confidentiality Archives

Winsage

March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.

AppWizard

March 26, 2025

US spies issued warning WEEKS AGO about Signal messaging app security fears and potential leaks

The National Security Agency (NSA) issued a warning on February 25 regarding vulnerabilities in the Signal app that could be exploited by foreign operatives, particularly Russian intelligence. This warning highlighted risks to the confidentiality of conversations and noted that individuals under surveillance should be cautious when using the app. The memo stated that while Department of Defense and NSA employees may use Signal, they are prohibited from discussing sensitive matters on it. Furthermore, the NSA cautioned against sharing compromising information over social media or internet-based applications, urging discretion in online interactions. The warning preceded a scandal involving Trump administration officials who leaked sensitive military information through the app, which included a U.S. journalist in the conversation, leading to potential legal repercussions for violating security guidelines.

AppWizard

March 12, 2025

Playdead founder dispute goes legal

Dino Patti and Arnt Jensen, founders of Playdead, are in a public dispute over intellectual property issues stemming from a LinkedIn post by Patti in 2024, where he shared an image originally owned by Jensen. Jensen is demanding DKK 500,000 (approximately ,600) as compensation. Jensen's legal team claims Patti's use of Playdead's assets and disclosure of confidential information breaches confidentiality agreements. Patti has accused Jensen of bullying him, prompting him to make the situation public. Playdead has stated they have formally addressed concerns regarding Patti's alleged infringement and unauthorized use of their trademarks and copyrighted materials. Patti left Playdead in 2016 following internal discord.

AppWizard

March 5, 2025

There’s a new way to play PlayStation and PC games early

Sony has launched the PlayStation Beta Program, allowing PlayStation and PC gamers to express interest in participating in beta tests for new or unreleased titles and features. Registration is open and free for users with a valid PlayStation Network Account in the 73 countries where the network operates. Participation is by invitation only, and participants must sign a Non-Disclosure Agreement (NDA) to maintain confidentiality. Earlier this year, there was high demand for access codes to the Elden Ring: Nightreign network test, with some codes selling for hundreds of pounds. Additionally, Sony offered five extra days of PSN membership to users affected by a 24-hour outage of the PlayStation Network.

Winsage

March 5, 2025

Microsoft’s Windows Recall should’ve been everything Opera’s Browser Operator promises to be on paper — an AI agent with a “pause button” to preserve user privacy

Generative AI is changing digital interactions, particularly with AI-driven chatbots like Microsoft Copilot and OpenAI's ChatGPT, which may challenge Google's search dominance. Opera has launched Browser Operator, an AI agent that automates routine browsing tasks and operates natively within the browser, protecting user credentials. It understands natural language instructions and pauses for user input during sensitive actions. Opera emphasizes that Browser Operator does not send any user information to its servers and uses a textual representation of web pages for context. The tool can handle cookie prompts and verification dialogs without hindering functionality. Currently in preview mode, Browser Operator will be rolled out widely and can be accessed from Opera's sidebar or Command Line.

Tech Optimizer

March 4, 2025

CCI Dismisses antitrust complaint against Microsoft over bundled antivirus software

The Competition Commission of India (CCI) dismissed an antitrust complaint against Microsoft regarding the bundling of Microsoft Defender antivirus with Windows operating systems, citing a lack of prima facie evidence of anti-competitive behavior. The complaint claimed that Microsoft's practices marginalized third-party antivirus providers and created barriers to entry for competing software developers. Microsoft defended its actions by stating that Defender is a built-in feature for user security and that users can install alternative antivirus solutions. The CCI concluded that Microsoft’s integration of Defender does not impose unfair conditions on users or hinder competition, as alternative antivirus software remains available and competitors continue to thrive. The commission found no violation of Section 4 of the Competition Act and closed the case, granting confidentiality to the informant and certain documents for three years.

Winsage

March 3, 2025

Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges

Threat actors are exploiting CVE-2025-21333, a critical heap-based buffer overflow vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP), which allows local attackers to escalate privileges to the SYSTEM level. The vulnerability has a CVSS score of 7.8 and is actively exploited. It resides in the vkrnlintvsp.sys driver, which facilitates communication between the host OS and container-like virtual machines. A Proof of Concept (PoC) demonstrates exploitation through I/O ring buffer manipulation, allowing arbitrary read/write in kernel memory and SYSTEM-level privilege escalation. The PoC was developed by a group of researchers including @yarden_shafir and others. Affected systems include Windows 11 Version 23H2 and potentially Version 24H2, with specific binary hashes provided. Limitations of the PoC include the need for Windows Sandbox and potential system crashes due to overflow. Mitigation strategies involve updating systems, enabling protections like Hyper-V isolation, and monitoring for exploitation signs. Microsoft addressed this vulnerability in January 2025 Patch Tuesday updates, urging users to apply patches promptly.

AppWizard

February 27, 2025

The Underground’s Favorite Messenger: Telegram’s Reign Continues

Telegram is popular for its focus on privacy and security, featuring end-to-end encryption for secret chats and allowing users to create large groups with up to 200,000 members. It offers channel functionality for broadcasting messages to unlimited subscribers. The platform has faced criticism for insufficient content moderation, leading to the spread of extremist content and illegal activities. Telegram regularly updates its features, including customizable themes and advanced bot integrations, to enhance user experience and maintain competitiveness in the messaging market.

AppWizard

February 19, 2025

‘Just couldn’t dodge that big boot I guess, no matter how big the success of the gig’: Marvel Rivals developers in the US say NetEase just laid off their whole team

NetEase has confirmed layoffs affecting the development team behind Marvel Rivals, specifically reducing the design team based in Seattle for organizational reasons. The company emphasized its commitment to treating impacted employees with confidentiality and respect. Despite the layoffs, NetEase stated that the core development team in China remains dedicated to enhancing the game, which has over 200,000 active players on Steam and reportedly generated an estimated million in its first month. Currently, there are no Seattle-based developers working on Marvel Rivals. The layoffs have raised questions given the game's financial success, and industry observers speculate this may be part of a broader strategy to streamline the development team. NetEase has also been scaling back its U.S. operations recently.

AppWizard

February 19, 2025

NetEase makes cuts to US Marvel Rivals team

NetEase has initiated layoffs within its Seattle-based Marvel Rivals team, as confirmed by the company in a statement. The decision was made to adjust the development team structure for organizational reasons and to optimize development efficiency. The layoffs specifically affected the design team, while the Chinese development team remains unchanged. NetEase expressed gratitude for the contributions of those impacted and reaffirmed its commitment to delivering new content for the game.