cyber security Archives

Tech Optimizer

March 16, 2026

How to Avoid Getting Scammed Online in 2026

The Qantas data breach highlights vulnerabilities in online information security. Regularly changing passwords every few months is recommended, and tools like Bitdefender’s Password Manager can help manage complex passwords. Users should be cautious of suspicious links and attachments, as hackers often use phishing tactics. Implementing two-factor authentication (2FA) adds an extra layer of security to accounts. Keeping devices updated is crucial for protecting against vulnerabilities. Investing in reliable antivirus software, such as Bitdefender Antivirus Plus or Bitdefender Ultimate Security, is essential for safeguarding personal data. Staying informed about cybersecurity measures is important to prevent data breaches.

Winsage

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. has released security updates addressing at least 77 vulnerabilities across its Windows operating systems and various software applications. Key vulnerabilities include: - CVE-2026-21262: Allows an attacker to elevate privileges on SQL Server 2016 and later, with a CVSS v3 base score of 8.8. - CVE-2026-26127: Affects applications running on .NET, potentially leading to denial of service. - CVE-2026-26113 and CVE-2026-26110: Remote code execution flaws in Microsoft Office exploitable by viewing malicious messages in the Preview Pane. - CVE-2026-24291, CVE-2026-24294, CVE-2026-24289, and CVE-2026-25187: Privilege escalation vulnerabilities rated CVSS 7.8. - CVE-2026-21536: A critical remote code execution bug identified by an AI agent, marking a shift toward AI-driven vulnerability discovery. Additionally, Microsoft previously addressed nine browser vulnerabilities and issued an out-of-band update on March 2 for Windows Server 2022. Adobe has released updates for 80 vulnerabilities across its products, and Mozilla Firefox version 148.0.2 has resolved three high-severity CVEs.

AppWizard

February 28, 2026

Centre’s SIM binding directive on app-based messaging platforms ‘unconstitutional’: Tech industry body BIF

The Broadband India Forum (BIF) has expressed legal concerns about the government's SIM binding mandate, stating it is "ultra vires the parent legislation" and "unconstitutional," based on a senior counsel's opinion. This opinion critiques the Telecommunications (Telecom Cyber Security) Amendment Rules, 2025, claiming they exceed the authority of the Telecommunications Act of 2023. The government's directive requires app-based communication services to maintain a link to a user's active SIM card, which BIF argues violates principles of due process and proportionality. BIF also highlights that the introduction of Telecommunication Identifier User Entities (TIUEs) alters the scope of telecom regulation improperly, potentially leading to legal conflicts with existing laws like the Information Technology Act. BIF concludes that the amendment rules represent an impermissible expansion of delegated authority under the Telecom Act, advocating for adherence to the statutory framework. The government's directive, aimed at addressing cyber security concerns, would change how users access messaging services in India.

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

Tech Optimizer

January 9, 2026

MacPaw Moonlock

Moonlock is a new antivirus solution for Mac developed by MacPaw, utilizing technology from CleanMyMac. It features a basic VPN, security configuration scan, and an elegant user interface, but some functionalities may not perform as expected. The annual subscription for a single Mac is priced higher than competitors like CleanMyMac and G Data Antivirus. Moonlock requires macOS 13 (Ventura) or later for compatibility. Setting up the app involves creating an account and granting permissions, with a full scan recommended post-installation. In independent lab tests, Moonlock scored 5.5 out of 6 in protection and 6 in usability, but its performance rating was 4.5 points, lower than competitors. The Security Advisor feature provides advice on enhancing security, while the System Protection feature identifies areas for improvement. Moonlock includes a basic VPN with 61 server cities in 50 countries. Its Network Inspector focuses on blocking traffic from specified countries, but its effectiveness is questionable. Flexible scan scheduling is available, but it does not guarantee the removal of Windows malware. The app includes informational panels and animated videos, but it currently lacks effective phishing protection, failing to block known fraudulent websites.

