credential Archives

Winsage

September 16, 2025

Microsoft says Windows September updates break SMBv1 shares

Microsoft has acknowledged that the September 2025 Windows security updates are causing connection difficulties with Server Message Block (SMB) v1 shares across various platforms, including Windows 11 versions 24H2, 23H2, and 22H2, and Windows 10 versions 22H2 and 21H2, as well as Windows Server 2025 and Windows Server 2022. The issue occurs when connecting to SMBv1 shares via the NetBIOS over TCP/IP (NetBT) protocol after installing the September 2025 update or later. Microsoft is working on a resolution and has provided a temporary workaround that involves enabling traffic on TCP port 445. SMBv1 has been largely phased out and officially deprecated since 2014, with Microsoft urging system administrators to eliminate support for it due to security vulnerabilities, especially after the 2017 leak of NSA exploits that targeted SMBv1.

Tech Optimizer

September 12, 2025

Best Antivirus for Windows (September 2025): Avast Awarded Top PC Security Solution by Software Experts

Avast has been recognized as the top antivirus solution for Windows in Software Experts' September 2025 annual review. The evaluation highlighted Avast's effectiveness in addressing cybersecurity threats and its commitment to enhancing digital protection, privacy, and user experience. Avast Premium Security offers real-time threat protection, anti-scam intelligence, email and web safety, and integrates AI-powered tools for enhanced security. Avast Ultimate combines Avast Premium Security with additional tools like SecureLine VPN and AntiTrack, allowing activation on up to 10 devices. Additionally, Avast received recognition from AV-TEST as one of the best Windows antivirus software for home users in evaluations conducted during May and June 2025.

Tech Optimizer

September 12, 2025

New “ModStealer” Malware Targets Crypto Wallets, Evades Antivirus Detection

A new cross-platform malware called "ModStealer" targets cryptocurrency wallets on macOS, Windows, and Linux systems and has evaded detection by major antivirus software for nearly a month. It spreads through deceptive job recruitment ads aimed at developers and seeks out credential files, configuration details, and certificates using an obfuscated JavaScript file. ModStealer establishes persistence on macOS by exploiting Apple's launchctl tool and sends stolen data to a remote server in Finland linked to infrastructure in Germany. It specifically targets 56 different browser wallet extensions, including those on Safari, to extract private keys, and has the capability to capture clipboard data, take screenshots, and execute remote code. Researchers suggest ModStealer exemplifies a "Malware-as-a-Service" operation, highlighting the need for behavior-based defenses rather than relying solely on signature-based protections.

Tech Optimizer

September 12, 2025

Best Cheap Antivirus Software in 2025

TotalAV is identified as the best cheap antivirus in 2025, starting at .00/year, offering exceptional malware blocking capabilities, real-time protection, and a free plan. Surfshark Antivirus combines antivirus and VPN services, starting at .49/month, with a free 7-day trial. Bitdefender offers comprehensive protection starting at .99/year, with a free version available. Norton provides a feature-rich antivirus starting at .99/year, with a free 14-day trial. McAfee is a reliable antivirus starting at .99/year, with a free plan for Android and iOS users. All five antivirus solutions have consistently blocked 100% of zero-day threats in independent tests.

Winsage

September 11, 2025

Microsoft gives Windows 10 its penultimate update – but saves the best for Windows 11

September's Patch Tuesday has provided essential updates for Windows 10 and Windows 11 users, with a focus on security vulnerabilities. The updates include a cumulative update for Windows 10 identified as KB5065429 and KB5065426 for Windows 11. A total of 81 flaws have been resolved, including two zero-day vulnerabilities: CVE-2025-55234, which affects the Windows Server Message Block (SMB) protocol, and CVE-2024-21907, which impacts a specific open-source .NET library. This update is significant as it is the penultimate Patch Tuesday for Windows 10, with the final major update scheduled for October 14, when official support will cease. Users wishing to continue receiving security patches after October must upgrade to Windows 11 or enroll in Microsoft's Extended Security Updates (ESU) program. Windows 11 updates also include new features, while Windows 10 updates are limited to essential fixes. Organizations are encouraged to upgrade to Windows 11 for enhanced security, and individual users should prioritize this transition as well.

