We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

cryptographic

Amazon RDS Proxy announces TLS 1.3 support for PostgreSQL on Aurora and RDS
Tech Optimizer
April 2, 2025

Amazon RDS Proxy announces TLS 1.3 support for PostgreSQL on Aurora and RDS

Amazon RDS Proxy now supports TLS 1.3 for connections to Amazon Aurora PostgreSQL and RDS for PostgreSQL database instances, enhancing security with stronger cryptographic algorithms and a streamlined handshake process. The Proxy automatically negotiates the highest security level during connection setup and can be configured to enforce TLS 1.3 exclusively. TLS 1.3 support is also available for RDS Proxy for MySQL engines. RDS Proxy is a fully managed database proxy that improves performance, reliability, scalability, and security for RDS and Amazon Aurora databases.
March Patch Tuesday fixes 6 Windows zero-day exploits
Winsage
March 12, 2025

March Patch Tuesday fixes 6 Windows zero-day exploits

A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.
TSforge - A New Tool Exploits Every Version of Windows Activation
Winsage
February 25, 2025

TSforge – A New Tool Exploits Every Version of Windows Activation

Security researchers from MASSGRAVE have developed TSforge, a tool that exploits vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate all Windows versions from Windows 7 onward, as well as various Office suites. This marks the first successful attack on SPP’s cryptographic defenses since its introduction in Windows Vista. The exploit involves manipulating encrypted “trusted stores” used by SPP to validate software activation. Researchers reverse-engineered SPP’s private key infrastructure, using leaked Windows 8 beta builds, to forge activation data and deceive SPP into accepting permanent licenses. The process includes extracting SPP’s RSA private key, simulating ExecCodes to derive the private exponent, and decrypting the AES key that protects activation data. TSforge can inject zeroed hardware ID hashes, precomputed product key blobs, and timestamped license metadata with validity windows of over 4000 years. The tool is compatible with different Windows versions, affecting both Windows 7 and Windows 10. Microsoft has not commented on the exploit, but enterprise clients using KMS should check their activation logs for spoofed status codes. Although TSforge is not publicly available, it reveals significant vulnerabilities in SPP’s security model, which may impact enterprise licensing strategies as the end-of-life for Windows 10 approaches in 2025.
Search