confidentiality Archives

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Winsage

May 14, 2025

Microsoft Confirms Windows Upgrade Choice—You Must Now Decide

Microsoft has released a mandatory update for Windows 11, identified as “KB5058411,” which includes essential security fixes and introduces a new feature called Recall. Recall uses artificial intelligence to capture snapshots of the user's screen at regular intervals, creating a photographic memory of digital interactions. Users will be prompted to enable Recall during the installation of the May 2025 Windows 11 24H2 update, and opting in for the first time simplifies future re-enabling. However, enabling Recall raises privacy concerns, as it records activities and communications from secure messaging platforms like WhatsApp and Signal, potentially exposing sensitive information. A user reported that someone was able to access his entire PC history, including deleted messages, highlighting the vulnerabilities associated with the feature. Users are advised to carefully consider the implications of opting into Recall.

Winsage

May 14, 2025

Microsoft Scripting Engine 0-Day Vulnerability Enables Remote Code Execution Over Network

Microsoft has identified a memory corruption vulnerability in its Scripting Engine, designated as CVE-2025-30397. This vulnerability allows unauthorized remote code execution and is classified as “Important” under CWE-843 (Type Confusion). It was disclosed in the May 2025 Patch Tuesday updates and arises from improper handling of resource types. Exploitation occurs when a user clicks a specially crafted URL in Microsoft Edge's Internet Explorer Mode, potentially compromising system confidentiality, integrity, and availability. Although the attack complexity is high, successful exploitation has been confirmed in the wild. Microsoft has issued patches for all supported Windows versions, and users are advised to apply these updates and consider disabling Internet Explorer Mode to reduce risk.

AppWizard

May 7, 2025

Another messaging app used by the White House is in hot water

Former National Security Adviser Mike Waltz has come under scrutiny for using TeleMessage, an app that has recently experienced a security breach resulting in the theft of sensitive data, including direct messages and group chats. High-ranking officials from the Trump administration, including Waltz, Vice President J.D. Vance, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard, were reported to have used the app. A photograph captured Waltz during a Cabinet meeting appearing to use TeleMessage to access Signal messages, raising concerns due to his previous controversy involving a chat room on Signal that included a journalist. The security vulnerabilities of TeleMessage have been criticized, particularly as it lacks the robust encryption features of Signal. The app was initially marketed as a solution for preserving messages for government record-keeping, but its reliability has been questioned.

AppWizard

May 6, 2025

TeleMessage suspends services after hackers claim breach

TeleMessage has temporarily suspended all services due to a reported security breach, with the parent company Smarsh investigating the incident. Customs and Border Protection (CBP) has discontinued using the app as a precaution. A hacker claimed to have accessed a centralized TeleMessage server and downloaded data, including a screenshot of the contact list for employees at Coinbase, which confirmed the authenticity of the screenshot but stated that customer data remained secure. Multiple U.S. government agencies have contracts with TeleMessage or related entities. Another hacker also claimed to have breached TeleMessage, providing evidence of their claims. The investigation into the breach is ongoing, and it is unclear if sensitive communications from U.S. officials were compromised.

AppWizard

May 5, 2025

How Signal Messenger has thrived after Mike Waltz’s inadvertent publicity boost

Signal has experienced a significant increase in its user base due to recent publicity stemming from a White House scandal related to a Houthi attack plan. The app's popularity has surged as individuals and organizations seek secure communication features, particularly its end-to-end encryption. This rise in interest aligns with a broader trend toward privacy-centric applications amid concerns about data security. In contrast, the U.S. National Security Adviser has faced severe consequences for misusing the platform, highlighting the tension between security and accountability in digital communications.

AppWizard

April 9, 2025

Google launches Gemini in Android Studio for Businesses, making it easier for devs to design work apps

Apple is the leading smartphone manufacturer in the U.S., while 60% of corporate-owned devices are powered by Android, according to a survey by Stratix. Google announced Gemini in Android Studio for businesses at the Google Cloud Next 2025 conference, a subscription-based service aimed at enhancing the Android ecosystem for enterprise app developers. Gemini focuses on secure, privacy-oriented AI solutions, with a strict data governance policy ensuring confidentiality and ownership of company code. It includes enterprise-grade management features and extends Google's generative AI indemnification policy to protect against copyright infringement claims related to AI-generated code. The enterprise edition allows customization using internal repositories, improving code acceptance rates by 70%. Gemini is compliant with various industry certifications, including SOC 1, 2, and 3, and ISO/IEC 27001, among others. A free version of Gemini remains available for independent developers, while organizations can acquire a Code Assist Enterprise license through the Google Cloud Console.

Winsage

March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.

AppWizard

March 26, 2025

US spies issued warning WEEKS AGO about Signal messaging app security fears and potential leaks

The National Security Agency (NSA) issued a warning on February 25 regarding vulnerabilities in the Signal app that could be exploited by foreign operatives, particularly Russian intelligence. This warning highlighted risks to the confidentiality of conversations and noted that individuals under surveillance should be cautious when using the app. The memo stated that while Department of Defense and NSA employees may use Signal, they are prohibited from discussing sensitive matters on it. Furthermore, the NSA cautioned against sharing compromising information over social media or internet-based applications, urging discretion in online interactions. The warning preceded a scandal involving Trump administration officials who leaked sensitive military information through the app, which included a U.S. journalist in the conversation, leading to potential legal repercussions for violating security guidelines.

AppWizard

March 12, 2025

Playdead founder dispute goes legal

Dino Patti and Arnt Jensen, founders of Playdead, are in a public dispute over intellectual property issues stemming from a LinkedIn post by Patti in 2024, where he shared an image originally owned by Jensen. Jensen is demanding DKK 500,000 (approximately ,600) as compensation. Jensen's legal team claims Patti's use of Playdead's assets and disclosure of confidential information breaches confidentiality agreements. Patti has accused Jensen of bullying him, prompting him to make the situation public. Playdead has stated they have formally addressed concerns regarding Patti's alleged infringement and unauthorized use of their trademarks and copyrighted materials. Patti left Playdead in 2016 following internal discord.