cloud security Archives

Winsage

May 12, 2025

Warning — Microsoft Windows Defender Can Be Disabled By Hackers

A critical cloud security vulnerability rated 10/10 has been reported for Microsoft users, along with persistent denial of service attacks affecting Windows and warnings about password theft. A new tool called Defendnot has been released, which can disable Windows Defender, Microsoft's antivirus protection. Developed by a security researcher known as es3n1n, Defendnot simplifies the process of bypassing Windows Defender by tricking it into disabling itself. It uses undocumented application programming interfaces (APIs) to convince Windows Defender that another antivirus solution is present, without relying on third-party antivirus code. The availability of Defendnot poses a significant risk, potentially aiding malicious actors.

Winsage

May 1, 2025

Secure your organization against changing conditions with a special offer from Windows 365

82% of business leaders view 2023 as critical for reevaluating strategic and operational frameworks. Windows 10 support will end in October 2025, prompting organizations to consider strategies for transitioning to Windows 11 or Windows 365. Microsoft is offering a 20% discount on all Windows 365 plans for new customers from May 1, 2025, to October 31, 2025. Windows 365 provides a secure Windows 11 experience via a Cloud PC and is designed with Zero Trust principles for enhanced security. Transitioning to Windows 365 can lower carbon footprints and align with sustainability goals. Crocs reported annual cost savings of 0,000 after switching to Windows 365. Dnata Travel Group chose Windows 365 for secure access for their mobile workforce. Hamburg Commercial Bank plans to expand its use of Windows 365 for sustainability improvements. The promotional offer is available for new customers and has specific terms and conditions, including a deadline for processing transactions.

AppWizard

April 9, 2025

Google launches Gemini in Android Studio for Businesses, making it easier for devs to design work apps

Apple is the leading smartphone manufacturer in the U.S., while 60% of corporate-owned devices are powered by Android, according to a survey by Stratix. Google announced Gemini in Android Studio for businesses at the Google Cloud Next 2025 conference, a subscription-based service aimed at enhancing the Android ecosystem for enterprise app developers. Gemini focuses on secure, privacy-oriented AI solutions, with a strict data governance policy ensuring confidentiality and ownership of company code. It includes enterprise-grade management features and extends Google's generative AI indemnification policy to protect against copyright infringement claims related to AI-generated code. The enterprise edition allows customization using internal repositories, improving code acceptance rates by 70%. Gemini is compliant with various industry certifications, including SOC 1, 2, and 3, and ISO/IEC 27001, among others. A free version of Gemini remains available for independent developers, while organizations can acquire a Code Assist Enterprise license through the Google Cloud Console.

AppWizard

April 9, 2025

Google releases enterprise-grade Gemini tier in Android Studio

Google has introduced a new version of Gemini for Android Studio, specifically designed for businesses. This version ensures that company code is not saved by Google and is not used for AI model training. It includes IP protection against claims related to AI-generated code. The offering, available through Gemini Code Assist Standard or Enterprise subscriptions, enhances existing features with security and IP protections, including tools like build and sync error support and App Quality Insights. Google emphasizes its commitment to security with certifications such as SOC 1/2/3 and ISO/IEC 27001. Additionally, businesses benefit from IP indemnification against copyright infringement claims related to AI-generated code. The enterprise-grade version can be accessed via the Android Studio Narwhal build on the Canary release channel with an eligible Gemini Code Assist license.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

BetaBeacon

April 3, 2025

Playing Android games in cars? Your vehicle might get hacked

Google's decision to introduce gaming capabilities in cars through Android Auto has faced criticism from experts who fear it may lead to distractions on the road and make vehicles vulnerable to cyber attacks. Akash Mahajan, CEO of Kloudle, highlighted the increased security risks associated with adding gaming features to cars.

AppWizard

March 12, 2025

Spyware in bogus Android apps is attributed to North Korean group

Researchers from Lookout have identified a malware strain named KoSpy, linked to North Korean state-sponsored hackers, specifically the advanced persistent threat group ScarCruft (APT37). KoSpy targets Android devices to surveil Korean and English-speaking users and has been found on the Google Play Store and third-party app stores, disguised as utility applications. The malware can harvest sensitive information, including call logs, text messages, files, audio recordings, screenshots, and user location data. Google has removed all infected applications from its platform, confirming that the latest version was taken down before installations occurred. KoSpy first emerged in March 2022, with new samples appearing as recently as last year. The applications associated with KoSpy often have Korean titles and support both English and Korean languages. KoSpy shares infrastructure with another North Korean hacking group, Kimsuky (APT43), which has conducted spearphishing attacks. ScarCruft has targeted South Korean users and expanded its reach to countries including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and several Middle Eastern nations. In January, ScarCruft was linked to an espionage campaign against media organizations and academics, and in October, it was connected to a malware operation in Southeast Asia.

Tech Optimizer

February 18, 2025

Microsoft Defender vs. McAfee: Features, Pricing, Pros & Cons

eSecurity Planet maintains editorial independence and may earn revenue from partner links. Microsoft Defender, a free built-in antivirus for Windows, offers minimal configuration and supports Windows 10 and 11, while McAfee, which holds a 12.47% share of the global antivirus market, provides extensive privacy monitoring and data protection across multiple platforms (Windows, Mac, Android, iOS) with various pricing plans ranging from .99 to 9.99. Microsoft Defender supports a single device and includes features like real-time threat protection, parental controls, and a firewall, but lacks advanced features like VPN and identity theft monitoring. McAfee offers a wider range of features, including a VPN, identity theft monitoring, and data cleanup, making it a more comprehensive solution despite its higher cost. Microsoft Defender has an overall rating of 3.8/5, while McAfee rates 4.4/5, excelling in customer support with multiple channels, including live chat and phone support. Microsoft Defender is suitable for users on a budget, while McAfee is better for those needing robust privacy and identity protection. Alternatives to consider include Norton, Bitdefender, and Malwarebytes.

Tech Optimizer

November 1, 2024

EDB Announces Commitment to Achieving FedRAMP Authorization

EnterpriseDB (EDB) is pursuing Federal Risk and Authorization Management Program (FedRAMP) Authorization to enhance its secure and compliant solutions for over 1,500 enterprise customers, including government organizations like the Department of Defense (DoD) and the Department of Justice (DOJ). EDB aims to support national security initiatives and facilitate the development of sovereign data and AI solutions. To expedite the FedRAMP authorization process, EDB will use the Game Warden platform from Second Front Systems, which allows applications to inherit pre-approved security controls. This collaboration aims to provide federal agencies with advanced technology while adhering to stringent security standards. EDB Postgres AI is designed to meet enterprise-grade demands for various workloads and will accommodate Controlled Unclassified Information (CUI) and National Security Systems (NSS)-based workloads.

Winsage

October 28, 2024

Tenable reveals vulnerability in Open Policy Agent for Windows

Tenable has identified a vulnerability, tracked as CVE-2024-8260, affecting all versions of Open Policy Agent (OPA) for Windows prior to version 0.68.0. This medium-severity Server Message Block (SMB) force-authentication vulnerability arises from improper input validation, allowing an arbitrary SMB share to be passed instead of a legitimate Rego file. This can lead to unauthorized access and the leakage of a user's Net-NTLMv2 hash, posing a significant security threat. Organizations using older versions of OPA on Windows are advised to update to version 0.68.0 to mitigate this risk.