cloud security Archives

Winsage

December 18, 2025

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A newly identified cyber threat cluster called LongNosedGoblin has been linked to cyber espionage attacks targeting governmental entities in Southeast Asia and Japan, with activities traced back to at least September 2023. The group uses Group Policy to spread malware and employs cloud services like Microsoft OneDrive and Google Drive for command and control. Key tools include NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, which perform functions such as collecting browser history, executing commands, and logging keystrokes. ESET first detected LongNosedGoblin's activities in February 2024, identifying malware on a governmental system. The attacks showed a targeted approach, with specific tools affecting select victims. Additionally, a variant of NosyDoor was found targeting an organization in an EU country, indicating a possible connection to other China-aligned threat groups.

AppWizard

November 8, 2025

‘Dangerous’ mobile apps on Google Play hit 42 million Android users, India top target: Report – The Times of India

A report from Zscaler reveals a significant increase in mobile security threats, with hundreds of malicious applications on the Google Play Store totaling over 42 million installs. Mobile malware has risen by 67% year-over-year, primarily due to spyware and banking malware. India is the most affected country, accounting for 26% of all mobile attacks, representing a 38% increase from the previous year. The United States leads in IoT attacks, responsible for 54% of such incidents. The energy sector has experienced a 387% increase in attacks, while manufacturing and transportation account for over 40% of total IoT malware incidents. Hackers are shifting focus from card fraud to exploiting mobile payment systems.

AppWizard

November 4, 2025

Malicious Android apps on Google Play downloaded 42 million times

The Android ecosystem has seen a significant rise in malicious applications, with over 40 million harmful apps downloaded from Google Play between June 2024 and May 2025. There has been a 67% year-over-year increase in malware targeting mobile devices, particularly spyware and banking trojans. Cybercriminals are shifting tactics from card fraud to mobile payment exploitation, employing phishing, smishing, SIM-swapping, and payment scams. Banking malware transactions reached 4.89 million in 2025, with a slowed growth rate of 3%. Malicious applications increased from 200 to 239, totaling 42 million downloads, with adware now accounting for 69% of all detections. Spyware has surged by 220% year-over-year, with India, the U.S., and Canada being the most affected countries. Notable malware families include Anatsa, which targets financial institutions, Android Void (Vo1d), which affects Android TV boxes, and Xnotice, which targets job seekers. IoT devices, particularly routers, are also being exploited, with the majority of attacks occurring in the U.S. Zscaler recommends implementing security measures such as regular updates, trusting reputable publishers, and adopting zero-trust technology for organizations.

Winsage

October 30, 2025

What Windows 10 EOS Means for Security

Microsoft will cease support for most versions of Windows 10 on October 14, 2025, while offering temporary Extended Security Updates (ESU) for version 22H2. Approximately 40% to 45% of Windows users globally still rely on Windows 10. The end of support raises cybersecurity concerns as Microsoft will stop issuing updates for vulnerabilities and bugs. Organizations using Windows 10 need to devise migration plans to Windows 11, but the transition can be costly and time-consuming, especially for those dependent on legacy software. Delaying migration poses risks such as regulatory violations, increased IT burdens, escalating ESU costs, and exposure to cyber threats. Organizations should prioritize migrating critical systems, review application support, and evaluate ongoing costs for legacy systems. Bitdefender offers security solutions for Windows 10 environments, including risk management, application control, cloud security, and monitoring services.

AppWizard

August 24, 2025

Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

A study by Arizona State University and Citizen Lab found that three families of Android VPN apps, with over 700 million downloads, have significant security vulnerabilities. Apple has released a fix for a zero-day vulnerability (CVE-2025-43300) that was being exploited in targeted attacks. Researchers from the University of Melbourne and Imperial College London developed a method using lightweight large language models to improve incident response planning. The FBI and Cisco warned about a Russian threat group exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool that could mislead users about the security of their data. AI is now being used in security operations centers to reduce alert noise and assist analysts. U.S. federal prosecutors charged an individual linked to the Rapper Bot DDoS botnet. Nikoloz Kokhreidze discussed the strategic choice between hiring a fractional or full-time Chief Information Security Officer for B2B companies. Commvault patched four vulnerabilities that risked remote code execution. Jacob Ideskog highlighted security risks posed by AI agents. VX Underground released an exploit for two SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999). Healthcare organizations are preparing for new password security risks in 2025 that may threaten HIPAA compliance. Researchers identified a spear-phishing campaign using the Noodlophile infostealer. Financial institutions are increasingly using open-source intelligence tools to combat money laundering. Greg Bak discussed security risks for DevOps teams in the cloud. NIST released guidelines for detecting morph attacks. Organizations face six challenges in implementing machine learning and AI security. Recep Ozdag discussed vulnerabilities in airport and airline systems. Google introduced new AI and cloud security capabilities at the Cloud Security Summit 2025. Cybersecurity myths continue to complicate the security landscape. LudusHound is an open-source tool that replicates an Active Directory environment for testing. Buttercup is an AI-powered platform for automated vulnerability management in open-source software. The book "Data Engineering for Cybersecurity" addresses challenges in managing logs and telemetry data. A selection of current cybersecurity job openings has been compiled. A forthcoming webinar will discuss AI and SaaS security risks. The iStorage datAshur PRO+C is a USB-C flash drive with AES-XTS 256-bit hardware encryption. New infosec products were released by companies such as Doppel, Druva, LastPass, and StackHawk.

