cyber threats Archives

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

Winsage

April 1, 2025

Windows 10 holdouts are finally starting to switch to Windows 11

As of March 2025, Windows 10's market share has declined to 54.23%, experiencing a drop of 4.43 percentage points. Meanwhile, Windows 11's user adoption has increased by 4.53 percentage points, reaching 42.66% of all Windows desktop users. The decline in Windows 10's user base is influenced by the impending end of support in October, prompting users to consider upgrading to Windows 11 or paying for an extension of Windows 10 support to avoid losing security updates.

Tech Optimizer

April 1, 2025

This Antivirus Software Is So Strong That It Will Humiliate The Bad Guys Of The Cyber World (50% Off)

Bitdefender offers comprehensive protection against current and emerging online threats with a lightweight design that maintains device performance. It is currently providing a 50% discount on its multi-device bundles, including the Total Security bundle, which covers up to five devices across various platforms for an introductory price. The Internet Security and Antivirus Plus bundles are also available at discounted rates for Windows PCs. All bundles include features like File Shredder, Social Network Protection, and safe online banking through Safepay. Bitdefender utilizes advanced AI technology to predict and neutralize threats while optimizing device performance.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.

AppWizard

March 29, 2025

Signal controversy: Why the secure messaging app is all over the news

Signal is an end-to-end encrypted messaging application that distinguishes itself from competitors like Messenger and WhatsApp through its open-source technology and the use of the Signal protocol for encryption. It encrypts messages before they leave the sender's device, ensuring that only the intended recipient can read them. However, its security is tied to the user's device, and vulnerabilities such as weak passwords and unprotected devices can compromise message integrity. Despite its strong encryption, Signal may not meet the stringent security protocols required for sensitive government communications, particularly due to its message deletion feature and the lack of support for record-keeping. The app is considered secure for everyday users, but may not be suitable for high-stakes governmental communication. The rise in cyber threats underscores the need for secure communication channels, leading organizations to consider encrypted messaging solutions like Signal, while also evaluating alternatives within the encrypted messaging landscape.

AppWizard

March 28, 2025

Hackers target Taiwan with malware delivered via fake messaging apps

Recent research from cybersecurity firm Sophos has identified the use of PJobRAT malware targeting users in Taiwan through instant messaging applications SangaalLite and CChat, which mimic legitimate platforms. These malicious apps were available for download on various WordPress sites, now taken offline. PJobRAT, an Android remote access trojan first identified in 2019, has been used to steal SMS messages, contacts, device information, documents, and media files. The recent cyber-espionage initiative lasted nearly two years, affecting a limited number of users, indicating a targeted approach by the attackers. The latest version of PJobRAT lacks the ability to steal WhatsApp messages but allows attackers greater control over infected devices. The distribution method for these apps remains unclear, but previous campaigns involved third-party app stores and phishing pages. Upon installation, the apps request extensive permissions and provide basic chat functionalities. Sophos researchers note that threat actors often refine their strategies after campaigns, suggesting ongoing risks.

AppWizard

March 28, 2025

Ahead of Signal leak, Pentagon warned of app’s weaknesses

The Pentagon has issued a warning about the security of the messaging application Signal, advising against its use for any communications, including unclassified ones, due to concerns over hacking vulnerabilities following a significant leak. This advisory reflects an increased awareness of cybersecurity threats and the need for robust security measures in communications, prompting individuals and organizations to reconsider their reliance on Signal and explore alternatives.

AppWizard

March 27, 2025

Which is the most secure messaging app? Expert weighs in after U.S. war plan leak blunder

A significant intelligence breach occurred when Jeffrey Goldberg, editor-in-chief of The Atlantic, was inadvertently added to a sensitive Signal group chat that included discussions about U.S. military operations targeting Houthi rebels in Yemen, involving Vice President JD Vance and Defense Secretary Pete Hegseth. Senate Democratic Leader Chuck Schumer described it as "one of the most stunning breaches of military intelligence." Experts emphasized that the breach resulted from human error, not flaws in encryption technology. Signal is considered the gold standard for secure messaging due to its end-to-end encryption and lack of metadata collection. Other platforms like iMessage and WhatsApp have varying levels of security, with iMessage requiring both parties to use Apple devices for full protection, and WhatsApp collecting metadata. Telegram does not enable end-to-end encryption by default for standard messages. The incident highlights that even the most secure messaging applications cannot prevent breaches caused by human oversight.

AppWizard

March 27, 2025

Keeper Security Unveils Latest WearOS App for Seamless Password Management

Keeper Security has launched an updated version of its WearOS app for Android, enhancing security and user experience for smartwatch users. The app, formerly known as KeeperDNA, features a redesigned interface, instant access to credentials and 2FA codes, and a "Watch Favorites" option for quick access to frequently used logins. Improvements to offline functionality include a simplified account setup, enhanced offline mode with configurable vault access durations, and decoupled offline mode and 2FA settings. The updated app is available for download on the Google Play Store and maintains zero-knowledge encryption for user data security.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.