate potential threats.

Tech Optimizer

May 18, 2025

Do I need antivirus software for Windows 11?

Windows 11 accounts for nearly 44% of global desktop users as of April 2025, making it a prime target for cybercriminals, with 83% of malware in 2020 aimed at Windows systems. Microsoft Defender, which comes pre-installed with Windows 11, offers commendable malware protection, basic ransomware protection, a SmartScreen feature for anti-phishing, and a firewall that monitors network traffic. While it provides a solid foundation for security, additional third-party antivirus software can enhance protection, offering more comprehensive features such as superior parental controls, integrated VPN services, and identity theft protection.