Tech Optimizer

August 15, 2025

Wiz Achieves Near-Zero Downtime for Amazon Aurora PostgreSQL Major Version Upgrades with Aurora Blue/Green Deployments

Wiz has transitioned its Amazon Aurora PostgreSQL database from version 14 to version 16 with near-zero downtime using Aurora Blue/Green Deployments. The upgrade process is facilitated by the DB Upgrade Pilot, which features an automated eight-step flow, including automated validation steps, enhanced synchronization monitoring, and end-to-end orchestration. This has reduced the downtime for database upgrades from one hour to 30 seconds.

Tech Optimizer

August 12, 2025

How Wiz achieved near-zero downtime for Amazon Aurora PostgreSQL major version upgrades at scale using Aurora Blue/Green Deployments

Wiz upgraded its Aurora PostgreSQL database from version 14 to 16, achieving a significant reduction in downtime from approximately one hour to just 30 seconds. The upgrade was facilitated by an automated process called DB Upgrade Pilot, which utilized Amazon Aurora's Blue/Green Deployments. This process involved several steps: taking a cluster snapshot, provisioning a synchronized replica of the production database, executing a VACUUM ANALYZE for performance optimization, monitoring replication lag, and performing a switchover to the new environment. The upgrade included performance enhancements such as improved parallel query execution and faster aggregations, along with enhanced security features. The solution also incorporated safety measures like automatic rollback capability and robust validation steps to ensure a stable upgrade process.

Winsage

May 12, 2025

Warning — Microsoft Windows Defender Can Be Disabled By Hackers

A critical cloud security vulnerability rated 10/10 has been reported for Microsoft users, along with persistent denial of service attacks affecting Windows and warnings about password theft. A new tool called Defendnot has been released, which can disable Windows Defender, Microsoft's antivirus protection. Developed by a security researcher known as es3n1n, Defendnot simplifies the process of bypassing Windows Defender by tricking it into disabling itself. It uses undocumented application programming interfaces (APIs) to convince Windows Defender that another antivirus solution is present, without relying on third-party antivirus code. The availability of Defendnot poses a significant risk, potentially aiding malicious actors.

Winsage

May 1, 2025

Secure your organization against changing conditions with a special offer from Windows 365

82% of business leaders view 2023 as critical for reevaluating strategic and operational frameworks. Windows 10 support will end in October 2025, prompting organizations to consider strategies for transitioning to Windows 11 or Windows 365. Microsoft is offering a 20% discount on all Windows 365 plans for new customers from May 1, 2025, to October 31, 2025. Windows 365 provides a secure Windows 11 experience via a Cloud PC and is designed with Zero Trust principles for enhanced security. Transitioning to Windows 365 can lower carbon footprints and align with sustainability goals. Crocs reported annual cost savings of 0,000 after switching to Windows 365. Dnata Travel Group chose Windows 365 for secure access for their mobile workforce. Hamburg Commercial Bank plans to expand its use of Windows 365 for sustainability improvements. The promotional offer is available for new customers and has specific terms and conditions, including a deadline for processing transactions.

AppWizard

April 9, 2025

Google launches Gemini in Android Studio for Businesses, making it easier for devs to design work apps

Apple is the leading smartphone manufacturer in the U.S., while 60% of corporate-owned devices are powered by Android, according to a survey by Stratix. Google announced Gemini in Android Studio for businesses at the Google Cloud Next 2025 conference, a subscription-based service aimed at enhancing the Android ecosystem for enterprise app developers. Gemini focuses on secure, privacy-oriented AI solutions, with a strict data governance policy ensuring confidentiality and ownership of company code. It includes enterprise-grade management features and extends Google's generative AI indemnification policy to protect against copyright infringement claims related to AI-generated code. The enterprise edition allows customization using internal repositories, improving code acceptance rates by 70%. Gemini is compliant with various industry certifications, including SOC 1, 2, and 3, and ISO/IEC 27001, among others. A free version of Gemini remains available for independent developers, while organizations can acquire a Code Assist Enterprise license through the Google Cloud Console.