Tech Optimizer

September 5, 2025

TAG-150 Hackers Deploy Custom Malware Families to Target Organizations

A new cyber threat actor, TAG-150, has emerged since March 2025, utilizing a sophisticated multi-tiered infrastructure and custom malware, including CastleLoader, CastleBot, and CastleRAT. TAG-150's infrastructure consists of four tiers, including command-and-control servers and intermediary layers to obscure operations. The CastleRAT trojan, available in Python and C variants, features advanced capabilities such as stealth evasion, system information collection, and remote surveillance functions. TAG-150 employs phishing techniques and fraudulent domains to compromise victims, achieving a 28.7% infection rate among those who interact with their schemes. The group utilizes privacy-focused services and frequently relocates its infrastructure to evade detection. Experts recommend proactive measures to counteract TAG-150's activities, including blocking identified infrastructure and monitoring for data exfiltration. Indicators of compromise include specific IP addresses associated with CastleLoader.

Winsage

August 28, 2025

Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware

Cybercriminals are increasingly targeting Microsoft Teams to deploy malware and gain control over victim systems, shifting from traditional email phishing attacks. They impersonate IT support staff in Teams chats to deceive employees into granting remote access. Attackers use newly created or compromised accounts with names like “IT SUPPORT

” to appear legitimate. They establish trust and persuade employees to install remote access software, allowing direct access to corporate networks. Recent incidents involve malware loaders like DarkGate and Matanbuchus, with attackers executing PowerShell commands to download malicious payloads designed for credential theft and remote code execution. The malware can designate its process as “critical” to evade detection and trick users into entering passwords through a legitimate-looking prompt. Analysis links these campaigns to the financially motivated threat actor known as Water Gamayun. Employees must be trained to verify unsolicited requests for credentials or software installations through separate communication channels.

AppWizard

August 28, 2025

The Browser Wasn’t Enough, Google Wants To Control All Your Software

Google announced plans to regulate "sideloaded" Android applications, which are installed from sources outside the official Android repository. This initiative includes a verification system for developers, allowing only applications from verified developers to be sideloaded, aimed at preventing malicious software. Google likened this process to airport security checks, focusing on confirming developer identities rather than inspecting application content. The OSS Rebuild program, introduced earlier, aims to verify authors of open-source libraries and ensure installed versions match published source code. Critics express concern that Google's control over developer verification could lead to exclusion of certain packages, impacting competition and developer recourse. Google has indicated plans to allow students and hobbyists to install self-developed applications, with the rollout of verified sideloading expected by 2027 in most regions.

AppWizard

August 26, 2025

77 Malicious Android Apps With 19M Installs Targeted 831 Banks Worldwide

Zscaler’s ThreatLabz team identified 77 malicious applications on the Google Play Store with over 19 million installations, which target financial institutions and compromise user data. A new variant of the Anatsa banking trojan, also known as TeaBot, now targets over 831 banks globally, up from 650, and has expanded its reach to countries like Germany and South Korea. Many of these apps disguise themselves as document readers, with some exceeding 50,000 downloads. The malware downloads the Anatsa payload after installation and uses Android’s Accessibility Services to automate malicious activities, including stealing financial information and facilitating fraudulent transactions. The malware employs techniques to evade detection, such as obfuscating its code and using corrupted ZIP archives. The most prevalent Android malware identified was Joker, found in nearly 25% of the analyzed applications, known for stealing contacts and device data. A smaller subset of apps contained “maskware,” which engages in credential theft and personal data collection.

Winsage

August 23, 2025

Microsoft puts the squeeze on onmicrosoft.com freeloaders

Microsoft is advising organizations using the onmicrosoft.com domain for email to transition to a custom domain to avoid email throttling. Starting October 15, email delivery will be limited to 100 external recipients per organization within a 24-hour period, with the rollout extending to larger organizations by June 2026. This policy is in response to spammers exploiting the onmicrosoft.com domain, which affects its reputation. Organizations using a Microsoft Online Email Routing Address (MOERA) domain must migrate to a custom domain, update their primary SMTP addresses, and ensure non-test emails use the new domain. This migration may complicate administrative tasks, especially for those managing outdated products.