cyberattacks Archives

Tech Optimizer

May 11, 2025

Mac users once skipped antivirus software — here’s why that’s no longer a good idea

In 2024, 22 new Mac malware families emerged, up from 13 in 2022, indicating a rise in malware targeting macOS. Built-in security features include XProtect, which warns users about known malicious software; Gatekeeper, which prevents the installation of unsigned software; Sandboxing, which isolates applications to prevent unauthorized changes; Lockdown Mode, which restricts app functionality to protect user data; Safari protections against phishing and tracking; and password security measures that alert users about weak or compromised passwords. While Apple's built-in protections are robust, third-party antivirus software may provide additional security layers. Users are advised to practice good security habits, keep software updated, avoid unverified apps, and use a VPN on public Wi-Fi.

Tech Optimizer

May 8, 2025

This Is a Mac-Only Antivirus Software, And It Is Your Ultimate Shield Against Hackers (Now 60% Off)

Cyberattacks are increasingly common due to psychological warfare among global powers. Macs are vulnerable to these attacks, necessitating effective antivirus solutions. Intego is the only antivirus software developed specifically for macOS, offering two packages: Mac Internet Security and Mac Premium Bundle. The Mac Internet Security suite includes real-time antivirus protection, a customizable firewall, and anti-phishing features, priced at .99 for one Mac or .99 for three Macs during the first year. The Mac Premium Bundle adds features like system cleanup, parental management, and automated backups, starting at .99 for one Mac or .99 for three Macs in the first year. Intego is designed specifically for Apple computers, providing lightweight, effective protection with minimal impact on system performance. It has a perfect malware detection score and offers a 30-day money-back guarantee. Users can also add a VPN subscription as Intego is associated with CyberGhost and ExpressVPN.

Winsage

May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.

Winsage

May 7, 2025

The “End of 10” project wants to save aging PCs with Linux instead of Windows 11

As Windows 10 approaches its end-of-life status in October, approximately 240 million PCs will become obsolete, prompting Microsoft to encourage users to upgrade to Windows 11, particularly on devices with Copilot+ technology. The "End of 10" initiative aims to introduce users to Linux, providing a website with instructions for installation and highlighting the benefits of Linux over Windows. Windows 11 requires Intel's 8th-generation processors or AMD's Ryzen 2000 series or newer, leaving many functional PCs, especially those made before 2017, unable to upgrade. The "End of 10" campaign promotes Linux as a viable alternative, emphasizing its compatibility with older hardware, cost-effectiveness, reduced emissions, privacy advantages, and lower susceptibility to malware. The website includes a directory of repair shops for support and offers a DIY installation guide. Despite over half of Windows devices still running Windows 10, the adoption rate of Windows 11 is increasing, indicating a potential shift in user migration.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

Winsage

May 2, 2025

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

The tech community is celebrating the first "World Passkey Day," moving away from "World Password Day," with Microsoft and other organizations committing to the Passkey Pledge to promote passkey adoption. Microsoft has developed passkeys as a secure authentication method, replacing traditional passwords and allowing access via facial recognition, fingerprints, or PINs. Over 99% of users now prefer Windows Hello for sign-ins, and hundreds of websites support passkeys, which are resistant to phishing. Last year, there were 7,000 password attacks every second, highlighting the urgency of this transition. Microsoft has introduced passkey support for consumer applications, achieving nearly a million registrations daily, with passkey sign-ins being three times more successful and eight times faster than traditional methods. New Microsoft accounts will be created without passwords by default, and the sign-in process will prioritize passwordless methods. Currently, over 15 billion user accounts can use passkeys, with a goal to transition billions more.

Winsage

May 1, 2025

Microsoft RDP apparently lets you log in with expired passwords – and it apparently doesn’t have plans to fix the issue

Security researcher Daniel Wade has revealed that Microsoft’s Remote Desktop Protocol (RDP) allows users to log into systems using previously revoked passwords, raising concerns about user security. Wade highlights that this feature undermines the trust users place in password management, as changing passwords is expected to prevent unauthorized access. This issue affects a wide range of users, from individuals to employees in small businesses and hybrid work environments. Despite the increasing sophistication of cyberattacks on password managers, Microsoft has stated it will not change this RDP functionality.

Winsage

April 29, 2025

Microsoft’s AI Secretly Copying All Your Private Messages

Microsoft is relaunching its AI-driven feature, Recall, which continuously captures background screenshots on Copilot+ PCs optimized for AI functionalities. Initially introduced in May, Recall was retracted due to privacy concerns over unencrypted storage of screenshots containing sensitive user data. After testing through Microsoft's Insider program, Recall has been updated to encrypt the screenshot database and requires users to opt in to save screenshots. However, it still poses risks by potentially capturing sensitive information from communications without the knowledge of other parties involved. Security researcher Kevin Beaumont has noted that the sensitive information filter is unreliable, and the encrypted database is only secured by a basic four-digit PIN. Beaumont's testing revealed that Recall indexed everything it stored, including ephemeral messages and images. He cautioned users to check if Recall is enabled when discussing sensitive topics with others on Windows PCs.

Tech Optimizer

April 27, 2025

Why aren’t there antivirus apps for the iPhone?

In recent years, the belief that iOS devices are "immune" to viruses has been challenged as cybercriminals increasingly target these platforms. Apple’s security measures, including sandboxing, help isolate apps to prevent the spread of malware. The App Store is strictly controlled, with Apple reviewing apps for security compliance, resulting in few harmful applications being reported. Antivirus software available in the App Store, from companies like McAfee and Norton, operates under the same constraints as other apps and cannot directly access the operating system kernel. Users are advised to avoid jailbreaking their devices, enable automatic updates, and take precautions such as avoiding public charging stations and regularly reviewing app permissions. Utilizing a password manager or VPN can enhance security, and those who have experienced data breaches may consider identity theft protection.

Winsage

April 14, 2025

No Reboot Security Updates Come To Windows 11 — But There’s A Catch

Microsoft has introduced a "hotpatching" feature for Windows 11 that allows security updates to be installed in the background without requiring a reboot. This feature is currently limited to Windows 11 Enterprise, version 24H2, for x64 devices with AMD or Intel CPUs, and requires Microsoft Intune for deployment. The 0patch micro-patching service offers an alternative for users outside the enterprise, providing fixes directly in memory and free zero-day micro patches.