cyber attacks Archives

Winsage

April 29, 2025

New Windows 7 And Windows Server 2008 Security Updates Confirmed

Microsoft has introduced a no-reboot patching feature for Windows 11 and announced hotpatching costs for Windows Server 2025. Windows 7 and Windows Server 2008 R2 have reached their end-of-support status and lack official security patches. However, users of these legacy systems can utilize a micro patching service called 0patch, which delivers micro patches to address specific vulnerabilities without requiring system reboots. On April 29, 2023, Mitja Kolsek, CEO of ACROS Security, announced that support for Windows 7 and Windows Server 2008 R2 would be extended until January 2027 due to high demand. These micro patches are currently the only available security updates for these legacy versions.

BetaBeacon

April 3, 2025

Playing Android games in cars? Your vehicle might get hacked

Google's decision to introduce gaming capabilities in cars through Android Auto has faced criticism from experts who fear it may lead to distractions on the road and make vehicles vulnerable to cyber attacks. Akash Mahajan, CEO of Kloudle, highlighted the increased security risks associated with adding gaming features to cars.

AppWizard

March 31, 2025

Avoid Downloading Apps From Untrusted Sources, Google Warns Android Users

Google warns Android users about the risks of downloading apps from sources outside the Google Play Store, noting that such apps are 50 times more likely to contain malware. In 2023, Google removed around 2.3 million suspicious apps from the Play Store and banned over 300 apps that circumvented Android's security measures, which had over 60 million downloads and were involved in deceptive advertising and phishing schemes. Google is enhancing its Play Protect Live Threat Detection system to combat fake and dangerous apps. Recommendations for protecting phones include downloading apps only from the Google Play Store, checking reviews and ratings, installing security updates, and avoiding unknown links.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

AppWizard

March 26, 2025

Google bolsters Android security for app developers and users

Google has announced a suite of improvements to enhance security within the Android ecosystem and the Google Play Store. Key advancements include: - Enhanced tools to protect businesses from scams and fraud. - Pre-review checks to identify policy and compatibility issues early in app development. - Transparent information on Google Play to build consumer trust. - Strengthened threat-detection capabilities using AI to combat malicious activities. Developers will receive earlier notifications about relevant policies within Android Studio, and the policy experience has been revamped for clearer updates and more time for changes. The Google Play Developer Help Community is expanding to facilitate knowledge sharing among developers. The Play Integrity API is being utilized for over 500 million daily checks to prevent fraud and abuse, with apps using these features seeing an 80% reduction in usage from unverified sources. Improvements for devices running Android 13 include enhanced security signals and automatic updates for developers. New badges for app categories, including a "Verified" badge for VPN apps, are being introduced to validate secure applications. Google is also focusing on creating a safe online experience for children and developing tools like the Credential Manager API for Digital IDs. Last year, investments in security measures prevented 2.36 million policy-violating apps from being published. Google Play Protect is evolving to counter new threats, and the company is collaborating with industry leaders to establish security standards through the App Defense Alliance.

Tech Optimizer

February 21, 2025

Serious PostgreSQL flaw exploited in US Treasury zero-day attack

Security researchers have identified a zero-day vulnerability in PostgreSQL, labeled CVE-2025-1094, which is believed to have contributed to the cyber breach of the US Treasury in December. The breach was initially attributed to the command injection vulnerability CVE-2024-12356 in the BeyondTrust Remote Support platform. Successful exploitation of CVE-2024-12356 required prior exploitation of CVE-2025-1094. Although BeyondTrust issued a patch for CVE-2024-12356 in December 2024, it did not resolve the underlying issue of CVE-2025-1094, leaving it a zero-day vulnerability until reported to PostgreSQL. Chinese hackers reportedly gained remote access to multiple workstations within the US Treasury, potentially compromising unclassified documents. The details of the accessed documents and the number of workstations involved are not disclosed. This incident is part of a broader pattern of cyber attacks linked to Chinese state-sponsored actors.

Tech Optimizer

February 7, 2025

What is Managed Endpoint Protection?

Managed Endpoint Protection involves outsourcing endpoint security for devices like laptops, desktops, and servers to specialized providers. These services offer continuous monitoring, automated responses, and compliance checks, utilizing advanced analytics and real-time threat intelligence. Key features include continuous monitoring, automated threat containment, vulnerability management, forensic analysis, compliance tools, and threat hunting. Managed services address various threats such as ransomware, phishing, zero-day exploits, credential theft, insider threats, DDoS attacks, and data exfiltration. Benefits include 24/7 expert coverage, access to specialized threat intelligence, faster incident response, reduced operational complexity, predictable pricing, and improved compliance. Challenges include the rapidly evolving threat landscape, skills shortage, budget constraints, and ensuring real-time visibility. Best practices for implementation involve maintaining asset inventories, defining roles, fine-tuning detection thresholds, conducting regular drills, and integrating with broader security measures. When choosing a provider, factors to consider include technical expertise, service level agreements, integration capabilities, pricing, compliance, and ongoing support. SentinelOne offers an autonomous cybersecurity platform that enhances endpoint security through superior visibility, automated responses, and customizable features.

Tech Optimizer

December 10, 2024

The Risks Of Using Outdated Antivirus Software

Antivirus software is essential for protecting devices from cyber threats, but simply installing it is not enough; outdated software can lead to vulnerabilities. Outdated antivirus systems are less effective against new malware and phishing techniques, limiting their functionality and increasing the risk of data breaches. Cybercriminals often target outdated systems, which are easier to exploit due to their diminished ability to recognize threats. Additionally, technical support for older antivirus versions may become unavailable, leaving systems defenseless. To maximize security, it is crucial to keep antivirus software updated and consider additional security measures like firewalls and two-factor authentication.

Winsage

November 30, 2024

Windows Warning As New 0-Click Backdoor Russian Cyber Attack Confirmed

Security researchers have confirmed a cyber attack attributed to the Russian state-sponsored threat group RomCom, exploiting two zero-day vulnerabilities in Mozilla Firefox and Windows operating systems. The vulnerabilities are CVE-2024-9680, a use-after-free memory flaw in Firefox, and CVE-2024-49039, a privilege escalation flaw in Windows. The attack primarily affects users in Europe and North America and allows for the installation of a backdoor on Windows systems without user interaction. RomCom has expanded its focus to include industries such as pharmaceuticals, insurance, and legal sectors in the US and Germany. Mozilla and Microsoft have released patches to address these vulnerabilities, with Mozilla patching Firefox within a day and Microsoft addressing the Windows vulnerability in the latest Patch Tuesday updates. Experts warn that organizations must keep their software updated to mitigate ongoing risks from RomCom attackers.

Winsage

November 24, 2024

This popular Windows utility for ZIP files has a dangerous vulnerability

A significant security vulnerability has been identified in early versions of the file compression software 7-Zip, with a severity score of 7.8 out of 10. The flaw affects all versions prior to 24.07, allowing potential attackers to execute arbitrary code on a victim's machine. The issue was discovered by Trend Micro’s Zero Day Initiative, with researcher Nicholas Zubrisky identifying it in June. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.