Tech Optimizer

December 4, 2025

Cyber security essentials with WSA partner PureCyber

Cyber security is crucial for organizations in the sport and leisure sector to protect digital assets from hackers and cybercriminals. Neglecting cyber security can lead to financial losses, reputational damage, operational disruptions, and legal issues. Key practices for enhancing cyber security include keeping software updated, using strong passwords, training employees, and employing firewalls and antivirus solutions. The Welsh Sports Association (WSA) has partnered with PureCyber to offer a subscription service called Foundations, which provides various cyber security benefits such as incident response, phishing simulations, endpoint detection and response, dark web monitoring, employee training, Microsoft 365 protection, and vulnerability management. WSA members can access this service at preferential rates, and a Lunchtime Learning session will be held to improve skills within member organizations. Interested parties can contact Maria Lopez for more information on the subscription.

AppWizard

December 3, 2025

India mandates SIM-linked messaging apps to fight rising fraud

India's Department of Telecommunications (DoT) has mandated that messaging services must operate with active SIM cards linked to users' phone numbers to combat cyber fraud. Popular apps like WhatsApp, Telegram, Signal, and Snapchat must comply with these SIM-binding rules within 90 days. The new regulations also require web sessions to automatically log out after six hours to enhance security and address issues related to long-lived web sessions, which have been exploited by fraudsters. This initiative aims to improve the traceability of accounts and reduce fraudulent activities, particularly phishing schemes and scams. Cyber-fraud losses in India reached ₹22,800 crore in 2024, prompting these Telecom Cyber Security measures. Users roaming with their SIMs will not be affected by the new regulations.

AppWizard

December 2, 2025

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications (DoT) has mandated that app-based communication service providers implement measures requiring an active SIM card linked to the user's mobile number. This applies to messaging applications such as WhatsApp, Telegram, and Signal, which must comply within 90 days. The amendment to the Telecommunications (Telecom Cyber Security) Rules, 2024, aims to mitigate the misuse of telecommunication identifiers exploited for phishing and scams. The directive requires continuous linkage to the SIM card, and web service instances will log out every six hours, necessitating re-linking via QR code. This is intended to reduce account takeover risks and ensure that accounts are linked to KYC-verified SIMs. The DoT also announced a Mobile Number Validation (MNV) platform to combat identity fraud related to unverified mobile number associations.

Winsage

November 24, 2025

Cybersecurity specialist says make Microsoft Windows change – or ‘be exposed’

Microsoft Windows users are urged to update their systems due to the discontinuation of support for Windows 10, which has reached its end-of-life stage. Users are encouraged to upgrade to Windows 11 if their devices are compatible. Microsoft will cease providing security updates for Windows 10, increasing the risk of attacks. For those unable to upgrade, Microsoft offers an Extended Security Updates (ESU) program, currently free for home users with a Microsoft account, providing security updates until October 13, 2026. Users of earlier Windows versions, such as 7, 8, and Vista, have been without support for a longer time, making them more vulnerable. After support ends on October 14, 2025, Microsoft recommends upgrading to a supported version of Windows. Transitioning to a new device that runs Windows 11 can improve user experience and security, with trade-in and recycling schemes available for old devices.

Winsage

November 17, 2025

Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches

Microsoft has acknowledged an issue with the Windows 10 KB5068781 extended security update, which is failing to apply after installation for users with corporate licenses, resulting in a rollback. A group of hackers believed to be backed by China executed a large-scale cyberattack using Claude Code AI, targeting 30 organizations across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) reported that U.S. government agencies are struggling to patch critical vulnerabilities in Cisco devices amid the “Arcane Door” hacking campaign. Five individuals pleaded guilty to charges related to helping North Korean IT workers infiltrate 136 companies in the U.S. from September 2019 to November 2022. Port Alliance, a Russian port operator, reported disruptions due to a DDoS cyberattack targeting its operations related to coal and mineral fertilizer exports. DoorDash experienced a data breach on October 25, potentially affecting personal details of customers, Dashers, and merchants across the U.S. and Canada, traced back to a social engineering scam. North Korean hackers are using JSON storage services to host and deliver malware, approaching victims with job offers on platforms like LinkedIn. Jaguar Land Rover reported a financial impact of £196 million (0 million) from a cyberattack in September that forced production halts and compromised data.