cyber threats Archives

Tech Optimizer

April 16, 2025

Hackers find a way around built-in Windows protections

Windows Defender Application Control (WDAC) is a built-in security feature on Windows PCs that restricts the execution of unauthorized software by allowing only trusted applications. However, hackers have discovered multiple methods to bypass WDAC, exposing systems to malware and cyber threats. Techniques for bypassing WDAC include using Living-off-the-Land Binaries (LOLBins), DLL sideloading, and exploiting misconfigurations in WDAC policies. Attackers can execute unauthorized code without triggering alerts from traditional security solutions, enabling them to install ransomware or create backdoors. Microsoft operates a bug bounty program to address vulnerabilities in WDAC, but some bypass techniques remain unpatched for long periods. Users can mitigate risks by keeping Windows updated, being cautious with software downloads, and using strong antivirus software.

Winsage

April 13, 2025

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed

Microsoft addressed over 120 vulnerabilities during its April 2025 Patch Tuesday, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. WinRAR users are urged to update to version 7.11 due to a vulnerability (CVE-2025-31334) that allows attackers to bypass Windows' Mark of the Web security feature. Chief Information Security Officers (CISOs) are experiencing security platform fatigue due to the proliferation of multiple security tools. President Donald Trump signed an Executive Order revoking security clearances for Chris Krebs and his colleagues at SentinelOne. Cyber crisis simulations are becoming essential for organizational preparedness against evolving cyber threats. Fortinet has released patches for vulnerabilities, including a critical flaw (CVE-2024-48887) in FortiSwitch appliances. WhatsApp users should update their Windows client app to fix a vulnerability (CVE-2025-30401) that could allow harmful code execution. Kevin Serafin, CISO at Ecolab, discussed aligning security initiatives with business objectives. There is a rise in compromised large language model (LLM) attacks and risks associated with AI autonomy. New open-source tools like the YES3 Scanner and APTRS have been developed to enhance security capabilities. The cybersecurity job market remains strong, with increasing demand for skilled professionals.

Tech Optimizer

April 12, 2025

I abandoned third-party antivirus tools, and here’s what I do instead

The author has transitioned from using third-party antivirus solutions to relying on Windows Security, which is built into Windows 10 and 11, due to its effectiveness and lack of cost. They emphasize the importance of keeping Windows Security updated and performing regular virus scans for added peace of mind. Ransomware protection features, such as Controlled Folder Access, are highlighted as essential. The Microsoft PC Manager app is recommended for optimizing system performance and security. The author advocates for good security hygiene, including avoiding suspicious emails and enabling two-factor authentication, as effective practices to maintain security without third-party antivirus software.

Winsage

April 11, 2025

Windows Recall Is Finally Rolling Out To Customers

Microsoft is rolling out its Windows Recall feature, which captures near-constant screenshots of user activity to allow natural language searches for content. Concerns have been raised by cybersecurity expert Kevin Beaumont, who warns that it could reverse cybersecurity progress by a decade. Users must opt-in and use Windows Hello for authentication to access their stored images, which can be paused at any time. Recall captures snapshots during various tasks and allows users to reopen applications or documents and perform actions directly from these snapshots. The rollout will occur gradually, and the tech community is monitoring its impact on cybersecurity.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

AppWizard

April 10, 2025

Google fixes two Android zero-day bugs actively exploited by hackers

On Monday, Google released an update addressing two critical zero-day vulnerabilities in Android, CVE-2024-53197 and CVE-2024-53150. CVE-2024-53197 was discovered through collaboration with Amnesty International and Benoît Sevens from Google’s Threat Analysis Group, which monitors government-backed cyber threats. Amnesty International previously reported that Cellebrite exploited three zero-day vulnerabilities to access Android phones, including targeting a Serbian student activist. The vulnerabilities allow for remote privilege escalation without requiring additional execution privileges or user interaction. Google plans to release source code patches for both vulnerabilities within 48 hours and informs Android partners at least a month before public disclosure to prepare updates. Manufacturers are responsible for implementing and distributing these patches to users.

Winsage

April 9, 2025

Windows 10: Computer recycling at the end of support

Microsoft has issued guidance advising users to consider disposing of computers that cannot upgrade to Windows 11, as support for Windows 10 will end on October 14, 2025. The document suggests recycling old devices responsibly and mentions that Microsoft Surface devices can be sent in for recycling in certain states. The trade-in program is limited to specific countries and applies only when purchasing certain new Surface PCs. The document does not explicitly instruct customers to discard outdated devices but promotes new hardware sales. It also notes that alternatives like installing a Linux distribution on older hardware exist. The lack of security updates for unsupported systems will increase vulnerability to cyber threats.

Tech Optimizer

April 8, 2025

Alert!! New Neptune RAT virus can steal your passwords via YouTube

A sophisticated malware known as Neptune RAT is spreading through platforms like GitHub, Telegram, and YouTube, operating on a malware-as-a-service model. It allows cybercriminals to infiltrate Windows computers, steal sensitive information, and extort victims for ransom. Key features of Neptune RAT include: - Crypto Theft: Monitors cryptocurrency transactions and swaps wallet addresses to redirect funds. - Password Stealing: Extracts saved passwords from over 270 applications, including browsers like Google Chrome. - Ransomware Attacks: Locks files and demands ransom for their release. - Antivirus Disabling: Disables Windows Defender and other security measures. - Real-time Surveillance: Monitors user screens and activities for potential blackmail. - Data Destruction: Can obliterate all data on a compromised system. To stay safe, users should avoid downloading files or clicking on suspicious links, use robust antivirus solutions, subscribe to identity theft protection services, and regularly back up important data.

Winsage

April 3, 2025

Microsoft Warns 240 Million Windows Users—Stop Using Your PC

Microsoft's support for Windows 10 will end on October 14, prompting the company to advise users with ineligible PCs—estimated to be as high as 240 million—to recycle their devices and upgrade to Windows 11. Microsoft warns that unsupported devices will be vulnerable to data breaches and cyber threats without security updates. There has been an increase in upgrades to Windows 11 as the deadline approaches, but options for those unable to upgrade are limited. Microsoft encourages responsible recycling and offers trade-in programs, though these may not provide significant financial returns. Users can also consider paid extended support for an additional 12 months.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.